Added secret.yaml

src/main/cljc/dda/c4k_shynet/core.cljc

@@ -13,7 +13,8 @@
 (def config? (s/keys :req-un [::shynet/fqdn]
                      :opt-un [::shynet/issuer ::postgres/postgres-data-volume-path]))
 
-(def auth? (s/keys :req-un [::postgres/postgres-db-user ::postgres/postgres-db-password])) ;TODO add auth 
+(def auth? (s/keys :req-un [::shynet/django-secret-key
+                            ::postgres/postgres-db-user ::postgres/postgres-db-password]))
 
 (defn k8s-objects [config]
   (into
@@ -26,7 +27,8 @@
     [(yaml/to-string (postgres/generate-pvc))
      (yaml/to-string (postgres/generate-deployment :postgres-image "postgres:14"))
      (yaml/to-string (postgres/generate-service))]
-    [(yaml/to-string (shynet/generate-webserver-deployment))
+    [(yaml/to-string (shynet/generate-secret config))
+     (yaml/to-string (shynet/generate-webserver-deployment))
      (yaml/to-string (shynet/generate-celeryworker-deployment))
      (yaml/to-string (shynet/generate-ingress config))
      (yaml/to-string (shynet/generate-certificate config))

src/main/cljc/dda/c4k_shynet/shynet.cljc

@@ -8,10 +8,13 @@
 
 (s/def ::fqdn pred/fqdn-string?)
 (s/def ::issuer pred/letsencrypt-issuer?)
+(s/def ::django-secret-key pred/bash-env-string?)
+
 
 #?(:cljs
    (defmethod yaml/load-resource :shynet [resource-name]
      (case resource-name
+       "shynet/secret.yaml" (rc/inline "shynet/secret.yaml")
        "shynet/certificate.yaml" (rc/inline "shynet/certificate.yaml")
        "shynet/deployments.yaml" (rc/inline "shynet/deployments.yaml")
        "shynet/ingress.yaml" (rc/inline "shynet/ingress.yaml")  
@@ -20,6 +23,15 @@
        "shynet/statefulset.yaml" (rc/inline "shynet/statefulset.yaml")
        (throw (js/Error. "Undefined Resource!")))))
  
+(defn generate-secret [config]
+  (let [{:keys [fqdn django-secret-key postgres-db-user postgres-db-password]} config]
+    (->
+     (yaml/from-string (yaml/load-resource "shynet/secret.yaml"))
+     (assoc-in [:stringData :ALLOWED_HOSTS] fqdn)
+     (assoc-in [:stringData :DJANGO_SECRET_KEY] django-secret-key)
+     (assoc-in [:stringData :DB_USER] postgres-db-user)
+     (assoc-in [:stringData :DB_PASSWORD] postgres-db-password))))
+
 (defn generate-certificate [config]
   (let [{:keys [fqdn issuer]} config
         letsencrypt-issuer (str "letsencrypt-" (name issuer) "-issuer")]

src/main/resources/shynet/secret.yaml

@@ -0,0 +1,28 @@
+apiVersion: v1
+kind: Secret
+metadata:
+    name: shynet-settings
+type: Opaque
+stringData:
+    # Django settings
+    DEBUG: "False"
+    ALLOWED_HOSTS: fqdn # For better security, set this to your deployment's domain. Comma separated.
+    DJANGO_SECRET_KEY: django-secret-key
+    ACCOUNT_SIGNUPS_ENABLED: "False"
+    TIME_ZONE: "America/New_York"
+
+    # Redis configuration (if you use the default Kubernetes config, this will work)
+    REDIS_CACHE_LOCATION: "redis://shynet-redis.default.svc.cluster.local/0"
+    CELERY_BROKER_URL: "redis://shynet-redis.default.svc.cluster.local/1"
+
+    # PostgreSQL settings
+    DB_NAME: "shynet"
+    DB_USER: postgres-db-user
+    DB_PASSWORD: postgres-db-password
+    DB_HOST: "postgresql-service:5432"
+
+    # Email settings
+    EMAIL_HOST_USER: ""
+    EMAIL_HOST_PASSWORD: ""
+    EMAIL_HOST: ""
+    SERVER_EMAIL: "Shynet <noreply@shynet.example.com>"

src/test/cljc/dda/c4k_shynet/shynet_test.cljc

@@ -78,4 +78,30 @@
            :rules
            [{:host "test.com"
              :http {:paths [{:backend {:serviceName "shynet-webserver-service", :servicePort 8080}, :path "/"}]}}]}}
-         (cut/generate-ingress {:fqdn "test.com" :issuer :staging}))))
+         (cut/generate-ingress {:fqdn "test.com" :issuer :staging}))))
+
+(deftest should-generate-secret
+  (is (= {:apiVersion "v1"
+          :kind "Secret"
+          :metadata {:name "shynet-settings"}
+          :type "Opaque"
+          :stringData
+          {:DEBUG "False"
+           :ALLOWED_HOSTS "test.com"
+           :DJANGO_SECRET_KEY "django-pw"
+           :ACCOUNT_SIGNUPS_ENABLED "False"
+           :TIME_ZONE "America/New_York"
+           :REDIS_CACHE_LOCATION
+           "redis://shynet-redis.default.svc.cluster.local/0"
+           :CELERY_BROKER_URL
+           "redis://shynet-redis.default.svc.cluster.local/1"
+           :DB_NAME "shynet"
+           :DB_USER "postgres-user"
+           :DB_PASSWORD "postgres-pw"
+           :DB_HOST "postgresql-service:5432"
+           :EMAIL_HOST_USER ""
+           :EMAIL_HOST_PASSWORD ""
+           :EMAIL_HOST ""
+           :SERVER_EMAIL "Shynet <noreply@shynet.example.com>"}}
+         (cut/generate-secret {:fqdn "test.com" :django-secret-key "django-pw"
+                               :postgres-db-user "postgres-user" :postgres-db-password "postgres-pw"}))))

valid-auth.edn

@@ -1,2 +1,3 @@
-{:postgres-db-user "jira"
- :postgres-db-password "jira-db-password"}
+{:django-secret-key "django"
+ :postgres-db-user "shynet"
+ :postgres-db-password "shynet-db-password"}