Working Base Config for Taiga #1

Merged
patdyn merged 60 commits from config-play into main 2023-09-01 10:38:18 +00:00
11 changed files with 49 additions and 177 deletions
Showing only changes of commit 04d69a930b - Show all commits

View file

@ -7,33 +7,28 @@
[dda.c4k-common.common :as cm]
[dda.c4k-common.predicate :as cp]
[dda.c4k-common.monitoring :as mon]
[dda.c4k-taiga.taiga :as taiga]))
[dda.c4k-taiga.taiga :as taiga]
[dda.c4k-common.postgres :as postgres]))
(def config-defaults {:issuer "staging"
:volume-size "3"})
(def default-storage-class :local-path)
(s/def ::mon-cfg ::mon/mon-cfg)
(s/def ::mon-auth ::mon/mon-auth)
; ToDo
(def config? (s/keys :req-un []
:opt-un [::mon-cfg]))
; ToDo
(def auth? (s/keys :req-un []
:opt-un [::mon-auth]))
; ToDo:
(defn generate-configs [config auth])
(def config? taiga/config?)
(def auth? taiga/auth?)
(defn-spec k8s-objects cp/map-or-seq?
[config config?
auth auth?]
[config taiga/config?
auth taiga/auth?]
(cm/concat-vec
(map yaml/to-string
(filter
#(not (nil? %))
(cm/concat-vec
(generate-configs config auth)
[(postgres/generate-config {:postgres-size :8gb :db-name "taiga"})
(postgres/generate-secret auth)
(postgres/generate-pvc {:pv-storage-size-gb 50
:pvc-storage-class-name default-storage-class})
(postgres/generate-deployment)
(postgres/generate-service)]
(taiga/generate-ingress-and-cert)
(when (:contains? config :mon-cfg)
(mon/generate (:mon-cfg config) (:mon-auth auth))))))))

View file

@ -9,6 +9,37 @@
[dda.c4k-common.yaml :as yaml]
[dda.c4k-common.common :as cm]
[dda.c4k-common.base64 :as b64]
[dda.c4k-common.predicate :as pred]
[dda.c4k-common.predicate :as cp]
[dda.c4k-common.monitoring :as mon]
[dda.c4k-common.postgres :as postgres]
[dda.c4k-common.ingress :as ing]
[clojure.string :as str]))
[clojure.string :as str]))
(def config-defaults {:issuer "staging"
:volume-size "3"})
(s/def ::mon-cfg ::mon/mon-cfg)
(s/def ::mon-auth ::mon/mon-auth)
(s/def ::fqdn cp/fqdn-string?)
(s/def ::issuer cp/letsencrypt-issuer?)
; TODO: Passwords
(def config? (s/keys :req-un [::fqdn]
:opt-un [::issuer
::pv-storage-size-gb
::pvc-storage-class-name
::mon-cfg]))
(def auth? (s/keys :req-un [::postgres/postgres-db-user ::postgres/postgres-db-password]
:opt-un [::mon-auth]))
(defn-spec generate-ingress-and-cert cp/map-or-seq?
[config config?]
(ing/generate-ingress-and-cert
(merge
{:service-name "taiga"
:service-port 80}
config)))

View file

@ -1,18 +0,0 @@
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: c4k-common-cert
labels:
app.kubernetes.part-of: c4k-common-app
namespace: default
spec:
secretName: c4k-common-cert
commonName: taiga.test.meissa.de
duration: 2160h # 90d
renewBefore: 720h # 30d
dnsNames:
- taiga.test.meissa.de
issuerRef:
name: staging
kind: ClusterIssuer

View file

@ -1,12 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: postgres-config
labels:
app: postgres
data:
postgres-db: postgres
postgresql.conf: |
max_connections = 700
work_mem = 3MB
shared_buffers = 2048MB

View file

@ -1,51 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: postgresql
spec:
selector:
matchLabels:
app: postgresql
strategy:
type: Recreate
template:
metadata:
labels:
app: postgresql
spec:
containers:
- image: postgres
name: postgresql
env:
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
name: postgres-secret
key: postgres-user
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: postgres-secret
key: postgres-password
- name: POSTGRES_DB
valueFrom:
configMapKeyRef:
name: postgres-config
key: postgres-db
ports:
- containerPort: 5432
name: postgresql
volumeMounts:
- name: postgres-config-volume
mountPath: /etc/postgresql/postgresql.conf
subPath: postgresql.conf
readOnly: true
- name: postgre-data-volume
mountPath: /var/lib/postgresql/data
volumes:
- name: postgres-config-volume
configMap:
name: postgres-config
- name: postgre-data-volume
persistentVolumeClaim:
claimName: postgres-claim

View file

@ -1,27 +0,0 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: c4k-common-https-ingress
namespace: default
labels:
app.kubernetes.part-of: c4k-common-app
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: web, websecure
traefik.ingress.kubernetes.io/router.middlewares: default-redirect-https@kubernetescrd
metallb.universe.tf/address-pool: public
spec:
tls:
- hosts:
- taiga.test.meissa.de
secretName: c4k-common-cert
rules:
- host: taiga.test.meissa.de
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: taiga-gateway
port:
number: 80

View file

@ -1,14 +0,0 @@
kind: PersistentVolume
apiVersion: v1
metadata:
name: postgres-pv-volume
labels:
type: local
spec:
storageClassName: local-path
accessModes:
- ReadWriteOnce
capacity:
storage: 10Gi
hostPath:
path: "/var/postgres"

View file

@ -1,13 +0,0 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: postgres-claim
labels:
app: postgres
spec:
storageClassName: local-path
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 8Gi

View file

@ -1,8 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
name: postgres-secret
type: Opaque
data:
postgres-user: "cHNxbC11c2Vy"
postgres-password: "ZGZnc2RoNDU2NzdzZGZnc2RmZw=="

View file

@ -1,9 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: postgresql-service
spec:
selector:
app: postgresql
ports:
- port: 5432

View file

@ -11,10 +11,8 @@
#?(:cljs
(defmethod yaml/load-resource :website-test [resource-name]
(case resource-name
"website-test/valid-auth.yaml" (rc/inline "website-test/valid-auth.yaml")
"website-test/valid-config.yaml" (rc/inline "website-test/valid-config.yaml")
(throw (js/Error. "Undefined Resource!")))))
(deftest validate-valid-resources
(is (s/valid? cut/config? (yaml/load-as-edn "website-test/valid-config.yaml")))
(is (s/valid? cut/auth? (yaml/load-as-edn "website-test/valid-auth.yaml"))))
;(is (s/valid? cut/config? (yaml/load-as-edn "website-test/valid-config.yaml")))
)