Compare commits
No commits in common. "04d69a930b6035e3c13ae054776bb0ede976f236" and "6fe4435edb7bb01b1e4f12288c69c3345f259465" have entirely different histories.
04d69a930b
...
6fe4435edb
25 changed files with 980 additions and 95 deletions
|
@ -20,8 +20,8 @@
|
|||
:dependencies [[dda/data-test "0.1.1"]]}
|
||||
:dev {:plugins [[lein-shell "0.5.0"]]}
|
||||
:uberjar {:aot :all
|
||||
:main dda.c4k-taiga.uberjar
|
||||
:uberjar-name "c4k-taiga-standalone.jar"
|
||||
:main dda.c4k-website.uberjar
|
||||
:uberjar-name "c4k-website-standalone.jar"
|
||||
:dependencies [[org.clojure/tools.cli "1.0.214"]
|
||||
[ch.qos.logback/logback-classic "1.4.5"
|
||||
:exclusions [com.sun.mail/javax.mail]]
|
||||
|
@ -36,11 +36,11 @@
|
|||
"native-image"
|
||||
"--report-unsupported-elements-at-runtime"
|
||||
"--initialize-at-build-time"
|
||||
"-jar" "target/uberjar/c4k-taiga-standalone.jar"
|
||||
"-jar" "target/uberjar/c4k-website-standalone.jar"
|
||||
"-H:ResourceConfigurationFiles=graalvm-resource-config.json"
|
||||
"-H:Log=registerResource"
|
||||
"-H:Name=target/graalvm/${:name}"]
|
||||
"inst" ["shell"
|
||||
"sh"
|
||||
"-c"
|
||||
"lein uberjar && sudo install -m=755 target/uberjar/c4k-taiga-standalone.jar /usr/local/bin/c4k-taiga-standalone.jar"]})
|
||||
"lein uberjar && sudo install -m=755 target/uberjar/c4k-website-standalone.jar /usr/local/bin/c4k-website-standalone.jar"]})
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
|
||||
<head>
|
||||
<meta charset="utf-8" />
|
||||
<title>c4k-taiga</title>
|
||||
<title>c4k-website</title>
|
||||
<link href="https://domaindrivenarchitecture.org/css/bootstrap.min.css" rel="stylesheet" type="text/css" />
|
||||
<link href="https://domaindrivenarchitecture.org/css/fonts/fontawesome/fontawesome.css" rel="stylesheet" type="text/css" />
|
||||
<link href="https://domaindrivenarchitecture.org/css/custom.css" rel="stylesheet" type="text/css" />
|
||||
|
|
|
@ -7,7 +7,7 @@
|
|||
:dependencies [[org.domaindrivenarchitecture/c4k-common-cljs "6.0.1"]
|
||||
[hickory "0.7.1"]]
|
||||
:builds {:frontend {:target :browser
|
||||
:modules {:main {:init-fn dda.c4k-taiga.browser/init}}
|
||||
:modules {:main {:init-fn dda.c4k-website.browser/init}}
|
||||
:release {}
|
||||
:compiler-options {:optimizations :advanced}}
|
||||
:test {:target :node-test
|
||||
|
|
|
@ -7,28 +7,33 @@
|
|||
[dda.c4k-common.common :as cm]
|
||||
[dda.c4k-common.predicate :as cp]
|
||||
[dda.c4k-common.monitoring :as mon]
|
||||
[dda.c4k-taiga.taiga :as taiga]
|
||||
[dda.c4k-common.postgres :as postgres]))
|
||||
[dda.c4k-taiga.taiga :as taiga]))
|
||||
|
||||
(def default-storage-class :local-path)
|
||||
(def config-defaults {:issuer "staging"
|
||||
:volume-size "3"})
|
||||
|
||||
(def config? taiga/config?)
|
||||
(def auth? taiga/auth?)
|
||||
(s/def ::mon-cfg ::mon/mon-cfg)
|
||||
(s/def ::mon-auth ::mon/mon-auth)
|
||||
|
||||
; ToDo
|
||||
(def config? (s/keys :req-un
|
||||
:opt-un [::mon-cfg]))
|
||||
|
||||
; ToDo
|
||||
(def auth? (s/keys :req-un
|
||||
:opt-un [::mon-auth]))
|
||||
|
||||
; ToDo:
|
||||
(defn generate-configs [config auth])
|
||||
|
||||
(defn-spec k8s-objects cp/map-or-seq?
|
||||
[config taiga/config?
|
||||
auth taiga/auth?]
|
||||
[config config?
|
||||
auth auth?]
|
||||
(cm/concat-vec
|
||||
(map yaml/to-string
|
||||
(filter
|
||||
#(not (nil? %))
|
||||
(cm/concat-vec
|
||||
[(postgres/generate-config {:postgres-size :8gb :db-name "taiga"})
|
||||
(postgres/generate-secret auth)
|
||||
(postgres/generate-pvc {:pv-storage-size-gb 50
|
||||
:pvc-storage-class-name default-storage-class})
|
||||
(postgres/generate-deployment)
|
||||
(postgres/generate-service)]
|
||||
(taiga/generate-ingress-and-cert)
|
||||
(generate-configs config auth)
|
||||
(when (:contains? config :mon-cfg)
|
||||
(mon/generate (:mon-cfg config) (:mon-auth auth))))))))
|
||||
|
|
|
@ -1,45 +0,0 @@
|
|||
(ns dda.c4k-taiga.taiga
|
||||
(:require
|
||||
[clojure.spec.alpha :as s]
|
||||
#?(:cljs [shadow.resource :as rc])
|
||||
#?(:clj [orchestra.core :refer [defn-spec]]
|
||||
:cljs [orchestra.core :refer-macros [defn-spec]])
|
||||
#?(:clj [clojure.edn :as edn]
|
||||
:cljs [cljs.reader :as edn])
|
||||
[dda.c4k-common.yaml :as yaml]
|
||||
[dda.c4k-common.common :as cm]
|
||||
[dda.c4k-common.base64 :as b64]
|
||||
[dda.c4k-common.predicate :as cp]
|
||||
[dda.c4k-common.monitoring :as mon]
|
||||
[dda.c4k-common.postgres :as postgres]
|
||||
[dda.c4k-common.ingress :as ing]
|
||||
[clojure.string :as str]))
|
||||
|
||||
|
||||
(def config-defaults {:issuer "staging"
|
||||
:volume-size "3"})
|
||||
|
||||
(s/def ::mon-cfg ::mon/mon-cfg)
|
||||
(s/def ::mon-auth ::mon/mon-auth)
|
||||
|
||||
(s/def ::fqdn cp/fqdn-string?)
|
||||
(s/def ::issuer cp/letsencrypt-issuer?)
|
||||
; TODO: Passwords
|
||||
|
||||
(def config? (s/keys :req-un [::fqdn]
|
||||
:opt-un [::issuer
|
||||
::pv-storage-size-gb
|
||||
::pvc-storage-class-name
|
||||
::mon-cfg]))
|
||||
|
||||
(def auth? (s/keys :req-un [::postgres/postgres-db-user ::postgres/postgres-db-password]
|
||||
:opt-un [::mon-auth]))
|
||||
|
||||
|
||||
(defn-spec generate-ingress-and-cert cp/map-or-seq?
|
||||
[config config?]
|
||||
(ing/generate-ingress-and-cert
|
||||
(merge
|
||||
{:service-name "taiga"
|
||||
:service-port 80}
|
||||
config)))
|
181
src/main/cljc/dda/c4k_taiga/website.cljc
Normal file
181
src/main/cljc/dda/c4k_taiga/website.cljc
Normal file
|
@ -0,0 +1,181 @@
|
|||
(ns dda.c4k-website.website
|
||||
(:require
|
||||
[clojure.spec.alpha :as s]
|
||||
#?(:cljs [shadow.resource :as rc])
|
||||
#?(:clj [orchestra.core :refer [defn-spec]]
|
||||
:cljs [orchestra.core :refer-macros [defn-spec]])
|
||||
#?(:clj [clojure.edn :as edn]
|
||||
:cljs [cljs.reader :as edn])
|
||||
[dda.c4k-common.yaml :as yaml]
|
||||
[dda.c4k-common.common :as cm]
|
||||
[dda.c4k-common.base64 :as b64]
|
||||
[dda.c4k-common.predicate :as pred]
|
||||
[dda.c4k-common.ingress :as ing]
|
||||
[clojure.string :as str]))
|
||||
|
||||
; ToDo
|
||||
(s/def ::issuer pred/letsencrypt-issuer?)
|
||||
|
||||
; ToDo
|
||||
(def config? (s/keys :req-un
|
||||
:opt-un ))
|
||||
|
||||
; ToDo
|
||||
(def auth? (s/keys :req-un ))
|
||||
|
||||
; ToDo
|
||||
(defn-spec replace-dots-by-minus string?
|
||||
[fqdn pred/fqdn-string?]
|
||||
(str/replace fqdn #"\." "-"))
|
||||
|
||||
(defn-spec generate-app-name string?
|
||||
[unique-name pred/fqdn-string?]
|
||||
(str (replace-dots-by-minus unique-name) "-website"))
|
||||
|
||||
(defn-spec generate-service-name string?
|
||||
[unique-name pred/fqdn-string?]
|
||||
(str (replace-dots-by-minus unique-name) "-service"))
|
||||
|
||||
(defn-spec generate-cert-name string?
|
||||
[unique-name pred/fqdn-string?]
|
||||
(str (replace-dots-by-minus unique-name) "-cert"))
|
||||
|
||||
(defn-spec generate-ingress-name string?
|
||||
[unique-name pred/fqdn-string?]
|
||||
(str (replace-dots-by-minus unique-name) "-ingress"))
|
||||
|
||||
; https://your.gitea.host/api/v1/repos/<owner>/<repo>/archive/<branch>.zip
|
||||
(defn-spec generate-gitrepourl string?
|
||||
[host pred/fqdn-string?
|
||||
repo string?
|
||||
user string?
|
||||
branch string?]
|
||||
(str "https://" host "/api/v1/repos/" user "/" repo "/archive/" branch ".zip"))
|
||||
|
||||
; https://your.gitea.host/api/v1/repos/<owner>/<repo>/git/commits/HEAD
|
||||
(defn-spec generate-gitcommiturl string?
|
||||
[host pred/fqdn-string?
|
||||
repo string?
|
||||
user string?]
|
||||
(str "https://" host "/api/v1/repos/" user "/" repo "/git/" "commits/" "HEAD"))
|
||||
|
||||
(defn-spec replace-all-matching-substrings-beginning-with pred/map-or-seq?
|
||||
[col pred/map-or-seq?
|
||||
value-to-partly-match string?
|
||||
value-to-inplace string?]
|
||||
(clojure.walk/postwalk #(if (and (= (type value-to-partly-match) (type %))
|
||||
(re-matches (re-pattern (str value-to-partly-match ".*")) %))
|
||||
(str/replace % value-to-partly-match value-to-inplace) %)
|
||||
col))
|
||||
|
||||
(defn-spec replace-common-data pred/map-or-seq?
|
||||
[resource-file string?
|
||||
config websiteconfig?]
|
||||
(let [{:keys [unique-name]} config]
|
||||
(->
|
||||
(yaml/load-as-edn resource-file)
|
||||
(assoc-in [:metadata :labels :app.kubernetes.part-of] (generate-app-name unique-name))
|
||||
(replace-all-matching-substrings-beginning-with "NAME" (replace-dots-by-minus unique-name)))))
|
||||
|
||||
(defn-spec replace-build-data pred/map-or-seq?
|
||||
[resource-file string?
|
||||
config websiteconfig?]
|
||||
(let [{:keys [sha256sum-output build-cpu-request build-cpu-limit build-memory-request build-memory-limit]
|
||||
:or {build-cpu-request "500m" build-cpu-limit "1700m" build-memory-request "256Mi" build-memory-limit "512Mi"}} config]
|
||||
(->
|
||||
(replace-common-data resource-file config)
|
||||
(cm/replace-all-matching-values-by-new-value "CHECK_SUM" (get-hash-from-sha256sum-output sha256sum-output))
|
||||
(cm/replace-all-matching-values-by-new-value "SCRIPT_FILE" (get-file-name-from-sha256sum-output sha256sum-output))
|
||||
(cm/replace-all-matching-values-by-new-value "BUILD_CPU_REQUEST" build-cpu-request)
|
||||
(cm/replace-all-matching-values-by-new-value "BUILD_CPU_LIMIT" build-cpu-limit)
|
||||
(cm/replace-all-matching-values-by-new-value "BUILD_MEMORY_REQUEST" build-memory-request)
|
||||
(cm/replace-all-matching-values-by-new-value "BUILD_MEMORY_LIMIT" build-memory-limit))))
|
||||
|
||||
#?(:cljs
|
||||
(defmethod yaml/load-resource :website [resource-name]
|
||||
(case resource-name
|
||||
"website/nginx-configmap.yaml" (rc/inline "website/nginx-configmap.yaml")
|
||||
"website/nginx-deployment.yaml" (rc/inline "website/nginx-deployment.yaml")
|
||||
"website/nginx-service.yaml" (rc/inline "website/nginx-service.yaml")
|
||||
"website/website-build-cron.yaml" (rc/inline "website/website-build-cron.yaml")
|
||||
"website/website-build-secret.yaml" (rc/inline "website/website-build-secret.yaml")
|
||||
"website/website-content-volume.yaml" (rc/inline "website/website-content-volume.yaml")
|
||||
"website/hashfile-volume.yaml" (rc/inline "website/hashfile-volume.yaml")
|
||||
(throw (js/Error. "Undefined Resource!")))))
|
||||
|
||||
(defn-spec generate-nginx-deployment pred/map-or-seq?
|
||||
[config websiteconfig?]
|
||||
(replace-build-data "website/nginx-deployment.yaml" config))
|
||||
|
||||
(defn-spec generate-nginx-configmap pred/map-or-seq?
|
||||
[config websiteconfig?]
|
||||
(let [{:keys [fqdns]} config]
|
||||
(->
|
||||
(replace-common-data "website/nginx-configmap.yaml" config)
|
||||
(#(assoc-in %
|
||||
[:data :website.conf]
|
||||
(str/replace
|
||||
(-> % :data :website.conf) #"FQDN" (str (str/join " " fqdns) ";")))))))
|
||||
|
||||
(defn-spec generate-nginx-service pred/map-or-seq?
|
||||
[config websiteconfig?]
|
||||
(replace-common-data "website/nginx-service.yaml" config))
|
||||
|
||||
(defn-spec generate-website-content-volume pred/map-or-seq?
|
||||
[config websiteconfig?]
|
||||
(let [{:keys [volume-size]
|
||||
:or {volume-size "3"}} config]
|
||||
(->
|
||||
(replace-common-data "website/website-content-volume.yaml" config)
|
||||
(cm/replace-all-matching-values-by-new-value "WEBSITESTORAGESIZE" (str volume-size "Gi")))))
|
||||
|
||||
(defn-spec generate-hashfile-volume pred/map-or-seq?
|
||||
[config websiteconfig?]
|
||||
(replace-common-data "website/hashfile-volume.yaml" config))
|
||||
|
||||
|
||||
(defn-spec generate-website-ingress pred/map-or-seq?
|
||||
[config websiteconfig?]
|
||||
(let [{:keys [unique-name fqdns]} config]
|
||||
(ing/generate-ingress {:fqdns fqdns
|
||||
:app-name (generate-app-name unique-name)
|
||||
:ingress-name (generate-ingress-name unique-name)
|
||||
:service-name (generate-service-name unique-name)
|
||||
:service-port 80})))
|
||||
|
||||
(defn-spec generate-website-certificate pred/map-or-seq?
|
||||
[config websiteconfig?]
|
||||
(let [{:keys [unique-name issuer fqdns]
|
||||
:or {issuer "staging"}} config]
|
||||
(ing/generate-certificate {:fqdns fqdns
|
||||
:app-name (generate-app-name unique-name)
|
||||
:cert-name (generate-cert-name unique-name)
|
||||
:issuer issuer})))
|
||||
|
||||
(defn-spec generate-website-build-cron pred/map-or-seq?
|
||||
[config websiteconfig?]
|
||||
(replace-build-data "website/website-build-cron.yaml" config))
|
||||
|
||||
(defn-spec generate-website-build-secret pred/map-or-seq?
|
||||
[config websiteconfig?
|
||||
auth websiteauth?]
|
||||
(let [{:keys [gitea-host
|
||||
gitea-repo
|
||||
branchname]} config
|
||||
{:keys [authtoken
|
||||
username]} auth]
|
||||
(->
|
||||
(replace-common-data "website/website-build-secret.yaml" config)
|
||||
(cm/replace-all-matching-values-by-new-value "TOKEN" (b64/encode authtoken))
|
||||
(cm/replace-all-matching-values-by-new-value "REPOURL" (b64/encode
|
||||
(generate-gitrepourl
|
||||
gitea-host
|
||||
gitea-repo
|
||||
username
|
||||
branchname)))
|
||||
(cm/replace-all-matching-values-by-new-value "COMMITURL" (b64/encode
|
||||
(generate-gitcommiturl
|
||||
gitea-host
|
||||
gitea-repo
|
||||
username))))))
|
||||
|
18
src/main/resources/taiga/certificate.yaml
Normal file
18
src/main/resources/taiga/certificate.yaml
Normal file
|
@ -0,0 +1,18 @@
|
|||
apiVersion: cert-manager.io/v1
|
||||
kind: Certificate
|
||||
metadata:
|
||||
name: c4k-common-cert
|
||||
labels:
|
||||
app.kubernetes.part-of: c4k-common-app
|
||||
namespace: default
|
||||
spec:
|
||||
secretName: c4k-common-cert
|
||||
commonName: taiga.test.meissa.de
|
||||
duration: 2160h # 90d
|
||||
renewBefore: 720h # 30d
|
||||
dnsNames:
|
||||
- taiga.test.meissa.de
|
||||
issuerRef:
|
||||
name: staging
|
||||
kind: ClusterIssuer
|
||||
|
12
src/main/resources/taiga/config-8gb.yaml
Normal file
12
src/main/resources/taiga/config-8gb.yaml
Normal file
|
@ -0,0 +1,12 @@
|
|||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: postgres-config
|
||||
labels:
|
||||
app: postgres
|
||||
data:
|
||||
postgres-db: postgres
|
||||
postgresql.conf: |
|
||||
max_connections = 700
|
||||
work_mem = 3MB
|
||||
shared_buffers = 2048MB
|
51
src/main/resources/taiga/deployment.yaml
Normal file
51
src/main/resources/taiga/deployment.yaml
Normal file
|
@ -0,0 +1,51 @@
|
|||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: postgresql
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app: postgresql
|
||||
strategy:
|
||||
type: Recreate
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: postgresql
|
||||
spec:
|
||||
containers:
|
||||
- image: postgres
|
||||
name: postgresql
|
||||
env:
|
||||
- name: POSTGRES_USER
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: postgres-secret
|
||||
key: postgres-user
|
||||
- name: POSTGRES_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: postgres-secret
|
||||
key: postgres-password
|
||||
- name: POSTGRES_DB
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
name: postgres-config
|
||||
key: postgres-db
|
||||
ports:
|
||||
- containerPort: 5432
|
||||
name: postgresql
|
||||
volumeMounts:
|
||||
- name: postgres-config-volume
|
||||
mountPath: /etc/postgresql/postgresql.conf
|
||||
subPath: postgresql.conf
|
||||
readOnly: true
|
||||
- name: postgre-data-volume
|
||||
mountPath: /var/lib/postgresql/data
|
||||
volumes:
|
||||
- name: postgres-config-volume
|
||||
configMap:
|
||||
name: postgres-config
|
||||
- name: postgre-data-volume
|
||||
persistentVolumeClaim:
|
||||
claimName: postgres-claim
|
27
src/main/resources/taiga/ingress.yaml
Normal file
27
src/main/resources/taiga/ingress.yaml
Normal file
|
@ -0,0 +1,27 @@
|
|||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: c4k-common-https-ingress
|
||||
namespace: default
|
||||
labels:
|
||||
app.kubernetes.part-of: c4k-common-app
|
||||
annotations:
|
||||
traefik.ingress.kubernetes.io/router.entrypoints: web, websecure
|
||||
traefik.ingress.kubernetes.io/router.middlewares: default-redirect-https@kubernetescrd
|
||||
metallb.universe.tf/address-pool: public
|
||||
spec:
|
||||
tls:
|
||||
- hosts:
|
||||
- taiga.test.meissa.de
|
||||
secretName: c4k-common-cert
|
||||
rules:
|
||||
- host: taiga.test.meissa.de
|
||||
http:
|
||||
paths:
|
||||
- pathType: Prefix
|
||||
path: "/"
|
||||
backend:
|
||||
service:
|
||||
name: taiga-gateway
|
||||
port:
|
||||
number: 80
|
14
src/main/resources/taiga/persistent-volume.yaml
Normal file
14
src/main/resources/taiga/persistent-volume.yaml
Normal file
|
@ -0,0 +1,14 @@
|
|||
kind: PersistentVolume
|
||||
apiVersion: v1
|
||||
metadata:
|
||||
name: postgres-pv-volume
|
||||
labels:
|
||||
type: local
|
||||
spec:
|
||||
storageClassName: local-path
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
capacity:
|
||||
storage: 10Gi
|
||||
hostPath:
|
||||
path: "/var/postgres"
|
13
src/main/resources/taiga/pvc.yaml
Normal file
13
src/main/resources/taiga/pvc.yaml
Normal file
|
@ -0,0 +1,13 @@
|
|||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: postgres-claim
|
||||
labels:
|
||||
app: postgres
|
||||
spec:
|
||||
storageClassName: local-path
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
resources:
|
||||
requests:
|
||||
storage: 8Gi
|
8
src/main/resources/taiga/secret.yaml
Normal file
8
src/main/resources/taiga/secret.yaml
Normal file
|
@ -0,0 +1,8 @@
|
|||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: postgres-secret
|
||||
type: Opaque
|
||||
data:
|
||||
postgres-user: "cHNxbC11c2Vy"
|
||||
postgres-password: "ZGZnc2RoNDU2NzdzZGZnc2RmZw=="
|
9
src/main/resources/taiga/service.yaml
Normal file
9
src/main/resources/taiga/service.yaml
Normal file
|
@ -0,0 +1,9 @@
|
|||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: postgresql-service
|
||||
spec:
|
||||
selector:
|
||||
app: postgresql
|
||||
ports:
|
||||
- port: 5432
|
16
src/main/resources/website/hashfile-volume.yaml
Normal file
16
src/main/resources/website/hashfile-volume.yaml
Normal file
|
@ -0,0 +1,16 @@
|
|||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: NAME-hashfile-volume
|
||||
namespace: default
|
||||
labels:
|
||||
app: NAME-nginx
|
||||
app.kubernetes.part-of: NAME-website
|
||||
spec:
|
||||
storageClassName: local-path
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
resources:
|
||||
requests:
|
||||
storage: 16Mi
|
||||
|
97
src/main/resources/website/nginx-configmap.yaml
Normal file
97
src/main/resources/website/nginx-configmap.yaml
Normal file
|
@ -0,0 +1,97 @@
|
|||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: NAME-configmap
|
||||
namespace: default
|
||||
labels:
|
||||
app.kubernetes.part-of: NAME-website
|
||||
data:
|
||||
nginx.conf: |
|
||||
user nginx;
|
||||
worker_processes 3;
|
||||
error_log /var/log/nginx/error.log;
|
||||
pid /var/log/nginx/nginx.pid;
|
||||
worker_rlimit_nofile 8192;
|
||||
events {
|
||||
worker_connections 4096;
|
||||
}
|
||||
http {
|
||||
include /etc/nginx/mime.types;
|
||||
default_type application/octet-stream;
|
||||
log_format main '$remote_addr - $remote_user [$time_local] $status'
|
||||
'"$request" $body_bytes_sent "$http_referer"'
|
||||
'"$http_user_agent" "$http_x_forwarded_for"';
|
||||
access_log /var/log/nginx/access.log main;
|
||||
sendfile on;
|
||||
tcp_nopush on;
|
||||
keepalive_timeout 65;
|
||||
server_names_hash_bucket_size 128;
|
||||
include /etc/nginx/conf.d/website.conf;
|
||||
}
|
||||
mime.types: |
|
||||
types {
|
||||
text/html html htm shtml;
|
||||
text/css css;
|
||||
text/xml xml rss;
|
||||
image/gif gif;
|
||||
image/jpeg jpeg jpg;
|
||||
application/x-javascript js;
|
||||
text/plain txt;
|
||||
text/x-component htc;
|
||||
text/mathml mml;
|
||||
image/svg+xml svg svgz;
|
||||
image/png png;
|
||||
image/x-icon ico;
|
||||
image/x-jng jng;
|
||||
image/vnd.wap.wbmp wbmp;
|
||||
application/java-archive jar war ear;
|
||||
application/mac-binhex40 hqx;
|
||||
application/pdf pdf;
|
||||
application/x-cocoa cco;
|
||||
application/x-java-archive-diff jardiff;
|
||||
application/x-java-jnlp-file jnlp;
|
||||
application/x-makeself run;
|
||||
application/x-perl pl pm;
|
||||
application/x-pilot prc pdb;
|
||||
application/x-rar-compressed rar;
|
||||
application/x-redhat-package-manager rpm;
|
||||
application/x-sea sea;
|
||||
application/x-shockwave-flash swf;
|
||||
application/x-stuffit sit;
|
||||
application/x-tcl tcl tk;
|
||||
application/x-x509-ca-cert der pem crt;
|
||||
application/x-xpinstall xpi;
|
||||
application/zip zip;
|
||||
application/octet-stream deb;
|
||||
application/octet-stream bin exe dll;
|
||||
application/octet-stream dmg;
|
||||
application/octet-stream eot;
|
||||
application/octet-stream iso img;
|
||||
application/octet-stream msi msp msm;
|
||||
audio/mpeg mp3;
|
||||
audio/x-realaudio ra;
|
||||
video/mpeg mpeg mpg;
|
||||
video/quicktime mov;
|
||||
video/x-flv flv;
|
||||
video/x-msvideo avi;
|
||||
video/x-ms-wmv wmv;
|
||||
video/x-ms-asf asx asf;
|
||||
video/x-mng mng;
|
||||
}
|
||||
website.conf: |
|
||||
server {
|
||||
listen 80 default_server;
|
||||
listen [::]:80 default_server;
|
||||
server_name FQDN
|
||||
add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload';
|
||||
add_header X-Frame-Options "SAMEORIGIN";
|
||||
add_header X-Content-Type-Options nosniff;
|
||||
add_header Referrer-Policy "strict-origin";
|
||||
# add_header Permissions-Policy "permissions here";
|
||||
root /var/www/html/website/;
|
||||
index index.html;
|
||||
location / {
|
||||
try_files $uri $uri/ /index.html =404;
|
||||
}
|
||||
}
|
||||
|
76
src/main/resources/website/nginx-deployment.yaml
Normal file
76
src/main/resources/website/nginx-deployment.yaml
Normal file
|
@ -0,0 +1,76 @@
|
|||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: NAME-deployment
|
||||
labels:
|
||||
app.kubernetes.part-of: NAME-website
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: NAME-nginx
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: NAME-nginx
|
||||
spec:
|
||||
containers:
|
||||
- name: NAME-nginx
|
||||
image: nginx:latest
|
||||
imagePullPolicy: IfNotPresent
|
||||
ports:
|
||||
- containerPort: 80
|
||||
volumeMounts:
|
||||
- mountPath: /etc/nginx
|
||||
readOnly: true
|
||||
name: nginx-config-volume
|
||||
- mountPath: /var/log/nginx
|
||||
name: log
|
||||
- mountPath: /var/www/html/website
|
||||
name: content-volume
|
||||
readOnly: true
|
||||
initContainers:
|
||||
- image: domaindrivenarchitecture/c4k-website-build
|
||||
name: NAME-init-build-container
|
||||
imagePullPolicy: IfNotPresent
|
||||
resources:
|
||||
requests:
|
||||
cpu: BUILD_CPU_REQUEST
|
||||
memory: BUILD_MEMORY_REQUEST
|
||||
limits:
|
||||
cpu: BUILD_CPU_LIMIT
|
||||
memory: BUILD_MEMORY_LIMIT
|
||||
command: ["/entrypoint.sh"]
|
||||
envFrom:
|
||||
- secretRef:
|
||||
name: NAME-secret
|
||||
env:
|
||||
- name: SHA256SUM
|
||||
value: CHECK_SUM
|
||||
- name: SCRIPTFILE
|
||||
value: SCRIPT_FILE
|
||||
volumeMounts:
|
||||
- name: content-volume
|
||||
mountPath: /var/www/html/website
|
||||
- name: hashfile-volume
|
||||
mountPath: /var/hashfile.d
|
||||
volumes:
|
||||
- name: nginx-config-volume
|
||||
configMap:
|
||||
name: NAME-configmap
|
||||
items:
|
||||
- key: nginx.conf
|
||||
path: nginx.conf
|
||||
- key: website.conf
|
||||
path: conf.d/website.conf
|
||||
- key: mime.types
|
||||
path: mime.types
|
||||
- name: log
|
||||
emptyDir: {}
|
||||
- name: content-volume
|
||||
persistentVolumeClaim:
|
||||
claimName: NAME-content-volume
|
||||
- name: hashfile-volume
|
||||
persistentVolumeClaim:
|
||||
claimName: NAME-hashfile-volume
|
||||
|
15
src/main/resources/website/nginx-service.yaml
Normal file
15
src/main/resources/website/nginx-service.yaml
Normal file
|
@ -0,0 +1,15 @@
|
|||
kind: Service
|
||||
apiVersion: v1
|
||||
metadata:
|
||||
name: NAME-service
|
||||
labels:
|
||||
app: NAME-nginx
|
||||
app.kubernetes.part-of: NAME-website
|
||||
namespace: default
|
||||
spec:
|
||||
selector:
|
||||
app: NAME-nginx
|
||||
ports:
|
||||
- name: nginx-http
|
||||
port: 80
|
||||
|
48
src/main/resources/website/website-build-cron.yaml
Normal file
48
src/main/resources/website/website-build-cron.yaml
Normal file
|
@ -0,0 +1,48 @@
|
|||
apiVersion: batch/v1
|
||||
kind: CronJob
|
||||
metadata:
|
||||
name: NAME-build-cron
|
||||
labels:
|
||||
app.kubernetes.part-of: NAME-website
|
||||
spec:
|
||||
schedule: "0/7 * * * *"
|
||||
successfulJobsHistoryLimit: 1
|
||||
failedJobsHistoryLimit: 1
|
||||
jobTemplate:
|
||||
spec:
|
||||
template:
|
||||
spec:
|
||||
containers:
|
||||
- image: domaindrivenarchitecture/c4k-website-build
|
||||
name: NAME-build-app
|
||||
imagePullPolicy: IfNotPresent
|
||||
resources:
|
||||
requests:
|
||||
cpu: BUILD_CPU_REQUEST
|
||||
memory: BUILD_MEMORY_REQUEST
|
||||
limits:
|
||||
cpu: BUILD_CPU_LIMIT
|
||||
memory: BUILD_MEMORY_LIMIT
|
||||
command: ["/entrypoint.sh"]
|
||||
envFrom:
|
||||
- secretRef:
|
||||
name: NAME-secret
|
||||
env:
|
||||
- name: SHA256SUM
|
||||
value: CHECK_SUM
|
||||
- name: SCRIPTFILE
|
||||
value: SCRIPT_FILE
|
||||
volumeMounts:
|
||||
- name: content-volume
|
||||
mountPath: /var/www/html/website
|
||||
- name: hashfile-volume
|
||||
mountPath: /var/hashfile.d
|
||||
volumes:
|
||||
- name: content-volume
|
||||
persistentVolumeClaim:
|
||||
claimName: NAME-content-volume
|
||||
- name: hashfile-volume
|
||||
persistentVolumeClaim:
|
||||
claimName: NAME-hashfile-volume
|
||||
restartPolicy: OnFailure
|
||||
|
10
src/main/resources/website/website-build-secret.yaml
Normal file
10
src/main/resources/website/website-build-secret.yaml
Normal file
|
@ -0,0 +1,10 @@
|
|||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: NAME-secret
|
||||
labels:
|
||||
app.kubernetes.part-of: NAME-website
|
||||
data:
|
||||
AUTHTOKEN: TOKEN
|
||||
GITREPOURL: REPOURL
|
||||
GITCOMMITURL: COMMITURL
|
16
src/main/resources/website/website-content-volume.yaml
Normal file
16
src/main/resources/website/website-content-volume.yaml
Normal file
|
@ -0,0 +1,16 @@
|
|||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: NAME-content-volume
|
||||
namespace: default
|
||||
labels:
|
||||
app: NAME-nginx
|
||||
app.kubernetes.part-of: NAME-website
|
||||
spec:
|
||||
storageClassName: local-path
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
resources:
|
||||
requests:
|
||||
storage: WEBSITESTORAGESIZE
|
||||
|
|
@ -1,18 +0,0 @@
|
|||
(ns dda.c4k-taiga.core-test
|
||||
(:require
|
||||
#?(:cljs [shadow.resource :as rc])
|
||||
#?(:clj [clojure.test :refer [deftest is are testing run-tests]]
|
||||
:cljs [cljs.test :refer-macros [deftest is are testing run-tests]])
|
||||
[clojure.spec.alpha :as s]
|
||||
[dda.c4k-common.yaml :as yaml]
|
||||
[dda.c4k-taiga.core :as cut]
|
||||
[clojure.spec.alpha :as s]))
|
||||
|
||||
#?(:cljs
|
||||
(defmethod yaml/load-resource :website-test [resource-name]
|
||||
(case resource-name
|
||||
(throw (js/Error. "Undefined Resource!")))))
|
||||
|
||||
(deftest validate-valid-resources
|
||||
;(is (s/valid? cut/config? (yaml/load-as-edn "website-test/valid-config.yaml")))
|
||||
)
|
|
@ -1,12 +0,0 @@
|
|||
(ns dda.c4k-taiga.taiga-test
|
||||
(:require
|
||||
#?(:cljs [shadow.resource :as rc])
|
||||
#?(:clj [clojure.test :refer [deftest is are testing run-tests]]
|
||||
:cljs [cljs.test :refer-macros [deftest is are testing run-tests]])
|
||||
[clojure.spec.alpha :as s]
|
||||
[dda.c4k-common.yaml :as yaml]
|
||||
[dda.c4k-taiga.core :as cut]
|
||||
[clojure.spec.alpha :as s]))
|
||||
|
||||
(deftest dummy-taiga-test
|
||||
(is true))
|
121
src/test/cljc/dda/c4k_website/core_test.cljc
Normal file
121
src/test/cljc/dda/c4k_website/core_test.cljc
Normal file
|
@ -0,0 +1,121 @@
|
|||
(ns dda.c4k-website.core-test
|
||||
(:require
|
||||
#?(:cljs [shadow.resource :as rc])
|
||||
#?(:clj [clojure.test :refer [deftest is are testing run-tests]]
|
||||
:cljs [cljs.test :refer-macros [deftest is are testing run-tests]])
|
||||
[clojure.spec.alpha :as s]
|
||||
[dda.c4k-common.yaml :as yaml]
|
||||
[dda.c4k-website.core :as cut]
|
||||
[clojure.spec.alpha :as s]))
|
||||
|
||||
#?(:cljs
|
||||
(defmethod yaml/load-resource :website-test [resource-name]
|
||||
(case resource-name
|
||||
"website-test/valid-auth.yaml" (rc/inline "website-test/valid-auth.yaml")
|
||||
"website-test/valid-config.yaml" (rc/inline "website-test/valid-config.yaml")
|
||||
(throw (js/Error. "Undefined Resource!")))))
|
||||
|
||||
(deftest validate-valid-resources
|
||||
(is (s/valid? cut/config? (yaml/load-as-edn "website-test/valid-config.yaml")))
|
||||
(is (s/valid? cut/auth? (yaml/load-as-edn "website-test/valid-auth.yaml"))))
|
||||
|
||||
(def websites1
|
||||
{:websites
|
||||
[{:unique-name "example.io"
|
||||
:fqdns ["example.org", "www.example.com"]
|
||||
:gitea-host "finegitehost.net"
|
||||
:gitea-repo "repo"
|
||||
:branchname "main"}
|
||||
{:unique-name "test.io"
|
||||
:fqdns ["test.de" "test.org" "www.test.de" "www.test.org"]
|
||||
:gitea-host "gitlab.de"
|
||||
:gitea-repo "repo"
|
||||
:branchname "main"}]})
|
||||
|
||||
(def websites2
|
||||
{:websites
|
||||
[{:unique-name "test.io"
|
||||
:fqdns ["test.de" "test.org" "www.test.de" "www.test.org"]
|
||||
:gitea-host "gitlab.de"
|
||||
:gitea-repo "repo"
|
||||
:branchname "main"}
|
||||
{:unique-name "example.io"
|
||||
:fqdns ["example.org", "www.example.com"]
|
||||
:gitea-host "finegitehost.net"
|
||||
:gitea-repo "repo"
|
||||
:branchname "main"}]})
|
||||
|
||||
(def auth1
|
||||
{:auth
|
||||
[{:unique-name "example.io"
|
||||
:username "someuser"
|
||||
:authtoken "abedjgbasdodj"}
|
||||
{:unique-name "test.io"
|
||||
:username "someuser"
|
||||
:authtoken "abedjgbasdodj"}]})
|
||||
|
||||
(def auth2
|
||||
{:auth
|
||||
[{:unique-name "test.io"
|
||||
:username "someuser"
|
||||
:authtoken "abedjgbasdodj"}
|
||||
{:unique-name "example.io"
|
||||
:username "someuser"
|
||||
:authtoken "abedjgbasdodj"}]})
|
||||
|
||||
(def flattened-and-reduced-config
|
||||
{:unique-name "example.io",
|
||||
:fqdns ["example.org" "www.example.com"],
|
||||
:gitea-host "finegitehost.net",
|
||||
:gitea-repo "repo",
|
||||
:branchname "main"})
|
||||
|
||||
(def flattened-and-reduced-auth
|
||||
{:unique-name "example.io",
|
||||
:username "someuser",
|
||||
:authtoken "abedjgbasdodj"})
|
||||
|
||||
(deftest sorts-config
|
||||
(is (= {:issuer "staging",
|
||||
:websites
|
||||
[{:unique-name "example.io",
|
||||
:fqdns ["example.org" "www.example.com"],
|
||||
:gitea-host "finegitehost.net",
|
||||
:gitea-repo "repo",
|
||||
:branchname "main"},
|
||||
{:unique-name "test.io",
|
||||
:fqdns ["test.de" "test.org" "www.test.de" "www.test.org"],
|
||||
:gitea-host "gitlab.de",
|
||||
:gitea-repo "repo",
|
||||
:branchname "main",
|
||||
:sha256sum-output "123456789ab123cd345de script-file-name.sh"}],
|
||||
:mon-cfg {:grafana-cloud-url "url-for-your-prom-remote-write-endpoint", :cluster-name "jitsi", :cluster-stage "test"}}
|
||||
(cut/sort-config
|
||||
{:issuer "staging",
|
||||
:websites
|
||||
[{:unique-name "test.io",
|
||||
:fqdns ["test.de" "test.org" "www.test.de" "www.test.org"],
|
||||
:gitea-host "gitlab.de",
|
||||
:gitea-repo "repo",
|
||||
:branchname "main",
|
||||
:sha256sum-output "123456789ab123cd345de script-file-name.sh"}
|
||||
{:unique-name "example.io",
|
||||
:fqdns ["example.org" "www.example.com"],
|
||||
:gitea-host "finegitehost.net",
|
||||
:gitea-repo "repo",
|
||||
:branchname "main"}],
|
||||
:mon-cfg {:grafana-cloud-url "url-for-your-prom-remote-write-endpoint", :cluster-name "jitsi", :cluster-stage "test"}}))))
|
||||
|
||||
(deftest test-flatten-and-reduce-config
|
||||
(is (=
|
||||
flattened-and-reduced-config
|
||||
(cut/flatten-and-reduce-config (cut/sort-config websites1))))
|
||||
(is (=
|
||||
flattened-and-reduced-config
|
||||
(cut/flatten-and-reduce-config (cut/sort-config websites2)))))
|
||||
|
||||
(deftest test-flatten-and-reduce-auth
|
||||
(is (= flattened-and-reduced-auth
|
||||
(cut/flatten-and-reduce-auth (cut/sort-auth auth1))))
|
||||
(is (= flattened-and-reduced-auth
|
||||
(cut/flatten-and-reduce-auth (cut/sort-auth auth2)))))
|
223
src/test/cljc/dda/c4k_website/website_test.cljc
Normal file
223
src/test/cljc/dda/c4k_website/website_test.cljc
Normal file
|
@ -0,0 +1,223 @@
|
|||
(ns dda.c4k-website.website-test
|
||||
(:require
|
||||
#?(:clj [clojure.test :refer [deftest is are testing run-tests]]
|
||||
:cljs [cljs.test :refer-macros [deftest is are testing run-tests]])
|
||||
[clojure.spec.test.alpha :as st]
|
||||
[dda.c4k-common.test-helper :as th]
|
||||
[dda.c4k-common.base64 :as b64]
|
||||
[dda.c4k-website.website :as cut]
|
||||
[clojure.spec.alpha :as s]))
|
||||
|
||||
(st/instrument `cut/generate-nginx-configmap)
|
||||
(st/instrument `cut/generate-nginx-deployment)
|
||||
(st/instrument `cut/generate-nginx-service)
|
||||
(st/instrument `cut/generate-website-content-volume)
|
||||
(st/instrument `cut/generate-hashfile-volume)
|
||||
(st/instrument `cut/generate-website-ingress)
|
||||
(st/instrument `cut/generate-website-certificate)
|
||||
(st/instrument `cut/generate-website-build-cron)
|
||||
(st/instrument `cut/generate-website-build-secret)
|
||||
|
||||
(deftest should-generate-nginx-configmap-website
|
||||
(is (= "server {\n listen 80 default_server;\n listen [::]:80 default_server;\n server_name test.de www.test.de test-it.de www.test-it.de;\n add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload'; \n add_header X-Frame-Options \"SAMEORIGIN\";\n add_header X-Content-Type-Options nosniff;\n add_header Referrer-Policy \"strict-origin\";\n # add_header Permissions-Policy \"permissions here\";\n root /var/www/html/website/;\n index index.html;\n location / {\n try_files $uri $uri/ /index.html =404;\n }\n}\n"
|
||||
(:website.conf (:data (cut/generate-nginx-configmap {:unique-name "test.io",
|
||||
:gitea-host "gitea.evilorg",
|
||||
:gitea-repo "none",
|
||||
:branchname "mablain",
|
||||
:fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]})))))
|
||||
(is (= "types {\n text/html html htm shtml;\n text/css css;\n text/xml xml rss;\n image/gif gif;\n image/jpeg jpeg jpg;\n application/x-javascript js;\n text/plain txt;\n text/x-component htc;\n text/mathml mml;\n image/svg+xml svg svgz;\n image/png png;\n image/x-icon ico;\n image/x-jng jng;\n image/vnd.wap.wbmp wbmp;\n application/java-archive jar war ear;\n application/mac-binhex40 hqx;\n application/pdf pdf;\n application/x-cocoa cco;\n application/x-java-archive-diff jardiff;\n application/x-java-jnlp-file jnlp;\n application/x-makeself run;\n application/x-perl pl pm;\n application/x-pilot prc pdb;\n application/x-rar-compressed rar;\n application/x-redhat-package-manager rpm;\n application/x-sea sea;\n application/x-shockwave-flash swf;\n application/x-stuffit sit;\n application/x-tcl tcl tk;\n application/x-x509-ca-cert der pem crt;\n application/x-xpinstall xpi;\n application/zip zip;\n application/octet-stream deb;\n application/octet-stream bin exe dll;\n application/octet-stream dmg;\n application/octet-stream eot;\n application/octet-stream iso img;\n application/octet-stream msi msp msm;\n audio/mpeg mp3;\n audio/x-realaudio ra;\n video/mpeg mpeg mpg;\n video/quicktime mov;\n video/x-flv flv;\n video/x-msvideo avi;\n video/x-ms-wmv wmv;\n video/x-ms-asf asx asf;\n video/x-mng mng;\n}\n"
|
||||
(:mime.types (:data (cut/generate-nginx-configmap {:unique-name "test.io",
|
||||
:gitea-host "gitea.evilorg",
|
||||
:gitea-repo "none",
|
||||
:branchname "mablain",
|
||||
:fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]})))))
|
||||
(is (= "user nginx;\nworker_processes 3;\nerror_log /var/log/nginx/error.log;\npid /var/log/nginx/nginx.pid;\nworker_rlimit_nofile 8192;\nevents {\n worker_connections 4096;\n}\nhttp {\n include /etc/nginx/mime.types;\n default_type application/octet-stream;\n log_format main '$remote_addr - $remote_user [$time_local] $status'\n '\"$request\" $body_bytes_sent \"$http_referer\"'\n '\"$http_user_agent\" \"$http_x_forwarded_for\"';\n access_log /var/log/nginx/access.log main;\n sendfile on;\n tcp_nopush on;\n keepalive_timeout 65;\n server_names_hash_bucket_size 128;\n include /etc/nginx/conf.d/website.conf;\n}\n"
|
||||
(:nginx.conf (:data (cut/generate-nginx-configmap {:unique-name "test.io",
|
||||
:gitea-host "gitea.evilorg",
|
||||
:gitea-repo "none",
|
||||
:branchname "mablain",
|
||||
:fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]})))))
|
||||
(is (= {:apiVersion "v1",
|
||||
:kind "ConfigMap",
|
||||
:metadata {:name "test-io-configmap",
|
||||
:labels {:app.kubernetes.part-of "test-io-website"},
|
||||
:namespace "default"}}
|
||||
(dissoc (cut/generate-nginx-configmap {:unique-name "test.io",
|
||||
:gitea-host "gitea.evilorg",
|
||||
:gitea-repo "none",
|
||||
:branchname "mablain",
|
||||
:fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]}) :data))))
|
||||
|
||||
(deftest should-generate-nginx-deployment
|
||||
(is (= {:apiVersion "apps/v1",
|
||||
:kind "Deployment",
|
||||
:metadata {:name "test-io-deployment", :labels {:app.kubernetes.part-of "test-io-website"}},
|
||||
:spec
|
||||
{:replicas 1,
|
||||
:selector {:matchLabels {:app "test-io-nginx"}},
|
||||
:template
|
||||
{:metadata {:labels {:app "test-io-nginx"}},
|
||||
:spec
|
||||
{:containers
|
||||
[{:name "test-io-nginx",
|
||||
:image "nginx:latest",
|
||||
:imagePullPolicy "IfNotPresent",
|
||||
:ports [{:containerPort 80}],
|
||||
:volumeMounts
|
||||
[{:mountPath "/etc/nginx", :readOnly true, :name "nginx-config-volume"}
|
||||
{:mountPath "/var/log/nginx", :name "log"}
|
||||
{:mountPath "/var/www/html/website", :name "content-volume", :readOnly true}]}],
|
||||
:initContainers
|
||||
[{:image "domaindrivenarchitecture/c4k-website-build",
|
||||
:name "test-io-init-build-container",
|
||||
:imagePullPolicy "IfNotPresent",
|
||||
:resources {:requests {:cpu "500m", :memory "256Mi"}, :limits {:cpu "1700m", :memory "512Mi"}},
|
||||
:command ["/entrypoint.sh"],
|
||||
:envFrom [{:secretRef {:name "test-io-secret"}}],
|
||||
:env [{:name "SHA256SUM", :value "123456789ab123cd345de"} {:name "SCRIPTFILE", :value "script-file-name.sh"}],
|
||||
:volumeMounts [{:name "content-volume", :mountPath "/var/www/html/website"}
|
||||
{:name "hashfile-volume", :mountPath "/var/hashfile.d"}]}],
|
||||
:volumes
|
||||
[{:name "nginx-config-volume",
|
||||
:configMap
|
||||
{:name "test-io-configmap",
|
||||
:items
|
||||
[{:key "nginx.conf", :path "nginx.conf"}
|
||||
{:key "website.conf", :path "conf.d/website.conf"}
|
||||
{:key "mime.types", :path "mime.types"}]}}
|
||||
{:name "log", :emptyDir {}}
|
||||
{:name "content-volume", :persistentVolumeClaim {:claimName "test-io-content-volume"}}
|
||||
{:name "hashfile-volume", :persistentVolumeClaim {:claimName "test-io-hashfile-volume"}}]}}}}
|
||||
(cut/generate-nginx-deployment {:gitea-host "gitlab.de",
|
||||
:fqdns ["test.de" "test.org" "www.test.de" "www.test.org"],
|
||||
:gitea-repo "repo",
|
||||
:sha256sum-output "123456789ab123cd345de script-file-name.sh",
|
||||
:issuer "staging",
|
||||
:branchname "main",
|
||||
:unique-name "test.io"}))))
|
||||
|
||||
(deftest should-generate-resource-requests
|
||||
(is (= {:requests {:cpu "500m", :memory "256Mi"}, :limits {:cpu "1700m", :memory "512Mi"}}
|
||||
(-> (cut/generate-nginx-deployment {:gitea-host "gitlab.de",
|
||||
:fqdns ["test.de" "test.org" "www.test.de" "www.test.org"],
|
||||
:gitea-repo "repo",
|
||||
:sha256sum-output "123456789ab123cd345de script-file-name.sh",
|
||||
:issuer "staging",
|
||||
:branchname "main",
|
||||
:unique-name "test.io"})
|
||||
:spec :template :spec :initContainers first :resources )))
|
||||
(is (= {:requests {:cpu "1500m", :memory "512Mi"}, :limits {:cpu "3000m", :memory "1024Mi"}}
|
||||
(-> (cut/generate-nginx-deployment {:gitea-host "gitlab.de",
|
||||
:fqdns ["test.de" "test.org" "www.test.de" "www.test.org"],
|
||||
:gitea-repo "repo",
|
||||
:sha256sum-output "123456789ab123cd345de script-file-name.sh",
|
||||
:issuer "staging",
|
||||
:branchname "main",
|
||||
:unique-name "test.io"
|
||||
:build-cpu-request "1500m"
|
||||
:build-cpu-limit "3000m"
|
||||
:build-memory-request "512Mi"
|
||||
:build-memory-limit "1024Mi"})
|
||||
:spec :template :spec :initContainers first :resources))))
|
||||
|
||||
(deftest should-generate-nginx-service
|
||||
(is (= {:name-c1 "test-io-service",
|
||||
:name-c2 "test-org-service",
|
||||
:app-c1 "test-io-nginx",
|
||||
:app-c2 "test-org-nginx",
|
||||
:app.kubernetes.part-of-c1 "test-io-website",
|
||||
:app.kubernetes.part-of-c2 "test-org-website"}
|
||||
(th/map-diff (cut/generate-nginx-service {:unique-name "test.io",
|
||||
:gitea-host "gitea.evilorg",
|
||||
:gitea-repo "none",
|
||||
:branchname "mablain",
|
||||
:fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]})
|
||||
(cut/generate-nginx-service {:unique-name "test.org",
|
||||
:gitea-host "gitea.evilorg",
|
||||
:gitea-repo "none",
|
||||
:branchname "mablain",
|
||||
:fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]})))))
|
||||
|
||||
(deftest should-generate-website-build-cron
|
||||
(is (= {:apiVersion "batch/v1",
|
||||
:kind "CronJob",
|
||||
:metadata {:name "test-io-build-cron", :labels {:app.kubernetes.part-of "test-io-website"}},
|
||||
:spec
|
||||
{:schedule "0/7 * * * *",
|
||||
:successfulJobsHistoryLimit 1,
|
||||
:failedJobsHistoryLimit 1,
|
||||
:jobTemplate
|
||||
{:spec
|
||||
{:template
|
||||
{:spec
|
||||
{:containers
|
||||
[{:image "domaindrivenarchitecture/c4k-website-build",
|
||||
:name "test-io-build-app",
|
||||
:imagePullPolicy "IfNotPresent",
|
||||
:resources {:requests {:cpu "500m", :memory "256Mi"}, :limits {:cpu "1700m", :memory "512Mi"}},
|
||||
:command ["/entrypoint.sh"],
|
||||
:envFrom [{:secretRef {:name "test-io-secret"}}],
|
||||
:env [{:name "SHA256SUM", :value "123456789ab123cd345de"} {:name "SCRIPTFILE", :value "script-file-name.sh"}],
|
||||
:volumeMounts [{:name "content-volume", :mountPath "/var/www/html/website"}
|
||||
{:name "hashfile-volume", :mountPath "/var/hashfile.d"}]}],
|
||||
:volumes [{:name "content-volume", :persistentVolumeClaim {:claimName "test-io-content-volume"}}
|
||||
{:name "hashfile-volume", :persistentVolumeClaim {:claimName "test-io-hashfile-volume"}}],
|
||||
:restartPolicy "OnFailure"}}}}}}
|
||||
(cut/generate-website-build-cron {:gitea-host "gitlab.de",
|
||||
:fqdns ["test.de" "test.org" "www.test.de" "www.test.org"],
|
||||
:gitea-repo "repo",
|
||||
:sha256sum-output "123456789ab123cd345de script-file-name.sh",
|
||||
:issuer "staging",
|
||||
:branchname "main",
|
||||
:unique-name "test.io"}))))
|
||||
|
||||
(deftest should-generate-website-build-secret
|
||||
(is (= {:apiVersion "v1",
|
||||
:kind "Secret",
|
||||
:metadata {:name "test-io-secret", :labels {:app.kubernetes.part-of "test-io-website"}},
|
||||
:data
|
||||
{:AUTHTOKEN "YWJlZGpnYmFzZG9kag==",
|
||||
:GITREPOURL "aHR0cHM6Ly9naXRsYWIuZGUvYXBpL3YxL3JlcG9zL3NvbWV1c2VyL3JlcG8vYXJjaGl2ZS9tYWluLnppcA==",
|
||||
:GITCOMMITURL "aHR0cHM6Ly9naXRsYWIuZGUvYXBpL3YxL3JlcG9zL3NvbWV1c2VyL3JlcG8vZ2l0L2NvbW1pdHMvSEVBRA=="}}
|
||||
(cut/generate-website-build-secret {:fqdns ["test.de" "test.org" "www.test.de" "www.test.org"],
|
||||
:gitea-repo "repo",
|
||||
:sha256sum-output "123456789ab123cd345de script-file-name.sh",
|
||||
:issuer "staging",
|
||||
:branchname "main",
|
||||
:unique-name "test.io",
|
||||
:gitea-host "gitlab.de"}
|
||||
{:unique-name "test.io",
|
||||
:authtoken "abedjgbasdodj",
|
||||
:username "someuser"}))))
|
||||
|
||||
(deftest should-generate-website-content-volume
|
||||
(is (= {:name-c1 "test-io-content-volume",
|
||||
:name-c2 "test-org-content-volume",
|
||||
:app-c1 "test-io-nginx",
|
||||
:app-c2 "test-org-nginx",
|
||||
:app.kubernetes.part-of-c1 "test-io-website",
|
||||
:app.kubernetes.part-of-c2 "test-org-website"}
|
||||
(th/map-diff (cut/generate-website-content-volume {:unique-name "test.io",
|
||||
:gitea-host "gitea.evilorg",
|
||||
:gitea-repo "none",
|
||||
:branchname "mablain",
|
||||
:fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]})
|
||||
(cut/generate-website-content-volume {:unique-name "test.org",
|
||||
:gitea-host "gitea.evilorg",
|
||||
:gitea-repo "none",
|
||||
:branchname "mablain",
|
||||
:fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]})))))
|
||||
|
||||
(deftest should-generate-hashfile-volume
|
||||
(is (= {:apiVersion "v1",
|
||||
:kind "PersistentVolumeClaim",
|
||||
:metadata
|
||||
{:name "test-io-hashfile-volume",
|
||||
:namespace "default",
|
||||
:labels {:app "test-io-nginx", :app.kubernetes.part-of "test-io-website"}},
|
||||
:spec {:storageClassName "local-path", :accessModes ["ReadWriteOnce"], :resources {:requests {:storage "16Mi"}}}}
|
||||
(cut/generate-hashfile-volume {:unique-name "test.io",
|
||||
:gitea-host "gitea.evilorg",
|
||||
:gitea-repo "none",
|
||||
:branchname "mablain",
|
||||
:fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]}))))
|
Loading…
Reference in a new issue