Added secret.yaml

This commit is contained in:
Clemens Geibel 2022-01-27 16:39:48 +01:00
parent f601c479c1
commit d5fe8d86e2
5 changed files with 74 additions and 5 deletions

View file

@ -13,7 +13,8 @@
(def config? (s/keys :req-un [::shynet/fqdn]
:opt-un [::shynet/issuer ::postgres/postgres-data-volume-path]))
(def auth? (s/keys :req-un [::postgres/postgres-db-user ::postgres/postgres-db-password])) ;TODO add auth
(def auth? (s/keys :req-un [::shynet/django-secret-key
::postgres/postgres-db-user ::postgres/postgres-db-password]))
(defn k8s-objects [config]
(into
@ -26,7 +27,8 @@
[(yaml/to-string (postgres/generate-pvc))
(yaml/to-string (postgres/generate-deployment :postgres-image "postgres:14"))
(yaml/to-string (postgres/generate-service))]
[(yaml/to-string (shynet/generate-webserver-deployment))
[(yaml/to-string (shynet/generate-secret config))
(yaml/to-string (shynet/generate-webserver-deployment))
(yaml/to-string (shynet/generate-celeryworker-deployment))
(yaml/to-string (shynet/generate-ingress config))
(yaml/to-string (shynet/generate-certificate config))

View file

@ -8,10 +8,13 @@
(s/def ::fqdn pred/fqdn-string?)
(s/def ::issuer pred/letsencrypt-issuer?)
(s/def ::django-secret-key pred/bash-env-string?)
#?(:cljs
(defmethod yaml/load-resource :shynet [resource-name]
(case resource-name
"shynet/secret.yaml" (rc/inline "shynet/secret.yaml")
"shynet/certificate.yaml" (rc/inline "shynet/certificate.yaml")
"shynet/deployments.yaml" (rc/inline "shynet/deployments.yaml")
"shynet/ingress.yaml" (rc/inline "shynet/ingress.yaml")
@ -20,6 +23,15 @@
"shynet/statefulset.yaml" (rc/inline "shynet/statefulset.yaml")
(throw (js/Error. "Undefined Resource!")))))
(defn generate-secret [config]
(let [{:keys [fqdn django-secret-key postgres-db-user postgres-db-password]} config]
(->
(yaml/from-string (yaml/load-resource "shynet/secret.yaml"))
(assoc-in [:stringData :ALLOWED_HOSTS] fqdn)
(assoc-in [:stringData :DJANGO_SECRET_KEY] django-secret-key)
(assoc-in [:stringData :DB_USER] postgres-db-user)
(assoc-in [:stringData :DB_PASSWORD] postgres-db-password))))
(defn generate-certificate [config]
(let [{:keys [fqdn issuer]} config
letsencrypt-issuer (str "letsencrypt-" (name issuer) "-issuer")]

View file

@ -0,0 +1,28 @@
apiVersion: v1
kind: Secret
metadata:
name: shynet-settings
type: Opaque
stringData:
# Django settings
DEBUG: "False"
ALLOWED_HOSTS: fqdn # For better security, set this to your deployment's domain. Comma separated.
DJANGO_SECRET_KEY: django-secret-key
ACCOUNT_SIGNUPS_ENABLED: "False"
TIME_ZONE: "America/New_York"
# Redis configuration (if you use the default Kubernetes config, this will work)
REDIS_CACHE_LOCATION: "redis://shynet-redis.default.svc.cluster.local/0"
CELERY_BROKER_URL: "redis://shynet-redis.default.svc.cluster.local/1"
# PostgreSQL settings
DB_NAME: "shynet"
DB_USER: postgres-db-user
DB_PASSWORD: postgres-db-password
DB_HOST: "postgresql-service:5432"
# Email settings
EMAIL_HOST_USER: ""
EMAIL_HOST_PASSWORD: ""
EMAIL_HOST: ""
SERVER_EMAIL: "Shynet <noreply@shynet.example.com>"

View file

@ -79,3 +79,29 @@
[{:host "test.com"
:http {:paths [{:backend {:serviceName "shynet-webserver-service", :servicePort 8080}, :path "/"}]}}]}}
(cut/generate-ingress {:fqdn "test.com" :issuer :staging}))))
(deftest should-generate-secret
(is (= {:apiVersion "v1"
:kind "Secret"
:metadata {:name "shynet-settings"}
:type "Opaque"
:stringData
{:DEBUG "False"
:ALLOWED_HOSTS "test.com"
:DJANGO_SECRET_KEY "django-pw"
:ACCOUNT_SIGNUPS_ENABLED "False"
:TIME_ZONE "America/New_York"
:REDIS_CACHE_LOCATION
"redis://shynet-redis.default.svc.cluster.local/0"
:CELERY_BROKER_URL
"redis://shynet-redis.default.svc.cluster.local/1"
:DB_NAME "shynet"
:DB_USER "postgres-user"
:DB_PASSWORD "postgres-pw"
:DB_HOST "postgresql-service:5432"
:EMAIL_HOST_USER ""
:EMAIL_HOST_PASSWORD ""
:EMAIL_HOST ""
:SERVER_EMAIL "Shynet <noreply@shynet.example.com>"}}
(cut/generate-secret {:fqdn "test.com" :django-secret-key "django-pw"
:postgres-db-user "postgres-user" :postgres-db-password "postgres-pw"}))))

View file

@ -1,2 +1,3 @@
{:postgres-db-user "jira"
:postgres-db-password "jira-db-password"}
{:django-secret-key "django"
:postgres-db-user "shynet"
:postgres-db-password "shynet-db-password"}