Added secret.yaml
This commit is contained in:
parent
f601c479c1
commit
d5fe8d86e2
5 changed files with 74 additions and 5 deletions
|
@ -13,7 +13,8 @@
|
||||||
(def config? (s/keys :req-un [::shynet/fqdn]
|
(def config? (s/keys :req-un [::shynet/fqdn]
|
||||||
:opt-un [::shynet/issuer ::postgres/postgres-data-volume-path]))
|
:opt-un [::shynet/issuer ::postgres/postgres-data-volume-path]))
|
||||||
|
|
||||||
(def auth? (s/keys :req-un [::postgres/postgres-db-user ::postgres/postgres-db-password])) ;TODO add auth
|
(def auth? (s/keys :req-un [::shynet/django-secret-key
|
||||||
|
::postgres/postgres-db-user ::postgres/postgres-db-password]))
|
||||||
|
|
||||||
(defn k8s-objects [config]
|
(defn k8s-objects [config]
|
||||||
(into
|
(into
|
||||||
|
@ -26,7 +27,8 @@
|
||||||
[(yaml/to-string (postgres/generate-pvc))
|
[(yaml/to-string (postgres/generate-pvc))
|
||||||
(yaml/to-string (postgres/generate-deployment :postgres-image "postgres:14"))
|
(yaml/to-string (postgres/generate-deployment :postgres-image "postgres:14"))
|
||||||
(yaml/to-string (postgres/generate-service))]
|
(yaml/to-string (postgres/generate-service))]
|
||||||
[(yaml/to-string (shynet/generate-webserver-deployment))
|
[(yaml/to-string (shynet/generate-secret config))
|
||||||
|
(yaml/to-string (shynet/generate-webserver-deployment))
|
||||||
(yaml/to-string (shynet/generate-celeryworker-deployment))
|
(yaml/to-string (shynet/generate-celeryworker-deployment))
|
||||||
(yaml/to-string (shynet/generate-ingress config))
|
(yaml/to-string (shynet/generate-ingress config))
|
||||||
(yaml/to-string (shynet/generate-certificate config))
|
(yaml/to-string (shynet/generate-certificate config))
|
||||||
|
|
|
@ -8,10 +8,13 @@
|
||||||
|
|
||||||
(s/def ::fqdn pred/fqdn-string?)
|
(s/def ::fqdn pred/fqdn-string?)
|
||||||
(s/def ::issuer pred/letsencrypt-issuer?)
|
(s/def ::issuer pred/letsencrypt-issuer?)
|
||||||
|
(s/def ::django-secret-key pred/bash-env-string?)
|
||||||
|
|
||||||
|
|
||||||
#?(:cljs
|
#?(:cljs
|
||||||
(defmethod yaml/load-resource :shynet [resource-name]
|
(defmethod yaml/load-resource :shynet [resource-name]
|
||||||
(case resource-name
|
(case resource-name
|
||||||
|
"shynet/secret.yaml" (rc/inline "shynet/secret.yaml")
|
||||||
"shynet/certificate.yaml" (rc/inline "shynet/certificate.yaml")
|
"shynet/certificate.yaml" (rc/inline "shynet/certificate.yaml")
|
||||||
"shynet/deployments.yaml" (rc/inline "shynet/deployments.yaml")
|
"shynet/deployments.yaml" (rc/inline "shynet/deployments.yaml")
|
||||||
"shynet/ingress.yaml" (rc/inline "shynet/ingress.yaml")
|
"shynet/ingress.yaml" (rc/inline "shynet/ingress.yaml")
|
||||||
|
@ -20,6 +23,15 @@
|
||||||
"shynet/statefulset.yaml" (rc/inline "shynet/statefulset.yaml")
|
"shynet/statefulset.yaml" (rc/inline "shynet/statefulset.yaml")
|
||||||
(throw (js/Error. "Undefined Resource!")))))
|
(throw (js/Error. "Undefined Resource!")))))
|
||||||
|
|
||||||
|
(defn generate-secret [config]
|
||||||
|
(let [{:keys [fqdn django-secret-key postgres-db-user postgres-db-password]} config]
|
||||||
|
(->
|
||||||
|
(yaml/from-string (yaml/load-resource "shynet/secret.yaml"))
|
||||||
|
(assoc-in [:stringData :ALLOWED_HOSTS] fqdn)
|
||||||
|
(assoc-in [:stringData :DJANGO_SECRET_KEY] django-secret-key)
|
||||||
|
(assoc-in [:stringData :DB_USER] postgres-db-user)
|
||||||
|
(assoc-in [:stringData :DB_PASSWORD] postgres-db-password))))
|
||||||
|
|
||||||
(defn generate-certificate [config]
|
(defn generate-certificate [config]
|
||||||
(let [{:keys [fqdn issuer]} config
|
(let [{:keys [fqdn issuer]} config
|
||||||
letsencrypt-issuer (str "letsencrypt-" (name issuer) "-issuer")]
|
letsencrypt-issuer (str "letsencrypt-" (name issuer) "-issuer")]
|
||||||
|
|
28
src/main/resources/shynet/secret.yaml
Normal file
28
src/main/resources/shynet/secret.yaml
Normal file
|
@ -0,0 +1,28 @@
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: shynet-settings
|
||||||
|
type: Opaque
|
||||||
|
stringData:
|
||||||
|
# Django settings
|
||||||
|
DEBUG: "False"
|
||||||
|
ALLOWED_HOSTS: fqdn # For better security, set this to your deployment's domain. Comma separated.
|
||||||
|
DJANGO_SECRET_KEY: django-secret-key
|
||||||
|
ACCOUNT_SIGNUPS_ENABLED: "False"
|
||||||
|
TIME_ZONE: "America/New_York"
|
||||||
|
|
||||||
|
# Redis configuration (if you use the default Kubernetes config, this will work)
|
||||||
|
REDIS_CACHE_LOCATION: "redis://shynet-redis.default.svc.cluster.local/0"
|
||||||
|
CELERY_BROKER_URL: "redis://shynet-redis.default.svc.cluster.local/1"
|
||||||
|
|
||||||
|
# PostgreSQL settings
|
||||||
|
DB_NAME: "shynet"
|
||||||
|
DB_USER: postgres-db-user
|
||||||
|
DB_PASSWORD: postgres-db-password
|
||||||
|
DB_HOST: "postgresql-service:5432"
|
||||||
|
|
||||||
|
# Email settings
|
||||||
|
EMAIL_HOST_USER: ""
|
||||||
|
EMAIL_HOST_PASSWORD: ""
|
||||||
|
EMAIL_HOST: ""
|
||||||
|
SERVER_EMAIL: "Shynet <noreply@shynet.example.com>"
|
|
@ -79,3 +79,29 @@
|
||||||
[{:host "test.com"
|
[{:host "test.com"
|
||||||
:http {:paths [{:backend {:serviceName "shynet-webserver-service", :servicePort 8080}, :path "/"}]}}]}}
|
:http {:paths [{:backend {:serviceName "shynet-webserver-service", :servicePort 8080}, :path "/"}]}}]}}
|
||||||
(cut/generate-ingress {:fqdn "test.com" :issuer :staging}))))
|
(cut/generate-ingress {:fqdn "test.com" :issuer :staging}))))
|
||||||
|
|
||||||
|
(deftest should-generate-secret
|
||||||
|
(is (= {:apiVersion "v1"
|
||||||
|
:kind "Secret"
|
||||||
|
:metadata {:name "shynet-settings"}
|
||||||
|
:type "Opaque"
|
||||||
|
:stringData
|
||||||
|
{:DEBUG "False"
|
||||||
|
:ALLOWED_HOSTS "test.com"
|
||||||
|
:DJANGO_SECRET_KEY "django-pw"
|
||||||
|
:ACCOUNT_SIGNUPS_ENABLED "False"
|
||||||
|
:TIME_ZONE "America/New_York"
|
||||||
|
:REDIS_CACHE_LOCATION
|
||||||
|
"redis://shynet-redis.default.svc.cluster.local/0"
|
||||||
|
:CELERY_BROKER_URL
|
||||||
|
"redis://shynet-redis.default.svc.cluster.local/1"
|
||||||
|
:DB_NAME "shynet"
|
||||||
|
:DB_USER "postgres-user"
|
||||||
|
:DB_PASSWORD "postgres-pw"
|
||||||
|
:DB_HOST "postgresql-service:5432"
|
||||||
|
:EMAIL_HOST_USER ""
|
||||||
|
:EMAIL_HOST_PASSWORD ""
|
||||||
|
:EMAIL_HOST ""
|
||||||
|
:SERVER_EMAIL "Shynet <noreply@shynet.example.com>"}}
|
||||||
|
(cut/generate-secret {:fqdn "test.com" :django-secret-key "django-pw"
|
||||||
|
:postgres-db-user "postgres-user" :postgres-db-password "postgres-pw"}))))
|
|
@ -1,2 +1,3 @@
|
||||||
{:postgres-db-user "jira"
|
{:django-secret-key "django"
|
||||||
:postgres-db-password "jira-db-password"}
|
:postgres-db-user "shynet"
|
||||||
|
:postgres-db-password "shynet-db-password"}
|
||||||
|
|
Loading…
Reference in a new issue