Use common ingress

This commit is contained in:
bom 2023-02-03 10:48:03 +01:00
parent 16dd0c5828
commit fe4c381791
5 changed files with 36 additions and 93 deletions

View file

@ -21,15 +21,15 @@
[(postgres/generate-config {:postgres-size :8gb}) [(postgres/generate-config {:postgres-size :8gb})
(postgres/generate-secret config) (postgres/generate-secret config)
(postgres/generate-pvc {:pv-storage-size-gb 50 (postgres/generate-pvc {:pv-storage-size-gb 50
:pvc-storage-class-name default-storage-class}) :pvc-storage-class-name default-storage-class})
(postgres/generate-deployment) (postgres/generate-deployment)
(postgres/generate-service) (postgres/generate-service)
(nextcloud/generate-secret config) (nextcloud/generate-secret config)
(nextcloud/generate-pvc (merge nextcloud-default-storage-config config)) (nextcloud/generate-pvc (merge nextcloud-default-storage-config config))
(nextcloud/generate-deployment config) (nextcloud/generate-deployment config)
(nextcloud/generate-service) (nextcloud/generate-service)
(nextcloud/generate-certificate config) (nextcloud/generate-certificate config)]
(nextcloud/generate-ingress config)] (nextcloud/generate-ingress config)
(when (:contains? config :restic-repository) (when (:contains? config :restic-repository)
[(backup/generate-config config) [(backup/generate-config config)
(backup/generate-secret config) (backup/generate-secret config)

View file

@ -5,6 +5,7 @@
#?(:clj [orchestra.core :refer [defn-spec]] #?(:clj [orchestra.core :refer [defn-spec]]
:cljs [orchestra.core :refer-macros [defn-spec]]) :cljs [orchestra.core :refer-macros [defn-spec]])
[dda.c4k-common.yaml :as yaml] [dda.c4k-common.yaml :as yaml]
[dda.c4k-common.ingress :as ing]
[dda.c4k-common.base64 :as b64] [dda.c4k-common.base64 :as b64]
[dda.c4k-common.predicate :as cp] [dda.c4k-common.predicate :as cp]
[dda.c4k-common.postgres :as postgres] [dda.c4k-common.postgres :as postgres]
@ -62,13 +63,12 @@
(defn-spec generate-ingress cp/map-or-seq? (defn-spec generate-ingress cp/map-or-seq?
[config config?] [config config?]
(let [{:keys [fqdn issuer] (ing/generate-ingress-and-cert
:or {issuer "staging"}} config (merge
letsencrypt-issuer issuer] {:service-name "nextcloud"
(-> :service-port 80
(yaml/load-as-edn "nextcloud/ingress.yaml") :fqdns [(:fqdn config)]}
(assoc-in [:metadata :annotations :cert-manager.io/cluster-issuer] letsencrypt-issuer) config)))
(cm/replace-all-matching-values-by-new-value "fqdn" fqdn))))
(defn-spec generate-pvc cp/map-or-seq? (defn-spec generate-pvc cp/map-or-seq?
[config (s/keys :req-un [::pv-storage-size-gb ::pvc-storage-class-name])] [config (s/keys :req-un [::pv-storage-size-gb ::pvc-storage-class-name])]

View file

@ -1,15 +0,0 @@
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: cloud-cert
namespace: default
spec:
secretName: cloud-cert
duration: 2160h # 90d
renewBefore: 360h # 15d
commonName: fqdn
dnsNames:
- fqdn
issuerRef:
name: staging
kind: ClusterIssuer

View file

@ -1,29 +0,0 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-cloud
annotations:
cert-manager.io/cluster-issuer: letsencrypt-staging-issuer
ingress.kubernetes.io/ssl-redirect: "true"
ingress.kubernetes.io/rewrite-target: /
ingress.kubernetes.io/proxy-body-size: "256m"
ingress.kubernetes.io/proxy-connect-timeout: "300"
ingress.kubernetes.io/proxy-send-timeout: "300"
ingress.kubernetes.io/proxy-read-timeout: "300"
namespace: default
spec:
tls:
- hosts:
- fqdn
secretName: cloud-cert
rules:
- host: fqdn
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: cloud-service
port:
number: 80

View file

@ -36,45 +36,32 @@
:nextcloud-admin-user "cloudadmin" :nextcloud-admin-user "cloudadmin"
:nextcloud-admin-password "cloudpassword"})))) :nextcloud-admin-password "cloudpassword"}))))
(deftest should-generate-certificate (deftest should-generate-ingress-and-cert
(is (= {:apiVersion "cert-manager.io/v1" (is (= [{:apiVersion "cert-manager.io/v1",
:kind "Certificate" :kind "Certificate",
:metadata {:name "cloud-cert", :namespace "default"} :metadata {:name "nextcloud", :labels {:app.kubernetes.part-of "nextcloud"}, :namespace "default"},
:spec :spec
{:secretName "cloud-cert" {:secretName "nextcloud",
:duration "2160h" :commonName "somefqdn.de",
:renewBefore "360h", :duration "2160h",
:commonName "somefqdn.de", :renewBefore "360h",
:dnsNames ["somefqdn.de"] :dnsNames ["somefqdn.de"],
:issuerRef :issuerRef {:name "staging", :kind "ClusterIssuer"}}}
{:name "prod", :kind "ClusterIssuer"}}} {:apiVersion "networking.k8s.io/v1",
(cut/generate-certificate {:fqdn "somefqdn.de" :issuer "prod"})))) :kind "Ingress",
:metadata
(deftest should-generate-ingress {:name "nextcloud",
(is (= {:apiVersion "networking.k8s.io/v1" :namespace "default",
:kind "Ingress" :labels {:app.kubernetes.part-of "nextcloud"},
:metadata :annotations
{:name "ingress-cloud" {:traefik.ingress.kubernetes.io/router.entrypoints "web, websecure",
:annotations :traefik.ingress.kubernetes.io/router.middlewares "default-redirect-https@kubernetescrd",
{:cert-manager.io/cluster-issuer "staging" :metallb.universe.tf/address-pool "public"}},
:ingress.kubernetes.io/proxy-body-size "256m" :spec
:ingress.kubernetes.io/ssl-redirect "true" {:tls [{:hosts ["somefqdn.de"], :secretName "nextcloud"}],
:ingress.kubernetes.io/rewrite-target "/" :rules
:ingress.kubernetes.io/proxy-connect-timeout "300" [{:host "somefqdn.de",
:ingress.kubernetes.io/proxy-send-timeout "300" :http {:paths [{:pathType "Prefix", :path "/", :backend {:service {:name "nextcloud", :port {:number 80}}}}]}}]}}]
:ingress.kubernetes.io/proxy-read-timeout "300"}
:namespace "default"}
:spec
{:tls [{:hosts ["somefqdn.de"], :secretName "cloud-cert"}]
:rules
[{:host "somefqdn.de"
:http
{:paths
[{:path "/"
:pathType "Prefix"
:backend
{:service
{:name "cloud-service", :port {:number 80}}}}]}}]}}
(cut/generate-ingress {:fqdn "somefqdn.de"})))) (cut/generate-ingress {:fqdn "somefqdn.de"}))))
(deftest should-generate-pvc (deftest should-generate-pvc