Added secret.yaml

2 years ago · d5fe8d86e2
parent f601c479c1
commit d5fe8d86e2
5 changed files with 74 additions and 5 deletions
--- a/src/main/cljc/dda/c4k_shynet/core.cljc
+++ b/src/main/cljc/dda/c4k_shynet/core.cljc
@ -13,7 +13,8 @@
 (def config? (s/keys :req-un [::shynet/fqdn]
                     :opt-un [::shynet/issuer ::postgres/postgres-data-volume-path]))

-(def auth? (s/keys :req-un [::postgres/postgres-db-user ::postgres/postgres-db-password])) ;TODO add auth 
+(def auth? (s/keys :req-un [::shynet/django-secret-key
+                            ::postgres/postgres-db-user ::postgres/postgres-db-password]))

 (defn k8s-objects [config]
  (into
@ -26,7 +27,8 @@
    [(yaml/to-string (postgres/generate-pvc))
     (yaml/to-string (postgres/generate-deployment :postgres-image "postgres:14"))
     (yaml/to-string (postgres/generate-service))]
-    [(yaml/to-string (shynet/generate-webserver-deployment))
+    [(yaml/to-string (shynet/generate-secret config))
+     (yaml/to-string (shynet/generate-webserver-deployment))
     (yaml/to-string (shynet/generate-celeryworker-deployment))
     (yaml/to-string (shynet/generate-ingress config))
     (yaml/to-string (shynet/generate-certificate config))
--- a/src/main/cljc/dda/c4k_shynet/shynet.cljc
+++ b/src/main/cljc/dda/c4k_shynet/shynet.cljc
@ -8,10 +8,13 @@

 (s/def ::fqdn pred/fqdn-string?)
 (s/def ::issuer pred/letsencrypt-issuer?)
+(s/def ::django-secret-key pred/bash-env-string?)
+

 #?(:cljs
   (defmethod yaml/load-resource :shynet [resource-name]
     (case resource-name
+       "shynet/secret.yaml" (rc/inline "shynet/secret.yaml")
       "shynet/certificate.yaml" (rc/inline "shynet/certificate.yaml")
       "shynet/deployments.yaml" (rc/inline "shynet/deployments.yaml")
       "shynet/ingress.yaml" (rc/inline "shynet/ingress.yaml")  
@ -20,6 +23,15 @@
       "shynet/statefulset.yaml" (rc/inline "shynet/statefulset.yaml")
       (throw (js/Error. "Undefined Resource!")))))
 
+(defn generate-secret [config]
+  (let [{:keys [fqdn django-secret-key postgres-db-user postgres-db-password]} config]
+    (->
+     (yaml/from-string (yaml/load-resource "shynet/secret.yaml"))
+     (assoc-in [:stringData :ALLOWED_HOSTS] fqdn)
+     (assoc-in [:stringData :DJANGO_SECRET_KEY] django-secret-key)
+     (assoc-in [:stringData :DB_USER] postgres-db-user)
+     (assoc-in [:stringData :DB_PASSWORD] postgres-db-password))))
+
 (defn generate-certificate [config]
  (let [{:keys [fqdn issuer]} config
        letsencrypt-issuer (str "letsencrypt-" (name issuer) "-issuer")]
--- a/src/main/resources/shynet/secret.yaml
+++ b/src/main/resources/shynet/secret.yaml
@ -0,0 +1,28 @@
+apiVersion: v1
+kind: Secret
+metadata:
+    name: shynet-settings
+type: Opaque
+stringData:
+    # Django settings
+    DEBUG: "False"
+    ALLOWED_HOSTS: fqdn # For better security, set this to your deployment's domain. Comma separated.
+    DJANGO_SECRET_KEY: django-secret-key
+    ACCOUNT_SIGNUPS_ENABLED: "False"
+    TIME_ZONE: "America/New_York"
+
+    # Redis configuration (if you use the default Kubernetes config, this will work)
+    REDIS_CACHE_LOCATION: "redis://shynet-redis.default.svc.cluster.local/0"
+    CELERY_BROKER_URL: "redis://shynet-redis.default.svc.cluster.local/1"
+
+    # PostgreSQL settings
+    DB_NAME: "shynet"
+    DB_USER: postgres-db-user
+    DB_PASSWORD: postgres-db-password
+    DB_HOST: "postgresql-service:5432"
+
+    # Email settings
+    EMAIL_HOST_USER: ""
+    EMAIL_HOST_PASSWORD: ""
+    EMAIL_HOST: ""
+    SERVER_EMAIL: "Shynet <noreply@shynet.example.com>"
--- a/src/test/cljc/dda/c4k_shynet/shynet_test.cljc
+++ b/src/test/cljc/dda/c4k_shynet/shynet_test.cljc
@ -78,4 +78,30 @@
           :rules
           [{:host "test.com"
             :http {:paths [{:backend {:serviceName "shynet-webserver-service", :servicePort 8080}, :path "/"}]}}]}}
-         (cut/generate-ingress {:fqdn "test.com" :issuer :staging}))))
+         (cut/generate-ingress {:fqdn "test.com" :issuer :staging}))))
+
+(deftest should-generate-secret
+  (is (= {:apiVersion "v1"
+          :kind "Secret"
+          :metadata {:name "shynet-settings"}
+          :type "Opaque"
+          :stringData
+          {:DEBUG "False"
+           :ALLOWED_HOSTS "test.com"
+           :DJANGO_SECRET_KEY "django-pw"
+           :ACCOUNT_SIGNUPS_ENABLED "False"
+           :TIME_ZONE "America/New_York"
+           :REDIS_CACHE_LOCATION
+           "redis://shynet-redis.default.svc.cluster.local/0"
+           :CELERY_BROKER_URL
+           "redis://shynet-redis.default.svc.cluster.local/1"
+           :DB_NAME "shynet"
+           :DB_USER "postgres-user"
+           :DB_PASSWORD "postgres-pw"
+           :DB_HOST "postgresql-service:5432"
+           :EMAIL_HOST_USER ""
+           :EMAIL_HOST_PASSWORD ""
+           :EMAIL_HOST ""
+           :SERVER_EMAIL "Shynet <noreply@shynet.example.com>"}}
+         (cut/generate-secret {:fqdn "test.com" :django-secret-key "django-pw"
+                               :postgres-db-user "postgres-user" :postgres-db-password "postgres-pw"}))))
--- a/valid-auth.edn
+++ b/valid-auth.edn
@ -1,2 +1,3 @@
-{:postgres-db-user "jira"
- :postgres-db-password "jira-db-password"}
+{:django-secret-key "django"
+ :postgres-db-user "shynet"
+ :postgres-db-password "shynet-db-password"}