diff --git a/src/main/cljc/dda/c4k_shynet/core.cljc b/src/main/cljc/dda/c4k_shynet/core.cljc index 60e3cee..12876ba 100644 --- a/src/main/cljc/dda/c4k_shynet/core.cljc +++ b/src/main/cljc/dda/c4k_shynet/core.cljc @@ -30,7 +30,6 @@ (shynet/generate-webserver-deployment) (shynet/generate-celeryworker-deployment) (shynet/generate-ingress config) - (shynet/generate-certificate config) (shynet/generate-service-redis) (shynet/generate-service-webserver) (shynet/generate-statefulset)]))) diff --git a/src/main/cljc/dda/c4k_shynet/shynet.cljc b/src/main/cljc/dda/c4k_shynet/shynet.cljc index dfc957e..4a33260 100644 --- a/src/main/cljc/dda/c4k_shynet/shynet.cljc +++ b/src/main/cljc/dda/c4k_shynet/shynet.cljc @@ -4,7 +4,8 @@ #?(:cljs [shadow.resource :as rc]) [dda.c4k-common.yaml :as yaml] [dda.c4k-common.common :as cm] - [dda.c4k-common.predicate :as pred])) + [dda.c4k-common.predicate :as pred] + [dda.c4k-common.ingress :as ing])) (s/def ::fqdn pred/fqdn-string?) (s/def ::issuer pred/letsencrypt-issuer?) @@ -16,7 +17,6 @@ "shynet/secret.yaml" (rc/inline "shynet/secret.yaml") "shynet/certificate.yaml" (rc/inline "shynet/certificate.yaml") "shynet/deployments.yaml" (rc/inline "shynet/deployments.yaml") - "shynet/ingress.yaml" (rc/inline "shynet/ingress.yaml") "shynet/service-redis.yaml" (rc/inline "shynet/service-redis.yaml") "shynet/service-webserver.yaml" (rc/inline "shynet/service-webserver.yaml") "shynet/statefulset.yaml" (rc/inline "shynet/statefulset.yaml") @@ -32,15 +32,6 @@ (assoc-in [:stringData :DB_USER] postgres-db-user) (assoc-in [:stringData :DB_PASSWORD] postgres-db-password)))) -(defn generate-certificate [config] - (let [{:keys [fqdn issuer]} config - letsencrypt-issuer (name issuer)] - (-> - (yaml/load-as-edn "shynet/certificate.yaml") - (assoc-in [:spec :commonName] fqdn) - (assoc-in [:spec :dnsNames] [fqdn]) - (assoc-in [:spec :issuerRef :name] letsencrypt-issuer)))) - (defn generate-webserver-deployment [] (let [shynet-application "shynet-webserver"] (-> (yaml/load-as-edn "shynet/deployments.yaml") @@ -53,13 +44,7 @@ (cm/replace-all-matching "shynet-application" shynet-application)))) (defn generate-ingress [config] - (let [{:keys [fqdn issuer] - :or {issuer :staging}} config - letsencrypt-issuer (name issuer)] - (-> - (yaml/load-as-edn "shynet/ingress.yaml") - (assoc-in [:metadata :annotations :cert-manager.io/cluster-issuer] letsencrypt-issuer) - (cm/replace-all-matching "fqdn" fqdn)))) + (ing/generate-ingress-and-cert config)) (defn generate-statefulset [] (yaml/load-as-edn "shynet/statefulset.yaml")) diff --git a/src/main/resources/shynet/certificate.yaml b/src/main/resources/shynet/certificate.yaml deleted file mode 100644 index 8438d09..0000000 --- a/src/main/resources/shynet/certificate.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: shynet-cert - namespace: default -spec: - secretName: shynet-cert - commonName: fqdn - duration: 2160h # 90d - renewBefore: 360h # 15d - dnsNames: - - fqdn - issuerRef: - name: REPLACEME - kind: ClusterIssuer \ No newline at end of file diff --git a/src/main/resources/shynet/ingress.yaml b/src/main/resources/shynet/ingress.yaml deleted file mode 100644 index 8242a90..0000000 --- a/src/main/resources/shynet/ingress.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: shynet-webserver-ingress - annotations: - ingress.kubernetes.io/force-ssl-redirect: "true" - ingress.kubernetes.io/ssl-redirect: "true" - cert-manager.io/cluster-issuer: letsencrypt-staging-issuer -spec: - tls: - - hosts: - - fqdn - secretName: shynet-cert - rules: - - host: fqdn - http: - paths: - - backend: - service: - name: shynet-webserver-service - port: - number: 8080 - path: / - pathType: Prefix \ No newline at end of file