meissa/c4k-taiga
6
0
Fork 0
Code Issues Pull requests Projects Releases7 Packages Wiki Activity

Merge branch 'main' of ssh://repo.prod.meissa.de:2222/meissa/c4k-taiga

Browse source
This commit is contained in:
Michael Jerger 2025-01-24 15:06:40 +01:00
commit 46c49a3317
65 changed files with 626 additions and 522 deletions

5
.gitignore vendored
View file

@ -27,8 +27,7 @@ public/js/
*.iml
.idea/
auth.edn
config.edn
build-and-move-frontend.sh
website.yaml
.envrc

12
README.md
View file

@ -2,7 +2,7 @@
[![Clojars Project](https://img.shields.io/clojars/v/org.domaindrivenarchitecture/c4k-taiga.svg)](https://clojars.org/org.domaindrivenarchitecture/c4k-taiga) [![pipeline status](https://gitlab.com/domaindrivenarchitecture/c4k-taiga/badges/master/pipeline.svg)](https://gitlab.com/domaindrivenarchitecture/c4k-taiga/-/commits/main)
[<img src="https://domaindrivenarchitecture.org/img/delta-chat.svg" width=20 alt="DeltaChat"> chat over e-mail](mailto:buero@meissa-gmbh.de?subject=community-chat) | [<img src="https://meissa-gmbh.de/img/community/Mastodon_Logotype.svg" width=20 alt="team@social.meissa-gmbh.de"> team@social.meissa-gmbh.de](https://social.meissa-gmbh.de/@team) | [taiga & Blog](https://domaindrivenarchitecture.org)
[<img src="https://domaindrivenarchitecture.org/img/delta-chat.svg" width=20 alt="DeltaChat"> chat over e-mail](mailto:buero@meissa-gmbh.de?subject=community-chat) | [<img src="https://meissa.de/images/parts/contact/mastodon36_hue9b2464f10b18e134322af482b9c915e_5501_filter_14705073121015236177.png" width=20 alt="M"> meissa@social.meissa-gmbh.de](https://social.meissa-gmbh.de/@meissa) | [Blog](https://domaindrivenarchitecture.org) | [Website](https://meissa.de)
## Purpose
@ -63,10 +63,18 @@ To set up you need:
Apply this file on your cluster with `kubectl apply -f application.yaml`.
Done.
## Setup
`python manage.py createsuperuser --noinput`
## Administration
You can access the administration of the taiga installation via: your.taiga.url/admin/
In order to login, you first have to create a superuser.
1. Connect to taiga-back pod: `kubectl exec -it taiga-back-deployment-... -- bash`
2. `source /opt/venv/bin/activate && python manage.py createsuperuser --noinput`
## Backup
You need some form of cloud storage like AWS buckets and the respective access credentials
@ -90,7 +98,7 @@ For more details about our repository model see: https://repo.prod.meissa.de/mei
## License
Copyright © 2022 meissa GmbH
Copyright © 2024, 2025 meissa GmbH
Licensed under the [Apache License, Version 2.0](LICENSE) (the "License")
Pls. find licenses of our subcomponents [here](doc/SUBCOMPONENT_LICENSE)

1
build.py
View file

@ -152,6 +152,7 @@ def upload_clj(project):
@task
def inst(project):
run("lein uberjar", shell=True, check=True)
package_uberjar(project)
package_native(project)
run(

27
infrastructure/backup/build.py
View file

@ -1,14 +1,20 @@
from os import environ
from datetime import datetime
from pybuilder.core import task, init
from ddadevops import *
name = "c4k-taiga-backup"
MODULE = "docker"
name = "c4k-taiga"
MODULE = "backup"
PROJECT_ROOT_PATH = "../.."
version = "1.2.5-dev"
@init
def initialize(project):
image_tag = version
if "dev" in image_tag:
image_tag += datetime.now().strftime("%Y-%m-%d-%H-%M-%S")
input = {
"name": name,
"module": MODULE,
@ -16,9 +22,11 @@ def initialize(project):
"project_root_path": PROJECT_ROOT_PATH,
"build_types": ["IMAGE"],
"mixin_types": [],
"image_naming": "NAME_AND_MODULE",
"image_tag": f"{image_tag}",
}
project.build_depends_on("ddadevops>=4.0.0-dev")
project.build_depends_on("ddadevops>=4.7.0")
build = DevopsImageBuild(project, input)
build.initialize_build_dir()
@ -29,21 +37,18 @@ def image(project):
build = get_devops_build(project)
build.image()
@task
def drun(project):
build = get_devops_build(project)
build.drun()
@task
def test(project):
build = get_devops_build(project)
build.test()
@task
def publish(project):
build = get_devops_build(project)
build.dockerhub_login()
build.dockerhub_publish()
@task
def test(project):
build = get_devops_build(project)
build.test()
build.dockerhub_publish()

4
infrastructure/backup/image/Dockerfile
View file

@ -1,5 +1,5 @@
FROM domaindrivenarchitecture/dda-backup:latest
FROM domaindrivenarchitecture/dda-backup:5.3.0
# Prepare Entrypoint Script
ADD resources /tmp
RUN /tmp/install.sh
RUN /tmp/install.bb

29
infrastructure/backup/image/resources/backup.bb Executable file
View file

@ -0,0 +1,29 @@
#!/usr/bin/env bb
(require
'[dda.backup.core :as bc]
'[dda.backup.config :as cfg]
'[dda.backup.restic :as rc]
'[dda.backup.postgresql :as pg]
'[dda.backup.backup :as bak])
(def config (cfg/read-config "/usr/local/bin/config.edn"))
(defn prepare!
[]
(bc/create-aws-credentials! (:aws-config config))
(pg/create-pg-pass! (:db-config config)))
(defn restic-repo-init!
[]
(rc/init! (:file-config config))
(rc/init! (:db-config config)))
(defn restic-backup!
[]
(bak/backup-file! (:file-config config))
(bak/backup-db! (:db-config config)))
(prepare!)
(restic-repo-init!)
(restic-backup!)

17
infrastructure/backup/image/resources/backup.sh
View file

@ -1,17 +0,0 @@
#!/bin/bash
function main() {
file_env AWS_ACCESS_KEY_ID
file_env AWS_SECRET_ACCESS_KEY
file_env RESTIC_DAYS_TO_KEEP 30
file_env RESTIC_MONTHS_TO_KEEP 12
backup-db-dump
backup-directory "/media"
}
source /usr/local/lib/functions.sh
source /usr/local/lib/pg-functions.sh
source /usr/local/lib/file-functions.sh
main

4
infrastructure/backup/image/resources/bb-backup.edn Normal file
View file

@ -0,0 +1,4 @@
{:deps {org.clojure/spec.alpha {:mvn/version "0.4.233"}
orchestra/orchestra {:mvn/version "2021.01.01-1"}
aero/aero {:mvn/version "1.1.6"}
org.domaindrivenarchitecture/dda-backup {:local/root "/usr/local/lib/dda-backup"}}}

3
infrastructure/backup/image/resources/bb.edn Normal file
View file

@ -0,0 +1,3 @@
{:deps {org.clojure/spec.alpha {:mvn/version "0.4.233"}
orchestra/orchestra {:mvn/version "2021.01.01-1"}
org.domaindrivenarchitecture/dda-build {:mvn/version "0.2.0"}}}

24
infrastructure/backup/image/resources/change-password.bb Executable file
View file

@ -0,0 +1,24 @@
#!/usr/bin/env bb
(require
'[dda.backup.core :as bc]
'[dda.backup.config :as cfg]
'[dda.backup.restic :as rc])
(def config (cfg/read-config "/usr/local/bin/config.edn"))
(def file-pw-change-config (merge (:file-config config)
{:new-password-file (bc/env-or-file "RESTIC_NEW_PASSWORD_FILE")}))
(def db-pw-change-config (merge (:db-config config)
{:new-password-file (bc/env-or-file "RESTIC_NEW_PASSWORD_FILE")}))
(defn prepare!
[]
(bc/create-aws-credentials! (:aws-config config)))
(defn change-password!
[]
(rc/change-password! file-pw-change-config)
(rc/change-password! db-pw-change-config))
(prepare!)
(change-password!)

24
infrastructure/backup/image/resources/config.edn Normal file
View file

@ -0,0 +1,24 @@
{:restic-repo {:password-file #env-or-file "RESTIC_PASSWORD_FILE"
:restic-repository #env-or-file "RESTIC_REPOSITORY"}
:file-config #merge [#ref [:restic-repo]
{:backup-path "files"
:execution-directory "/media"
:files ["."]}]
:file-restore-config #merge [#ref [:restic-repo]
{:backup-path "files"
:restore-target-directory "/media/"
:clean-up-elements ["user"]}]
:db-config #merge [#ref [:restic-repo] {:backup-path "pg-database"
:pg-host #env-or-file "POSTGRES_SERVICE"
:pg-port #env-or-file "POSTGRES_PORT"
:pg-db #env-or-file "POSTGRES_DB"
:pg-user #env-or-file "POSTGRES_USER"
:pg-password #env-or-file "POSTGRES_PASSWORD"}]
:aws-config {:aws-access-key-id #env-or-file "AWS_ACCESS_KEY_ID"
:aws-secret-access-key #env-or-file "AWS_SECRET_ACCESS_KEY"}
:dry-run {:dry-run true :debug true}}

13
infrastructure/backup/image/resources/entrypoint-start-and-wait.sh
View file

@ -1,13 +0,0 @@
#!/bin/bash
function main() {
create-pg-pass
while true; do
sleep 1m
done
}
source /usr/local/lib/functions.sh
source /usr/local/lib/pg-functions.sh
main

11
infrastructure/backup/image/resources/entrypoint.sh
View file

@ -1,11 +0,0 @@
#!/bin/bash
function main() {
create-pg-pass
/usr/local/bin/backup.sh
}
source /usr/local/lib/functions.sh
source /usr/local/lib/pg-functions.sh
main

3
infrastructure/backup/image/resources/init.bb Executable file
View file

@ -0,0 +1,3 @@
#!/usr/bin/env bb
(println "initialized")

14
infrastructure/backup/image/resources/init.sh
View file

@ -1,14 +0,0 @@
#!/bin/bash
function main() {
file_env AWS_ACCESS_KEY_ID
file_env AWS_SECRET_ACCESS_KEY
init-database-repo
init-file-repo
}
source /usr/local/lib/functions.sh
source /usr/local/lib/pg-functions.sh
source /usr/local/lib/file-functions.sh
main

18
infrastructure/backup/image/resources/install.bb Executable file
View file

@ -0,0 +1,18 @@
#!/usr/bin/env bb
(require
'[dda.image.ubuntu :as ub]
'[dda.image.install :as in])
(ub/upgrade-system!)
(in/install! "bb-backup.edn" :target-name "bb.edn" :mod "0440")
(in/install! "config.edn" :mod "0440")
(in/install! "init.bb")
(in/install! "backup.bb")
(in/install! "restore.bb")
(in/install! "list-snapshots.bb")
(in/install! "change-password.bb")
(in/install! "restore.bb")
(in/install! "wait.bb")
(ub/cleanup-container!)

21
infrastructure/backup/image/resources/install.sh
View file

@ -1,21 +0,0 @@
#!/bin/bash
set -exo pipefail
function main()
{
{
install -m 0700 /tmp/entrypoint.sh /
install -m 0700 /tmp/entrypoint-start-and-wait.sh /
install -m 0700 /tmp/init.sh /usr/local/bin/
install -m 0700 /tmp/backup.sh /usr/local/bin/
install -m 0700 /tmp/restore.sh /usr/local/bin/
install -m 0700 /tmp/restic-snapshots.sh /usr/local/bin/
cleanupDocker
} > /dev/null
}
source /tmp/install_functions_debian.sh
DEBIAN_FRONTEND=noninteractive DEBCONF_NOWARNINGS=yes main

20
infrastructure/backup/image/resources/list-snapshots.bb Executable file
View file

@ -0,0 +1,20 @@
#!/usr/bin/env bb
(require
'[dda.backup.core :as bc]
'[dda.backup.config :as cfg]
'[dda.backup.restic :as rc])
(def config (cfg/read-config "/usr/local/bin/config.edn"))
(defn prepare!
[]
(bc/create-aws-credentials! (:aws-config config)))
(defn list-snapshots!
[]
(rc/list-snapshots! (:file-config config))
(rc/list-snapshots! (:db-config config)))
(prepare!)
(list-snapshots!)

14
infrastructure/backup/image/resources/restic-snapshots.sh
View file

@ -1,14 +0,0 @@
#!/bin/bash
function main() {
file_env AWS_ACCESS_KEY_ID
file_env AWS_SECRET_ACCESS_KEY
restic -r ${RESTIC_REPOSITORY}/files snapshots
restic -r ${RESTIC_REPOSITORY}/pg-database snapshots
}
source /usr/local/lib/functions.sh
source /usr/local/lib/file-functions.sh
main

24
infrastructure/backup/image/resources/restore.bb Executable file
View file

@ -0,0 +1,24 @@
#!/usr/bin/env bb
(require
'[babashka.tasks :as t]
'[dda.backup.core :as bc]
'[dda.backup.config :as cfg]
'[dda.backup.postgresql :as pg]
'[dda.backup.restore :as rs])
(def config (cfg/read-config "/usr/local/bin/config.edn"))
(defn prepare!
[]
(bc/create-aws-credentials! (:aws-config config))
(pg/create-pg-pass! (:db-config config)))
(defn restic-restore!
[]
(pg/drop-create-db! (:db-config config))
(rs/restore-db! (:db-config config))
(rs/restore-file! (:file-restore-config config))
(t/shell "chown -R 999:999 /media"))
(prepare!)
(restic-restore!)

29
infrastructure/backup/image/resources/restore.sh
View file

@ -1,29 +0,0 @@
#!/bin/bash
function main() {
file_env AWS_ACCESS_KEY_ID
file_env AWS_SECRET_ACCESS_KEY
file_env POSTGRES_DB
file_env POSTGRES_PASSWORD
file_env POSTGRES_USER
# Restore latest snapshot into /var/backups/restore
restore-directory '/var/backups/restore'
mv /var/backups/restore/* /media
# adjust file permissions for the taiga user
chown -R 999:999 /media
# Restore db
drop-create-db
restore-db
}
source /usr/local/lib/functions.sh
source /usr/local/lib/pg-functions.sh
source /usr/local/lib/file-functions.sh
main

19
infrastructure/backup/image/resources/wait.bb Executable file
View file

@ -0,0 +1,19 @@
#!/usr/bin/env bb
(require
'[dda.backup.core :as bc]
'[dda.backup.config :as cfg]
'[dda.backup.postgresql :as pg])
(def config (cfg/read-config "/usr/local/bin/config.edn"))
(defn prepare!
[]
(bc/create-aws-credentials! (:aws-config config))
(pg/create-pg-pass! (:db-config config)))
(defn wait! []
(while true
(Thread/sleep 1000)))
(prepare!)
(wait!)

4
infrastructure/backup/test/Dockerfile Normal file
View file

@ -0,0 +1,4 @@
FROM c4k-taiga-backup:latest
ADD resources /tmp/
RUN RESTIC_PASSWORD_FILE=/tmp/file_password RESTIC_NEW_PASSWORD_FILE=/tmp/new_file_password RESTIC_REPOSITORY=restic-repo POSTGRES_SERVICE=dummy POSTGRES_PORT=dummy POSTGRES_DB=dummy POSTGRES_USER=dummy POSTGRES_PASSWORD=dummy AWS_ACCESS_KEY_ID=dummy AWS_SECRET_ACCESS_KEY=dummy /tmp/test.bb

4
infrastructure/backup/test/resources/bb.edn Normal file
View file

@ -0,0 +1,4 @@
{:deps {org.clojure/spec.alpha {:mvn/version "0.4.233"}
orchestra/orchestra {:mvn/version "2021.01.01-1"}
aero/aero {:mvn/version "1.1.6"}
org.domaindrivenarchitecture/dda-backup {:local/root "/usr/local/lib/dda-backup"}}}

1
infrastructure/backup/test/resources/file_password Normal file
View file

@ -0,0 +1 @@
oldPassword

1
infrastructure/backup/test/resources/new_file_password Normal file
View file

@ -0,0 +1 @@
newPassword

59
infrastructure/backup/test/resources/test.bb Executable file
View file

@ -0,0 +1,59 @@
#!/usr/bin/env bb
(require '[babashka.tasks :as tasks]
'[dda.backup.core :as bc]
'[dda.backup.config :as cfg]
'[dda.backup.restic :as rc]
'[dda.backup.postgresql :as pg]
'[dda.backup.backup :as bak]
'[dda.backup.restore :as rs])
(def config (cfg/read-config "/usr/local/bin/config.edn"))
(def file-pw-change-config (merge (:file-config config)
{:new-password-file (bc/env-or-file "RESTIC_NEW_PASSWORD_FILE")}))
(defn prepare!
[]
(tasks/shell "mkdir" "-p" "/var/backups/")
(spit "/var/backups/file" "I was here")
(tasks/shell "mkdir" "-p" "/var/restore"))
(defn restic-repo-init!
[]
(rc/init! (:file-config config))
(rc/init! (merge (:db-config config)
(:dry-run config))))
(defn restic-backup!
[]
(bak/backup-file! (:file-config config))
(bak/backup-db! (merge (:db-config config)
(:dry-run config))))
(defn list-snapshots!
[]
(rc/list-snapshots! (:file-config config))
(rc/list-snapshots! (merge (:db-config config)
(:dry-run config))))
(defn restic-restore!
[]
(pg/drop-create-db! (merge (:db-config config)
(:dry-run config)))
(rs/restore-db! (merge (:db-config config)
(:dry-run config)))
(rs/restore-file! (merge (:file-restore-config config)
(:dry-run config))))
(defn change-password!
[]
(println "change-password!")
(rc/change-password! file-pw-change-config))
(prepare!)
(restic-repo-init!)
(restic-backup!)
(list-snapshots!)
(restic-restore!)
(change-password!)

10
package.json
View file

@ -2,7 +2,7 @@
"name": "c4k-taiga",
"description": "Generate c4k yaml for a taiga project management deployment.",
"author": "meissa GmbH",
"version": "1.1.3-SNAPSHOT",
"version": "1.2.5-SNAPSHOT",
"homepage": "https://gitlab.com/domaindrivenarchitecture/c4k-taiga#readme",
"repository": "https://www.npmjs.com/package/c4k-taiga",
"license": "APACHE2",
@ -23,11 +23,11 @@
"url": "https://gitlab.com/domaindrivenarchitecture/c4k-taiga/issues"
},
"dependencies": {
"js-base64": "^3.7.5",
"js-yaml": "^4.0.0"
"js-base64": "^3.7.7",
"js-yaml": "^4.1.0"
},
"devDependencies": {
"shadow-cljs": "^2.11.18",
"source-map-support": "^0.5.19"
"shadow-cljs": "^2.28.20",
"source-map-support": "^0.5.21"
}
}

12
project.clj
View file

@ -1,11 +1,11 @@
(defproject org.domaindrivenarchitecture/c4k-taiga "1.1.3-SNAPSHOT"
(defproject org.domaindrivenarchitecture/c4k-taiga "1.2.5-SNAPSHOT"
:description "taiga c4k-installation package"
:url "https://domaindrivenarchitecture.org"
:license {:name "Apache License, Version 2.0"
:url "https://www.apache.org/licenses/LICENSE-2.0.html"}
:dependencies [[org.clojure/clojure "1.11.1"]
[org.clojure/tools.reader "1.4.0"]
[org.domaindrivenarchitecture/c4k-common-clj "6.1.3"]
:dependencies [[org.clojure/clojure "1.12.0"]
[org.clojure/tools.reader "1.5.0"]
[org.domaindrivenarchitecture/c4k-common-clj "9.0.1"]
[hickory "0.7.1" :exclusions [viebel/codox-klipse-theme]]]
:target-path "target/%s/"
:source-paths ["src/main/cljc"
@ -23,9 +23,9 @@
:main dda.c4k-taiga.uberjar
:uberjar-name "c4k-taiga-standalone.jar"
:dependencies [[org.clojure/tools.cli "1.1.230"]
[ch.qos.logback/logback-classic "1.5.0"
[ch.qos.logback/logback-classic "1.5.16"
:exclusions [com.sun.mail/javax.mail]]
[org.slf4j/jcl-over-slf4j "2.0.12"]
[org.slf4j/jcl-over-slf4j "2.0.16"]
[com.github.clj-easy/graal-build-time "1.0.5"]]}}
:release-tasks [["test"]
["vcs" "assert-committed"]

2
shadow-cljs.edn
View file

@ -4,7 +4,7 @@
"src/test/cljc"
"src/test/cljs"
"src/test/resources"]
:dependencies [[org.domaindrivenarchitecture/c4k-common-cljs "6.1.3"]
:dependencies [[org.domaindrivenarchitecture/c4k-common-cljs "9.0.1"]
[hickory "0.7.1"]]
:builds {:frontend {:target :browser
:modules {:main {:init-fn dda.c4k-taiga.browser/init}}

8
src/main/clj/dda/c4k_taiga/uberjar.clj
View file

@ -4,12 +4,12 @@
[dda.c4k-common.uberjar :as uberjar]
[dda.c4k-taiga.core :as core]))
(defn -main [& cmd-args]
(uberjar/main-common
(uberjar/main-cm
"c4k-taiga"
core/config?
core/auth?
core/config-defaults
core/k8s-objects
core/defaults
core/config-objects
core/auth-objects
cmd-args))

71
src/main/cljc/dda/c4k_taiga/backup.cljc
View file

@ -1,45 +1,52 @@
(ns dda.c4k-taiga.backup
(:require
[clojure.spec.alpha :as s]
#?(:cljs [shadow.resource :as rc])
[dda.c4k-common.yaml :as yaml]
[dda.c4k-common.base64 :as b64]
[dda.c4k-common.common :as cm]
[dda.c4k-common.predicate :as pd]))
(:require
[clojure.spec.alpha :as s]
#?(:clj [orchestra.core :refer [defn-spec]]
:cljs [orchestra.core :refer-macros [defn-spec]])
[dda.c4k-common.yaml :as yaml]
[dda.c4k-common.base64 :as b64]
[dda.c4k-common.common :as cm]
[dda.c4k-common.predicate :as p]
#?(:cljs [dda.c4k-common.macros :refer-macros [inline-resources]])))
(s/def ::aws-access-key-id pd/bash-env-string?)
(s/def ::aws-secret-access-key pd/bash-env-string?)
(s/def ::restic-password pd/bash-env-string?)
(s/def ::restic-repository pd/bash-env-string?)
(s/def ::aws-access-key-id p/bash-env-string?)
(s/def ::aws-secret-access-key p/bash-env-string?)
(s/def ::restic-password p/bash-env-string?)
(s/def ::restic-new-password p/bash-env-string?)
(s/def ::restic-repository p/bash-env-string?)
(s/def ::config (s/keys :req-un [::restic-repository]))
(s/def ::auth (s/keys :req-un [::restic-password ::aws-access-key-id ::aws-secret-access-key]
:opt-un [::restic-new-password]))
#?(:cljs
(defmethod yaml/load-resource :backup [resource-name]
(case resource-name
"backup/config.yaml" (rc/inline "backup/config.yaml")
"backup/cron.yaml" (rc/inline "backup/cron.yaml")
"backup/secret.yaml" (rc/inline "backup/secret.yaml")
"backup/backup-restore-deployment.yaml" (rc/inline "backup/backup-restore-deployment.yaml")
(throw (js/Error. "Undefined Resource!")))))
(get (inline-resources "backup") resource-name)))
(defn generate-config [my-conf]
(defn-spec generate-config p/map-or-seq?
[my-conf ::config]
(let [{:keys [restic-repository]} my-conf]
(->
(yaml/load-as-edn "backup/config.yaml")
(cm/replace-key-value :restic-repository restic-repository))))
(defn generate-cron []
(yaml/load-as-edn "backup/cron.yaml"))
(defn-spec generate-cron p/map-or-seq?
[]
(yaml/load-as-edn "backup/cron.yaml"))
(defn generate-backup-restore-deployment [my-conf]
(let [backup-restore-yaml (yaml/load-as-edn "backup/backup-restore-deployment.yaml")]
(if (and (contains? my-conf :local-integration-test) (= true (:local-integration-test my-conf)))
(cm/replace-named-value backup-restore-yaml "CERTIFICATE_FILE" "/var/run/secrets/localstack-secrets/ca.crt")
backup-restore-yaml)))
(defn-spec generate-backup-restore-deployment p/map-or-seq?
[my-conf ::config]
(yaml/load-as-edn "backup/backup-restore-deployment.yaml"))
(defn generate-secret [my-auth]
(let [{:keys [aws-access-key-id aws-secret-access-key restic-password]} my-auth]
(->
(yaml/load-as-edn "backup/secret.yaml")
(cm/replace-key-value :aws-access-key-id (b64/encode aws-access-key-id))
(cm/replace-key-value :aws-secret-access-key (b64/encode aws-secret-access-key))
(cm/replace-key-value :restic-password (b64/encode restic-password)))))
(defn-spec generate-secret p/map-or-seq?
[auth ::auth]
(let [{:keys [aws-access-key-id aws-secret-access-key
restic-password restic-new-password]} auth]
(as-> (yaml/load-as-edn "backup/secret.yaml") res
(cm/replace-key-value res :aws-access-key-id (b64/encode aws-access-key-id))
(cm/replace-key-value res :aws-secret-access-key (b64/encode aws-secret-access-key))
(cm/replace-key-value res :restic-password (b64/encode restic-password))
(if (contains? auth :restic-new-password)
(assoc-in res [:data :restic-new-password] (b64/encode restic-new-password))
res))))

146
src/main/cljc/dda/c4k_taiga/core.cljc
View file

@ -9,57 +9,103 @@
[dda.c4k-common.monitoring :as mon]
[dda.c4k-taiga.taiga :as taiga]
[dda.c4k-taiga.backup :as backup]
[dda.c4k-common.postgres :as postgres]))
[dda.c4k-common.postgres :as postgres]
[dda.c4k-common.namespace :as ns]))
(def default-storage-class :local-path)
(def defaults {:namespace "taiga"
:issuer "staging"
:storage-class-name "local-path"
:pv-storage-size-gb "5"
:storage-media-size "5"
:storage-static-size "5"
:storage-async-rabbitmq-size "5"
:storage-events-rabbitmq-size "5"
:public-register-enabled "false"
:enable-telemetry "false"})
(def config? taiga/config?)
(def auth? taiga/auth?)
(def config? (s/merge
::backup/config
(s/keys :req-un [::taiga/fqdn]
:opt-un [::taiga/issuer
::taiga/storage-class-name
::taiga/storage-media-size
::taiga/storage-static-size
::taiga/storage-async-rabbitmq-size
::taiga/storage-events-rabbitmq-size
::taiga/public-register-enabled
::taiga/enable-telemetry
::postgres/pv-storage-size-gb
::mon/mon-cfg])))
(def config-defaults taiga/config-defaults)
(def auth? (s/merge
::backup/auth
(s/keys :req-un [::postgres/postgres-db-user
::postgres/postgres-db-password
::taiga/taiga-secret-key
::taiga/mailer-pw
::taiga/mailer-user
::taiga/django-superuser-email
::taiga/django-superuser-password
::taiga/django-superuser-username
::taiga/rabbitmq-erlang-cookie
::taiga/rabbitmq-pw
::taiga/rabbitmq-user
::mon/mon-auth])))
(defn-spec k8s-objects cp/map-or-seq?
[config taiga/config?
auth taiga/auth?]
(cm/concat-vec
(map yaml/to-string
(filter
#(not (nil? %))
(cm/concat-vec
[(postgres/generate-config {:postgres-size :8gb :db-name "taiga"})
(postgres/generate-secret auth)
(postgres/generate-pvc {:pv-storage-size-gb 50
:pvc-storage-class-name default-storage-class})
(postgres/generate-deployment)
(postgres/generate-service)
(taiga/generate-async-deployment)
(taiga/generate-async-rabbitmq-deployment)
(taiga/generate-async-rabbitmq-service)
(taiga/generate-async-service)
(taiga/generate-back-deployment)
(taiga/generate-back-service)
(taiga/generate-configmap config)
(taiga/generate-pvc-taiga-media-data config)
(taiga/generate-pvc-taiga-static-data config)
(taiga/generate-events-deployment)
(taiga/generate-events-rabbitmq-deployment)
(taiga/generate-events-rabbitmq-service)
(taiga/generate-events-service)
(taiga/generate-front-deployment)
(taiga/generate-front-service)
(taiga/generate-gateway-configmap)
(taiga/generate-gateway-deployment)
(taiga/generate-gateway-service)
(taiga/generate-protected-deployment)
(taiga/generate-protected-service)
(taiga/generate-rabbitmq-pvc-async config)
(taiga/generate-rabbitmq-pvc-events config)
(taiga/generate-secret auth)]
(taiga/generate-ingress-and-cert config)
(when (contains? config :restic-repository)
[(backup/generate-config config)
(backup/generate-secret auth)
(backup/generate-cron)
(backup/generate-backup-restore-deployment config)])
(when (:contains? config :mon-cfg)
(mon/generate (:mon-cfg config) (:mon-auth auth))))))))
(defn-spec config-objects cp/map-or-seq?
[config config?]
(let [resolved-config (merge defaults config)]
(cm/concat-vec
(map yaml/to-string
(filter
#(not (nil? %))
(cm/concat-vec
(ns/generate resolved-config)
(postgres/generate-config (merge resolved-config
{:postgres-size :8gb :db-name "taiga"
:pv-storage-size-gb 50}))
[(taiga/generate-async-deployment)
(taiga/generate-async-rabbitmq-deployment)
(taiga/generate-async-rabbitmq-service)
(taiga/generate-async-service)
(taiga/generate-back-deployment)
(taiga/generate-back-service)
(taiga/generate-configmap resolved-config)
(taiga/generate-pvc-taiga-media-data resolved-config)
(taiga/generate-pvc-taiga-static-data resolved-config)
(taiga/generate-events-deployment)
(taiga/generate-events-rabbitmq-deployment)
(taiga/generate-events-rabbitmq-service)
(taiga/generate-events-service)
(taiga/generate-front-deployment)
(taiga/generate-front-service)
(taiga/generate-gateway-configmap)
(taiga/generate-gateway-deployment)
(taiga/generate-gateway-service)
(taiga/generate-protected-deployment)
(taiga/generate-protected-service)
(taiga/generate-rabbitmq-pvc-async resolved-config)
(taiga/generate-rabbitmq-pvc-events resolved-config)]
(taiga/generate-ingress-and-cert resolved-config)
(when (contains? resolved-config :restic-repository)
[(backup/generate-config resolved-config)
(backup/generate-cron)
(backup/generate-backup-restore-deployment resolved-config)])
(when (:contains? resolved-config :mon-cfg)
(mon/generate-config))))))))
(defn-spec auth-objects cp/map-or-seq?
[config config?
auth auth?]
(let [resolved-config (merge defaults config)]
(cm/concat-vec
(map yaml/to-string
(filter
#(not (nil? %))
(cm/concat-vec
(postgres/generate-auth resolved-config auth)
[(taiga/generate-secret auth)]
(when (contains? resolved-config :restic-repository)
[(backup/generate-secret auth)])
(when (:contains? resolved-config :mon-cfg)
(mon/generate-auth (:mon-cfg resolved-config) (:mon-auth auth)))))))))

154
src/main/cljc/dda/c4k_taiga/taiga.cljc
View file

@ -1,35 +1,16 @@
(ns dda.c4k-taiga.taiga
(:require
[clojure.spec.alpha :as s]
#?(:cljs [shadow.resource :as rc])
#?(:clj [orchestra.core :refer [defn-spec]]
:cljs [orchestra.core :refer-macros [defn-spec]])
#?(:clj [clojure.edn :as edn]
:cljs [cljs.reader :as edn])
[dda.c4k-common.yaml :as yaml]
[dda.c4k-common.common :as cm]
[dda.c4k-common.base64 :as b64]
[dda.c4k-common.predicate :as cp]
[dda.c4k-common.monitoring :as mon]
[dda.c4k-common.postgres :as postgres]
[dda.c4k-common.ingress :as ing]
[clojure.string :as str]
#?(:cljs [dda.c4k-common.macros :refer-macros [inline-resources]])))
[dda.c4k-common.base64 :as b64]
[dda.c4k-common.predicate :as p]
[dda.c4k-common.common :as cm]
#?(:cljs [dda.c4k-common.macros :refer-macros [inline-resources]])))
(def config-defaults {:issuer "staging"
:storage-class-name "local-path"
:pv-storage-size-gb "5" ;; ToDo: check sensible defaults
:storage-media-size "5"
:storage-static-size "5"
:storage-async-rabbitmq-size "5"
:storage-events-rabbitmq-size "5"
:public-register-enabled "false"
:enable-telemetry "false"})
(s/def ::mon-cfg ::mon/mon-cfg)
(s/def ::mon-auth ::mon/mon-auth)
(s/def ::taiga-secret-key cp/bash-env-string?)
(s/def ::taiga-secret-key p/bash-env-string?)
(s/def ::mailer-user string?)
(s/def ::mailer-pw string?)
(s/def ::django-superuser-username string?)
@ -39,9 +20,9 @@
(s/def ::rabbitmq-pw string?)
(s/def ::rabbitmq-erlang-cookie string?)
(s/def ::issuer cp/letsencrypt-issuer?)
(s/def ::fqdn cp/fqdn-string?)
(s/def ::public-register-enabled string?) ;; ToDo maybe check for boolean string
(s/def ::issuer p/letsencrypt-issuer?)
(s/def ::fqdn p/fqdn-string?)
(s/def ::public-register-enabled string?)
(s/def ::enable-telemetry string?)
(s/def ::storage-class-name string?)
(s/def ::storage-media-size pos?)
@ -49,37 +30,34 @@
(s/def ::storage-async-rabbitmq-size pos?)
(s/def ::storage-events-rabbitmq-size pos?)
(def auth? (s/keys :req-un [::postgres/postgres-db-user
::postgres/postgres-db-password
::taiga-secret-key
::mailer-pw
::mailer-user
::django-superuser-email
::django-superuser-password
::django-superuser-username
::rabbitmq-erlang-cookie
::rabbitmq-pw
::rabbitmq-user]
:opt-un [::mon-auth]))
(s/def ::auth (s/keys :req-un [::taiga-secret-key
::mailer-pw
::mailer-user
::django-superuser-email
::django-superuser-password
::django-superuser-username
::rabbitmq-erlang-cookie
::rabbitmq-pw
::rabbitmq-user]
:opt-un [::mon-auth]))
(def config? (s/keys :req-un [::fqdn]
:opt-un [::issuer
::storage-class-name
::storage-media-size
::storage-static-size
::storage-async-rabbitmq-size
::storage-events-rabbitmq-size
::postgres/pv-storage-size-gb
::public-register-enabled
::enable-telemetry
::mon-cfg]))
(s/def ::config (s/keys :req-un [::fqdn]
:opt-un [::issuer
::storage-class-name
::storage-media-size
::storage-static-size
::storage-async-rabbitmq-size
::storage-events-rabbitmq-size
::public-register-enabled
::enable-telemetry
::mon-cfg]))
#?(:cljs
(defmethod yaml/load-resource :taiga [resource-name]
(get (inline-resources "taiga") resource-name)))
(defn-spec generate-ingress-and-cert cp/map-or-seq?
[config config?]
(defn-spec generate-ingress-and-cert p/map-or-seq?
[config ::config]
(let [{:keys [fqdn]} config]
(ing/generate-ingress-and-cert
(merge
@ -88,85 +66,85 @@
:fqdns [fqdn]}
config))))
(defn-spec generate-async-deployment cp/map-or-seq? []
(defn-spec generate-async-deployment p/map-or-seq? []
(yaml/load-as-edn "taiga/async-deployment.yaml"))
(defn-spec generate-async-service cp/map-or-seq? []
(defn-spec generate-async-service p/map-or-seq? []
(yaml/load-as-edn "taiga/async-service.yaml"))
(defn-spec generate-async-rabbitmq-deployment cp/map-or-seq? []
(defn-spec generate-async-rabbitmq-deployment p/map-or-seq? []
(yaml/load-as-edn "taiga/async-rabbitmq-deployment.yaml"))
(defn-spec generate-events-rabbitmq-service cp/map-or-seq? []
(defn-spec generate-events-rabbitmq-service p/map-or-seq? []
(yaml/load-as-edn "taiga/events-rabbitmq-service.yaml"))
(defn-spec generate-async-rabbitmq-service cp/map-or-seq? []
(defn-spec generate-async-rabbitmq-service p/map-or-seq? []
(yaml/load-as-edn "taiga/async-rabbitmq-service.yaml"))
(defn-spec generate-back-deployment cp/map-or-seq? []
(defn-spec generate-back-deployment p/map-or-seq? []
(yaml/load-as-edn "taiga/back-deployment.yaml"))
(defn-spec generate-back-service cp/map-or-seq? []
(defn-spec generate-back-service p/map-or-seq? []
(yaml/load-as-edn "taiga/back-service.yaml"))
(defn-spec generate-events-rabbitmq-deployment cp/map-or-seq? []
(defn-spec generate-events-rabbitmq-deployment p/map-or-seq? []
(yaml/load-as-edn "taiga/events-rabbitmq-deployment.yaml"))
(defn-spec generate-events-deployment cp/map-or-seq? []
(defn-spec generate-events-deployment p/map-or-seq? []
(yaml/load-as-edn "taiga/events-deployment.yaml"))
(defn-spec generate-events-service cp/map-or-seq? []
(defn-spec generate-events-service p/map-or-seq? []
(yaml/load-as-edn "taiga/events-service.yaml"))
(defn-spec generate-front-deployment cp/map-or-seq? []
(defn-spec generate-front-deployment p/map-or-seq? []
(yaml/load-as-edn "taiga/front-deployment.yaml"))
(defn-spec generate-front-service cp/map-or-seq? []
(defn-spec generate-front-service p/map-or-seq? []
(yaml/load-as-edn "taiga/front-service.yaml"))
(defn-spec generate-gateway-configmap cp/map-or-seq? []
(defn-spec generate-gateway-configmap p/map-or-seq? []
(yaml/load-as-edn "taiga/gateway-configmap.yaml"))
(defn-spec generate-gateway-deployment cp/map-or-seq? []
(defn-spec generate-gateway-deployment p/map-or-seq? []
(yaml/load-as-edn "taiga/gateway-deployment.yaml"))
(defn-spec generate-gateway-service cp/map-or-seq? []
(defn-spec generate-gateway-service p/map-or-seq? []
(yaml/load-as-edn "taiga/gateway-service.yaml"))
(defn-spec generate-protected-deployment cp/map-or-seq? []
(defn-spec generate-protected-deployment p/map-or-seq? []
(yaml/load-as-edn "taiga/protected-deployment.yaml"))
(defn-spec generate-protected-service cp/map-or-seq? []
(defn-spec generate-protected-service p/map-or-seq? []
(yaml/load-as-edn "taiga/protected-service.yaml"))
(defn-spec generate-configmap cp/map-or-seq?
[config config?]
(let [{:keys [fqdn enable-telemetry public-register-enabled]} (merge config-defaults config)]
(-> (yaml/load-as-edn "taiga/configmap.yaml")
(defn-spec generate-configmap p/map-or-seq?
[config ::config]
(let [{:keys [fqdn enable-telemetry public-register-enabled]} config]
(-> (yaml/load-as-edn "taiga/configmap.yaml")
(cm/replace-key-value :TAIGA_SITES_DOMAIN fqdn)
(cm/replace-key-value :TAIGA_URL (str "https://" fqdn))
(cm/replace-key-value :TAIGA_WEBSOCKETS_URL (str "wss://" fqdn))
(cm/replace-key-value :ENABLE_TELEMETRY enable-telemetry)
(cm/replace-key-value :PUBLIC_REGISTER_ENABLED public-register-enabled))))
(defn-spec generate-pvc-taiga-media-data cp/map-or-seq?
[config config?]
(let [{:keys [storage-class-name storage-media-size]} (merge config-defaults config)]
(defn-spec generate-pvc-taiga-media-data p/map-or-seq?
[config ::config]
(let [{:keys [storage-class-name storage-media-size]} config]
(->
(yaml/load-as-edn "taiga/pvc-taiga-media-data.yaml")
(assoc-in [:spec :storageClassName] storage-class-name)
(assoc-in [:spec :resources :requests :storage] (str storage-media-size "Gi")))))
(defn-spec generate-pvc-taiga-static-data cp/map-or-seq?
[config config?]
(let [{:keys [storage-class-name storage-static-size]} (merge config-defaults config)]
(defn-spec generate-pvc-taiga-static-data p/map-or-seq?
[config ::config]
(let [{:keys [storage-class-name storage-static-size]} config]
(->
(yaml/load-as-edn "taiga/pvc-taiga-static-data.yaml")
(assoc-in [:spec :storageClassName] storage-class-name)
(assoc-in [:spec :resources :requests :storage] (str storage-static-size "Gi")))))
(defn-spec generate-secret cp/map-or-seq?
[auth auth?]
(defn-spec generate-secret p/map-or-seq?
[auth ::auth]
(let [{:keys [taiga-secret-key
mailer-user mailer-pw
rabbitmq-user rabbitmq-pw rabbitmq-erlang-cookie
@ -183,18 +161,18 @@
(cm/replace-key-value :DJANGO_SUPERUSER_PASSWORD (b64/encode django-superuser-password))
(cm/replace-key-value :DJANGO_SUPERUSER_EMAIL (b64/encode django-superuser-email)))))
(defn-spec generate-rabbitmq-pvc-async cp/map-or-seq?
[config config?]
(let [{:keys [storage-class-name storage-async-rabbitmq-size]} (merge config-defaults config)]
(defn-spec generate-rabbitmq-pvc-async p/map-or-seq?
[config ::config]
(let [{:keys [storage-class-name storage-async-rabbitmq-size]} config]
(->
(yaml/load-as-edn "taiga/rabbitmq-pvc-async.yaml")
(assoc-in [:spec :storageClassName] storage-class-name)
(assoc-in [:spec :resources :requests :storage] (str storage-async-rabbitmq-size "Gi")))))
(defn-spec generate-rabbitmq-pvc-events cp/map-or-seq?
[config config?]
(let [{:keys [storage-class-name storage-events-rabbitmq-size]} (merge config-defaults config)]
(->
(defn-spec generate-rabbitmq-pvc-events p/map-or-seq?
[config ::config]
(let [{:keys [storage-class-name storage-events-rabbitmq-size]} config]
(->
(yaml/load-as-edn "taiga/rabbitmq-pvc-events.yaml")
(assoc-in [:spec :storageClassName] storage-class-name)
(assoc-in [:spec :resources :requests :storage] (str storage-events-rabbitmq-size "Gi")))))

196
src/main/cljs/dda/c4k_taiga/browser.cljs
View file

@ -1,14 +1,9 @@
(ns dda.c4k-taiga.browser
(:require
[clojure.string :as st]
[clojure.tools.reader.edn :as edn]
[dda.c4k-common.monitoring :as mon]
[dda.c4k-taiga.core :as core]
[dda.c4k-taiga.taiga :as taiga]
[dda.c4k-common.common :as cm]
[dda.c4k-common.predicate :as cp]
[dda.c4k-common.browser :as br]
[dda.c4k-common.postgres :as postgres]))
[dda.c4k-common.browser :as br]))
(defn generate-content []
(cm/concat-vec
@ -16,40 +11,33 @@
(br/generate-needs-validation) :content
(cm/concat-vec
(br/generate-group
"domain"
(cm/concat-vec
(br/generate-input-field "fqdn" "The fully qualified domain name of your Taiga Instance:" "taiga.example.com")
(br/generate-input-field "issuer" "(Optional) Your issuer prod/staging:" "staging")
(br/generate-input-field "mon-cluster-name" "(Optional) monitoring cluster name:" "taiga")
(br/generate-input-field "mon-cluster-stage" "(Optional) monitoring cluster stage:" "test")
(br/generate-input-field "mon-cloud-url" "(Optional) grafana cloud url:" "https://prometheus-prod-01-eu-west-0.grafana.net/api/prom/push")))
"config"
(br/generate-text-area "config" "Your config.edn:" "{:fqdn \"cloud.your.domain\"
:issuer \"staging\"
:restic-repository \"s3://yourbucket/your-repo\"
:mon-cfg {:cluster-name \"cloud\"
:cluster-stage \"test\"
:cloud-url \"https://prometheus-prod-01-eu-west-0.grafana.net/api/prom/push\"}}"
"5"))
(br/generate-group
"options"
(cm/concat-vec
(br/generate-input-field "public-register-enabled" "(Optional) Allow public registration?" "false")
(br/generate-input-field "enable-telemetry" "(Optional) Allow anonymous collection of usage data?" "false")
(br/generate-input-field "pv-storage-size-gb" "(Optional) The volume size of your postgres DB:" "5")
(br/generate-input-field "storage-class-name" "(Optional) Name of storage class:" "local-path")
(br/generate-input-field "storage-media-size" "(Optional) The size of your media storage:" "5")
(br/generate-input-field "storage-static-size" "(Optional) The size of your static data storage:" "5")
(br/generate-input-field "storage-async-rabbitmq-size" "(Optional) The size of your rabbitmq async storage:" "5")
(br/generate-input-field "storage-events-rabbitmq-size" "(Optional) The size of your rabbitmq events storage:" "5")))
(br/generate-group
"credentials"
(cm/concat-vec
(br/generate-input-field "postgres-db-user" "Your postgres user:" "postgres")
(br/generate-input-field "postgres-db-password" "Your postgres password:" "change-me")
(br/generate-input-field "mailer-user" "Allow taiga access to a mail account:" "mail[at]example.com")
(br/generate-input-field "mailer-pw" "Allow taiga access to a mail account:" "change-me")
(br/generate-input-field "django-superuser-username" "The superusers username:" "admin")
(br/generate-input-field "django-superuser-password" "The superusers password:" "change-me")
(br/generate-input-field "django-superuser-email" "The superusers email:" "mail[at]example.com")
(br/generate-input-field "rabbitmq-user" "User for rabbitmq:" "user")
(br/generate-input-field "rabbitmq-pw" "Password for the rabbitmq user:" "change-me")
(br/generate-input-field "rabbitmq-erlang-cookie" "Random hash shared among all rabbitmq pods:" "change-me")
(br/generate-input-field "taiga-secret-key" "Random key shared among all taiga pods:" "change-me")
(br/generate-input-field "grafana-cloud-user" "Your grafana user name:" "user")
(br/generate-input-field "grafana-cloud-password" "Your grafana password:" "change-me")))
"auth"
(br/generate-text-area "auth" "Your auth.edn:" "{:postgres-db-user \"taiga\"
:postgres-db-password \"db-password\"
:mailer-user \"mail[at]example.com\"
:mailer-pw \"change-me\"
:django-superuser-username \"admin\"
:django-superuser-password \"change-me\"
:django-superuser-email \"mail[at]example.com\"
:rabbitmq-user \"user\"
:rabbitmq-pw \"change-me\"
:rabbitmq-erlang-cookie \"change-me\"
:taiga-secret-key \"change-me\"
:aws-access-key-id \"aws-id\"
:aws-secret-access-key \"aws-secret\"
:restic-password \"restic-password\"}
:mon-auth {:grafana-cloud-user \"your-user-id\"
:grafana-cloud-password \"your-cloud-password\"}"
"5"))
[(br/generate-br)]
(br/generate-button "generate-button" "Generate c4k yaml")))]
(br/generate-output "c4k-taiga-output" "Your c4k deployment.yaml:" "15")))
@ -61,94 +49,9 @@
:content
(generate-content)})
(defn auth-from-document []
(let [postgres-db-user (br/get-content-from-element "postgres-db-user" )
postgres-db-password (br/get-content-from-element "postgres-db-password" )
mailer-user (br/get-content-from-element "mailer-user" )
mailer-pw (br/get-content-from-element "mailer-pw" )
django-superuser-username (br/get-content-from-element "django-superuser-username" )
django-superuser-password (br/get-content-from-element "django-superuser-password" )
django-superuser-email (br/get-content-from-element "django-superuser-email" )
rabbitmq-user (br/get-content-from-element "rabbitmq-user" )
rabbitmq-pw (br/get-content-from-element "rabbitmq-pw" )
rabbitmq-erlang-cookie (br/get-content-from-element "rabbitmq-erlang-cookie" )
taiga-secret-key (br/get-content-from-element "taiga-secret-key" )
grafana-cloud-user (br/get-content-from-element "grafana-cloud-user" :optional true)
grafana-cloud-password (br/get-content-from-element "grafana-cloud-password" :optional true)]
(merge
{:postgres-db-user postgres-db-user}
{:postgres-db-password postgres-db-password}
{:mailer-user mailer-user}
{:mailer-pw mailer-pw}
{:django-superuser-username django-superuser-username}
{:django-superuser-password django-superuser-password}
{:django-superuser-email django-superuser-email}
{:rabbitmq-user rabbitmq-user}
{:rabbitmq-pw rabbitmq-pw}
{:rabbitmq-erlang-cookie rabbitmq-erlang-cookie}
{:taiga-secret-key taiga-secret-key}
(when (some? grafana-cloud-user)
{:mon-auth {:grafana-cloud-user grafana-cloud-user
:grafana-cloud-password grafana-cloud-password}}))))
(defn config-from-document []
(let [issuer (br/get-content-from-element "issuer" :optional true)
fqdn (br/get-content-from-element "fqdn" :deserializer edn/read-string)
public-register-enabled (br/get-content-from-element "public-register-enabled" :deserializer edn/read-string)
enable-telemetry (br/get-content-from-element "enable-telemetry" :deserializer edn/read-string)
pv-storage-size-gb (br/get-content-from-element "pv-storage-size-gb" :deserializer edn/read-string)
storage-class-name (br/get-content-from-element "storage-class-name" :deserializer edn/read-string)
storage-media-size (br/get-content-from-element "storage-media-size" :deserializer edn/read-string)
storage-static-size (br/get-content-from-element "storage-static-size" :deserializer edn/read-string)
storage-async-rabbitmq-size (br/get-content-from-element "storage-async-rabbitmq-size" :deserializer edn/read-string)
storage-events-rabbitmq-size (br/get-content-from-element "storage-events-rabbitmq-size" :deserializer edn/read-string)
mon-cluster-name (br/get-content-from-element "mon-cluster-name" :optional true)
mon-cluster-stage (br/get-content-from-element "mon-cluster-stage" :optional true)
mon-cloud-url (br/get-content-from-element "mon-cloud-url" :optional true)]
(merge
{:fqdn fqdn}
{:public-register-enabled public-register-enabled}
{:enable-telemetry enable-telemetry}
{:pv-storage-size-gb pv-storage-size-gb}
{:storage-class-name storage-class-name}
{:storage-media-size storage-media-size}
{:storage-static-size storage-static-size}
{:storage-async-rabbitmq-size storage-async-rabbitmq-size}
{:storage-events-rabbitmq-size storage-events-rabbitmq-size}
(when (not (st/blank? issuer))
{:issuer issuer})
(when (some? mon-cluster-name)
{:mon-cfg {:cluster-name mon-cluster-name
:cluster-stage (keyword mon-cluster-stage)
:grafana-cloud-url mon-cloud-url}}))))
(defn validate-all! []
(br/validate! "fqdn" ::taiga/fqdn )
(br/validate! "issuer" ::taiga/issuer :optional true)
(br/validate! "public-register-enabled" ::taiga/public-register-enabled :optional true)
(br/validate! "enable-telemetry" ::taiga/enable-telemetry :optional true)
(br/validate! "pv-storage-size-gb" ::postgres/pv-storage-size-gb :optional true)
(br/validate! "storage-class-name" ::taiga/storage-class-name :optional true)
(br/validate! "storage-media-size" ::taiga/storage-media-size :optional true)
(br/validate! "storage-static-size" ::taiga/storage-static-size :optional true)
(br/validate! "storage-async-rabbitmq-size" ::taiga/storage-async-rabbitmq-size :optional true)
(br/validate! "storage-events-rabbitmq-size" ::taiga/storage-events-rabbitmq-size :optional true)
(br/validate! "mon-cluster-name" ::mon/cluster-name :optional true)
(br/validate! "mon-cluster-stage" ::mon/cluster-stage :optional true)
(br/validate! "mon-cloud-url" ::mon/grafana-cloud-url :optional true)
(br/validate! "postgres-db-user" ::postgres/postgres-db-user )
(br/validate! "postgres-db-password" ::postgres/postgres-db-password )
(br/validate! "mailer-user" ::taiga/mailer-user )
(br/validate! "mailer-pw" ::taiga/mailer-pw )
(br/validate! "django-superuser-username" ::taiga/django-superuser-username )
(br/validate! "django-superuser-password" ::taiga/django-superuser-password )
(br/validate! "django-superuser-email" ::taiga/django-superuser-email )
(br/validate! "rabbitmq-user" ::taiga/rabbitmq-user )
(br/validate! "rabbitmq-pw" ::taiga/rabbitmq-pw )
(br/validate! "rabbitmq-erlang-cookie" ::taiga/rabbitmq-erlang-cookie )
(br/validate! "taiga-secret-key" ::taiga/taiga-secret-key )
(br/validate! "grafana-cloud-user" ::mon/grafana-cloud-user )
(br/validate! "grafana-cloud-password" ::mon/grafana-cloud-password )
(br/validate! "config" core/config? :deserializer edn/read-string)
(br/validate! "auth" core/auth? :deserializer edn/read-string)
(br/set-form-validated!))
(defn add-validate-listener [name]
@ -161,35 +64,14 @@
(.getElementById "generate-button")
(.addEventListener "click"
#(do (validate-all!)
(-> (cm/generate-common
(config-from-document)
(auth-from-document)
core/config-defaults
core/k8s-objects)
(-> (cm/generate-cm
(br/get-content-from-element "config" :deserializer edn/read-string)
(br/get-content-from-element "auth" :deserializer edn/read-string)
core/config-defaults
core/config-objects
core/auth-objects
false
false)
(br/set-output!)))))
(add-validate-listener "fqdn")
(add-validate-listener "issuer")
(add-validate-listener "public-register-enabled")
(add-validate-listener "enable-telemetry")
(add-validate-listener "pv-storage-size-gb")
(add-validate-listener "storage-class-name")
(add-validate-listener "storage-media-size")
(add-validate-listener "storage-static-size")
(add-validate-listener "storage-async-rabbitmq-size")
(add-validate-listener "storage-events-rabbitmq-size")
(add-validate-listener "mon-cluster-name")
(add-validate-listener "mon-cluster-stage")
(add-validate-listener "mon-cloud-url")
(add-validate-listener "postgres-db-user")
(add-validate-listener "postgres-db-password")
(add-validate-listener "mailer-user")
(add-validate-listener "mailer-pw")
(add-validate-listener "django-superuser-username")
(add-validate-listener "django-superuser-password")
(add-validate-listener "django-superuser-email")
(add-validate-listener "rabbitmq-user")
(add-validate-listener "rabbitmq-pw")
(add-validate-listener "rabbitmq-erlang-cookie")
(add-validate-listener "taiga-secret-key")
(add-validate-listener "grafana-cloud-user")
(add-validate-listener "grafana-cloud-password"))
(add-validate-listener "config")
(add-validate-listener "authr"))

7
src/main/resources/backup/backup-restore-deployment.yaml
View file

@ -2,6 +2,7 @@ apiVersion: apps/v1
kind: Deployment
metadata:
name: backup-restore
namespace: taiga
spec:
replicas: 0
selector:
@ -20,7 +21,7 @@ spec:
- image: domaindrivenarchitecture/c4k-taiga-backup
name: backup-app
imagePullPolicy: IfNotPresent
command: ["/entrypoint-start-and-wait.sh"]
command: ["wait.bb"]
env:
- name: POSTGRES_USER
valueFrom:
@ -56,8 +57,8 @@ spec:
key: restic-repository
- name: RESTIC_PASSWORD_FILE
value: /var/run/secrets/backup-secrets/restic-password
- name: CERTIFICATE_FILE
value: ""
- name: RESTIC_NEW_PASSWORD_FILE
value: /var/run/secrets/backup-secrets/restic-new-password
volumeMounts:
- name: taiga-media
mountPath: /media

1
src/main/resources/backup/config.yaml
View file

@ -2,6 +2,7 @@ apiVersion: v1
kind: ConfigMap
metadata:
name: backup-config
namespace: taiga
labels:
app.kubernetes.io/name: backup
app.kubernetes.io/part-of: taiga

5
src/main/resources/backup/cron.yaml
View file

@ -2,6 +2,7 @@ apiVersion: batch/v1
kind: CronJob
metadata:
name: taiga-backup
namespace: taiga
labels:
app.kubernetes.part-of: taiga
spec:
@ -16,7 +17,7 @@ spec:
- name: backup-app
image: domaindrivenarchitecture/c4k-taiga-backup
imagePullPolicy: IfNotPresent
command: ["/entrypoint.sh"]
command: ["backup.bb"]
env:
- name: POSTGRES_USER
valueFrom:
@ -52,8 +53,6 @@ spec:
key: restic-repository
- name: RESTIC_PASSWORD_FILE
value: /var/run/secrets/backup-secrets/restic-password
- name: CERTIFICATE_FILE
value: ""
volumeMounts:
- name: taiga-media
mountPath: /media

1
src/main/resources/backup/secret.yaml
View file

@ -2,6 +2,7 @@ apiVersion: v1
kind: Secret
metadata:
name: backup-secret
namespace: taiga
type: Opaque
data:
aws-access-key-id: aws-access-key-id

1
src/main/resources/taiga/async-deployment.yaml
View file

@ -2,6 +2,7 @@ apiVersion: apps/v1
kind: Deployment
metadata:
name: taiga-async-deployment
namespace: taiga
labels:
app.kubernetes.part-of: c4k-taiga
app.kubernetes.io/component: taiga-async

1
src/main/resources/taiga/async-rabbitmq-deployment.yaml
View file

@ -2,6 +2,7 @@ apiVersion: apps/v1
kind: Deployment
metadata:
name: taiga-async-rabbitmq-deployment
namespace: taiga
labels:
app.kubernetes.part-of: c4k-taiga
app.kubernetes.io/component: taiga-async-rabbitmq

3
src/main/resources/taiga/async-rabbitmq-service.yaml
View file

@ -2,10 +2,11 @@ kind: Service
apiVersion: v1
metadata:
name: taiga-async-rabbitmq
namespace: taiga
labels:
app.kubernetes.part-of: c4k-taiga
app.kubernetes.io/component: taiga-async-rabbitmq
namespace: default
namespace: taiga
spec:
type: ClusterIP
selector:

3
src/main/resources/taiga/async-service.yaml
View file

@ -2,10 +2,11 @@ kind: Service
apiVersion: v1
metadata:
name: taiga-async
namespace: taiga
labels:
app.kubernetes.part-of: c4k-taiga
app.kubernetes.io/component: taiga-async
namespace: default
namespace: taiga
spec:
type: ClusterIP
selector:

3
src/main/resources/taiga/back-deployment.yaml
View file

@ -2,6 +2,7 @@ apiVersion: apps/v1
kind: Deployment
metadata:
name: taiga-back-deployment
namespace: taiga
labels:
app.kubernetes.part-of: c4k-taiga
app.kubernetes.io/component: taiga-back
@ -20,7 +21,7 @@ spec:
image: taigaio/taiga-back:latest
imagePullPolicy: IfNotPresent
command: ["/bin/bash"]
args: ["-c", "source /opt/venv/bin/activate && CELERY_ENABLE=true python manage.py migrate && sleep 15 && python manage.py createsuperuser --noinput"]
args: ["-c", "source /opt/venv/bin/activate && CELERY_ENABLE=true python manage.py migrate && sleep 15"]
ports:
- name: http
containerPort: 8000

2
src/main/resources/taiga/back-service.yaml
View file

@ -2,10 +2,10 @@ kind: Service
apiVersion: v1
metadata:
name: taiga-back
namespace: taiga
labels:
app.kubernetes.part-of: c4k-taiga
app.kubernetes.io/component: taiga-back
namespace: default
spec:
type: ClusterIP
selector:

2
src/main/resources/taiga/configmap.yaml
View file

@ -2,7 +2,7 @@ apiVersion: v1
kind: ConfigMap
metadata:
name: taiga-configmap
namespace: default
namespace: taiga
data:
# These environment variables will be used by taiga-back and taiga-async.
# Database settings handled in deployment

1
src/main/resources/taiga/events-deployment.yaml
View file

@ -2,6 +2,7 @@ apiVersion: apps/v1
kind: Deployment
metadata:
name: taiga-events-deployment
namespace: taiga
labels:
app.kubernetes.part-of: c4k-taiga
app.kubernetes.io/component: taiga-events

1
src/main/resources/taiga/events-rabbitmq-deployment.yaml
View file

@ -2,6 +2,7 @@ apiVersion: apps/v1
kind: Deployment
metadata:
name: taiga-events-rabbitmq-deployment
namespace: taiga
labels:
app.kubernetes.part-of: c4k-taiga
app.kubernetes.io/component: taiga-events-rabbitmq

3
src/main/resources/taiga/events-rabbitmq-service.yaml
View file

@ -2,10 +2,11 @@ kind: Service
apiVersion: v1
metadata:
name: taiga-events-rabbitmq
namespace: taiga
labels:
app.kubernetes.part-of: c4k-taiga
app.kubernetes.io/component: taiga-events-rabbitmq
namespace: default
namespace: taiga
spec:
type: ClusterIP
selector:

2
src/main/resources/taiga/events-service.yaml
View file

@ -2,10 +2,10 @@ kind: Service
apiVersion: v1
metadata:
name: taiga-events
namespace: taiga
labels:
app.kubernetes.part-of: c4k-taiga
app.kubernetes.io/component: taiga-events
namespace: default
spec:
type: ClusterIP
selector:

1
src/main/resources/taiga/front-deployment.yaml
View file

@ -2,6 +2,7 @@ apiVersion: apps/v1
kind: Deployment
metadata:
name: taiga-front-deployment
namespace: taiga
labels:
app.kubernetes.part-of: c4k-taiga
app.kubernetes.io/component: taiga-front

2
src/main/resources/taiga/front-service.yaml
View file

@ -2,10 +2,10 @@ kind: Service
apiVersion: v1
metadata:
name: taiga-front
namespace: taiga
labels:
app.kubernetes.part-of: c4k-taiga
app.kubernetes.io/component: taiga-front
namespace: default
spec:
type: ClusterIP
selector:

1
src/main/resources/taiga/gateway-configmap.yaml
View file

@ -2,6 +2,7 @@ apiVersion: v1
kind: ConfigMap
metadata:
name: taiga-gateway-configmap
namespace: taiga
data:
default.conf: |
server {

1
src/main/resources/taiga/gateway-deployment.yaml
View file

@ -2,6 +2,7 @@ apiVersion: apps/v1
kind: Deployment
metadata:
name: taiga-gateway-deployment
namespace: taiga
labels:
app.kubernetes.part-of: c4k-taiga
app.kubernetes.io/component: taiga-gateway

2
src/main/resources/taiga/gateway-service.yaml
View file

@ -2,10 +2,10 @@ kind: Service
apiVersion: v1
metadata:
name: taiga-gateway
namespace: taiga
labels:
app.kubernetes.part-of: c4k-taiga
app.kubernetes.io/component: taiga-gateway
namespace: default
spec:
type: ClusterIP
selector:

1
src/main/resources/taiga/protected-deployment.yaml
View file

@ -2,6 +2,7 @@ apiVersion: apps/v1
kind: Deployment
metadata:
name: taiga-protected-deployment
namespace: taiga
labels:
app.kubernetes.part-of: c4k-taiga
app.kubernetes.io/component: taiga-protected

2
src/main/resources/taiga/protected-service.yaml
View file

@ -2,10 +2,10 @@ kind: Service
apiVersion: v1
metadata:
name: taiga-protected
namespace: taiga
labels:
app.kubernetes.part-of: c4k-taiga
app.kubernetes.io/component: taiga-protected
namespace: default
spec:
type: ClusterIP
selector:

2
src/main/resources/taiga/pvc-taiga-media-data.yaml
View file

@ -2,7 +2,7 @@ apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: taiga-media-data
namespace: default
namespace: taiga
labels:
app: taiga
app.kubernetes.part-of: taiga

2
src/main/resources/taiga/pvc-taiga-static-data.yaml
View file

@ -2,7 +2,7 @@ apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: taiga-static-data
namespace: default
namespace: taiga
labels:
app: taiga
app.kubernetes.part-of: taiga

2
src/main/resources/taiga/rabbitmq-pvc-async.yaml
View file

@ -2,7 +2,7 @@ apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: taiga-async-rabbitmq-data
namespace: default
namespace: taiga
labels:
app: taiga
app.kubernetes.part-of: taiga

2
src/main/resources/taiga/rabbitmq-pvc-events.yaml
View file

@ -2,7 +2,7 @@ apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: taiga-events-rabbitmq-data
namespace: default
namespace: taiga
labels:
app: taiga
app.kubernetes.part-of: taiga

1
src/main/resources/taiga/secret.yaml
View file

@ -2,6 +2,7 @@ apiVersion: v1
kind: Secret
metadata:
name: taiga-secret
namespace: taiga
labels:
app.kubernetes.part-of: taiga
data:

47
src/test/cljc/dda/c4k_taiga/backup_test.cljc Normal file
View file

@ -0,0 +1,47 @@
(ns dda.c4k-taiga.backup-test
(:require
#?(:clj [clojure.test :refer [deftest is are testing run-tests]]
:cljs [cljs.test :refer-macros [deftest is are testing run-tests]])
[clojure.spec.test.alpha :as st]
[dda.c4k-taiga.backup :as cut]))
(st/instrument `cut/generate-secret)
(st/instrument `cut/generate-config)
(st/instrument `cut/generate-cron)
(deftest should-generate-config
(is (= {:apiVersion "v1"
:kind "ConfigMap"
:metadata {:name "backup-config"
:namespace "taiga"
:labels {:app.kubernetes.io/name "backup"
:app.kubernetes.io/part-of "taiga"}}
:data
{:restic-repository "s3:restic-repository"}}
(cut/generate-config {:restic-repository "s3:restic-repository"}))))
(deftest should-generate-secret
(is (= {:apiVersion "v1"
:kind "Secret"
:metadata {:name "backup-secret", :namespace "taiga"}
:type "Opaque"
:data
{:aws-access-key-id "YXdzLWlk",
:aws-secret-access-key "YXdzLXNlY3JldA==",
:restic-password "cmVzdGljLXB3"}}
(cut/generate-secret {:aws-access-key-id "aws-id"
:aws-secret-access-key "aws-secret"
:restic-password "restic-pw"})))
(is (= {:apiVersion "v1"
:kind "Secret"
:metadata {:name "backup-secret", :namespace "taiga"}
:type "Opaque"
:data
{:aws-access-key-id "YXdzLWlk",
:aws-secret-access-key "YXdzLXNlY3JldA==",
:restic-password "cmVzdGljLXB3"
:restic-new-password "bmV3LXJlc3RpYy1wdw=="}}
(cut/generate-secret {:aws-access-key-id "aws-id"
:aws-secret-access-key "aws-secret"
:restic-password "restic-pw"
:restic-new-password "new-restic-pw"}))))

9
src/test/cljc/dda/c4k_taiga/core_test.cljc
View file

@ -1,6 +1,6 @@
(ns dda.c4k-taiga.core-test
(:require
#?(:cljs [shadow.resource :as rc])
#?(:cljs [dda.c4k-common.macros :refer-macros [inline-resources]])
#?(:clj [clojure.test :refer [deftest is are testing run-tests]]
:cljs [cljs.test :refer-macros [deftest is are testing run-tests]])
[clojure.spec.alpha :as s]
@ -8,11 +8,8 @@
[dda.c4k-taiga.core :as cut]))
#?(:cljs
(defmethod yaml/load-resource :website-test [resource-name]
(case resource-name
"taiga-test/valid-config.yaml" (rc/inline "taiga-test/valid-config.yaml")
"taiga-test/valid-auth.yaml" (rc/inline "taiga-test/valid-auth.yaml")
(throw (js/Error. "Undefined Resource!")))))
(defmethod yaml/load-resource :taiga-test [resource-name]
(get (inline-resources "taiga-test") resource-name)))
(deftest validate-valid-resources
(is (s/valid? cut/config? (yaml/load-as-edn "taiga-test/valid-config.yaml")))

33
src/test/cljc/dda/c4k_taiga/taiga_test.cljc
View file

@ -1,23 +1,26 @@
(ns dda.c4k-taiga.taiga-test
(:require
#?(:cljs [shadow.resource :as rc])
#?(:cljs [dda.c4k-common.macros :refer-macros [inline-resources]])
#?(:clj [clojure.test :refer [deftest is are testing run-tests]]
:cljs [cljs.test :refer-macros [deftest is are testing run-tests]])
[clojure.spec.alpha :as s]
[clojure.spec.test.alpha :as st]
[dda.c4k-common.yaml :as yaml]
[dda.c4k-taiga.taiga :as cut]))
(st/instrument `cut/generate-configmap)
(st/instrument `cut/generate-pvc-taiga-media-data)
(st/instrument `cut/generate-rabbitmq-pvc-async)
(st/instrument `cut/generate-rabbitmq-pvc-events)
(st/instrument `cut/generate-secret)
#?(:cljs
(defmethod yaml/load-resource :taiga-test [resource-name]
(case resource-name
"taiga-test/valid-config.yaml" (rc/inline "taiga-test/valid-config.yaml")
"taiga-test/valid-auth.yaml" (rc/inline "taiga-test/valid-auth.yaml")
(throw (js/Error. "Undefined Resource!")))))
(get (inline-resources "taiga-test") resource-name)))
(deftest should-generate-configmap
(is (= {:apiVersion "v1",
:kind "ConfigMap",
:metadata {:name "taiga-configmap", :namespace "default"},
:metadata {:name "taiga-configmap", :namespace "taiga"},
:data
{:ENABLE_TELEMETRY "false",
:TAIGA_SITES_SCHEME "https",
@ -39,20 +42,18 @@
:kind "PersistentVolumeClaim",
:metadata
{:name "taiga-media-data",
:namespace "default",
:namespace "taiga"
:labels {:app "taiga", :app.kubernetes.part-of "taiga"}},
:spec
{:storageClassName "local-path",
:accessModes ["ReadWriteOnce"],
:resources {:requests {:storage "2Gi"}}}}
(cut/generate-pvc-taiga-media-data (yaml/load-as-edn "taiga-test/valid-config.yaml")))))
(deftest should-generate-pvc-taiga-static-data
(cut/generate-pvc-taiga-media-data (yaml/load-as-edn "taiga-test/valid-config.yaml"))))
(is (= {:apiVersion "v1",
:kind "PersistentVolumeClaim",
:metadata
{:name "taiga-static-data",
:namespace "default",
:namespace "taiga"
:labels {:app "taiga", :app.kubernetes.part-of "taiga"}},
:spec
{:storageClassName "local-path",
@ -65,20 +66,20 @@
:kind "PersistentVolumeClaim",
:metadata
{:name "taiga-async-rabbitmq-data",
:namespace "default",
:namespace "taiga"
:labels {:app "taiga", :app.kubernetes.part-of "taiga"}},
:spec
{:storageClassName "local-path",
:accessModes ["ReadWriteOnce"],
:resources {:requests {:storage "4Gi"}}}}
(cut/generate-rabbitmq-pvc-async(yaml/load-as-edn "taiga-test/valid-config.yaml")))))
(cut/generate-rabbitmq-pvc-async (yaml/load-as-edn "taiga-test/valid-config.yaml")))))
(deftest should-generate-rabbitmq-pvc-events
(is (= {:apiVersion "v1",
:kind "PersistentVolumeClaim",
:metadata
{:name "taiga-events-rabbitmq-data",
:namespace "default",
:namespace "taiga"
:labels {:app "taiga", :app.kubernetes.part-of "taiga"}},
:spec
{:storageClassName "local-path",
@ -90,7 +91,7 @@
(is (= {:apiVersion "v1",
:kind "Secret",
:metadata
{:name "taiga-secret", :labels {:app.kubernetes.part-of "taiga"}},
{:name "taiga-secret", :namespace "taiga" :labels {:app.kubernetes.part-of "taiga"}},
:data
{:TAIGA_SECRET_KEY "c29tZS1rZXk=",
:EMAIL_HOST_USER "bWFpbGVyLXVzZXI=",