Working Base Config for Taiga #1
11 changed files with 49 additions and 177 deletions
|
@ -7,33 +7,28 @@
|
|||
[dda.c4k-common.common :as cm]
|
||||
[dda.c4k-common.predicate :as cp]
|
||||
[dda.c4k-common.monitoring :as mon]
|
||||
[dda.c4k-taiga.taiga :as taiga]))
|
||||
[dda.c4k-taiga.taiga :as taiga]
|
||||
[dda.c4k-common.postgres :as postgres]))
|
||||
|
||||
(def config-defaults {:issuer "staging"
|
||||
:volume-size "3"})
|
||||
(def default-storage-class :local-path)
|
||||
|
||||
(s/def ::mon-cfg ::mon/mon-cfg)
|
||||
(s/def ::mon-auth ::mon/mon-auth)
|
||||
|
||||
; ToDo
|
||||
(def config? (s/keys :req-un []
|
||||
:opt-un [::mon-cfg]))
|
||||
|
||||
; ToDo
|
||||
(def auth? (s/keys :req-un []
|
||||
:opt-un [::mon-auth]))
|
||||
|
||||
; ToDo:
|
||||
(defn generate-configs [config auth])
|
||||
(def config? taiga/config?)
|
||||
(def auth? taiga/auth?)
|
||||
|
||||
(defn-spec k8s-objects cp/map-or-seq?
|
||||
[config config?
|
||||
auth auth?]
|
||||
[config taiga/config?
|
||||
auth taiga/auth?]
|
||||
(cm/concat-vec
|
||||
(map yaml/to-string
|
||||
(filter
|
||||
#(not (nil? %))
|
||||
(cm/concat-vec
|
||||
(generate-configs config auth)
|
||||
[(postgres/generate-config {:postgres-size :8gb :db-name "taiga"})
|
||||
(postgres/generate-secret auth)
|
||||
(postgres/generate-pvc {:pv-storage-size-gb 50
|
||||
:pvc-storage-class-name default-storage-class})
|
||||
(postgres/generate-deployment)
|
||||
(postgres/generate-service)]
|
||||
(taiga/generate-ingress-and-cert)
|
||||
(when (:contains? config :mon-cfg)
|
||||
(mon/generate (:mon-cfg config) (:mon-auth auth))))))))
|
||||
|
|
|
@ -9,6 +9,37 @@
|
|||
[dda.c4k-common.yaml :as yaml]
|
||||
[dda.c4k-common.common :as cm]
|
||||
[dda.c4k-common.base64 :as b64]
|
||||
[dda.c4k-common.predicate :as pred]
|
||||
[dda.c4k-common.predicate :as cp]
|
||||
[dda.c4k-common.monitoring :as mon]
|
||||
[dda.c4k-common.postgres :as postgres]
|
||||
[dda.c4k-common.ingress :as ing]
|
||||
[clojure.string :as str]))
|
||||
[clojure.string :as str]))
|
||||
|
||||
|
||||
(def config-defaults {:issuer "staging"
|
||||
:volume-size "3"})
|
||||
|
||||
(s/def ::mon-cfg ::mon/mon-cfg)
|
||||
(s/def ::mon-auth ::mon/mon-auth)
|
||||
|
||||
(s/def ::fqdn cp/fqdn-string?)
|
||||
(s/def ::issuer cp/letsencrypt-issuer?)
|
||||
; TODO: Passwords
|
||||
|
||||
(def config? (s/keys :req-un [::fqdn]
|
||||
:opt-un [::issuer
|
||||
::pv-storage-size-gb
|
||||
::pvc-storage-class-name
|
||||
::mon-cfg]))
|
||||
|
||||
(def auth? (s/keys :req-un [::postgres/postgres-db-user ::postgres/postgres-db-password]
|
||||
:opt-un [::mon-auth]))
|
||||
|
||||
|
||||
(defn-spec generate-ingress-and-cert cp/map-or-seq?
|
||||
[config config?]
|
||||
(ing/generate-ingress-and-cert
|
||||
(merge
|
||||
{:service-name "taiga"
|
||||
:service-port 80}
|
||||
config)))
|
|
@ -1,18 +0,0 @@
|
|||
apiVersion: cert-manager.io/v1
|
||||
kind: Certificate
|
||||
metadata:
|
||||
name: c4k-common-cert
|
||||
labels:
|
||||
app.kubernetes.part-of: c4k-common-app
|
||||
namespace: default
|
||||
spec:
|
||||
secretName: c4k-common-cert
|
||||
commonName: taiga.test.meissa.de
|
||||
duration: 2160h # 90d
|
||||
renewBefore: 720h # 30d
|
||||
dnsNames:
|
||||
- taiga.test.meissa.de
|
||||
issuerRef:
|
||||
name: staging
|
||||
kind: ClusterIssuer
|
||||
|
|
@ -1,12 +0,0 @@
|
|||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: postgres-config
|
||||
labels:
|
||||
app: postgres
|
||||
data:
|
||||
postgres-db: postgres
|
||||
postgresql.conf: |
|
||||
max_connections = 700
|
||||
work_mem = 3MB
|
||||
shared_buffers = 2048MB
|
|
@ -1,51 +0,0 @@
|
|||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: postgresql
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app: postgresql
|
||||
strategy:
|
||||
type: Recreate
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: postgresql
|
||||
spec:
|
||||
containers:
|
||||
- image: postgres
|
||||
name: postgresql
|
||||
env:
|
||||
- name: POSTGRES_USER
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: postgres-secret
|
||||
key: postgres-user
|
||||
- name: POSTGRES_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: postgres-secret
|
||||
key: postgres-password
|
||||
- name: POSTGRES_DB
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
name: postgres-config
|
||||
key: postgres-db
|
||||
ports:
|
||||
- containerPort: 5432
|
||||
name: postgresql
|
||||
volumeMounts:
|
||||
- name: postgres-config-volume
|
||||
mountPath: /etc/postgresql/postgresql.conf
|
||||
subPath: postgresql.conf
|
||||
readOnly: true
|
||||
- name: postgre-data-volume
|
||||
mountPath: /var/lib/postgresql/data
|
||||
volumes:
|
||||
- name: postgres-config-volume
|
||||
configMap:
|
||||
name: postgres-config
|
||||
- name: postgre-data-volume
|
||||
persistentVolumeClaim:
|
||||
claimName: postgres-claim
|
|
@ -1,27 +0,0 @@
|
|||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: c4k-common-https-ingress
|
||||
namespace: default
|
||||
labels:
|
||||
app.kubernetes.part-of: c4k-common-app
|
||||
annotations:
|
||||
traefik.ingress.kubernetes.io/router.entrypoints: web, websecure
|
||||
traefik.ingress.kubernetes.io/router.middlewares: default-redirect-https@kubernetescrd
|
||||
metallb.universe.tf/address-pool: public
|
||||
spec:
|
||||
tls:
|
||||
- hosts:
|
||||
- taiga.test.meissa.de
|
||||
secretName: c4k-common-cert
|
||||
rules:
|
||||
- host: taiga.test.meissa.de
|
||||
http:
|
||||
paths:
|
||||
- pathType: Prefix
|
||||
path: "/"
|
||||
backend:
|
||||
service:
|
||||
name: taiga-gateway
|
||||
port:
|
||||
number: 80
|
|
@ -1,14 +0,0 @@
|
|||
kind: PersistentVolume
|
||||
apiVersion: v1
|
||||
metadata:
|
||||
name: postgres-pv-volume
|
||||
labels:
|
||||
type: local
|
||||
spec:
|
||||
storageClassName: local-path
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
capacity:
|
||||
storage: 10Gi
|
||||
hostPath:
|
||||
path: "/var/postgres"
|
|
@ -1,13 +0,0 @@
|
|||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: postgres-claim
|
||||
labels:
|
||||
app: postgres
|
||||
spec:
|
||||
storageClassName: local-path
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
resources:
|
||||
requests:
|
||||
storage: 8Gi
|
|
@ -1,8 +0,0 @@
|
|||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: postgres-secret
|
||||
type: Opaque
|
||||
data:
|
||||
postgres-user: "cHNxbC11c2Vy"
|
||||
postgres-password: "ZGZnc2RoNDU2NzdzZGZnc2RmZw=="
|
|
@ -1,9 +0,0 @@
|
|||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: postgresql-service
|
||||
spec:
|
||||
selector:
|
||||
app: postgresql
|
||||
ports:
|
||||
- port: 5432
|
|
@ -11,10 +11,8 @@
|
|||
#?(:cljs
|
||||
(defmethod yaml/load-resource :website-test [resource-name]
|
||||
(case resource-name
|
||||
"website-test/valid-auth.yaml" (rc/inline "website-test/valid-auth.yaml")
|
||||
"website-test/valid-config.yaml" (rc/inline "website-test/valid-config.yaml")
|
||||
(throw (js/Error. "Undefined Resource!")))))
|
||||
|
||||
(deftest validate-valid-resources
|
||||
(is (s/valid? cut/config? (yaml/load-as-edn "website-test/valid-config.yaml")))
|
||||
(is (s/valid? cut/auth? (yaml/load-as-edn "website-test/valid-auth.yaml"))))
|
||||
;(is (s/valid? cut/config? (yaml/load-as-edn "website-test/valid-config.yaml")))
|
||||
)
|
||||
|
|
Loading…
Reference in a new issue