src/main/cljc/dda/c4k_taiga/core.cljc

@@ -7,33 +7,28 @@
    [dda.c4k-common.common :as cm]
    [dda.c4k-common.predicate :as cp]
    [dda.c4k-common.monitoring :as mon]
-   [dda.c4k-taiga.taiga :as taiga]))
+   [dda.c4k-taiga.taiga :as taiga]
+   [dda.c4k-common.postgres :as postgres]))
 
-(def config-defaults {:issuer "staging"
+(def default-storage-class :local-path)
-                      :volume-size "3"})
 
-(s/def ::mon-cfg ::mon/mon-cfg)
+(def config? taiga/config?)
-(s/def ::mon-auth ::mon/mon-auth)
+(def auth? taiga/auth?)
-
-; ToDo
-(def config? (s/keys :req-un []
-                     :opt-un [::mon-cfg]))
-
-; ToDo
-(def auth? (s/keys :req-un []
-                   :opt-un [::mon-auth]))
-
-; ToDo:
-(defn generate-configs [config auth])
 
 (defn-spec k8s-objects cp/map-or-seq?
-  [config config?
+  [config taiga/config?
-   auth auth?]  
+   auth taiga/auth?]  
   (cm/concat-vec
    (map yaml/to-string
         (filter
          #(not (nil? %))
          (cm/concat-vec
-          (generate-configs config auth)
+          [(postgres/generate-config {:postgres-size :8gb :db-name "taiga"})
+           (postgres/generate-secret auth)
+           (postgres/generate-pvc {:pv-storage-size-gb 50
+                                   :pvc-storage-class-name default-storage-class})
+           (postgres/generate-deployment)
+           (postgres/generate-service)]
+          (taiga/generate-ingress-and-cert)
           (when (:contains? config :mon-cfg)
             (mon/generate (:mon-cfg config) (:mon-auth auth))))))))

src/main/cljc/dda/c4k_taiga/taiga.cljc

@@ -9,6 +9,37 @@
    [dda.c4k-common.yaml :as yaml]
    [dda.c4k-common.common :as cm]
    [dda.c4k-common.base64 :as b64]
-   [dda.c4k-common.predicate :as pred]
+   [dda.c4k-common.predicate :as cp]
+   [dda.c4k-common.monitoring :as mon]
+   [dda.c4k-common.postgres :as postgres]
    [dda.c4k-common.ingress :as ing]
-   [clojure.string :as str]))
+   [clojure.string :as str]))
+
+
+(def config-defaults {:issuer "staging"
+                      :volume-size "3"})
+
+(s/def ::mon-cfg ::mon/mon-cfg)
+(s/def ::mon-auth ::mon/mon-auth)
+
+(s/def ::fqdn cp/fqdn-string?)
+(s/def ::issuer cp/letsencrypt-issuer?)
+; TODO: Passwords
+
+(def config? (s/keys :req-un [::fqdn]
+                     :opt-un [::issuer
+                              ::pv-storage-size-gb
+                              ::pvc-storage-class-name
+                              ::mon-cfg]))
+
+(def auth? (s/keys :req-un [::postgres/postgres-db-user ::postgres/postgres-db-password]
+                   :opt-un [::mon-auth]))
+
+
+(defn-spec generate-ingress-and-cert cp/map-or-seq?
+  [config config?]
+  (ing/generate-ingress-and-cert
+   (merge
+    {:service-name "taiga"
+     :service-port 80}
+    config)))

src/main/resources/taiga/certificate.yaml

@@ -1,18 +0,0 @@
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: c4k-common-cert
-  labels:
-    app.kubernetes.part-of: c4k-common-app
-  namespace: default
-spec:
-  secretName: c4k-common-cert
-  commonName: taiga.test.meissa.de
-  duration: 2160h # 90d
-  renewBefore: 720h # 30d
-  dnsNames:
-  - taiga.test.meissa.de
-  issuerRef:
-    name: staging
-    kind: ClusterIssuer
-    

src/main/resources/taiga/config-8gb.yaml

@@ -1,12 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: postgres-config
-  labels:
-    app: postgres
-data:
-  postgres-db: postgres
-  postgresql.conf: |
-    max_connections = 700
-    work_mem = 3MB
-    shared_buffers = 2048MB

src/main/resources/taiga/deployment.yaml

@@ -1,51 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: postgresql
-spec:
-  selector:
-    matchLabels:
-      app: postgresql
-  strategy:
-    type: Recreate
-  template:
-    metadata:
-      labels:
-        app: postgresql
-    spec:
-      containers:
-        - image: postgres
-          name: postgresql
-          env:
-            - name: POSTGRES_USER
-              valueFrom:
-                secretKeyRef:
-                  name: postgres-secret
-                  key: postgres-user
-            - name: POSTGRES_PASSWORD
-              valueFrom:
-                secretKeyRef:
-                  name: postgres-secret
-                  key: postgres-password
-            - name: POSTGRES_DB
-              valueFrom:
-                configMapKeyRef:
-                  name: postgres-config
-                  key: postgres-db
-          ports:
-            - containerPort: 5432
-              name: postgresql
-          volumeMounts:
-            - name: postgres-config-volume
-              mountPath: /etc/postgresql/postgresql.conf
-              subPath: postgresql.conf
-              readOnly: true
-            - name: postgre-data-volume
-              mountPath: /var/lib/postgresql/data
-      volumes:
-        - name: postgres-config-volume
-          configMap:
-            name: postgres-config
-        - name: postgre-data-volume
-          persistentVolumeClaim:
-            claimName: postgres-claim

src/main/resources/taiga/ingress.yaml

@@ -1,27 +0,0 @@
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: c4k-common-https-ingress
-  namespace: default
-  labels:
-    app.kubernetes.part-of: c4k-common-app
-  annotations:
-    traefik.ingress.kubernetes.io/router.entrypoints: web, websecure
-    traefik.ingress.kubernetes.io/router.middlewares: default-redirect-https@kubernetescrd
-    metallb.universe.tf/address-pool: public
-spec:
-  tls:
-    - hosts:
-        - taiga.test.meissa.de
-      secretName: c4k-common-cert
-  rules:
-    - host: taiga.test.meissa.de
-      http:
-        paths:
-          - pathType: Prefix
-            path: "/"
-            backend:
-              service:
-                name: taiga-gateway
-                port:
-                  number: 80

src/main/resources/taiga/persistent-volume.yaml

@@ -1,14 +0,0 @@
-kind: PersistentVolume
-apiVersion: v1
-metadata:
-  name: postgres-pv-volume
-  labels:
-    type: local
-spec:
-  storageClassName: local-path
-  accessModes:
-    - ReadWriteOnce
-  capacity:
-    storage: 10Gi
-  hostPath:
-    path: "/var/postgres"

src/main/resources/taiga/pvc.yaml

@@ -1,13 +0,0 @@
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: postgres-claim
-  labels:
-    app: postgres
-spec:
-  storageClassName: local-path
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: 8Gi

src/main/resources/taiga/secret.yaml

@@ -1,8 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
-  name: postgres-secret
-type: Opaque
-data:
-  postgres-user: "cHNxbC11c2Vy"
-  postgres-password: "ZGZnc2RoNDU2NzdzZGZnc2RmZw=="

src/main/resources/taiga/service.yaml

@@ -1,9 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: postgresql-service
-spec:
-  selector:
-    app: postgresql
-  ports:
-    - port: 5432

src/test/cljc/dda/c4k_taiga/core_test.cljc

@@ -11,10 +11,8 @@
 #?(:cljs
    (defmethod yaml/load-resource :website-test [resource-name]
      (case resource-name
-       "website-test/valid-auth.yaml"   (rc/inline "website-test/valid-auth.yaml")
-       "website-test/valid-config.yaml" (rc/inline "website-test/valid-config.yaml")
        (throw (js/Error. "Undefined Resource!")))))
 
 (deftest validate-valid-resources
-  (is (s/valid? cut/config? (yaml/load-as-edn "website-test/valid-config.yaml")))
+  ;(is (s/valid? cut/config? (yaml/load-as-edn "website-test/valid-config.yaml")))
-  (is (s/valid? cut/auth? (yaml/load-as-edn "website-test/valid-auth.yaml"))))
+  )