meissa/c4k-taiga
6
0
Fork 0
Code Issues Pull requests Projects Releases 2 Packages Wiki Activity

Working Base Config for Taiga #1

Merged
patdyn merged 60 commits from config-play into main 2023-09-01 10:38:18 +00:00
Conversation 0 Commits 60 Files changed 55 +680 -1060
55 changed files with 680 additions and 1060 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

53
README.md
View file

@ -6,10 +6,43 @@
## Configuration Issues ## Configuration Issues
We currently can no login even after `python manage.py createsuperuser --noinput` in the taiga-back-deployment container. What might help: https://docs.taiga.io/setup-production.html#taiga-back
Note: taiga-manage,-back und -async verwenden die gleichen docker images mit unterschiedlichen entry-points.
https://github.com/kaleidos-ventures/taiga-docker https://github.com/kaleidos-ventures/taiga-docker
https://community.taiga.io/t/taiga-30min-setup/170 https://community.taiga.io/t/taiga-30min-setup/170
Note: taiga-manage,-back und -async verwenden die gleichen docker images mit unterschiedlichen entry-points. ### Steps to start and get an admin user
Philosophy: First create the superuser, then populate the DB.
https://docs.taiga.io/setup-production.html#taiga-back
https://docs.taiga.io/setup-production.html#_configure_an_admin_user
https://github.com/kaleidos-ventures/taiga-back/blob/main/docker/entrypoint.sh
In the init container we create the super user. Difference between init-container and container: CELERY_ENABLED: false
The init container gets the following command and args:
```yaml
command: ["/bin/bash"]
args: ["-c", "source /opt/venv/bin/activate && python manage.py createsuperuser --noinput"]
```
Thus the dockerfile default entrypoint is ignored.
Problem: Login using this method is still not available with the proposed credentials.
#### Option 1: Init container, currently under test
Create an init container (celery disabled) with the python manage.py command and the taiga-manage createsuperuser args
#### Option 2: Single container
Create a single container that has celery disabled at the beginning.
Runs the following cmds:
* python manage.py taiga-manage createsuperuser
* enable celery
* execute entrypoint.sh
### HTTPS ### HTTPS
@ -49,24 +82,6 @@ taiga-async -> taiga-async-rabbitmq
taiga-events -> taiga-events-rabbitmq taiga-events -> taiga-events-rabbitmq
This is not quite clear, but probably solved with the implementation of services. This is not quite clear, but probably solved with the implementation of services.
### Init container
Es gibt einen Init-Container mit namen *taiga-manage* im deployment.
Dieser erstellt einen Admin User mit credentials aus dem taiga-back-secret.
#### Einen admin-user anlegen
https://github.com/kaleidos-ventures/taiga-docker#configure-an-admin-user
folglich:
https://docs.djangoproject.com/en/4.2/ref/django-admin/#django-admin-createsuperuser
Also DJANGO_SUPERUSER_TAIGAADMIN und DJANGO_SUPERUSER_PASSWORD
sollten für den Container gesetzt sein.
Dann noch ein run befehl mit: python manage.py createsuperuser im init container unterbringen.
### Deployments ### Deployments
Separate deployments exist for each of the taiga modules: Separate deployments exist for each of the taiga modules:

8
project.clj
View file

@ -20,8 +20,8 @@
:dependencies [[dda/data-test "0.1.1"]]} :dependencies [[dda/data-test "0.1.1"]]}
:dev {:plugins [[lein-shell "0.5.0"]]} :dev {:plugins [[lein-shell "0.5.0"]]}
:uberjar {:aot :all :uberjar {:aot :all
:main dda.c4k-website.uberjar :main dda.c4k-taiga.uberjar
:uberjar-name "c4k-website-standalone.jar" :uberjar-name "c4k-taiga-standalone.jar"
:dependencies [[org.clojure/tools.cli "1.0.214"] :dependencies [[org.clojure/tools.cli "1.0.214"]
[ch.qos.logback/logback-classic "1.4.5" [ch.qos.logback/logback-classic "1.4.5"
:exclusions [com.sun.mail/javax.mail]] :exclusions [com.sun.mail/javax.mail]]
@ -36,11 +36,11 @@
"native-image" "native-image"
"--report-unsupported-elements-at-runtime" "--report-unsupported-elements-at-runtime"
"--initialize-at-build-time" "--initialize-at-build-time"
"-jar" "target/uberjar/c4k-website-standalone.jar" "-jar" "target/uberjar/c4k-taiga-standalone.jar"
"-H:ResourceConfigurationFiles=graalvm-resource-config.json" "-H:ResourceConfigurationFiles=graalvm-resource-config.json"
"-H:Log=registerResource" "-H:Log=registerResource"
"-H:Name=target/graalvm/${:name}"] "-H:Name=target/graalvm/${:name}"]
"inst" ["shell" "inst" ["shell"
"sh" "sh"
"-c" "-c"
"lein uberjar && sudo install -m=755 target/uberjar/c4k-website-standalone.jar /usr/local/bin/c4k-website-standalone.jar"]}) "lein uberjar && sudo install -m=755 target/uberjar/c4k-taiga-standalone.jar /usr/local/bin/c4k-taiga-standalone.jar"]})

2
public/index.html
View file

@ -3,7 +3,7 @@
<head> <head>
<meta charset="utf-8" /> <meta charset="utf-8" />
<title>c4k-website</title> <title>c4k-taiga</title>
<link href="https://domaindrivenarchitecture.org/css/bootstrap.min.css" rel="stylesheet" type="text/css" /> <link href="https://domaindrivenarchitecture.org/css/bootstrap.min.css" rel="stylesheet" type="text/css" />
<link href="https://domaindrivenarchitecture.org/css/fonts/fontawesome/fontawesome.css" rel="stylesheet" type="text/css" /> <link href="https://domaindrivenarchitecture.org/css/fonts/fontawesome/fontawesome.css" rel="stylesheet" type="text/css" />
<link href="https://domaindrivenarchitecture.org/css/custom.css" rel="stylesheet" type="text/css" /> <link href="https://domaindrivenarchitecture.org/css/custom.css" rel="stylesheet" type="text/css" />

2
shadow-cljs.edn
View file

@ -7,7 +7,7 @@
:dependencies [[org.domaindrivenarchitecture/c4k-common-cljs "6.0.1"] :dependencies [[org.domaindrivenarchitecture/c4k-common-cljs "6.0.1"]
[hickory "0.7.1"]] [hickory "0.7.1"]]
:builds {:frontend {:target :browser :builds {:frontend {:target :browser
:modules {:main {:init-fn dda.c4k-website.browser/init}} :modules {:main {:init-fn dda.c4k-taiga.browser/init}}
:release {} :release {}
:compiler-options {:optimizations :advanced}} :compiler-options {:optimizations :advanced}}
:test {:target :node-test :test {:target :node-test

56
src/main/cljc/dda/c4k_taiga/core.cljc
View file

@ -7,33 +7,53 @@
[dda.c4k-common.common :as cm] [dda.c4k-common.common :as cm]
[dda.c4k-common.predicate :as cp] [dda.c4k-common.predicate :as cp]
[dda.c4k-common.monitoring :as mon] [dda.c4k-common.monitoring :as mon]
[dda.c4k-taiga.taiga :as taiga])) [dda.c4k-taiga.taiga :as taiga]
[dda.c4k-common.postgres :as postgres]))
(def config-defaults {:issuer "staging" (def default-storage-class :local-path)
:volume-size "3"})
(s/def ::mon-cfg ::mon/mon-cfg) (def config? taiga/config?)
(s/def ::mon-auth ::mon/mon-auth) (def auth? taiga/auth?)
; ToDo (def config-defaults taiga/config-defaults)
(def config? (s/keys :req-un
:opt-un [::mon-cfg]))
; ToDo
(def auth? (s/keys :req-un
:opt-un [::mon-auth]))
; ToDo:
(defn generate-configs [config auth])
(defn-spec k8s-objects cp/map-or-seq? (defn-spec k8s-objects cp/map-or-seq?
[config config? [config taiga/config?
auth auth?] auth taiga/auth?]
(cm/concat-vec (cm/concat-vec
(map yaml/to-string (map yaml/to-string
(filter (filter
#(not (nil? %)) #(not (nil? %))
(cm/concat-vec (cm/concat-vec
(generate-configs config auth) [(postgres/generate-config {:postgres-size :8gb :db-name "taiga"})
(postgres/generate-secret auth)
(postgres/generate-pvc {:pv-storage-size-gb 50
:pvc-storage-class-name default-storage-class})
(postgres/generate-deployment)
(postgres/generate-service)
(taiga/generate-async-deployment)
(taiga/generate-async-rabbitmq-deployment)
(taiga/generate-async-rabbitmq-service)
(taiga/generate-async-service)
(taiga/generate-back-deployment)
(taiga/generate-back-service)
(taiga/generate-configmap config)
(taiga/generate-pvc-taiga-media-data config)
(taiga/generate-pvc-taiga-static-data config)
(taiga/generate-events-deployment)
(taiga/generate-events-rabbitmq-deployment)
(taiga/generate-events-rabbitmq-service)
(taiga/generate-events-service)
(taiga/generate-front-deployment)
(taiga/generate-front-service)
(taiga/generate-gateway-configmap)
(taiga/generate-gateway-deployment)
(taiga/generate-gateway-service)
(taiga/generate-protected-deployment)
(taiga/generate-protected-service)
(taiga/generate-rabbitmq-pvc-async config)
(taiga/generate-rabbitmq-pvc-events config)
(taiga/generate-secret auth)]
(taiga/generate-ingress-and-cert config)
(when (:contains? config :mon-cfg) (when (:contains? config :mon-cfg)
(mon/generate (:mon-cfg config) (:mon-auth auth)))))))) (mon/generate (:mon-cfg config) (:mon-auth auth))))))))

224
src/main/cljc/dda/c4k_taiga/taiga.cljc Normal file
View file

@ -0,0 +1,224 @@
(ns dda.c4k-taiga.taiga
(:require
[clojure.spec.alpha :as s]
#?(:cljs [shadow.resource :as rc])
#?(:clj [orchestra.core :refer [defn-spec]]
:cljs [orchestra.core :refer-macros [defn-spec]])
#?(:clj [clojure.edn :as edn]
:cljs [cljs.reader :as edn])
[dda.c4k-common.yaml :as yaml]
[dda.c4k-common.common :as cm]
[dda.c4k-common.base64 :as b64]
[dda.c4k-common.predicate :as cp]
[dda.c4k-common.monitoring :as mon]
[dda.c4k-common.postgres :as postgres]
[dda.c4k-common.ingress :as ing]
[clojure.string :as str]))
(def config-defaults {:issuer "staging"
:storage-class-name "local-path"
:pv-storage-size-gb "5" ;; ToDo: check sensible defaults
:storage-media-size "5"
:storage-static-size "5"
:storage-async-rabbitmq-size "5"
:storage-events-rabbitmq-size "5"
:public-register-enabled "false"
:enable-telemetry "false"})
(s/def ::mon-cfg ::mon/mon-cfg)
(s/def ::mon-auth ::mon/mon-auth)
(s/def ::taiga-secret-key cp/bash-env-string?)
(s/def ::mailer-user string?)
(s/def ::mailer-pw string?)
(s/def ::django-superuser-username string?)
(s/def ::django-superuser-password string?)
(s/def ::django-superuser-email string?)
(s/def ::rabbitmq-user string?)
(s/def ::rabbitmq-pw string?)
(s/def ::rabbitmq-erlang-cookie string?)
(s/def ::issuer cp/letsencrypt-issuer?)
(s/def ::fqdn cp/fqdn-string?)
(s/def ::public-register-enabled string?) ;; ToDo maybe check for boolean string
(s/def ::enable-telemetry string?)
(s/def ::storage-class-name string?)
(s/def ::storage-media-size int?)
(s/def ::storage-static-size int?)
(s/def ::storage-async-rabbitmq-size int?)
(s/def ::storage-events-rabbitmq-size int?)
(def auth? (s/keys :req-un [::postgres/postgres-db-user
::postgres/postgres-db-password
::taiga-secret-key
::mailer-pw
::mailer-user
::django-superuser-email
::django-superuser-password
::django-superuser-username
::rabbitmq-erlang-cookie
::rabbitmq-pw
::rabbitmq-user]
:opt-un [::mon-auth]))
(def config? (s/keys :req-un [::fqdn]
:opt-un [::issuer
::storage-class-name
::storage-media-size
::storage-static-size
::storage-async-rabbitmq-size
::storage-events-rabbitmq-size
::pv-storage-size-gb
::public-register-enabled
::enable-telemetry
::mon-cfg]))
#?(:cljs
(defmethod yaml/load-resource :taiga [resource-name]
(case resource-name
"taiga/events-rabbitmq-deployment.yaml" (rc/inline "taiga/events-rabbitmq-deployment.yaml")
"taiga/gateway-deployment.yaml" (rc/inline "taiga/gateway-deployment.yaml")
"taiga/protected-deployment.yaml" (rc/inline "taiga/protected-deployment.yaml")
"taiga/gateway-configmap.yaml" (rc/inline "taiga/gateway-configmap.yaml")
"taiga/configmap.yaml" (rc/inline "taiga/configmap.yaml")
"taiga/async-service.yaml" (rc/inline "taiga/async-service.yaml")
"taiga/events-deployment.yaml" (rc/inline "taiga/events-deployment.yaml")
"taiga/async-deployment.yaml" (rc/inline "taiga/async-deployment.yaml")
"taiga/back-deployment.yaml" (rc/inline "taiga/back-deployment.yaml")
"taiga/front-deployment.yaml" (rc/inline "taiga/front-deployment.yaml")
"taiga/front-service.yaml" (rc/inline "taiga/front-service.yaml")
"taiga/gateway-service.yaml" (rc/inline "taiga/gateway-service.yaml")
"taiga/pvc-taiga-media-data.yaml" (rc/inline "taiga/pvc-taiga-media-data.yaml")
"taiga/pvc-taiga-static-data.yaml" (rc/inline "taiga/pvc-taiga-static-data.yaml")
"taiga/async-rabbitmq-deployment.yaml" (rc/inline "taiga/async-rabbitmq-deployment.yaml")
"taiga/protected-service.yaml" (rc/inline "taiga/protected-service.yaml")
"taiga/secret.yaml" (rc/inline "taiga/secret.yaml")
"taiga/async-rabbitmq-service.yaml" (rc/inline "taiga/async-rabbitmq-service.yaml")
"taiga/events-service.yaml" (rc/inline "taiga/events-service.yaml")
"taiga/back-service.yaml" (rc/inline "taiga/back-service.yaml")
"taiga/events-rabbitmq-service.yaml" (rc/inline "taiga/events-rabbitmq-service.yaml")
"taiga/rabbitmq-pvc-async.yaml" (rc/inline "taiga/rabbitmq-pvc-async.yaml")
"taiga/rabbitmq-pvc-events.yaml" (rc/inline "taiga/rabbitmq-pvc-events.yaml")
(throw (js/Error. "Undefined Resource!")))))
(defn-spec generate-ingress-and-cert cp/map-or-seq?
[config config?]
(let [{:keys [fqdn]} config]
(ing/generate-ingress-and-cert
(merge
{:service-name "taiga-gateway"
:service-port 80
:fqdns [fqdn]}
config))))
(defn-spec generate-async-deployment cp/map-or-seq? []
(yaml/from-string (yaml/load-resource "taiga/async-deployment.yaml")))
(defn-spec generate-async-service cp/map-or-seq? []
(yaml/from-string (yaml/load-resource "taiga/async-service.yaml")))
(defn-spec generate-async-rabbitmq-deployment cp/map-or-seq? []
(yaml/from-string (yaml/load-resource "taiga/async-rabbitmq-deployment.yaml")))
(defn-spec generate-events-rabbitmq-service cp/map-or-seq? []
(yaml/from-string (yaml/load-resource "taiga/events-rabbitmq-service.yaml")))
(defn-spec generate-async-rabbitmq-service cp/map-or-seq? []
(yaml/from-string (yaml/load-resource "taiga/async-rabbitmq-service.yaml")))
(defn-spec generate-back-deployment cp/map-or-seq? []
(yaml/from-string (yaml/load-resource "taiga/back-deployment.yaml")))
(defn-spec generate-back-service cp/map-or-seq? []
(yaml/from-string (yaml/load-resource "taiga/back-service.yaml")))
(defn-spec generate-events-rabbitmq-deployment cp/map-or-seq? []
(yaml/from-string (yaml/load-resource "taiga/events-rabbitmq-deployment.yaml")))
(defn-spec generate-events-deployment cp/map-or-seq? []
(yaml/from-string (yaml/load-resource "taiga/events-deployment.yaml")))
(defn-spec generate-events-service cp/map-or-seq? []
(yaml/from-string (yaml/load-resource "taiga/events-service.yaml")))
(defn-spec generate-front-deployment cp/map-or-seq? []
(yaml/from-string (yaml/load-resource "taiga/front-deployment.yaml")))
(defn-spec generate-front-service cp/map-or-seq? []
(yaml/from-string (yaml/load-resource "taiga/front-service.yaml")))
(defn-spec generate-gateway-configmap cp/map-or-seq? []
(yaml/from-string (yaml/load-resource "taiga/gateway-configmap.yaml")))
(defn-spec generate-gateway-deployment cp/map-or-seq? []
(yaml/from-string (yaml/load-resource "taiga/gateway-deployment.yaml")))
(defn-spec generate-gateway-service cp/map-or-seq? []
(yaml/from-string (yaml/load-resource "taiga/gateway-service.yaml")))
(defn-spec generate-protected-deployment cp/map-or-seq? []
(yaml/from-string (yaml/load-resource "taiga/protected-deployment.yaml")))
(defn-spec generate-protected-service cp/map-or-seq? []
(yaml/from-string (yaml/load-resource "taiga/protected-service.yaml")))
(defn-spec generate-configmap cp/map-or-seq?
[config config?]
(let [{:keys [fqdn enable-telemetry public-register-enabled]} (merge config-defaults config)]
(-> (yaml/load-as-edn "taiga/configmap.yaml")
(cm/replace-key-value :TAIGA_SITES_DOMAIN fqdn)
(cm/replace-key-value :TAIGA_URL (str "https://" fqdn))
(cm/replace-key-value :TAIGA_WEBSOCKETS_URL (str "wss://" fqdn))
(cm/replace-key-value :ENABLE_TELEMETRY enable-telemetry)
(cm/replace-key-value :PUBLIC_REGISTER_ENABLED public-register-enabled))))
(defn-spec generate-pvc-taiga-media-data cp/map-or-seq?
[config config?]
(let [{:keys [storage-class-name storage-media-size]} (merge config-defaults config)]
(->
(yaml/from-string (yaml/load-resource "taiga/pvc-taiga-media-data.yaml"))
(assoc-in [:spec :storageClassName] storage-class-name)
(assoc-in [:spec :resources :requests :storage] (str storage-media-size "Gi")))))
(defn-spec generate-pvc-taiga-static-data cp/map-or-seq?
[config config?]
(let [{:keys [storage-class-name storage-static-size]} (merge config-defaults config)]
(->
(yaml/from-string (yaml/load-resource "taiga/pvc-taiga-static-data.yaml"))
(assoc-in [:spec :storageClassName] storage-class-name)
(assoc-in [:spec :resources :requests :storage] (str storage-static-size "Gi")))))
(defn-spec generate-secret cp/map-or-seq?
[auth auth?]
(let [{:keys [taiga-secret-key
mailer-user mailer-pw
rabbitmq-user rabbitmq-pw rabbitmq-erlang-cookie
django-superuser-username django-superuser-password django-superuser-email]} auth]
(->
(yaml/from-string (yaml/load-resource "taiga/secret.yaml"))
(cm/replace-key-value :TAIGA_SECRET_KEY (b64/encode taiga-secret-key))
(cm/replace-key-value :EMAIL_HOST_USER (b64/encode mailer-user))
(cm/replace-key-value :EMAIL_HOST_PASSWORD (b64/encode mailer-pw))
(cm/replace-key-value :RABBITMQ_USER (b64/encode rabbitmq-user))
(cm/replace-key-value :RABBITMQ_PASS (b64/encode rabbitmq-pw))
(cm/replace-key-value :RABBITMQ_ERLANG_COOKIE (b64/encode rabbitmq-erlang-cookie))
(cm/replace-key-value :DJANGO_SUPERUSER_USERNAME (b64/encode django-superuser-username))
(cm/replace-key-value :DJANGO_SUPERUSER_PASSWORD (b64/encode django-superuser-password))
(cm/replace-key-value :DJANGO_SUPERUSER_EMAIL (b64/encode django-superuser-email)))))
(defn-spec generate-rabbitmq-pvc-async cp/map-or-seq?
[config config?]
(let [{:keys [storage-class-name storage-async-rabbitmq-size]} (merge config-defaults config)]
(->
(yaml/from-string (yaml/load-resource "taiga/rabbitmq-pvc-async.yaml"))
(assoc-in [:spec :storageClassName] storage-class-name)
(assoc-in [:spec :resources :requests :storage] (str storage-async-rabbitmq-size "Gi")))))
(defn-spec generate-rabbitmq-pvc-events cp/map-or-seq?
[config config?]
(let [{:keys [storage-class-name storage-events-rabbitmq-size]} (merge config-defaults config)]
(->
(yaml/from-string (yaml/load-resource "taiga/rabbitmq-pvc-events.yaml"))
(assoc-in [:spec :storageClassName] storage-class-name)
(assoc-in [:spec :resources :requests :storage] (str storage-events-rabbitmq-size "Gi")))))

181
src/main/cljc/dda/c4k_taiga/website.cljc
View file

@ -1,181 +0,0 @@
(ns dda.c4k-website.website
(:require
[clojure.spec.alpha :as s]
#?(:cljs [shadow.resource :as rc])
#?(:clj [orchestra.core :refer [defn-spec]]
:cljs [orchestra.core :refer-macros [defn-spec]])
#?(:clj [clojure.edn :as edn]
:cljs [cljs.reader :as edn])
[dda.c4k-common.yaml :as yaml]
[dda.c4k-common.common :as cm]
[dda.c4k-common.base64 :as b64]
[dda.c4k-common.predicate :as pred]
[dda.c4k-common.ingress :as ing]
[clojure.string :as str]))
; ToDo
(s/def ::issuer pred/letsencrypt-issuer?)
; ToDo
(def config? (s/keys :req-un
:opt-un ))
; ToDo
(def auth? (s/keys :req-un ))
; ToDo
(defn-spec replace-dots-by-minus string?
[fqdn pred/fqdn-string?]
(str/replace fqdn #"\." "-"))
(defn-spec generate-app-name string?
[unique-name pred/fqdn-string?]
(str (replace-dots-by-minus unique-name) "-website"))
(defn-spec generate-service-name string?
[unique-name pred/fqdn-string?]
(str (replace-dots-by-minus unique-name) "-service"))
(defn-spec generate-cert-name string?
[unique-name pred/fqdn-string?]
(str (replace-dots-by-minus unique-name) "-cert"))
(defn-spec generate-ingress-name string?
[unique-name pred/fqdn-string?]
(str (replace-dots-by-minus unique-name) "-ingress"))
; https://your.gitea.host/api/v1/repos/<owner>/<repo>/archive/<branch>.zip
(defn-spec generate-gitrepourl string?
[host pred/fqdn-string?
repo string?
user string?
branch string?]
(str "https://" host "/api/v1/repos/" user "/" repo "/archive/" branch ".zip"))
; https://your.gitea.host/api/v1/repos/<owner>/<repo>/git/commits/HEAD
(defn-spec generate-gitcommiturl string?
[host pred/fqdn-string?
repo string?
user string?]
(str "https://" host "/api/v1/repos/" user "/" repo "/git/" "commits/" "HEAD"))
(defn-spec replace-all-matching-substrings-beginning-with pred/map-or-seq?
[col pred/map-or-seq?
value-to-partly-match string?
value-to-inplace string?]
(clojure.walk/postwalk #(if (and (= (type value-to-partly-match) (type %))
(re-matches (re-pattern (str value-to-partly-match ".*")) %))
(str/replace % value-to-partly-match value-to-inplace) %)
col))
(defn-spec replace-common-data pred/map-or-seq?
[resource-file string?
config websiteconfig?]
(let [{:keys [unique-name]} config]
(->
(yaml/load-as-edn resource-file)
(assoc-in [:metadata :labels :app.kubernetes.part-of] (generate-app-name unique-name))
(replace-all-matching-substrings-beginning-with "NAME" (replace-dots-by-minus unique-name)))))
(defn-spec replace-build-data pred/map-or-seq?
[resource-file string?
config websiteconfig?]
(let [{:keys [sha256sum-output build-cpu-request build-cpu-limit build-memory-request build-memory-limit]
:or {build-cpu-request "500m" build-cpu-limit "1700m" build-memory-request "256Mi" build-memory-limit "512Mi"}} config]
(->
(replace-common-data resource-file config)
(cm/replace-all-matching-values-by-new-value "CHECK_SUM" (get-hash-from-sha256sum-output sha256sum-output))
(cm/replace-all-matching-values-by-new-value "SCRIPT_FILE" (get-file-name-from-sha256sum-output sha256sum-output))
(cm/replace-all-matching-values-by-new-value "BUILD_CPU_REQUEST" build-cpu-request)
(cm/replace-all-matching-values-by-new-value "BUILD_CPU_LIMIT" build-cpu-limit)
(cm/replace-all-matching-values-by-new-value "BUILD_MEMORY_REQUEST" build-memory-request)
(cm/replace-all-matching-values-by-new-value "BUILD_MEMORY_LIMIT" build-memory-limit))))
#?(:cljs
(defmethod yaml/load-resource :website [resource-name]
(case resource-name
"website/nginx-configmap.yaml" (rc/inline "website/nginx-configmap.yaml")
"website/nginx-deployment.yaml" (rc/inline "website/nginx-deployment.yaml")
"website/nginx-service.yaml" (rc/inline "website/nginx-service.yaml")
"website/website-build-cron.yaml" (rc/inline "website/website-build-cron.yaml")
"website/website-build-secret.yaml" (rc/inline "website/website-build-secret.yaml")
"website/website-content-volume.yaml" (rc/inline "website/website-content-volume.yaml")
"website/hashfile-volume.yaml" (rc/inline "website/hashfile-volume.yaml")
(throw (js/Error. "Undefined Resource!")))))
(defn-spec generate-nginx-deployment pred/map-or-seq?
[config websiteconfig?]
(replace-build-data "website/nginx-deployment.yaml" config))
(defn-spec generate-nginx-configmap pred/map-or-seq?
[config websiteconfig?]
(let [{:keys [fqdns]} config]
(->
(replace-common-data "website/nginx-configmap.yaml" config)
(#(assoc-in %
[:data :website.conf]
(str/replace
(-> % :data :website.conf) #"FQDN" (str (str/join " " fqdns) ";")))))))
(defn-spec generate-nginx-service pred/map-or-seq?
[config websiteconfig?]
(replace-common-data "website/nginx-service.yaml" config))
(defn-spec generate-website-content-volume pred/map-or-seq?
[config websiteconfig?]
(let [{:keys [volume-size]
:or {volume-size "3"}} config]
(->
(replace-common-data "website/website-content-volume.yaml" config)
(cm/replace-all-matching-values-by-new-value "WEBSITESTORAGESIZE" (str volume-size "Gi")))))
(defn-spec generate-hashfile-volume pred/map-or-seq?
[config websiteconfig?]
(replace-common-data "website/hashfile-volume.yaml" config))
(defn-spec generate-website-ingress pred/map-or-seq?
[config websiteconfig?]
(let [{:keys [unique-name fqdns]} config]
(ing/generate-ingress {:fqdns fqdns
:app-name (generate-app-name unique-name)
:ingress-name (generate-ingress-name unique-name)
:service-name (generate-service-name unique-name)
:service-port 80})))
(defn-spec generate-website-certificate pred/map-or-seq?
[config websiteconfig?]
(let [{:keys [unique-name issuer fqdns]
:or {issuer "staging"}} config]
(ing/generate-certificate {:fqdns fqdns
:app-name (generate-app-name unique-name)
:cert-name (generate-cert-name unique-name)
:issuer issuer})))
(defn-spec generate-website-build-cron pred/map-or-seq?
[config websiteconfig?]
(replace-build-data "website/website-build-cron.yaml" config))
(defn-spec generate-website-build-secret pred/map-or-seq?
[config websiteconfig?
auth websiteauth?]
(let [{:keys [gitea-host
gitea-repo
branchname]} config
{:keys [authtoken
username]} auth]
(->
(replace-common-data "website/website-build-secret.yaml" config)
(cm/replace-all-matching-values-by-new-value "TOKEN" (b64/encode authtoken))
(cm/replace-all-matching-values-by-new-value "REPOURL" (b64/encode
(generate-gitrepourl
gitea-host
gitea-repo
username
branchname)))
(cm/replace-all-matching-values-by-new-value "COMMITURL" (b64/encode
(generate-gitcommiturl
gitea-host
gitea-repo
username))))))

15
src/main/resources/taiga/taiga-async-deployment.yaml → src/main/resources/taiga/async-deployment.yaml
View file

@ -4,16 +4,16 @@ metadata:
name: taiga-async-deployment name: taiga-async-deployment
labels: labels:
app.kubernetes.part-of: c4k-taiga app.kubernetes.part-of: c4k-taiga
app.kubernetes.io/component: taiga-async app.kubernetes.io/component: taiga-async
spec: spec:
replicas: 1 replicas: 1
selector: selector:
matchLabels: matchLabels:
app: taiga app.kubernetes.io/component: taiga-async
template: template:
metadata: metadata:
labels: labels:
app: taiga app.kubernetes.io/component: taiga-async
spec: spec:
containers: containers:
- name: taiga-async - name: taiga-async
@ -54,12 +54,11 @@ spec:
- name: POSTGRES_HOST - name: POSTGRES_HOST
value: "postgresql-service" value: "postgresql-service"
- name: POSTGRES_PORT - name: POSTGRES_PORT
value: 5432 value: "5432"
volumes: volumes:
- name: taiga-static - name: taiga-static
persistentVolumeClaim: persistentVolumeClaim:
claimName: taiga-static claimName: taiga-static-data
- name: taiga-media - name: taiga-media
persistentVolumeClaim: persistentVolumeClaim:
claimName: taiga-media claimName: taiga-media-data

22
src/main/resources/taiga/taiga-async-rabbitmq-deployment.yaml → src/main/resources/taiga/async-rabbitmq-deployment.yaml
View file

@ -9,11 +9,11 @@ spec:
replicas: 1 replicas: 1
selector: selector:
matchLabels: matchLabels:
app: taiga app.kubernetes.io/component: taiga-async-rabbitmq
template: template:
metadata: metadata:
labels: labels:
app: taiga app.kubernetes.io/component: taiga-async-rabbitmq
spec: spec:
containers: containers:
- name: taiga-async-rabbitmq - name: taiga-async-rabbitmq
@ -30,17 +30,23 @@ spec:
- name: RABBITMQ_DEFAULT_USER - name: RABBITMQ_DEFAULT_USER
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: taiga-rabbitmq-secret name: taiga-secret
key: RABBITMQ_DEFAULT_USER key: RABBITMQ_USER
- name: RABBITMQ_DEFAULT_PASS - name: RABBITMQ_DEFAULT_PASS
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: taiga-rabbitmq-secret name: taiga-secret
key: RABBITMQ_DEFAULT_PASS key: RABBITMQ_PASS
- name: RABBITMQ_ERLANG_COOKIE - name: RABBITMQ_ERLANG_COOKIE
value: ERLANG_COOKIE_VALUE valueFrom:
secretKeyRef:
name: taiga-secret
key: RABBITMQ_ERLANG_COOKIE
- name: RABBITMQ_DEFAULT_VHOST - name: RABBITMQ_DEFAULT_VHOST
value: RABBITMQ_VHOST valueFrom:
configMapKeyRef:
name: taiga-configmap
key: RABBITMQ_DEFAULT_VHOST
volumes: volumes:
- name: taiga-async-rabbitmq-data - name: taiga-async-rabbitmq-data

5
src/main/resources/taiga/taiga-async-rabbitmq-service.yaml → src/main/resources/taiga/async-rabbitmq-service.yaml
View file

@ -1,7 +1,7 @@
kind: Service kind: Service
apiVersion: v1 apiVersion: v1
metadata: metadata:
name: taiga-async-rabbitmq-service name: taiga-async-rabbitmq
labels: labels:
app.kubernetes.part-of: c4k-taiga app.kubernetes.part-of: c4k-taiga
app.kubernetes.io/component: taiga-async-rabbitmq app.kubernetes.io/component: taiga-async-rabbitmq
@ -14,5 +14,4 @@ spec:
- name: amqp - name: amqp
targetPort: amqp targetPort: amqp
port: 5672 port: 5672
protocol: TCP protocol: TCP

4
src/main/resources/taiga/taiga-async-service.yaml → src/main/resources/taiga/async-service.yaml
View file

@ -1,7 +1,7 @@
kind: Service kind: Service
apiVersion: v1 apiVersion: v1
metadata: metadata:
name: taiga-async-service name: taiga-async
labels: labels:
app.kubernetes.part-of: c4k-taiga app.kubernetes.part-of: c4k-taiga
app.kubernetes.io/component: taiga-async app.kubernetes.io/component: taiga-async
@ -14,5 +14,5 @@ spec:
- name: http - name: http
targetPort: http targetPort: http
port: 8000 port: 8000
protocol: TCP protocol: TCP

40
src/main/resources/taiga/taiga-back-deployment.yaml → src/main/resources/taiga/back-deployment.yaml
View file

@ -9,21 +9,21 @@ spec:
replicas: 1 replicas: 1
selector: selector:
matchLabels: matchLabels:
app: taiga app.kubernetes.io/component: taiga-back
template: template:
metadata: metadata:
labels: labels:
app: taiga app.kubernetes.io/component: taiga-back
spec: spec:
initContainers: # ToDo: this needs to run only once! initContainers:
- name: taiga-manage - name: taiga-manage
image: taigaio/taiga-back:latest image: taigaio/taiga-back:latest
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
ports: # ToDo: we may need to check for the DB pod to be live command: ["/bin/bash"]
args: ["-c", "source /opt/venv/bin/activate && CELERY_ENABLE=true python manage.py migrate && sleep 15 && python manage.py createsuperuser --noinput"]
ports:
- name: http - name: http
containerPort: 80 containerPort: 8000
command:
- python manage.py && python manage.py createsuperuser
volumeMounts: volumeMounts:
- name: taiga-static - name: taiga-static
mountPath: /taiga-back/static mountPath: /taiga-back/static
@ -33,13 +33,13 @@ spec:
readOnly: false readOnly: false
envFrom: envFrom:
- configMapRef: - configMapRef:
name: taiga-back-configmap name: taiga-configmap
- secretRef: - secretRef:
name: taiga-back-secret name: taiga-secret
- secretRef:
name: taiga-rabbitmq-secret
env: env:
- name: POSTGRES_USER # ToDo: Does taiga need a specific postgres version? Maybe test this - name: CELERY_ENABLED
value: "false"
- name: POSTGRES_USER
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: postgres-secret name: postgres-secret
@ -57,9 +57,7 @@ spec:
- name: POSTGRES_HOST - name: POSTGRES_HOST
value: "postgresql-service" value: "postgresql-service"
- name: POSTGRES_PORT - name: POSTGRES_PORT
value: 5432 value: "5432"
- name: CELERY_ENABLED
value: false
containers: containers:
- name: taiga-back - name: taiga-back
image: taigaio/taiga-back:latest image: taigaio/taiga-back:latest
@ -79,8 +77,6 @@ spec:
name: taiga-configmap name: taiga-configmap
- secretRef: - secretRef:
name: taiga-secret name: taiga-secret
- secretRef:
name: taiga-rabbitmq-secret
env: env:
- name: POSTGRES_USER - name: POSTGRES_USER
valueFrom: valueFrom:
@ -100,12 +96,12 @@ spec:
- name: POSTGRES_HOST - name: POSTGRES_HOST
value: "postgresql-service" value: "postgresql-service"
- name: POSTGRES_PORT - name: POSTGRES_PORT
value: 5432 value: "5432"
volumes: # ToDo: Remove Volumes where not necessary volumes:
- name: taiga-static - name: taiga-static
persistentVolumeClaim: persistentVolumeClaim:
claimName: taiga-static claimName: taiga-static-data
- name: taiga-media - name: taiga-media
persistentVolumeClaim: persistentVolumeClaim:
claimName: taiga-media claimName: taiga-media-data

6
src/main/resources/taiga/taiga-back-service.yaml → src/main/resources/taiga/back-service.yaml
View file

@ -1,7 +1,7 @@
kind: Service kind: Service
apiVersion: v1 apiVersion: v1
metadata: metadata:
name: taiga-back-service name: taiga-back
labels: labels:
app.kubernetes.part-of: c4k-taiga app.kubernetes.part-of: c4k-taiga
app.kubernetes.io/component: taiga-back app.kubernetes.io/component: taiga-back
@ -13,6 +13,6 @@ spec:
ports: ports:
- name: http - name: http
targetPort: http targetPort: http
port: 80 port: 8000
protocol: TCP protocol: TCP

30
src/main/resources/taiga/configmap.yaml Normal file
View file

@ -0,0 +1,30 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: taiga-configmap
namespace: default
data:
# These environment variables will be used by taiga-back and taiga-async.
# Database settings handled in deployment
# Telemetry settings
ENABLE_TELEMETRY: REPLACEME
# Taiga settings
TAIGA_SITES_SCHEME: https
TAIGA_SITES_DOMAIN: FQDN
TAIGA_SUBPATH: ""
# Taiga Front Settings
TAIGA_URL: https://FQDN
TAIGA_WEBSOCKETS_URL: ws://FQDN
PUBLIC_REGISTER_ENABLED: REPLACEME
ENABLE_GITHUB_IMPORTER: "false"
ENABLE_JIRA_IMPORTER: "false"
ENABLE_TRELLO_IMPORTER: "false"
# Rabbitmq settings
RABBITMQ_DEFAULT_VHOST: taiga
SESSION_COOKIE_SECURE: "False"
CSRF_COOKIE_SECURE: "False"

0
src/main/resources/taiga/.env → src/main/resources/taiga/donotapply/.env
View file

34
src/main/resources/taiga/donotapply/changes-made.md Normal file
View file

@ -0,0 +1,34 @@
Comment EVENTS_PUSH_BACKEND_URL in taiga-events-deployment
Indent name fields in envFrom field in taiga-back-deployment
Remove indentation from name field in taiga-gateway-deployment
Switch name and mountPath field positions in taiga-gateway-deployment
Change postres to 1Gi in pvc.yaml
b64 encoded values in *-secret.yaml
Change integers to strings in env vars in deployments and configmaps
Change bools to strings in env vars in deployments and configmaps
Increase storage to 8Gi in pvc.yaml
Change storageClassName to local-path in pvc.yaml
Correct volume names in async, back, gateway
Use service name as address in taiga-gateway-configmap.yaml
Correct reference to taiga-configmap and taiga-secret in taiga-back-deployment
Remove init-container in taiga-back-deployment
Update command in taiga-back-deployment to ["/taiga-back/docker/entrypoint.sh"]
Update command in taiga-back-deployment to command: ["/taiga-back/docker/entrypoint.sh && python manage.py createsupersuer"]
Extend configmap in taiga-config map by values for taiga-front # we may want to check CAPITALIZATION of KW before starting work in c4k code
Rename taiga-async-rabbitmq-service to taiga-async-rabbitmq
Move erlang cookie to taiga-rabbitmq-secret in taiga-async-rabbitmq-deployment
Change value of RABBITMQ_DEFAULT_VHOST to taiga in taiga-async-rabbitmq-deployment
Change value of RABBITMQ_USER in taiga-secret.yaml to b64/encode taiga
Change value of RABBITMQ_DEFAULT_USER in taiga-rabbitmq-secret.yaml to b64/encode taiga
Remove -service suffix from all taiga service names
Remove -service suffix from all urls in taiga-gateway configmap
Remove -service suffix from ingress
Add - name: RABBITMQ_LOGS value: /opt/rabbitmq/logs.log in taiga-async-rabbitmq-deployment
Get RABBITMQ_ERLANG_COOKIE from taiga-secret in taiga-events-rabbitmq-deployment
Put RABBITMQ_DEFAULT_VHOST KV pair in taiga-configmap
Get RABBITMQ_DEFAULT_VHOST from taiga-configmap in taiga-events-rabbitmq-deployment
Get RABBITMQ_DEFAULT_VHOST from taiga-configmap in taiga-async-rabbitmq-deployment
Move all values from taiga-rabbitmq-secret to taiga-secret
Remove taiga-rabbitmq-secret from config
Rename all occurrences of taiga-rabbitmq-secret to taiga-secret
Add SESSION_COOKIE_SECURE: "False" and CSRF_COOKIE_SECURE: "False" to taiga-configmap.yaml

0
src/main/resources/taiga/conf.json → src/main/resources/taiga/donotapply/conf.json
View file

0
src/main/resources/taiga/config.py → src/main/resources/taiga/donotapply/config.py
View file

0
src/main/resources/taiga/old-docker-compose-inits.yml → src/main/resources/taiga/donotapply/old-docker-compose-inits.yml
View file

0
src/main/resources/taiga/old-docker-compose.yml → src/main/resources/taiga/donotapply/old-docker-compose.yml
View file

9
src/main/resources/taiga/taiga-events-deployment.yaml → src/main/resources/taiga/events-deployment.yaml
View file

@ -9,11 +9,11 @@ spec:
replicas: 1 replicas: 1
selector: selector:
matchLabels: matchLabels:
app: taiga # ToDo: Check for consistent labels (maybe use app.kubernetes.io) app.kubernetes.io/component: taiga-events
template: template:
metadata: metadata:
labels: labels:
app: taiga app.kubernetes.io/component: taiga-events
spec: spec:
containers: containers:
- name: taiga-events - name: taiga-events
@ -23,11 +23,6 @@ spec:
- name: http - name: http
containerPort: 8888 containerPort: 8888
env: env:
- name: EVENTS_PUSH_BACKEND_URL # ToDo: check if we really need to set these URLs
valueFrom:
configMapKeyRef:
name: taiga-configmap
key: EVENTS_PUSH_BACKEND_URL
- name: RABBITMQ_USER - name: RABBITMQ_USER
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:

18
src/main/resources/taiga/taiga-events-rabbitmq-deployment.yaml → src/main/resources/taiga/events-rabbitmq-deployment.yaml
View file

@ -9,11 +9,11 @@ spec:
replicas: 1 replicas: 1
selector: selector:
matchLabels: matchLabels:
app: taiga app.kubernetes.io/component: taiga-events-rabbitmq
template: template:
metadata: metadata:
labels: labels:
app: taiga app.kubernetes.io/component: taiga-events-rabbitmq
spec: spec:
containers: containers:
- name: taiga-events-rabbitmq - name: taiga-events-rabbitmq
@ -28,15 +28,21 @@ spec:
readOnly: false readOnly: false
env: env:
- name: RABBITMQ_ERLANG_COOKIE - name: RABBITMQ_ERLANG_COOKIE
value: ERLANG_COOKIE_VALUE valueFrom:
secretKeyRef:
name: taiga-secret
key: RABBITMQ_ERLANG_COOKIE
- name: RABBITMQ_DEFAULT_VHOST - name: RABBITMQ_DEFAULT_VHOST
value: RABBITMQ_VHOST valueFrom:
- name: RABBITMQ_USER configMapKeyRef:
name: taiga-configmap
key: RABBITMQ_DEFAULT_VHOST
- name: RABBITMQ_DEFAULT_USER
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: taiga-secret name: taiga-secret
key: RABBITMQ_USER key: RABBITMQ_USER
- name: RABBITMQ_PASS - name: RABBITMQ_DEFAULT_PASS
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: taiga-secret name: taiga-secret

2
src/main/resources/taiga/taiga-events-rabbitmq-service.yaml → src/main/resources/taiga/events-rabbitmq-service.yaml
View file

@ -1,7 +1,7 @@
kind: Service kind: Service
apiVersion: v1 apiVersion: v1
metadata: metadata:
name: taiga-events-rabbitmq-service name: taiga-events-rabbitmq
labels: labels:
app.kubernetes.part-of: c4k-taiga app.kubernetes.part-of: c4k-taiga
app.kubernetes.io/component: taiga-events-rabbitmq app.kubernetes.io/component: taiga-events-rabbitmq

2
src/main/resources/taiga/taiga-events-service.yaml → src/main/resources/taiga/events-service.yaml
View file

@ -1,7 +1,7 @@
kind: Service kind: Service
apiVersion: v1 apiVersion: v1
metadata: metadata:
name: taiga-events-service name: taiga-events
labels: labels:
app.kubernetes.part-of: c4k-taiga app.kubernetes.part-of: c4k-taiga
app.kubernetes.io/component: taiga-events app.kubernetes.io/component: taiga-events

21
src/main/resources/taiga/taiga-front-deployment.yaml → src/main/resources/taiga/front-deployment.yaml
View file

@ -9,11 +9,11 @@ spec:
replicas: 1 replicas: 1
selector: selector:
matchLabels: matchLabels:
app: taiga app.kubernetes.io/component: taiga-front
template: template:
metadata: metadata:
labels: labels:
app: taiga app.kubernetes.io/component: taiga-front
spec: spec:
containers: containers:
- name: taiga-front - name: taiga-front
@ -24,8 +24,17 @@ spec:
containerPort: 80 containerPort: 80
env: env:
- name: TAIGA_URL - name: TAIGA_URL
value: TAGA_SCHEME://TAIGA_DOMAIN valueFrom:
- name: TAIGA_WEBSOCKETS_URL configMapKeyRef:
value: WEBSOCKETS_SCHEME://TAIGA_DOMAIN name: taiga-configmap
key: TAIGA_URL
- name: TAIGA_SUBPATH - name: TAIGA_SUBPATH
value: SUBPATH valueFrom:
configMapKeyRef:
name: taiga-configmap
key: TAIGA_SUBPATH
- name: TAIGA_WEBSOCKETS_URL
valueFrom:
configMapKeyRef:
name: taiga-configmap
key: TAIGA_WEBSOCKETS_URL

2
src/main/resources/taiga/taiga-front-service.yaml → src/main/resources/taiga/front-service.yaml
View file

@ -1,7 +1,7 @@
kind: Service kind: Service
apiVersion: v1 apiVersion: v1
metadata: metadata:
name: taiga-front-service name: taiga-front
labels: labels:
app.kubernetes.part-of: c4k-taiga app.kubernetes.part-of: c4k-taiga
app.kubernetes.io/component: taiga-front app.kubernetes.io/component: taiga-front

0
src/main/resources/taiga/taiga-gateway-configmap.yaml → src/main/resources/taiga/gateway-configmap.yaml
View file

13
src/main/resources/taiga/taiga-gateway-deployment.yaml → src/main/resources/taiga/gateway-deployment.yaml
View file

@ -9,11 +9,11 @@ spec:
replicas: 1 replicas: 1
selector: selector:
matchLabels: matchLabels:
app: taiga app.kubernetes.io/component: taiga-gateway
template: template:
metadata: metadata:
labels: labels:
app: taiga app.kubernetes.io/component: taiga-gateway
spec: spec:
restartPolicy: Always restartPolicy: Always
containers: containers:
@ -24,8 +24,9 @@ spec:
- name: http - name: http
containerPort: 80 containerPort: 80
volumeMounts: volumeMounts:
- mountPath: /etc/nginx/conf.d - name: taiga-gateway-configmap
name: taiga-gateway-configmap mountPath: /etc/nginx/conf.d
readOnly: false
- name: taiga-static - name: taiga-static
mountPath: /taiga/static mountPath: /taiga/static
readOnly: false readOnly: false
@ -39,7 +40,7 @@ spec:
name: taiga-gateway-configmap name: taiga-gateway-configmap
- name: taiga-static - name: taiga-static
persistentVolumeClaim: persistentVolumeClaim:
claimName: taiga-static claimName: taiga-static-data
- name: taiga-media - name: taiga-media
persistentVolumeClaim: persistentVolumeClaim:
claimName: taiga-media claimName: taiga-media-data

2
src/main/resources/taiga/taiga-gateway-service.yaml → src/main/resources/taiga/gateway-service.yaml
View file

@ -1,7 +1,7 @@
kind: Service kind: Service
apiVersion: v1 apiVersion: v1
metadata: metadata:
name: taiga-gateway-service name: taiga-gateway
labels: labels:
app.kubernetes.part-of: c4k-taiga app.kubernetes.part-of: c4k-taiga
app.kubernetes.io/component: taiga-gateway app.kubernetes.io/component: taiga-gateway

6
src/main/resources/taiga/taiga-protected-deployment.yaml → src/main/resources/taiga/protected-deployment.yaml
View file

@ -9,11 +9,11 @@ spec:
replicas: 1 replicas: 1
selector: selector:
matchLabels: matchLabels:
app: taiga app.kubernetes.io/component: taiga-protected
template: template:
metadata: metadata:
labels: labels:
app: taiga app.kubernetes.io/component: taiga-protected
spec: spec:
containers: containers:
- name: taiga-protected - name: taiga-protected
@ -24,7 +24,7 @@ spec:
containerPort: 8003 containerPort: 8003
env: env:
- name: MAX_AGE - name: MAX_AGE
value: ATTACHMENTS_MAX_AGE value: "5"
- name: SECRET_KEY - name: SECRET_KEY
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:

3
src/main/resources/taiga/taiga-protected-service.yaml → src/main/resources/taiga/protected-service.yaml
View file

@ -1,7 +1,7 @@
kind: Service kind: Service
apiVersion: v1 apiVersion: v1
metadata: metadata:
name: taiga-protected-service name: taiga-protected
labels: labels:
app.kubernetes.part-of: c4k-taiga app.kubernetes.part-of: c4k-taiga
app.kubernetes.io/component: taiga-protected app.kubernetes.io/component: taiga-protected
@ -15,4 +15,3 @@ spec:
targetPort: http targetPort: http
port: 8003 port: 8003
protocol: TCP protocol: TCP

11
src/main/resources/website/hashfile-volume.yaml → src/main/resources/taiga/pvc-taiga-media-data.yaml
View file

@ -1,16 +1,15 @@
apiVersion: v1 apiVersion: v1
kind: PersistentVolumeClaim kind: PersistentVolumeClaim
metadata: metadata:
name: NAME-hashfile-volume name: taiga-media-data
namespace: default namespace: default
labels: labels:
app: NAME-nginx app: taiga
app.kubernetes.part-of: NAME-website app.kubernetes.part-of: taiga
spec: spec:
storageClassName: local-path storageClassName: REPLACEME
accessModes: accessModes:
- ReadWriteOnce - ReadWriteOnce
resources: resources:
requests: requests:
storage: 16Mi storage: REPLACEME

15
src/main/resources/taiga/pvc-taiga-static-data.yaml Normal file
View file

@ -0,0 +1,15 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: taiga-static-data
namespace: default
labels:
app: taiga
app.kubernetes.part-of: taiga
spec:
storageClassName: REPLACEME
accessModes:
- ReadWriteOnce
resources:
requests:
storage: REPLACEME

15
src/main/resources/taiga/rabbitmq-pvc-async.yaml Normal file
View file

@ -0,0 +1,15 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: taiga-async-rabbitmq-data
namespace: default
labels:
app: taiga
app.kubernetes.part-of: taiga
spec:
storageClassName: REPLACEME
accessModes:
- ReadWriteOnce
resources:
requests:
storage: REPLACEME

15
src/main/resources/taiga/rabbitmq-pvc-events.yaml Normal file
View file

@ -0,0 +1,15 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: taiga-events-rabbitmq-data
namespace: default
labels:
app: taiga
app.kubernetes.part-of: taiga
spec:
storageClassName: REPLACEME
accessModes:
- ReadWriteOnce
resources:
requests:
storage: REPLACEME

23
src/main/resources/taiga/secret.yaml Normal file
View file

@ -0,0 +1,23 @@
apiVersion: v1
kind: Secret
metadata:
name: taiga-secret
labels:
app.kubernetes.part-of: taiga
data:
# Taiga settings
TAIGA_SECRET_KEY: TAIGA_SECRET_KEY
# Email settings
EMAIL_HOST_USER: EMAIL_HOST_USER
EMAIL_HOST_PASSWORD: EMAIL_HOST_PASSWORD
# Rabbitmq settings
RABBITMQ_USER: RABBITMQ_USER
RABBITMQ_PASS: RABBITMQ_PASS
RABBITMQ_ERLANG_COOKIE: RABBITMQ_ERLANG_COOKIE
# Django settings
DJANGO_SUPERUSER_USERNAME: SUPERUSER_USERNAME
DJANGO_SUPERUSER_PASSWORD: SUPERUSER_PASSWORD
DJANGO_SUPERUSER_EMAIL: SUPERUSER_EMAIL

33
src/main/resources/taiga/taiga-configmap.yaml
View file

@ -1,33 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: taiga-configmap
namespace: default
data:
# These environment variables will be used by taiga-back and taiga-async.
# Database settings handled in deployment
# Taiga settings
TAIGA_SITES_SCHEME: TAIGA_SCHEME
TAIGA_SITES_DOMAIN: TAIGA_DOMAIN
TAIGA_SUBPATH: SUBPATH
# Email settings.
EMAIL_BACKEND: EMAIL_BACKEND # django.core.mail.backends.${EMAIL_BACKEND}.EmailBackend # ToDo move to code base
DEFAULT_FROM_EMAIL: DEFAULT_FROM_EMAIL_VALUE
EMAIL_USE_TLS: EMAIL_USE_TLS_VALUE
EMAIL_USE_SSL: EMAIL_USE_SSL_VALUE
EMAIL_HOST: EMAIL_HOST_VALUE
EMAIL_PORT: EMAIL_PORT_VALUE
# Telemetry settings
ENABLE_TELEMETRY: ENABLE_TELEMETRY_VALUE
# ...your customizations go here
# Taiga Events Settings
# EVENTS_PUSH_BACKEND_URL: RABBITMQ_URL_VALUE
## Format RABBITMQ_URL="amqp://${RABBITMQ_USER}:${RABBITMQ_PASS}@taiga-events-rabbitmq:5672/taiga"
# RABBITMQ_URL: RABBITMQ_URL_VALUE # found in https://github.com/kaleidos-ventures/taiga-events/blob/main/docker/env.template
# Taiga Async Settings
# CELERY_BROKER_URL: CELERY_URL_VALUE

31
src/main/resources/taiga/taiga-data-pvcs.yaml
View file

@ -1,31 +0,0 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: taiga-media-data
namespace: default
labels:
app: taiga
app.kubernetes.part-of: taiga
spec:
storageClassName: local-path
accessModes:
- ReadWriteOnce
resources:
requests:
storage: TAIGA_MEDIA_DATA_STORAGE_SIZE
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: taiga-static-data
namespace: default
labels:
app: taiga
app.kubernetes.part-of: taiga
spec:
storageClassName: local-path
accessModes:
- ReadWriteOnce
resources:
requests:
storage: TAIGA_STATIC_DATA_STORAGE_SIZE

31
src/main/resources/taiga/taiga-rabbitmq-pvc.yaml
View file

@ -1,31 +0,0 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: taiga-async-rabbitmq-data
namespace: default
labels:
app: taiga
app.kubernetes.part-of: taiga
spec:
storageClassName: local-path
accessModes:
- ReadWriteOnce
resources:
requests:
storage: TAIGA_RABBITMQ_DATA_STORAGE_SIZE
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: taiga-events-rabbitmq-data
namespace: default
labels:
app: taiga
app.kubernetes.part-of: taiga
spec:
storageClassName: local-path
accessModes:
- ReadWriteOnce
resources:
requests:
storage: TAIGA_RABBITMQ_DATA_STORAGE_SIZE

10
src/main/resources/taiga/taiga-rabbitmq-secret.yaml
View file

@ -1,10 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
name: taiga-rabbitmq-secret
labels:
app.kubernetes.part-of: taiga
data:
# Rabbitmq settings
RABBITMQ_DEFAULT_USER: RABBITMQ_USER_VALUE # ToDo: Evaluate if we need two different users and passes for rabbitmq
RABBITMQ_DEFAULT_PASS: RABBITMQ_PASS_VALUE

22
src/main/resources/taiga/taiga-secret.yaml
View file

@ -1,22 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
name: taiga-secret
labels:
app.kubernetes.part-of: taiga
data:
# Taiga settings
TAIGA_SECRET_KEY: SECRET_KEY_VALUE
# Email settings
EMAIL_HOST_USER: EMAIL_HOST_USER_VALUE
EMAIL_HOST_PASSWORD: EMAIL_HOST_USER_PASS
# Rabbitmq settings
RABBITMQ_USER: RABBITMQ_USER_VALUE
RABBITMQ_PASS: RABBITMQ_PASS_VALUE
# Django settings
DJANGO_SUPERUSER_TAIGAADMIN: TAIGA_ADMIN
DJANGO_SUPERUSER_PASSWORD: TAIGA_ADMIN_PASS

97
src/main/resources/website/nginx-configmap.yaml
View file

@ -1,97 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: NAME-configmap
namespace: default
labels:
app.kubernetes.part-of: NAME-website
data:
nginx.conf: |
user nginx;
worker_processes 3;
error_log /var/log/nginx/error.log;
pid /var/log/nginx/nginx.pid;
worker_rlimit_nofile 8192;
events {
worker_connections 4096;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] $status'
'"$request" $body_bytes_sent "$http_referer"'
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
keepalive_timeout 65;
server_names_hash_bucket_size 128;
include /etc/nginx/conf.d/website.conf;
}
mime.types: |
types {
text/html html htm shtml;
text/css css;
text/xml xml rss;
image/gif gif;
image/jpeg jpeg jpg;
application/x-javascript js;
text/plain txt;
text/x-component htc;
text/mathml mml;
image/svg+xml svg svgz;
image/png png;
image/x-icon ico;
image/x-jng jng;
image/vnd.wap.wbmp wbmp;
application/java-archive jar war ear;
application/mac-binhex40 hqx;
application/pdf pdf;
application/x-cocoa cco;
application/x-java-archive-diff jardiff;
application/x-java-jnlp-file jnlp;
application/x-makeself run;
application/x-perl pl pm;
application/x-pilot prc pdb;
application/x-rar-compressed rar;
application/x-redhat-package-manager rpm;
application/x-sea sea;
application/x-shockwave-flash swf;
application/x-stuffit sit;
application/x-tcl tcl tk;
application/x-x509-ca-cert der pem crt;
application/x-xpinstall xpi;
application/zip zip;
application/octet-stream deb;
application/octet-stream bin exe dll;
application/octet-stream dmg;
application/octet-stream eot;
application/octet-stream iso img;
application/octet-stream msi msp msm;
audio/mpeg mp3;
audio/x-realaudio ra;
video/mpeg mpeg mpg;
video/quicktime mov;
video/x-flv flv;
video/x-msvideo avi;
video/x-ms-wmv wmv;
video/x-ms-asf asx asf;
video/x-mng mng;
}
website.conf: |
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name FQDN
add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload';
add_header X-Frame-Options "SAMEORIGIN";
add_header X-Content-Type-Options nosniff;
add_header Referrer-Policy "strict-origin";
# add_header Permissions-Policy "permissions here";
root /var/www/html/website/;
index index.html;
location / {
try_files $uri $uri/ /index.html =404;
}
}

76
src/main/resources/website/nginx-deployment.yaml
View file

@ -1,76 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: NAME-deployment
labels:
app.kubernetes.part-of: NAME-website
spec:
replicas: 1
selector:
matchLabels:
app: NAME-nginx
template:
metadata:
labels:
app: NAME-nginx
spec:
containers:
- name: NAME-nginx
image: nginx:latest
imagePullPolicy: IfNotPresent
ports:
- containerPort: 80
volumeMounts:
- mountPath: /etc/nginx
readOnly: true
name: nginx-config-volume
- mountPath: /var/log/nginx
name: log
- mountPath: /var/www/html/website
name: content-volume
readOnly: true
initContainers:
- image: domaindrivenarchitecture/c4k-website-build
name: NAME-init-build-container
imagePullPolicy: IfNotPresent
resources:
requests:
cpu: BUILD_CPU_REQUEST
memory: BUILD_MEMORY_REQUEST
limits:
cpu: BUILD_CPU_LIMIT
memory: BUILD_MEMORY_LIMIT
command: ["/entrypoint.sh"]
envFrom:
- secretRef:
name: NAME-secret
env:
- name: SHA256SUM
value: CHECK_SUM
- name: SCRIPTFILE
value: SCRIPT_FILE
volumeMounts:
- name: content-volume
mountPath: /var/www/html/website
- name: hashfile-volume
mountPath: /var/hashfile.d
volumes:
- name: nginx-config-volume
configMap:
name: NAME-configmap
items:
- key: nginx.conf
path: nginx.conf
- key: website.conf
path: conf.d/website.conf
- key: mime.types
path: mime.types
- name: log
emptyDir: {}
- name: content-volume
persistentVolumeClaim:
claimName: NAME-content-volume
- name: hashfile-volume
persistentVolumeClaim:
claimName: NAME-hashfile-volume

15
src/main/resources/website/nginx-service.yaml
View file

@ -1,15 +0,0 @@
kind: Service
apiVersion: v1
metadata:
name: NAME-service
labels:
app: NAME-nginx
app.kubernetes.part-of: NAME-website
namespace: default
spec:
selector:
app: NAME-nginx
ports:
- name: nginx-http
port: 80

48
src/main/resources/website/website-build-cron.yaml
View file

@ -1,48 +0,0 @@
apiVersion: batch/v1
kind: CronJob
metadata:
name: NAME-build-cron
labels:
app.kubernetes.part-of: NAME-website
spec:
schedule: "0/7 * * * *"
successfulJobsHistoryLimit: 1
failedJobsHistoryLimit: 1
jobTemplate:
spec:
template:
spec:
containers:
- image: domaindrivenarchitecture/c4k-website-build
name: NAME-build-app
imagePullPolicy: IfNotPresent
resources:
requests:
cpu: BUILD_CPU_REQUEST
memory: BUILD_MEMORY_REQUEST
limits:
cpu: BUILD_CPU_LIMIT
memory: BUILD_MEMORY_LIMIT
command: ["/entrypoint.sh"]
envFrom:
- secretRef:
name: NAME-secret
env:
- name: SHA256SUM
value: CHECK_SUM
- name: SCRIPTFILE
value: SCRIPT_FILE
volumeMounts:
- name: content-volume
mountPath: /var/www/html/website
- name: hashfile-volume
mountPath: /var/hashfile.d
volumes:
- name: content-volume
persistentVolumeClaim:
claimName: NAME-content-volume
- name: hashfile-volume
persistentVolumeClaim:
claimName: NAME-hashfile-volume
restartPolicy: OnFailure

10
src/main/resources/website/website-build-secret.yaml
View file

@ -1,10 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
name: NAME-secret
labels:
app.kubernetes.part-of: NAME-website
data:
AUTHTOKEN: TOKEN
GITREPOURL: REPOURL
GITCOMMITURL: COMMITURL

16
src/main/resources/website/website-content-volume.yaml
View file

@ -1,16 +0,0 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: NAME-content-volume
namespace: default
labels:
app: NAME-nginx
app.kubernetes.part-of: NAME-website
spec:
storageClassName: local-path
accessModes:
- ReadWriteOnce
resources:
requests:
storage: WEBSITESTORAGESIZE

19
src/test/cljc/dda/c4k_taiga/core_test.cljc Normal file
View file

@ -0,0 +1,19 @@
(ns dda.c4k-taiga.core-test
(:require
#?(:cljs [shadow.resource :as rc])
#?(:clj [clojure.test :refer [deftest is are testing run-tests]]
:cljs [cljs.test :refer-macros [deftest is are testing run-tests]])
[clojure.spec.alpha :as s]
[dda.c4k-common.yaml :as yaml]
[dda.c4k-taiga.core :as cut]))
#?(:cljs
(defmethod yaml/load-resource :website-test [resource-name]
(case resource-name
"taiga-test/valid-config.yaml" (rc/inline "taiga-test/valid-config.yaml")
"taiga-test/valid-auth.yaml" (rc/inline "taiga-test/valid-auth.yaml")
(throw (js/Error. "Undefined Resource!")))))
(deftest validate-valid-resources
(is (s/valid? cut/config? (yaml/load-as-edn "taiga-test/valid-config.yaml")))
(is (s/valid? cut/auth? (yaml/load-as-edn "taiga-test/valid-auth.yaml"))))

105
src/test/cljc/dda/c4k_taiga/taiga_test.cljc Normal file
View file

@ -0,0 +1,105 @@
(ns dda.c4k-taiga.taiga-test
(:require
#?(:cljs [shadow.resource :as rc])
#?(:clj [clojure.test :refer [deftest is are testing run-tests]]
:cljs [cljs.test :refer-macros [deftest is are testing run-tests]])
[clojure.spec.alpha :as s]
[dda.c4k-common.yaml :as yaml]
[dda.c4k-taiga.taiga :as cut]))
#?(:cljs
(defmethod yaml/load-resource :taiga-test [resource-name]
(case resource-name
"taiga-test/valid-config.yaml" (rc/inline "taiga-test/valid-config.yaml")
"taiga-test/valid-auth.yaml" (rc/inline "taiga-test/valid-auth.yaml")
(throw (js/Error. "Undefined Resource!")))))
(deftest should-generate-configmap
(is (= {:apiVersion "v1",
:kind "ConfigMap",
:metadata {:name "taiga-configmap", :namespace "default"},
:data
{:CELERY_ENABLED "false",
:ENABLE_TELEMETRY "false",
:TAIGA_SITES_SCHEME "https",
:TAIGA_SITES_DOMAIN "taiga.test.meissa.de",
:TAIGA_SUBPATH "",
:TAIGA_URL "https://taiga.test.meissa.de",
:TAIGA_WEBSOCKETS_URL "wss://taiga.test.meissa.de",
:PUBLIC_REGISTER_ENABLED "false",
:ENABLE_GITHUB_IMPORTER "false",
:ENABLE_JIRA_IMPORTER "false",
:ENABLE_TRELLO_IMPORTER "false",
:RABBITMQ_DEFAULT_VHOST "taiga",
:SESSION_COOKIE_SECURE "false",
:CSRF_COOKIE_SECURE "false"}}
(cut/generate-configmap (yaml/load-as-edn "taiga-test/valid-config.yaml")))))
(deftest should-generate-pvc-taiga-media-data
(is (= {:apiVersion "v1",
:kind "PersistentVolumeClaim",
:metadata
{:name "taiga-media-data",
:namespace "default",
:labels {:app "taiga", :app.kubernetes.part-of "taiga"}},
:spec
{:storageClassName "local-path",
:accessModes ["ReadWriteOnce"],
:resources {:requests {:storage "2Gi"}}}}
(cut/generate-pvc-taiga-media-data (yaml/load-as-edn "taiga-test/valid-config.yaml")))))
(deftest should-generate-pvc-taiga-static-data
(is (= {:apiVersion "v1",
:kind "PersistentVolumeClaim",
:metadata
{:name "taiga-static-data",
:namespace "default",
:labels {:app "taiga", :app.kubernetes.part-of "taiga"}},
:spec
{:storageClassName "local-path",
:accessModes ["ReadWriteOnce"],
:resources {:requests {:storage "3Gi"}}}}
(cut/generate-pvc-taiga-static-data (yaml/load-as-edn "taiga-test/valid-config.yaml")))))
(deftest should-generate-rabbitmq-pvc-async
(is (= {:apiVersion "v1",
:kind "PersistentVolumeClaim",
:metadata
{:name "taiga-async-rabbitmq-data",
:namespace "default",
:labels {:app "taiga", :app.kubernetes.part-of "taiga"}},
:spec
{:storageClassName "local-path",
:accessModes ["ReadWriteOnce"],
:resources {:requests {:storage "4Gi"}}}}
(cut/generate-rabbitmq-pvc-async(yaml/load-as-edn "taiga-test/valid-config.yaml")))))
(deftest should-generate-rabbitmq-pvc-events
(is (= {:apiVersion "v1",
:kind "PersistentVolumeClaim",
:metadata
{:name "taiga-events-rabbitmq-data",
:namespace "default",
:labels {:app "taiga", :app.kubernetes.part-of "taiga"}},
:spec
{:storageClassName "local-path",
:accessModes ["ReadWriteOnce"],
:resources {:requests {:storage "5Gi"}}}}
(cut/generate-rabbitmq-pvc-events (yaml/load-as-edn "taiga-test/valid-config.yaml")))))
(deftest should-generate-secret
(is (= {:apiVersion "v1",
:kind "Secret",
:metadata
{:name "taiga-secret", :labels {:app.kubernetes.part-of "taiga"}},
:data
{:TAIGA_SECRET_KEY "c29tZS1rZXk=",
:EMAIL_HOST_USER "bWFpbGVyLXVzZXI=",
:EMAIL_HOST_PASSWORD "bWFpbGVyLXB3",
:RABBITMQ_USER "cmFiYml0LXVzZXI=",
:RABBITMQ_PASS "cmFiYml0LXB3",
:RABBITMQ_ERLANG_COOKIE "cmFiYml0LWVybGFuZw==",
:DJANGO_SUPERUSER_USERNAME "dGFpZ2EtYWRtaW4=",
:DJANGO_SUPERUSER_PASSWORD "c3VwZXItcGFzc3dvcmQ=",
:DJANGO_SUPERUSER_EMAIL "c29tZUBleGFtcGxlLmNvbQ=="}}
(cut/generate-secret (yaml/load-as-edn "taiga-test/valid-auth.yaml")))))

121
src/test/cljc/dda/c4k_website/core_test.cljc
View file

@ -1,121 +0,0 @@
(ns dda.c4k-website.core-test
(:require
#?(:cljs [shadow.resource :as rc])
#?(:clj [clojure.test :refer [deftest is are testing run-tests]]
:cljs [cljs.test :refer-macros [deftest is are testing run-tests]])
[clojure.spec.alpha :as s]
[dda.c4k-common.yaml :as yaml]
[dda.c4k-website.core :as cut]
[clojure.spec.alpha :as s]))
#?(:cljs
(defmethod yaml/load-resource :website-test [resource-name]
(case resource-name
"website-test/valid-auth.yaml" (rc/inline "website-test/valid-auth.yaml")
"website-test/valid-config.yaml" (rc/inline "website-test/valid-config.yaml")
(throw (js/Error. "Undefined Resource!")))))
(deftest validate-valid-resources
(is (s/valid? cut/config? (yaml/load-as-edn "website-test/valid-config.yaml")))
(is (s/valid? cut/auth? (yaml/load-as-edn "website-test/valid-auth.yaml"))))
(def websites1
{:websites
[{:unique-name "example.io"
:fqdns ["example.org", "www.example.com"]
:gitea-host "finegitehost.net"
:gitea-repo "repo"
:branchname "main"}
{:unique-name "test.io"
:fqdns ["test.de" "test.org" "www.test.de" "www.test.org"]
:gitea-host "gitlab.de"
:gitea-repo "repo"
:branchname "main"}]})
(def websites2
{:websites
[{:unique-name "test.io"
:fqdns ["test.de" "test.org" "www.test.de" "www.test.org"]
:gitea-host "gitlab.de"
:gitea-repo "repo"
:branchname "main"}
{:unique-name "example.io"
:fqdns ["example.org", "www.example.com"]
:gitea-host "finegitehost.net"
:gitea-repo "repo"
:branchname "main"}]})
(def auth1
{:auth
[{:unique-name "example.io"
:username "someuser"
:authtoken "abedjgbasdodj"}
{:unique-name "test.io"
:username "someuser"
:authtoken "abedjgbasdodj"}]})
(def auth2
{:auth
[{:unique-name "test.io"
:username "someuser"
:authtoken "abedjgbasdodj"}
{:unique-name "example.io"
:username "someuser"
:authtoken "abedjgbasdodj"}]})
(def flattened-and-reduced-config
{:unique-name "example.io",
:fqdns ["example.org" "www.example.com"],
:gitea-host "finegitehost.net",
:gitea-repo "repo",
:branchname "main"})
(def flattened-and-reduced-auth
{:unique-name "example.io",
:username "someuser",
:authtoken "abedjgbasdodj"})
(deftest sorts-config
(is (= {:issuer "staging",
:websites
[{:unique-name "example.io",
:fqdns ["example.org" "www.example.com"],
:gitea-host "finegitehost.net",
:gitea-repo "repo",
:branchname "main"},
{:unique-name "test.io",
:fqdns ["test.de" "test.org" "www.test.de" "www.test.org"],
:gitea-host "gitlab.de",
:gitea-repo "repo",
:branchname "main",
:sha256sum-output "123456789ab123cd345de script-file-name.sh"}],
:mon-cfg {:grafana-cloud-url "url-for-your-prom-remote-write-endpoint", :cluster-name "jitsi", :cluster-stage "test"}}
(cut/sort-config
{:issuer "staging",
:websites
[{:unique-name "test.io",
:fqdns ["test.de" "test.org" "www.test.de" "www.test.org"],
:gitea-host "gitlab.de",
:gitea-repo "repo",
:branchname "main",
:sha256sum-output "123456789ab123cd345de script-file-name.sh"}
{:unique-name "example.io",
:fqdns ["example.org" "www.example.com"],
:gitea-host "finegitehost.net",
:gitea-repo "repo",
:branchname "main"}],
:mon-cfg {:grafana-cloud-url "url-for-your-prom-remote-write-endpoint", :cluster-name "jitsi", :cluster-stage "test"}}))))
(deftest test-flatten-and-reduce-config
(is (=
flattened-and-reduced-config
(cut/flatten-and-reduce-config (cut/sort-config websites1))))
(is (=
flattened-and-reduced-config
(cut/flatten-and-reduce-config (cut/sort-config websites2)))))
(deftest test-flatten-and-reduce-auth
(is (= flattened-and-reduced-auth
(cut/flatten-and-reduce-auth (cut/sort-auth auth1))))
(is (= flattened-and-reduced-auth
(cut/flatten-and-reduce-auth (cut/sort-auth auth2)))))

223
src/test/cljc/dda/c4k_website/website_test.cljc
View file

@ -1,223 +0,0 @@
(ns dda.c4k-website.website-test
(:require
#?(:clj [clojure.test :refer [deftest is are testing run-tests]]
:cljs [cljs.test :refer-macros [deftest is are testing run-tests]])
[clojure.spec.test.alpha :as st]
[dda.c4k-common.test-helper :as th]
[dda.c4k-common.base64 :as b64]
[dda.c4k-website.website :as cut]
[clojure.spec.alpha :as s]))
(st/instrument `cut/generate-nginx-configmap)
(st/instrument `cut/generate-nginx-deployment)
(st/instrument `cut/generate-nginx-service)
(st/instrument `cut/generate-website-content-volume)
(st/instrument `cut/generate-hashfile-volume)
(st/instrument `cut/generate-website-ingress)
(st/instrument `cut/generate-website-certificate)
(st/instrument `cut/generate-website-build-cron)
(st/instrument `cut/generate-website-build-secret)
(deftest should-generate-nginx-configmap-website
(is (= "server {\n listen 80 default_server;\n listen [::]:80 default_server;\n server_name test.de www.test.de test-it.de www.test-it.de;\n add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload'; \n add_header X-Frame-Options \"SAMEORIGIN\";\n add_header X-Content-Type-Options nosniff;\n add_header Referrer-Policy \"strict-origin\";\n # add_header Permissions-Policy \"permissions here\";\n root /var/www/html/website/;\n index index.html;\n location / {\n try_files $uri $uri/ /index.html =404;\n }\n}\n"
(:website.conf (:data (cut/generate-nginx-configmap {:unique-name "test.io",
:gitea-host "gitea.evilorg",
:gitea-repo "none",
:branchname "mablain",
:fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]})))))
(is (= "types {\n text/html html htm shtml;\n text/css css;\n text/xml xml rss;\n image/gif gif;\n image/jpeg jpeg jpg;\n application/x-javascript js;\n text/plain txt;\n text/x-component htc;\n text/mathml mml;\n image/svg+xml svg svgz;\n image/png png;\n image/x-icon ico;\n image/x-jng jng;\n image/vnd.wap.wbmp wbmp;\n application/java-archive jar war ear;\n application/mac-binhex40 hqx;\n application/pdf pdf;\n application/x-cocoa cco;\n application/x-java-archive-diff jardiff;\n application/x-java-jnlp-file jnlp;\n application/x-makeself run;\n application/x-perl pl pm;\n application/x-pilot prc pdb;\n application/x-rar-compressed rar;\n application/x-redhat-package-manager rpm;\n application/x-sea sea;\n application/x-shockwave-flash swf;\n application/x-stuffit sit;\n application/x-tcl tcl tk;\n application/x-x509-ca-cert der pem crt;\n application/x-xpinstall xpi;\n application/zip zip;\n application/octet-stream deb;\n application/octet-stream bin exe dll;\n application/octet-stream dmg;\n application/octet-stream eot;\n application/octet-stream iso img;\n application/octet-stream msi msp msm;\n audio/mpeg mp3;\n audio/x-realaudio ra;\n video/mpeg mpeg mpg;\n video/quicktime mov;\n video/x-flv flv;\n video/x-msvideo avi;\n video/x-ms-wmv wmv;\n video/x-ms-asf asx asf;\n video/x-mng mng;\n}\n"
(:mime.types (:data (cut/generate-nginx-configmap {:unique-name "test.io",
:gitea-host "gitea.evilorg",
:gitea-repo "none",
:branchname "mablain",
:fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]})))))
(is (= "user nginx;\nworker_processes 3;\nerror_log /var/log/nginx/error.log;\npid /var/log/nginx/nginx.pid;\nworker_rlimit_nofile 8192;\nevents {\n worker_connections 4096;\n}\nhttp {\n include /etc/nginx/mime.types;\n default_type application/octet-stream;\n log_format main '$remote_addr - $remote_user [$time_local] $status'\n '\"$request\" $body_bytes_sent \"$http_referer\"'\n '\"$http_user_agent\" \"$http_x_forwarded_for\"';\n access_log /var/log/nginx/access.log main;\n sendfile on;\n tcp_nopush on;\n keepalive_timeout 65;\n server_names_hash_bucket_size 128;\n include /etc/nginx/conf.d/website.conf;\n}\n"
(:nginx.conf (:data (cut/generate-nginx-configmap {:unique-name "test.io",
:gitea-host "gitea.evilorg",
:gitea-repo "none",
:branchname "mablain",
:fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]})))))
(is (= {:apiVersion "v1",
:kind "ConfigMap",
:metadata {:name "test-io-configmap",
:labels {:app.kubernetes.part-of "test-io-website"},
:namespace "default"}}
(dissoc (cut/generate-nginx-configmap {:unique-name "test.io",
:gitea-host "gitea.evilorg",
:gitea-repo "none",
:branchname "mablain",
:fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]}) :data))))
(deftest should-generate-nginx-deployment
(is (= {:apiVersion "apps/v1",
:kind "Deployment",
:metadata {:name "test-io-deployment", :labels {:app.kubernetes.part-of "test-io-website"}},
:spec
{:replicas 1,
:selector {:matchLabels {:app "test-io-nginx"}},
:template
{:metadata {:labels {:app "test-io-nginx"}},
:spec
{:containers
[{:name "test-io-nginx",
:image "nginx:latest",
:imagePullPolicy "IfNotPresent",
:ports [{:containerPort 80}],
:volumeMounts
[{:mountPath "/etc/nginx", :readOnly true, :name "nginx-config-volume"}
{:mountPath "/var/log/nginx", :name "log"}
{:mountPath "/var/www/html/website", :name "content-volume", :readOnly true}]}],
:initContainers
[{:image "domaindrivenarchitecture/c4k-website-build",
:name "test-io-init-build-container",
:imagePullPolicy "IfNotPresent",
:resources {:requests {:cpu "500m", :memory "256Mi"}, :limits {:cpu "1700m", :memory "512Mi"}},
:command ["/entrypoint.sh"],
:envFrom [{:secretRef {:name "test-io-secret"}}],
:env [{:name "SHA256SUM", :value "123456789ab123cd345de"} {:name "SCRIPTFILE", :value "script-file-name.sh"}],
:volumeMounts [{:name "content-volume", :mountPath "/var/www/html/website"}
{:name "hashfile-volume", :mountPath "/var/hashfile.d"}]}],
:volumes
[{:name "nginx-config-volume",
:configMap
{:name "test-io-configmap",
:items
[{:key "nginx.conf", :path "nginx.conf"}
{:key "website.conf", :path "conf.d/website.conf"}
{:key "mime.types", :path "mime.types"}]}}
{:name "log", :emptyDir {}}
{:name "content-volume", :persistentVolumeClaim {:claimName "test-io-content-volume"}}
{:name "hashfile-volume", :persistentVolumeClaim {:claimName "test-io-hashfile-volume"}}]}}}}
(cut/generate-nginx-deployment {:gitea-host "gitlab.de",
:fqdns ["test.de" "test.org" "www.test.de" "www.test.org"],
:gitea-repo "repo",
:sha256sum-output "123456789ab123cd345de script-file-name.sh",
:issuer "staging",
:branchname "main",
:unique-name "test.io"}))))
(deftest should-generate-resource-requests
(is (= {:requests {:cpu "500m", :memory "256Mi"}, :limits {:cpu "1700m", :memory "512Mi"}}
(-> (cut/generate-nginx-deployment {:gitea-host "gitlab.de",
:fqdns ["test.de" "test.org" "www.test.de" "www.test.org"],
:gitea-repo "repo",
:sha256sum-output "123456789ab123cd345de script-file-name.sh",
:issuer "staging",
:branchname "main",
:unique-name "test.io"})
:spec :template :spec :initContainers first :resources )))
(is (= {:requests {:cpu "1500m", :memory "512Mi"}, :limits {:cpu "3000m", :memory "1024Mi"}}
(-> (cut/generate-nginx-deployment {:gitea-host "gitlab.de",
:fqdns ["test.de" "test.org" "www.test.de" "www.test.org"],
:gitea-repo "repo",
:sha256sum-output "123456789ab123cd345de script-file-name.sh",
:issuer "staging",
:branchname "main",
:unique-name "test.io"
:build-cpu-request "1500m"
:build-cpu-limit "3000m"
:build-memory-request "512Mi"
:build-memory-limit "1024Mi"})
:spec :template :spec :initContainers first :resources))))
(deftest should-generate-nginx-service
(is (= {:name-c1 "test-io-service",
:name-c2 "test-org-service",
:app-c1 "test-io-nginx",
:app-c2 "test-org-nginx",
:app.kubernetes.part-of-c1 "test-io-website",
:app.kubernetes.part-of-c2 "test-org-website"}
(th/map-diff (cut/generate-nginx-service {:unique-name "test.io",
:gitea-host "gitea.evilorg",
:gitea-repo "none",
:branchname "mablain",
:fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]})
(cut/generate-nginx-service {:unique-name "test.org",
:gitea-host "gitea.evilorg",
:gitea-repo "none",
:branchname "mablain",
:fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]})))))
(deftest should-generate-website-build-cron
(is (= {:apiVersion "batch/v1",
:kind "CronJob",
:metadata {:name "test-io-build-cron", :labels {:app.kubernetes.part-of "test-io-website"}},
:spec
{:schedule "0/7 * * * *",
:successfulJobsHistoryLimit 1,
:failedJobsHistoryLimit 1,
:jobTemplate
{:spec
{:template
{:spec
{:containers
[{:image "domaindrivenarchitecture/c4k-website-build",
:name "test-io-build-app",
:imagePullPolicy "IfNotPresent",
:resources {:requests {:cpu "500m", :memory "256Mi"}, :limits {:cpu "1700m", :memory "512Mi"}},
:command ["/entrypoint.sh"],
:envFrom [{:secretRef {:name "test-io-secret"}}],
:env [{:name "SHA256SUM", :value "123456789ab123cd345de"} {:name "SCRIPTFILE", :value "script-file-name.sh"}],
:volumeMounts [{:name "content-volume", :mountPath "/var/www/html/website"}
{:name "hashfile-volume", :mountPath "/var/hashfile.d"}]}],
:volumes [{:name "content-volume", :persistentVolumeClaim {:claimName "test-io-content-volume"}}
{:name "hashfile-volume", :persistentVolumeClaim {:claimName "test-io-hashfile-volume"}}],
:restartPolicy "OnFailure"}}}}}}
(cut/generate-website-build-cron {:gitea-host "gitlab.de",
:fqdns ["test.de" "test.org" "www.test.de" "www.test.org"],
:gitea-repo "repo",
:sha256sum-output "123456789ab123cd345de script-file-name.sh",
:issuer "staging",
:branchname "main",
:unique-name "test.io"}))))
(deftest should-generate-website-build-secret
(is (= {:apiVersion "v1",
:kind "Secret",
:metadata {:name "test-io-secret", :labels {:app.kubernetes.part-of "test-io-website"}},
:data
{:AUTHTOKEN "YWJlZGpnYmFzZG9kag==",
:GITREPOURL "aHR0cHM6Ly9naXRsYWIuZGUvYXBpL3YxL3JlcG9zL3NvbWV1c2VyL3JlcG8vYXJjaGl2ZS9tYWluLnppcA==",
:GITCOMMITURL "aHR0cHM6Ly9naXRsYWIuZGUvYXBpL3YxL3JlcG9zL3NvbWV1c2VyL3JlcG8vZ2l0L2NvbW1pdHMvSEVBRA=="}}
(cut/generate-website-build-secret {:fqdns ["test.de" "test.org" "www.test.de" "www.test.org"],
:gitea-repo "repo",
:sha256sum-output "123456789ab123cd345de script-file-name.sh",
:issuer "staging",
:branchname "main",
:unique-name "test.io",
:gitea-host "gitlab.de"}
{:unique-name "test.io",
:authtoken "abedjgbasdodj",
:username "someuser"}))))
(deftest should-generate-website-content-volume
(is (= {:name-c1 "test-io-content-volume",
:name-c2 "test-org-content-volume",
:app-c1 "test-io-nginx",
:app-c2 "test-org-nginx",
:app.kubernetes.part-of-c1 "test-io-website",
:app.kubernetes.part-of-c2 "test-org-website"}
(th/map-diff (cut/generate-website-content-volume {:unique-name "test.io",
:gitea-host "gitea.evilorg",
:gitea-repo "none",
:branchname "mablain",
:fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]})
(cut/generate-website-content-volume {:unique-name "test.org",
:gitea-host "gitea.evilorg",
:gitea-repo "none",
:branchname "mablain",
:fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]})))))
(deftest should-generate-hashfile-volume
(is (= {:apiVersion "v1",
:kind "PersistentVolumeClaim",
:metadata
{:name "test-io-hashfile-volume",
:namespace "default",
:labels {:app "test-io-nginx", :app.kubernetes.part-of "test-io-website"}},
:spec {:storageClassName "local-path", :accessModes ["ReadWriteOnce"], :resources {:requests {:storage "16Mi"}}}}
(cut/generate-hashfile-volume {:unique-name "test.io",
:gitea-host "gitea.evilorg",
:gitea-repo "none",
:branchname "mablain",
:fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]}))))

14
src/test/resources/taiga-test/valid-auth.yaml Normal file
View file

@ -0,0 +1,14 @@
taiga-secret-key: "some-key"
postgres-db-user: "forgejo"
postgres-db-password: "forgejo-db-password"
mailer-user: "mailer-user"
mailer-pw: "mailer-pw"
django-superuser-username: "taiga-admin"
django-superuser-password: "super-password"
django-superuser-email: "some@example.com"
rabbitmq-user: "rabbit-user"
rabbitmq-pw: "rabbit-pw"
rabbitmq-erlang-cookie: "rabbit-erlang"
mon-auth:
grafana-cloud-user: "user"
grafana-cloud-password: "password"

13
src/test/resources/taiga-test/valid-config.yaml Normal file
View file

@ -0,0 +1,13 @@
issuer: "staging"
fqdn: "taiga.test.meissa.de"
public-register-enabled: "false"
enable-telemetry: "false"
storage-class-name: "local-path"
storage-media-size: 2
storage-static-size: 3
storage-async-rabbitmq-size: 4
storage-events-rabbitmq-size: 5
mon-cfg:
grafana-cloud-url: "url-for-your-prom-remote-write-endpoint"
cluster-name: "jitsi"
cluster-stage: "test"

12
src/test/resources/website-test/valid-auth.yaml
View file

@ -1,12 +0,0 @@
taiga-secret-key: "some-key"
postgres-db-user: "forgejo"
postgres-db-password: "forgejo-db-password"
mailer-user: ""
mailer-pw: ""
rabbitmq-user: ""
rabbitmq-pw: ""
django-superuser: "taiga-admin"
django-superuser-password: ""
mon-auth:
grafana-cloud-user: "user"
grafana-cloud-password: "password"

5
src/test/resources/website-test/valid-config.yaml
View file

@ -1,5 +0,0 @@
issuer: "staging"
mon-cfg:
grafana-cloud-url: "url-for-your-prom-remote-write-endpoint"
cluster-name: "jitsi"
cluster-stage: "test"