Working Base Config for Taiga #1

Merged
patdyn merged 60 commits from config-play into main 2023-09-01 10:38:18 +00:00
55 changed files with 680 additions and 1060 deletions

View file

@ -6,10 +6,43 @@
## Configuration Issues
We currently can no login even after `python manage.py createsuperuser --noinput` in the taiga-back-deployment container. What might help: https://docs.taiga.io/setup-production.html#taiga-back
Note: taiga-manage,-back und -async verwenden die gleichen docker images mit unterschiedlichen entry-points.
https://github.com/kaleidos-ventures/taiga-docker
https://community.taiga.io/t/taiga-30min-setup/170
Note: taiga-manage,-back und -async verwenden die gleichen docker images mit unterschiedlichen entry-points.
### Steps to start and get an admin user
Philosophy: First create the superuser, then populate the DB.
https://docs.taiga.io/setup-production.html#taiga-back
https://docs.taiga.io/setup-production.html#_configure_an_admin_user
https://github.com/kaleidos-ventures/taiga-back/blob/main/docker/entrypoint.sh
In the init container we create the super user. Difference between init-container and container: CELERY_ENABLED: false
The init container gets the following command and args:
```yaml
command: ["/bin/bash"]
args: ["-c", "source /opt/venv/bin/activate && python manage.py createsuperuser --noinput"]
```
Thus the dockerfile default entrypoint is ignored.
Problem: Login using this method is still not available with the proposed credentials.
#### Option 1: Init container, currently under test
Create an init container (celery disabled) with the python manage.py command and the taiga-manage createsuperuser args
#### Option 2: Single container
Create a single container that has celery disabled at the beginning.
Runs the following cmds:
* python manage.py taiga-manage createsuperuser
* enable celery
* execute entrypoint.sh
### HTTPS
@ -49,24 +82,6 @@ taiga-async -> taiga-async-rabbitmq
taiga-events -> taiga-events-rabbitmq
This is not quite clear, but probably solved with the implementation of services.
### Init container
Es gibt einen Init-Container mit namen *taiga-manage* im deployment.
Dieser erstellt einen Admin User mit credentials aus dem taiga-back-secret.
#### Einen admin-user anlegen
https://github.com/kaleidos-ventures/taiga-docker#configure-an-admin-user
folglich:
https://docs.djangoproject.com/en/4.2/ref/django-admin/#django-admin-createsuperuser
Also DJANGO_SUPERUSER_TAIGAADMIN und DJANGO_SUPERUSER_PASSWORD
sollten für den Container gesetzt sein.
Dann noch ein run befehl mit: python manage.py createsuperuser im init container unterbringen.
### Deployments
Separate deployments exist for each of the taiga modules:

View file

@ -20,8 +20,8 @@
:dependencies [[dda/data-test "0.1.1"]]}
:dev {:plugins [[lein-shell "0.5.0"]]}
:uberjar {:aot :all
:main dda.c4k-website.uberjar
:uberjar-name "c4k-website-standalone.jar"
:main dda.c4k-taiga.uberjar
:uberjar-name "c4k-taiga-standalone.jar"
:dependencies [[org.clojure/tools.cli "1.0.214"]
[ch.qos.logback/logback-classic "1.4.5"
:exclusions [com.sun.mail/javax.mail]]
@ -36,11 +36,11 @@
"native-image"
"--report-unsupported-elements-at-runtime"
"--initialize-at-build-time"
"-jar" "target/uberjar/c4k-website-standalone.jar"
"-jar" "target/uberjar/c4k-taiga-standalone.jar"
"-H:ResourceConfigurationFiles=graalvm-resource-config.json"
"-H:Log=registerResource"
"-H:Name=target/graalvm/${:name}"]
"inst" ["shell"
"sh"
"-c"
"lein uberjar && sudo install -m=755 target/uberjar/c4k-website-standalone.jar /usr/local/bin/c4k-website-standalone.jar"]})
"lein uberjar && sudo install -m=755 target/uberjar/c4k-taiga-standalone.jar /usr/local/bin/c4k-taiga-standalone.jar"]})

View file

@ -3,7 +3,7 @@
<head>
<meta charset="utf-8" />
<title>c4k-website</title>
<title>c4k-taiga</title>
<link href="https://domaindrivenarchitecture.org/css/bootstrap.min.css" rel="stylesheet" type="text/css" />
<link href="https://domaindrivenarchitecture.org/css/fonts/fontawesome/fontawesome.css" rel="stylesheet" type="text/css" />
<link href="https://domaindrivenarchitecture.org/css/custom.css" rel="stylesheet" type="text/css" />

View file

@ -7,7 +7,7 @@
:dependencies [[org.domaindrivenarchitecture/c4k-common-cljs "6.0.1"]
[hickory "0.7.1"]]
:builds {:frontend {:target :browser
:modules {:main {:init-fn dda.c4k-website.browser/init}}
:modules {:main {:init-fn dda.c4k-taiga.browser/init}}
:release {}
:compiler-options {:optimizations :advanced}}
:test {:target :node-test

View file

@ -7,33 +7,53 @@
[dda.c4k-common.common :as cm]
[dda.c4k-common.predicate :as cp]
[dda.c4k-common.monitoring :as mon]
[dda.c4k-taiga.taiga :as taiga]))
[dda.c4k-taiga.taiga :as taiga]
[dda.c4k-common.postgres :as postgres]))
(def config-defaults {:issuer "staging"
:volume-size "3"})
(def default-storage-class :local-path)
(s/def ::mon-cfg ::mon/mon-cfg)
(s/def ::mon-auth ::mon/mon-auth)
(def config? taiga/config?)
(def auth? taiga/auth?)
; ToDo
(def config? (s/keys :req-un
:opt-un [::mon-cfg]))
; ToDo
(def auth? (s/keys :req-un
:opt-un [::mon-auth]))
; ToDo:
(defn generate-configs [config auth])
(def config-defaults taiga/config-defaults)
(defn-spec k8s-objects cp/map-or-seq?
[config config?
auth auth?]
[config taiga/config?
auth taiga/auth?]
(cm/concat-vec
(map yaml/to-string
(filter
#(not (nil? %))
(cm/concat-vec
(generate-configs config auth)
[(postgres/generate-config {:postgres-size :8gb :db-name "taiga"})
(postgres/generate-secret auth)
(postgres/generate-pvc {:pv-storage-size-gb 50
:pvc-storage-class-name default-storage-class})
(postgres/generate-deployment)
(postgres/generate-service)
(taiga/generate-async-deployment)
(taiga/generate-async-rabbitmq-deployment)
(taiga/generate-async-rabbitmq-service)
(taiga/generate-async-service)
(taiga/generate-back-deployment)
(taiga/generate-back-service)
(taiga/generate-configmap config)
(taiga/generate-pvc-taiga-media-data config)
(taiga/generate-pvc-taiga-static-data config)
(taiga/generate-events-deployment)
(taiga/generate-events-rabbitmq-deployment)
(taiga/generate-events-rabbitmq-service)
(taiga/generate-events-service)
(taiga/generate-front-deployment)
(taiga/generate-front-service)
(taiga/generate-gateway-configmap)
(taiga/generate-gateway-deployment)
(taiga/generate-gateway-service)
(taiga/generate-protected-deployment)
(taiga/generate-protected-service)
(taiga/generate-rabbitmq-pvc-async config)
(taiga/generate-rabbitmq-pvc-events config)
(taiga/generate-secret auth)]
(taiga/generate-ingress-and-cert config)
(when (:contains? config :mon-cfg)
(mon/generate (:mon-cfg config) (:mon-auth auth))))))))

View file

@ -0,0 +1,224 @@
(ns dda.c4k-taiga.taiga
(:require
[clojure.spec.alpha :as s]
#?(:cljs [shadow.resource :as rc])
#?(:clj [orchestra.core :refer [defn-spec]]
:cljs [orchestra.core :refer-macros [defn-spec]])
#?(:clj [clojure.edn :as edn]
:cljs [cljs.reader :as edn])
[dda.c4k-common.yaml :as yaml]
[dda.c4k-common.common :as cm]
[dda.c4k-common.base64 :as b64]
[dda.c4k-common.predicate :as cp]
[dda.c4k-common.monitoring :as mon]
[dda.c4k-common.postgres :as postgres]
[dda.c4k-common.ingress :as ing]
[clojure.string :as str]))
(def config-defaults {:issuer "staging"
:storage-class-name "local-path"
:pv-storage-size-gb "5" ;; ToDo: check sensible defaults
:storage-media-size "5"
:storage-static-size "5"
:storage-async-rabbitmq-size "5"
:storage-events-rabbitmq-size "5"
:public-register-enabled "false"
:enable-telemetry "false"})
(s/def ::mon-cfg ::mon/mon-cfg)
(s/def ::mon-auth ::mon/mon-auth)
(s/def ::taiga-secret-key cp/bash-env-string?)
(s/def ::mailer-user string?)
(s/def ::mailer-pw string?)
(s/def ::django-superuser-username string?)
(s/def ::django-superuser-password string?)
(s/def ::django-superuser-email string?)
(s/def ::rabbitmq-user string?)
(s/def ::rabbitmq-pw string?)
(s/def ::rabbitmq-erlang-cookie string?)
(s/def ::issuer cp/letsencrypt-issuer?)
(s/def ::fqdn cp/fqdn-string?)
(s/def ::public-register-enabled string?) ;; ToDo maybe check for boolean string
(s/def ::enable-telemetry string?)
(s/def ::storage-class-name string?)
(s/def ::storage-media-size int?)
(s/def ::storage-static-size int?)
(s/def ::storage-async-rabbitmq-size int?)
(s/def ::storage-events-rabbitmq-size int?)
(def auth? (s/keys :req-un [::postgres/postgres-db-user
::postgres/postgres-db-password
::taiga-secret-key
::mailer-pw
::mailer-user
::django-superuser-email
::django-superuser-password
::django-superuser-username
::rabbitmq-erlang-cookie
::rabbitmq-pw
::rabbitmq-user]
:opt-un [::mon-auth]))
(def config? (s/keys :req-un [::fqdn]
:opt-un [::issuer
::storage-class-name
::storage-media-size
::storage-static-size
::storage-async-rabbitmq-size
::storage-events-rabbitmq-size
::pv-storage-size-gb
::public-register-enabled
::enable-telemetry
::mon-cfg]))
#?(:cljs
(defmethod yaml/load-resource :taiga [resource-name]
(case resource-name
"taiga/events-rabbitmq-deployment.yaml" (rc/inline "taiga/events-rabbitmq-deployment.yaml")
"taiga/gateway-deployment.yaml" (rc/inline "taiga/gateway-deployment.yaml")
"taiga/protected-deployment.yaml" (rc/inline "taiga/protected-deployment.yaml")
"taiga/gateway-configmap.yaml" (rc/inline "taiga/gateway-configmap.yaml")
"taiga/configmap.yaml" (rc/inline "taiga/configmap.yaml")
"taiga/async-service.yaml" (rc/inline "taiga/async-service.yaml")
"taiga/events-deployment.yaml" (rc/inline "taiga/events-deployment.yaml")
"taiga/async-deployment.yaml" (rc/inline "taiga/async-deployment.yaml")
"taiga/back-deployment.yaml" (rc/inline "taiga/back-deployment.yaml")
"taiga/front-deployment.yaml" (rc/inline "taiga/front-deployment.yaml")
"taiga/front-service.yaml" (rc/inline "taiga/front-service.yaml")
"taiga/gateway-service.yaml" (rc/inline "taiga/gateway-service.yaml")
"taiga/pvc-taiga-media-data.yaml" (rc/inline "taiga/pvc-taiga-media-data.yaml")
"taiga/pvc-taiga-static-data.yaml" (rc/inline "taiga/pvc-taiga-static-data.yaml")
"taiga/async-rabbitmq-deployment.yaml" (rc/inline "taiga/async-rabbitmq-deployment.yaml")
"taiga/protected-service.yaml" (rc/inline "taiga/protected-service.yaml")
"taiga/secret.yaml" (rc/inline "taiga/secret.yaml")
"taiga/async-rabbitmq-service.yaml" (rc/inline "taiga/async-rabbitmq-service.yaml")
"taiga/events-service.yaml" (rc/inline "taiga/events-service.yaml")
"taiga/back-service.yaml" (rc/inline "taiga/back-service.yaml")
"taiga/events-rabbitmq-service.yaml" (rc/inline "taiga/events-rabbitmq-service.yaml")
"taiga/rabbitmq-pvc-async.yaml" (rc/inline "taiga/rabbitmq-pvc-async.yaml")
"taiga/rabbitmq-pvc-events.yaml" (rc/inline "taiga/rabbitmq-pvc-events.yaml")
(throw (js/Error. "Undefined Resource!")))))
(defn-spec generate-ingress-and-cert cp/map-or-seq?
[config config?]
(let [{:keys [fqdn]} config]
(ing/generate-ingress-and-cert
(merge
{:service-name "taiga-gateway"
:service-port 80
:fqdns [fqdn]}
config))))
(defn-spec generate-async-deployment cp/map-or-seq? []
(yaml/from-string (yaml/load-resource "taiga/async-deployment.yaml")))
(defn-spec generate-async-service cp/map-or-seq? []
(yaml/from-string (yaml/load-resource "taiga/async-service.yaml")))
(defn-spec generate-async-rabbitmq-deployment cp/map-or-seq? []
(yaml/from-string (yaml/load-resource "taiga/async-rabbitmq-deployment.yaml")))
(defn-spec generate-events-rabbitmq-service cp/map-or-seq? []
(yaml/from-string (yaml/load-resource "taiga/events-rabbitmq-service.yaml")))
(defn-spec generate-async-rabbitmq-service cp/map-or-seq? []
(yaml/from-string (yaml/load-resource "taiga/async-rabbitmq-service.yaml")))
(defn-spec generate-back-deployment cp/map-or-seq? []
(yaml/from-string (yaml/load-resource "taiga/back-deployment.yaml")))
(defn-spec generate-back-service cp/map-or-seq? []
(yaml/from-string (yaml/load-resource "taiga/back-service.yaml")))
(defn-spec generate-events-rabbitmq-deployment cp/map-or-seq? []
(yaml/from-string (yaml/load-resource "taiga/events-rabbitmq-deployment.yaml")))
(defn-spec generate-events-deployment cp/map-or-seq? []
(yaml/from-string (yaml/load-resource "taiga/events-deployment.yaml")))
(defn-spec generate-events-service cp/map-or-seq? []
(yaml/from-string (yaml/load-resource "taiga/events-service.yaml")))
(defn-spec generate-front-deployment cp/map-or-seq? []
(yaml/from-string (yaml/load-resource "taiga/front-deployment.yaml")))
(defn-spec generate-front-service cp/map-or-seq? []
(yaml/from-string (yaml/load-resource "taiga/front-service.yaml")))
(defn-spec generate-gateway-configmap cp/map-or-seq? []
(yaml/from-string (yaml/load-resource "taiga/gateway-configmap.yaml")))
(defn-spec generate-gateway-deployment cp/map-or-seq? []
(yaml/from-string (yaml/load-resource "taiga/gateway-deployment.yaml")))
(defn-spec generate-gateway-service cp/map-or-seq? []
(yaml/from-string (yaml/load-resource "taiga/gateway-service.yaml")))
(defn-spec generate-protected-deployment cp/map-or-seq? []
(yaml/from-string (yaml/load-resource "taiga/protected-deployment.yaml")))
(defn-spec generate-protected-service cp/map-or-seq? []
(yaml/from-string (yaml/load-resource "taiga/protected-service.yaml")))
(defn-spec generate-configmap cp/map-or-seq?
[config config?]
(let [{:keys [fqdn enable-telemetry public-register-enabled]} (merge config-defaults config)]
(-> (yaml/load-as-edn "taiga/configmap.yaml")
(cm/replace-key-value :TAIGA_SITES_DOMAIN fqdn)
(cm/replace-key-value :TAIGA_URL (str "https://" fqdn))
(cm/replace-key-value :TAIGA_WEBSOCKETS_URL (str "wss://" fqdn))
(cm/replace-key-value :ENABLE_TELEMETRY enable-telemetry)
(cm/replace-key-value :PUBLIC_REGISTER_ENABLED public-register-enabled))))
(defn-spec generate-pvc-taiga-media-data cp/map-or-seq?
[config config?]
(let [{:keys [storage-class-name storage-media-size]} (merge config-defaults config)]
(->
(yaml/from-string (yaml/load-resource "taiga/pvc-taiga-media-data.yaml"))
(assoc-in [:spec :storageClassName] storage-class-name)
(assoc-in [:spec :resources :requests :storage] (str storage-media-size "Gi")))))
(defn-spec generate-pvc-taiga-static-data cp/map-or-seq?
[config config?]
(let [{:keys [storage-class-name storage-static-size]} (merge config-defaults config)]
(->
(yaml/from-string (yaml/load-resource "taiga/pvc-taiga-static-data.yaml"))
(assoc-in [:spec :storageClassName] storage-class-name)
(assoc-in [:spec :resources :requests :storage] (str storage-static-size "Gi")))))
(defn-spec generate-secret cp/map-or-seq?
[auth auth?]
(let [{:keys [taiga-secret-key
mailer-user mailer-pw
rabbitmq-user rabbitmq-pw rabbitmq-erlang-cookie
django-superuser-username django-superuser-password django-superuser-email]} auth]
(->
(yaml/from-string (yaml/load-resource "taiga/secret.yaml"))
(cm/replace-key-value :TAIGA_SECRET_KEY (b64/encode taiga-secret-key))
(cm/replace-key-value :EMAIL_HOST_USER (b64/encode mailer-user))
(cm/replace-key-value :EMAIL_HOST_PASSWORD (b64/encode mailer-pw))
(cm/replace-key-value :RABBITMQ_USER (b64/encode rabbitmq-user))
(cm/replace-key-value :RABBITMQ_PASS (b64/encode rabbitmq-pw))
(cm/replace-key-value :RABBITMQ_ERLANG_COOKIE (b64/encode rabbitmq-erlang-cookie))
(cm/replace-key-value :DJANGO_SUPERUSER_USERNAME (b64/encode django-superuser-username))
(cm/replace-key-value :DJANGO_SUPERUSER_PASSWORD (b64/encode django-superuser-password))
(cm/replace-key-value :DJANGO_SUPERUSER_EMAIL (b64/encode django-superuser-email)))))
(defn-spec generate-rabbitmq-pvc-async cp/map-or-seq?
[config config?]
(let [{:keys [storage-class-name storage-async-rabbitmq-size]} (merge config-defaults config)]
(->
(yaml/from-string (yaml/load-resource "taiga/rabbitmq-pvc-async.yaml"))
(assoc-in [:spec :storageClassName] storage-class-name)
(assoc-in [:spec :resources :requests :storage] (str storage-async-rabbitmq-size "Gi")))))
(defn-spec generate-rabbitmq-pvc-events cp/map-or-seq?
[config config?]
(let [{:keys [storage-class-name storage-events-rabbitmq-size]} (merge config-defaults config)]
(->
(yaml/from-string (yaml/load-resource "taiga/rabbitmq-pvc-events.yaml"))
(assoc-in [:spec :storageClassName] storage-class-name)
(assoc-in [:spec :resources :requests :storage] (str storage-events-rabbitmq-size "Gi")))))

View file

@ -1,181 +0,0 @@
(ns dda.c4k-website.website
(:require
[clojure.spec.alpha :as s]
#?(:cljs [shadow.resource :as rc])
#?(:clj [orchestra.core :refer [defn-spec]]
:cljs [orchestra.core :refer-macros [defn-spec]])
#?(:clj [clojure.edn :as edn]
:cljs [cljs.reader :as edn])
[dda.c4k-common.yaml :as yaml]
[dda.c4k-common.common :as cm]
[dda.c4k-common.base64 :as b64]
[dda.c4k-common.predicate :as pred]
[dda.c4k-common.ingress :as ing]
[clojure.string :as str]))
; ToDo
(s/def ::issuer pred/letsencrypt-issuer?)
; ToDo
(def config? (s/keys :req-un
:opt-un ))
; ToDo
(def auth? (s/keys :req-un ))
; ToDo
(defn-spec replace-dots-by-minus string?
[fqdn pred/fqdn-string?]
(str/replace fqdn #"\." "-"))
(defn-spec generate-app-name string?
[unique-name pred/fqdn-string?]
(str (replace-dots-by-minus unique-name) "-website"))
(defn-spec generate-service-name string?
[unique-name pred/fqdn-string?]
(str (replace-dots-by-minus unique-name) "-service"))
(defn-spec generate-cert-name string?
[unique-name pred/fqdn-string?]
(str (replace-dots-by-minus unique-name) "-cert"))
(defn-spec generate-ingress-name string?
[unique-name pred/fqdn-string?]
(str (replace-dots-by-minus unique-name) "-ingress"))
; https://your.gitea.host/api/v1/repos/<owner>/<repo>/archive/<branch>.zip
(defn-spec generate-gitrepourl string?
[host pred/fqdn-string?
repo string?
user string?
branch string?]
(str "https://" host "/api/v1/repos/" user "/" repo "/archive/" branch ".zip"))
; https://your.gitea.host/api/v1/repos/<owner>/<repo>/git/commits/HEAD
(defn-spec generate-gitcommiturl string?
[host pred/fqdn-string?
repo string?
user string?]
(str "https://" host "/api/v1/repos/" user "/" repo "/git/" "commits/" "HEAD"))
(defn-spec replace-all-matching-substrings-beginning-with pred/map-or-seq?
[col pred/map-or-seq?
value-to-partly-match string?
value-to-inplace string?]
(clojure.walk/postwalk #(if (and (= (type value-to-partly-match) (type %))
(re-matches (re-pattern (str value-to-partly-match ".*")) %))
(str/replace % value-to-partly-match value-to-inplace) %)
col))
(defn-spec replace-common-data pred/map-or-seq?
[resource-file string?
config websiteconfig?]
(let [{:keys [unique-name]} config]
(->
(yaml/load-as-edn resource-file)
(assoc-in [:metadata :labels :app.kubernetes.part-of] (generate-app-name unique-name))
(replace-all-matching-substrings-beginning-with "NAME" (replace-dots-by-minus unique-name)))))
(defn-spec replace-build-data pred/map-or-seq?
[resource-file string?
config websiteconfig?]
(let [{:keys [sha256sum-output build-cpu-request build-cpu-limit build-memory-request build-memory-limit]
:or {build-cpu-request "500m" build-cpu-limit "1700m" build-memory-request "256Mi" build-memory-limit "512Mi"}} config]
(->
(replace-common-data resource-file config)
(cm/replace-all-matching-values-by-new-value "CHECK_SUM" (get-hash-from-sha256sum-output sha256sum-output))
(cm/replace-all-matching-values-by-new-value "SCRIPT_FILE" (get-file-name-from-sha256sum-output sha256sum-output))
(cm/replace-all-matching-values-by-new-value "BUILD_CPU_REQUEST" build-cpu-request)
(cm/replace-all-matching-values-by-new-value "BUILD_CPU_LIMIT" build-cpu-limit)
(cm/replace-all-matching-values-by-new-value "BUILD_MEMORY_REQUEST" build-memory-request)
(cm/replace-all-matching-values-by-new-value "BUILD_MEMORY_LIMIT" build-memory-limit))))
#?(:cljs
(defmethod yaml/load-resource :website [resource-name]
(case resource-name
"website/nginx-configmap.yaml" (rc/inline "website/nginx-configmap.yaml")
"website/nginx-deployment.yaml" (rc/inline "website/nginx-deployment.yaml")
"website/nginx-service.yaml" (rc/inline "website/nginx-service.yaml")
"website/website-build-cron.yaml" (rc/inline "website/website-build-cron.yaml")
"website/website-build-secret.yaml" (rc/inline "website/website-build-secret.yaml")
"website/website-content-volume.yaml" (rc/inline "website/website-content-volume.yaml")
"website/hashfile-volume.yaml" (rc/inline "website/hashfile-volume.yaml")
(throw (js/Error. "Undefined Resource!")))))
(defn-spec generate-nginx-deployment pred/map-or-seq?
[config websiteconfig?]
(replace-build-data "website/nginx-deployment.yaml" config))
(defn-spec generate-nginx-configmap pred/map-or-seq?
[config websiteconfig?]
(let [{:keys [fqdns]} config]
(->
(replace-common-data "website/nginx-configmap.yaml" config)
(#(assoc-in %
[:data :website.conf]
(str/replace
(-> % :data :website.conf) #"FQDN" (str (str/join " " fqdns) ";")))))))
(defn-spec generate-nginx-service pred/map-or-seq?
[config websiteconfig?]
(replace-common-data "website/nginx-service.yaml" config))
(defn-spec generate-website-content-volume pred/map-or-seq?
[config websiteconfig?]
(let [{:keys [volume-size]
:or {volume-size "3"}} config]
(->
(replace-common-data "website/website-content-volume.yaml" config)
(cm/replace-all-matching-values-by-new-value "WEBSITESTORAGESIZE" (str volume-size "Gi")))))
(defn-spec generate-hashfile-volume pred/map-or-seq?
[config websiteconfig?]
(replace-common-data "website/hashfile-volume.yaml" config))
(defn-spec generate-website-ingress pred/map-or-seq?
[config websiteconfig?]
(let [{:keys [unique-name fqdns]} config]
(ing/generate-ingress {:fqdns fqdns
:app-name (generate-app-name unique-name)
:ingress-name (generate-ingress-name unique-name)
:service-name (generate-service-name unique-name)
:service-port 80})))
(defn-spec generate-website-certificate pred/map-or-seq?
[config websiteconfig?]
(let [{:keys [unique-name issuer fqdns]
:or {issuer "staging"}} config]
(ing/generate-certificate {:fqdns fqdns
:app-name (generate-app-name unique-name)
:cert-name (generate-cert-name unique-name)
:issuer issuer})))
(defn-spec generate-website-build-cron pred/map-or-seq?
[config websiteconfig?]
(replace-build-data "website/website-build-cron.yaml" config))
(defn-spec generate-website-build-secret pred/map-or-seq?
[config websiteconfig?
auth websiteauth?]
(let [{:keys [gitea-host
gitea-repo
branchname]} config
{:keys [authtoken
username]} auth]
(->
(replace-common-data "website/website-build-secret.yaml" config)
(cm/replace-all-matching-values-by-new-value "TOKEN" (b64/encode authtoken))
(cm/replace-all-matching-values-by-new-value "REPOURL" (b64/encode
(generate-gitrepourl
gitea-host
gitea-repo
username
branchname)))
(cm/replace-all-matching-values-by-new-value "COMMITURL" (b64/encode
(generate-gitcommiturl
gitea-host
gitea-repo
username))))))

View file

@ -4,16 +4,16 @@ metadata:
name: taiga-async-deployment
labels:
app.kubernetes.part-of: c4k-taiga
app.kubernetes.io/component: taiga-async
app.kubernetes.io/component: taiga-async
spec:
replicas: 1
selector:
matchLabels:
app: taiga
template:
app.kubernetes.io/component: taiga-async
template:
metadata:
labels:
app: taiga
app.kubernetes.io/component: taiga-async
spec:
containers:
- name: taiga-async
@ -54,12 +54,11 @@ spec:
- name: POSTGRES_HOST
value: "postgresql-service"
- name: POSTGRES_PORT
value: 5432
value: "5432"
volumes:
- name: taiga-static
persistentVolumeClaim:
claimName: taiga-static
claimName: taiga-static-data
- name: taiga-media
persistentVolumeClaim:
claimName: taiga-media
claimName: taiga-media-data

View file

@ -9,11 +9,11 @@ spec:
replicas: 1
selector:
matchLabels:
app: taiga
app.kubernetes.io/component: taiga-async-rabbitmq
template:
metadata:
labels:
app: taiga
app.kubernetes.io/component: taiga-async-rabbitmq
spec:
containers:
- name: taiga-async-rabbitmq
@ -30,17 +30,23 @@ spec:
- name: RABBITMQ_DEFAULT_USER
valueFrom:
secretKeyRef:
name: taiga-rabbitmq-secret
key: RABBITMQ_DEFAULT_USER
name: taiga-secret
key: RABBITMQ_USER
- name: RABBITMQ_DEFAULT_PASS
valueFrom:
secretKeyRef:
name: taiga-rabbitmq-secret
key: RABBITMQ_DEFAULT_PASS
name: taiga-secret
key: RABBITMQ_PASS
- name: RABBITMQ_ERLANG_COOKIE
value: ERLANG_COOKIE_VALUE
valueFrom:
secretKeyRef:
name: taiga-secret
key: RABBITMQ_ERLANG_COOKIE
- name: RABBITMQ_DEFAULT_VHOST
value: RABBITMQ_VHOST
valueFrom:
configMapKeyRef:
name: taiga-configmap
key: RABBITMQ_DEFAULT_VHOST
volumes:
- name: taiga-async-rabbitmq-data

View file

@ -1,7 +1,7 @@
kind: Service
apiVersion: v1
metadata:
name: taiga-async-rabbitmq-service
name: taiga-async-rabbitmq
labels:
app.kubernetes.part-of: c4k-taiga
app.kubernetes.io/component: taiga-async-rabbitmq
@ -14,5 +14,4 @@ spec:
- name: amqp
targetPort: amqp
port: 5672
protocol: TCP
protocol: TCP

View file

@ -1,7 +1,7 @@
kind: Service
apiVersion: v1
metadata:
name: taiga-async-service
name: taiga-async
labels:
app.kubernetes.part-of: c4k-taiga
app.kubernetes.io/component: taiga-async
@ -14,5 +14,5 @@ spec:
- name: http
targetPort: http
port: 8000
protocol: TCP
protocol: TCP

View file

@ -9,21 +9,21 @@ spec:
replicas: 1
selector:
matchLabels:
app: taiga
app.kubernetes.io/component: taiga-back
template:
metadata:
labels:
app: taiga
app.kubernetes.io/component: taiga-back
spec:
initContainers: # ToDo: this needs to run only once!
initContainers:
- name: taiga-manage
image: taigaio/taiga-back:latest
image: taigaio/taiga-back:latest
imagePullPolicy: IfNotPresent
ports: # ToDo: we may need to check for the DB pod to be live
command: ["/bin/bash"]
args: ["-c", "source /opt/venv/bin/activate && CELERY_ENABLE=true python manage.py migrate && sleep 15 && python manage.py createsuperuser --noinput"]
ports:
- name: http
containerPort: 80
command:
- python manage.py && python manage.py createsuperuser
containerPort: 8000
volumeMounts:
- name: taiga-static
mountPath: /taiga-back/static
@ -33,13 +33,13 @@ spec:
readOnly: false
envFrom:
- configMapRef:
name: taiga-back-configmap
name: taiga-configmap
- secretRef:
name: taiga-back-secret
- secretRef:
name: taiga-rabbitmq-secret
name: taiga-secret
env:
- name: POSTGRES_USER # ToDo: Does taiga need a specific postgres version? Maybe test this
- name: CELERY_ENABLED
value: "false"
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
name: postgres-secret
@ -57,9 +57,7 @@ spec:
- name: POSTGRES_HOST
value: "postgresql-service"
- name: POSTGRES_PORT
value: 5432
- name: CELERY_ENABLED
value: false
value: "5432"
containers:
- name: taiga-back
image: taigaio/taiga-back:latest
@ -79,8 +77,6 @@ spec:
name: taiga-configmap
- secretRef:
name: taiga-secret
- secretRef:
name: taiga-rabbitmq-secret
env:
- name: POSTGRES_USER
valueFrom:
@ -100,12 +96,12 @@ spec:
- name: POSTGRES_HOST
value: "postgresql-service"
- name: POSTGRES_PORT
value: 5432
value: "5432"
volumes: # ToDo: Remove Volumes where not necessary
volumes:
- name: taiga-static
persistentVolumeClaim:
claimName: taiga-static
claimName: taiga-static-data
- name: taiga-media
persistentVolumeClaim:
claimName: taiga-media
claimName: taiga-media-data

View file

@ -1,7 +1,7 @@
kind: Service
apiVersion: v1
metadata:
name: taiga-back-service
name: taiga-back
labels:
app.kubernetes.part-of: c4k-taiga
app.kubernetes.io/component: taiga-back
@ -13,6 +13,6 @@ spec:
ports:
- name: http
targetPort: http
port: 80
protocol: TCP
port: 8000
protocol: TCP

View file

@ -0,0 +1,30 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: taiga-configmap
namespace: default
data:
# These environment variables will be used by taiga-back and taiga-async.
# Database settings handled in deployment
# Telemetry settings
ENABLE_TELEMETRY: REPLACEME
# Taiga settings
TAIGA_SITES_SCHEME: https
TAIGA_SITES_DOMAIN: FQDN
TAIGA_SUBPATH: ""
# Taiga Front Settings
TAIGA_URL: https://FQDN
TAIGA_WEBSOCKETS_URL: ws://FQDN
PUBLIC_REGISTER_ENABLED: REPLACEME
ENABLE_GITHUB_IMPORTER: "false"
ENABLE_JIRA_IMPORTER: "false"
ENABLE_TRELLO_IMPORTER: "false"
# Rabbitmq settings
RABBITMQ_DEFAULT_VHOST: taiga
SESSION_COOKIE_SECURE: "False"
CSRF_COOKIE_SECURE: "False"

View file

@ -0,0 +1,34 @@
Comment EVENTS_PUSH_BACKEND_URL in taiga-events-deployment
Indent name fields in envFrom field in taiga-back-deployment
Remove indentation from name field in taiga-gateway-deployment
Switch name and mountPath field positions in taiga-gateway-deployment
Change postres to 1Gi in pvc.yaml
b64 encoded values in *-secret.yaml
Change integers to strings in env vars in deployments and configmaps
Change bools to strings in env vars in deployments and configmaps
Increase storage to 8Gi in pvc.yaml
Change storageClassName to local-path in pvc.yaml
Correct volume names in async, back, gateway
Use service name as address in taiga-gateway-configmap.yaml
Correct reference to taiga-configmap and taiga-secret in taiga-back-deployment
Remove init-container in taiga-back-deployment
Update command in taiga-back-deployment to ["/taiga-back/docker/entrypoint.sh"]
Update command in taiga-back-deployment to command: ["/taiga-back/docker/entrypoint.sh && python manage.py createsupersuer"]
Extend configmap in taiga-config map by values for taiga-front # we may want to check CAPITALIZATION of KW before starting work in c4k code
Rename taiga-async-rabbitmq-service to taiga-async-rabbitmq
Move erlang cookie to taiga-rabbitmq-secret in taiga-async-rabbitmq-deployment
Change value of RABBITMQ_DEFAULT_VHOST to taiga in taiga-async-rabbitmq-deployment
Change value of RABBITMQ_USER in taiga-secret.yaml to b64/encode taiga
Change value of RABBITMQ_DEFAULT_USER in taiga-rabbitmq-secret.yaml to b64/encode taiga
Remove -service suffix from all taiga service names
Remove -service suffix from all urls in taiga-gateway configmap
Remove -service suffix from ingress
Add - name: RABBITMQ_LOGS value: /opt/rabbitmq/logs.log in taiga-async-rabbitmq-deployment
Get RABBITMQ_ERLANG_COOKIE from taiga-secret in taiga-events-rabbitmq-deployment
Put RABBITMQ_DEFAULT_VHOST KV pair in taiga-configmap
Get RABBITMQ_DEFAULT_VHOST from taiga-configmap in taiga-events-rabbitmq-deployment
Get RABBITMQ_DEFAULT_VHOST from taiga-configmap in taiga-async-rabbitmq-deployment
Move all values from taiga-rabbitmq-secret to taiga-secret
Remove taiga-rabbitmq-secret from config
Rename all occurrences of taiga-rabbitmq-secret to taiga-secret
Add SESSION_COOKIE_SECURE: "False" and CSRF_COOKIE_SECURE: "False" to taiga-configmap.yaml

View file

@ -9,11 +9,11 @@ spec:
replicas: 1
selector:
matchLabels:
app: taiga # ToDo: Check for consistent labels (maybe use app.kubernetes.io)
app.kubernetes.io/component: taiga-events
template:
metadata:
labels:
app: taiga
app.kubernetes.io/component: taiga-events
spec:
containers:
- name: taiga-events
@ -23,11 +23,6 @@ spec:
- name: http
containerPort: 8888
env:
- name: EVENTS_PUSH_BACKEND_URL # ToDo: check if we really need to set these URLs
valueFrom:
configMapKeyRef:
name: taiga-configmap
key: EVENTS_PUSH_BACKEND_URL
- name: RABBITMQ_USER
valueFrom:
secretKeyRef:

View file

@ -9,11 +9,11 @@ spec:
replicas: 1
selector:
matchLabels:
app: taiga
app.kubernetes.io/component: taiga-events-rabbitmq
template:
metadata:
labels:
app: taiga
app.kubernetes.io/component: taiga-events-rabbitmq
spec:
containers:
- name: taiga-events-rabbitmq
@ -28,15 +28,21 @@ spec:
readOnly: false
env:
- name: RABBITMQ_ERLANG_COOKIE
value: ERLANG_COOKIE_VALUE
valueFrom:
secretKeyRef:
name: taiga-secret
key: RABBITMQ_ERLANG_COOKIE
- name: RABBITMQ_DEFAULT_VHOST
value: RABBITMQ_VHOST
- name: RABBITMQ_USER
valueFrom:
configMapKeyRef:
name: taiga-configmap
key: RABBITMQ_DEFAULT_VHOST
- name: RABBITMQ_DEFAULT_USER
valueFrom:
secretKeyRef:
name: taiga-secret
key: RABBITMQ_USER
- name: RABBITMQ_PASS
- name: RABBITMQ_DEFAULT_PASS
valueFrom:
secretKeyRef:
name: taiga-secret

View file

@ -1,7 +1,7 @@
kind: Service
apiVersion: v1
metadata:
name: taiga-events-rabbitmq-service
name: taiga-events-rabbitmq
labels:
app.kubernetes.part-of: c4k-taiga
app.kubernetes.io/component: taiga-events-rabbitmq

View file

@ -1,7 +1,7 @@
kind: Service
apiVersion: v1
metadata:
name: taiga-events-service
name: taiga-events
labels:
app.kubernetes.part-of: c4k-taiga
app.kubernetes.io/component: taiga-events

View file

@ -9,11 +9,11 @@ spec:
replicas: 1
selector:
matchLabels:
app: taiga
app.kubernetes.io/component: taiga-front
template:
metadata:
labels:
app: taiga
app.kubernetes.io/component: taiga-front
spec:
containers:
- name: taiga-front
@ -24,8 +24,17 @@ spec:
containerPort: 80
env:
- name: TAIGA_URL
value: TAGA_SCHEME://TAIGA_DOMAIN
- name: TAIGA_WEBSOCKETS_URL
value: WEBSOCKETS_SCHEME://TAIGA_DOMAIN
valueFrom:
configMapKeyRef:
name: taiga-configmap
key: TAIGA_URL
- name: TAIGA_SUBPATH
value: SUBPATH
valueFrom:
configMapKeyRef:
name: taiga-configmap
key: TAIGA_SUBPATH
- name: TAIGA_WEBSOCKETS_URL
valueFrom:
configMapKeyRef:
name: taiga-configmap
key: TAIGA_WEBSOCKETS_URL

View file

@ -1,7 +1,7 @@
kind: Service
apiVersion: v1
metadata:
name: taiga-front-service
name: taiga-front
labels:
app.kubernetes.part-of: c4k-taiga
app.kubernetes.io/component: taiga-front

View file

@ -9,11 +9,11 @@ spec:
replicas: 1
selector:
matchLabels:
app: taiga
app.kubernetes.io/component: taiga-gateway
template:
metadata:
labels:
app: taiga
app.kubernetes.io/component: taiga-gateway
spec:
restartPolicy: Always
containers:
@ -24,8 +24,9 @@ spec:
- name: http
containerPort: 80
volumeMounts:
- mountPath: /etc/nginx/conf.d
name: taiga-gateway-configmap
- name: taiga-gateway-configmap
mountPath: /etc/nginx/conf.d
readOnly: false
- name: taiga-static
mountPath: /taiga/static
readOnly: false
@ -39,7 +40,7 @@ spec:
name: taiga-gateway-configmap
- name: taiga-static
persistentVolumeClaim:
claimName: taiga-static
claimName: taiga-static-data
- name: taiga-media
persistentVolumeClaim:
claimName: taiga-media
claimName: taiga-media-data

View file

@ -1,7 +1,7 @@
kind: Service
apiVersion: v1
metadata:
name: taiga-gateway-service
name: taiga-gateway
labels:
app.kubernetes.part-of: c4k-taiga
app.kubernetes.io/component: taiga-gateway

View file

@ -9,11 +9,11 @@ spec:
replicas: 1
selector:
matchLabels:
app: taiga
app.kubernetes.io/component: taiga-protected
template:
metadata:
labels:
app: taiga
app.kubernetes.io/component: taiga-protected
spec:
containers:
- name: taiga-protected
@ -24,7 +24,7 @@ spec:
containerPort: 8003
env:
- name: MAX_AGE
value: ATTACHMENTS_MAX_AGE
value: "5"
- name: SECRET_KEY
valueFrom:
secretKeyRef:

View file

@ -1,7 +1,7 @@
kind: Service
apiVersion: v1
metadata:
name: taiga-protected-service
name: taiga-protected
labels:
app.kubernetes.part-of: c4k-taiga
app.kubernetes.io/component: taiga-protected
@ -15,4 +15,3 @@ spec:
targetPort: http
port: 8003
protocol: TCP

View file

@ -1,16 +1,15 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: NAME-hashfile-volume
name: taiga-media-data
namespace: default
labels:
app: NAME-nginx
app.kubernetes.part-of: NAME-website
app: taiga
app.kubernetes.part-of: taiga
spec:
storageClassName: local-path
storageClassName: REPLACEME
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 16Mi
storage: REPLACEME

View file

@ -0,0 +1,15 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: taiga-static-data
namespace: default
labels:
app: taiga
app.kubernetes.part-of: taiga
spec:
storageClassName: REPLACEME
accessModes:
- ReadWriteOnce
resources:
requests:
storage: REPLACEME

View file

@ -0,0 +1,15 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: taiga-async-rabbitmq-data
namespace: default
labels:
app: taiga
app.kubernetes.part-of: taiga
spec:
storageClassName: REPLACEME
accessModes:
- ReadWriteOnce
resources:
requests:
storage: REPLACEME

View file

@ -0,0 +1,15 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: taiga-events-rabbitmq-data
namespace: default
labels:
app: taiga
app.kubernetes.part-of: taiga
spec:
storageClassName: REPLACEME
accessModes:
- ReadWriteOnce
resources:
requests:
storage: REPLACEME

View file

@ -0,0 +1,23 @@
apiVersion: v1
kind: Secret
metadata:
name: taiga-secret
labels:
app.kubernetes.part-of: taiga
data:
# Taiga settings
TAIGA_SECRET_KEY: TAIGA_SECRET_KEY
# Email settings
EMAIL_HOST_USER: EMAIL_HOST_USER
EMAIL_HOST_PASSWORD: EMAIL_HOST_PASSWORD
# Rabbitmq settings
RABBITMQ_USER: RABBITMQ_USER
RABBITMQ_PASS: RABBITMQ_PASS
RABBITMQ_ERLANG_COOKIE: RABBITMQ_ERLANG_COOKIE
# Django settings
DJANGO_SUPERUSER_USERNAME: SUPERUSER_USERNAME
DJANGO_SUPERUSER_PASSWORD: SUPERUSER_PASSWORD
DJANGO_SUPERUSER_EMAIL: SUPERUSER_EMAIL

View file

@ -1,33 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: taiga-configmap
namespace: default
data:
# These environment variables will be used by taiga-back and taiga-async.
# Database settings handled in deployment
# Taiga settings
TAIGA_SITES_SCHEME: TAIGA_SCHEME
TAIGA_SITES_DOMAIN: TAIGA_DOMAIN
TAIGA_SUBPATH: SUBPATH
# Email settings.
EMAIL_BACKEND: EMAIL_BACKEND # django.core.mail.backends.${EMAIL_BACKEND}.EmailBackend # ToDo move to code base
DEFAULT_FROM_EMAIL: DEFAULT_FROM_EMAIL_VALUE
EMAIL_USE_TLS: EMAIL_USE_TLS_VALUE
EMAIL_USE_SSL: EMAIL_USE_SSL_VALUE
EMAIL_HOST: EMAIL_HOST_VALUE
EMAIL_PORT: EMAIL_PORT_VALUE
# Telemetry settings
ENABLE_TELEMETRY: ENABLE_TELEMETRY_VALUE
# ...your customizations go here
# Taiga Events Settings
# EVENTS_PUSH_BACKEND_URL: RABBITMQ_URL_VALUE
## Format RABBITMQ_URL="amqp://${RABBITMQ_USER}:${RABBITMQ_PASS}@taiga-events-rabbitmq:5672/taiga"
# RABBITMQ_URL: RABBITMQ_URL_VALUE # found in https://github.com/kaleidos-ventures/taiga-events/blob/main/docker/env.template
# Taiga Async Settings
# CELERY_BROKER_URL: CELERY_URL_VALUE

View file

@ -1,31 +0,0 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: taiga-media-data
namespace: default
labels:
app: taiga
app.kubernetes.part-of: taiga
spec:
storageClassName: local-path
accessModes:
- ReadWriteOnce
resources:
requests:
storage: TAIGA_MEDIA_DATA_STORAGE_SIZE
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: taiga-static-data
namespace: default
labels:
app: taiga
app.kubernetes.part-of: taiga
spec:
storageClassName: local-path
accessModes:
- ReadWriteOnce
resources:
requests:
storage: TAIGA_STATIC_DATA_STORAGE_SIZE

View file

@ -1,31 +0,0 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: taiga-async-rabbitmq-data
namespace: default
labels:
app: taiga
app.kubernetes.part-of: taiga
spec:
storageClassName: local-path
accessModes:
- ReadWriteOnce
resources:
requests:
storage: TAIGA_RABBITMQ_DATA_STORAGE_SIZE
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: taiga-events-rabbitmq-data
namespace: default
labels:
app: taiga
app.kubernetes.part-of: taiga
spec:
storageClassName: local-path
accessModes:
- ReadWriteOnce
resources:
requests:
storage: TAIGA_RABBITMQ_DATA_STORAGE_SIZE

View file

@ -1,10 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
name: taiga-rabbitmq-secret
labels:
app.kubernetes.part-of: taiga
data:
# Rabbitmq settings
RABBITMQ_DEFAULT_USER: RABBITMQ_USER_VALUE # ToDo: Evaluate if we need two different users and passes for rabbitmq
RABBITMQ_DEFAULT_PASS: RABBITMQ_PASS_VALUE

View file

@ -1,22 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
name: taiga-secret
labels:
app.kubernetes.part-of: taiga
data:
# Taiga settings
TAIGA_SECRET_KEY: SECRET_KEY_VALUE
# Email settings
EMAIL_HOST_USER: EMAIL_HOST_USER_VALUE
EMAIL_HOST_PASSWORD: EMAIL_HOST_USER_PASS
# Rabbitmq settings
RABBITMQ_USER: RABBITMQ_USER_VALUE
RABBITMQ_PASS: RABBITMQ_PASS_VALUE
# Django settings
DJANGO_SUPERUSER_TAIGAADMIN: TAIGA_ADMIN
DJANGO_SUPERUSER_PASSWORD: TAIGA_ADMIN_PASS

View file

@ -1,97 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: NAME-configmap
namespace: default
labels:
app.kubernetes.part-of: NAME-website
data:
nginx.conf: |
user nginx;
worker_processes 3;
error_log /var/log/nginx/error.log;
pid /var/log/nginx/nginx.pid;
worker_rlimit_nofile 8192;
events {
worker_connections 4096;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] $status'
'"$request" $body_bytes_sent "$http_referer"'
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
keepalive_timeout 65;
server_names_hash_bucket_size 128;
include /etc/nginx/conf.d/website.conf;
}
mime.types: |
types {
text/html html htm shtml;
text/css css;
text/xml xml rss;
image/gif gif;
image/jpeg jpeg jpg;
application/x-javascript js;
text/plain txt;
text/x-component htc;
text/mathml mml;
image/svg+xml svg svgz;
image/png png;
image/x-icon ico;
image/x-jng jng;
image/vnd.wap.wbmp wbmp;
application/java-archive jar war ear;
application/mac-binhex40 hqx;
application/pdf pdf;
application/x-cocoa cco;
application/x-java-archive-diff jardiff;
application/x-java-jnlp-file jnlp;
application/x-makeself run;
application/x-perl pl pm;
application/x-pilot prc pdb;
application/x-rar-compressed rar;
application/x-redhat-package-manager rpm;
application/x-sea sea;
application/x-shockwave-flash swf;
application/x-stuffit sit;
application/x-tcl tcl tk;
application/x-x509-ca-cert der pem crt;
application/x-xpinstall xpi;
application/zip zip;
application/octet-stream deb;
application/octet-stream bin exe dll;
application/octet-stream dmg;
application/octet-stream eot;
application/octet-stream iso img;
application/octet-stream msi msp msm;
audio/mpeg mp3;
audio/x-realaudio ra;
video/mpeg mpeg mpg;
video/quicktime mov;
video/x-flv flv;
video/x-msvideo avi;
video/x-ms-wmv wmv;
video/x-ms-asf asx asf;
video/x-mng mng;
}
website.conf: |
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name FQDN
add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload';
add_header X-Frame-Options "SAMEORIGIN";
add_header X-Content-Type-Options nosniff;
add_header Referrer-Policy "strict-origin";
# add_header Permissions-Policy "permissions here";
root /var/www/html/website/;
index index.html;
location / {
try_files $uri $uri/ /index.html =404;
}
}

View file

@ -1,76 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: NAME-deployment
labels:
app.kubernetes.part-of: NAME-website
spec:
replicas: 1
selector:
matchLabels:
app: NAME-nginx
template:
metadata:
labels:
app: NAME-nginx
spec:
containers:
- name: NAME-nginx
image: nginx:latest
imagePullPolicy: IfNotPresent
ports:
- containerPort: 80
volumeMounts:
- mountPath: /etc/nginx
readOnly: true
name: nginx-config-volume
- mountPath: /var/log/nginx
name: log
- mountPath: /var/www/html/website
name: content-volume
readOnly: true
initContainers:
- image: domaindrivenarchitecture/c4k-website-build
name: NAME-init-build-container
imagePullPolicy: IfNotPresent
resources:
requests:
cpu: BUILD_CPU_REQUEST
memory: BUILD_MEMORY_REQUEST
limits:
cpu: BUILD_CPU_LIMIT
memory: BUILD_MEMORY_LIMIT
command: ["/entrypoint.sh"]
envFrom:
- secretRef:
name: NAME-secret
env:
- name: SHA256SUM
value: CHECK_SUM
- name: SCRIPTFILE
value: SCRIPT_FILE
volumeMounts:
- name: content-volume
mountPath: /var/www/html/website
- name: hashfile-volume
mountPath: /var/hashfile.d
volumes:
- name: nginx-config-volume
configMap:
name: NAME-configmap
items:
- key: nginx.conf
path: nginx.conf
- key: website.conf
path: conf.d/website.conf
- key: mime.types
path: mime.types
- name: log
emptyDir: {}
- name: content-volume
persistentVolumeClaim:
claimName: NAME-content-volume
- name: hashfile-volume
persistentVolumeClaim:
claimName: NAME-hashfile-volume

View file

@ -1,15 +0,0 @@
kind: Service
apiVersion: v1
metadata:
name: NAME-service
labels:
app: NAME-nginx
app.kubernetes.part-of: NAME-website
namespace: default
spec:
selector:
app: NAME-nginx
ports:
- name: nginx-http
port: 80

View file

@ -1,48 +0,0 @@
apiVersion: batch/v1
kind: CronJob
metadata:
name: NAME-build-cron
labels:
app.kubernetes.part-of: NAME-website
spec:
schedule: "0/7 * * * *"
successfulJobsHistoryLimit: 1
failedJobsHistoryLimit: 1
jobTemplate:
spec:
template:
spec:
containers:
- image: domaindrivenarchitecture/c4k-website-build
name: NAME-build-app
imagePullPolicy: IfNotPresent
resources:
requests:
cpu: BUILD_CPU_REQUEST
memory: BUILD_MEMORY_REQUEST
limits:
cpu: BUILD_CPU_LIMIT
memory: BUILD_MEMORY_LIMIT
command: ["/entrypoint.sh"]
envFrom:
- secretRef:
name: NAME-secret
env:
- name: SHA256SUM
value: CHECK_SUM
- name: SCRIPTFILE
value: SCRIPT_FILE
volumeMounts:
- name: content-volume
mountPath: /var/www/html/website
- name: hashfile-volume
mountPath: /var/hashfile.d
volumes:
- name: content-volume
persistentVolumeClaim:
claimName: NAME-content-volume
- name: hashfile-volume
persistentVolumeClaim:
claimName: NAME-hashfile-volume
restartPolicy: OnFailure

View file

@ -1,10 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
name: NAME-secret
labels:
app.kubernetes.part-of: NAME-website
data:
AUTHTOKEN: TOKEN
GITREPOURL: REPOURL
GITCOMMITURL: COMMITURL

View file

@ -1,16 +0,0 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: NAME-content-volume
namespace: default
labels:
app: NAME-nginx
app.kubernetes.part-of: NAME-website
spec:
storageClassName: local-path
accessModes:
- ReadWriteOnce
resources:
requests:
storage: WEBSITESTORAGESIZE

View file

@ -0,0 +1,19 @@
(ns dda.c4k-taiga.core-test
(:require
#?(:cljs [shadow.resource :as rc])
#?(:clj [clojure.test :refer [deftest is are testing run-tests]]
:cljs [cljs.test :refer-macros [deftest is are testing run-tests]])
[clojure.spec.alpha :as s]
[dda.c4k-common.yaml :as yaml]
[dda.c4k-taiga.core :as cut]))
#?(:cljs
(defmethod yaml/load-resource :website-test [resource-name]
(case resource-name
"taiga-test/valid-config.yaml" (rc/inline "taiga-test/valid-config.yaml")
"taiga-test/valid-auth.yaml" (rc/inline "taiga-test/valid-auth.yaml")
(throw (js/Error. "Undefined Resource!")))))
(deftest validate-valid-resources
(is (s/valid? cut/config? (yaml/load-as-edn "taiga-test/valid-config.yaml")))
(is (s/valid? cut/auth? (yaml/load-as-edn "taiga-test/valid-auth.yaml"))))

View file

@ -0,0 +1,105 @@
(ns dda.c4k-taiga.taiga-test
(:require
#?(:cljs [shadow.resource :as rc])
#?(:clj [clojure.test :refer [deftest is are testing run-tests]]
:cljs [cljs.test :refer-macros [deftest is are testing run-tests]])
[clojure.spec.alpha :as s]
[dda.c4k-common.yaml :as yaml]
[dda.c4k-taiga.taiga :as cut]))
#?(:cljs
(defmethod yaml/load-resource :taiga-test [resource-name]
(case resource-name
"taiga-test/valid-config.yaml" (rc/inline "taiga-test/valid-config.yaml")
"taiga-test/valid-auth.yaml" (rc/inline "taiga-test/valid-auth.yaml")
(throw (js/Error. "Undefined Resource!")))))
(deftest should-generate-configmap
(is (= {:apiVersion "v1",
:kind "ConfigMap",
:metadata {:name "taiga-configmap", :namespace "default"},
:data
{:CELERY_ENABLED "false",
:ENABLE_TELEMETRY "false",
:TAIGA_SITES_SCHEME "https",
:TAIGA_SITES_DOMAIN "taiga.test.meissa.de",
:TAIGA_SUBPATH "",
:TAIGA_URL "https://taiga.test.meissa.de",
:TAIGA_WEBSOCKETS_URL "wss://taiga.test.meissa.de",
:PUBLIC_REGISTER_ENABLED "false",
:ENABLE_GITHUB_IMPORTER "false",
:ENABLE_JIRA_IMPORTER "false",
:ENABLE_TRELLO_IMPORTER "false",
:RABBITMQ_DEFAULT_VHOST "taiga",
:SESSION_COOKIE_SECURE "false",
:CSRF_COOKIE_SECURE "false"}}
(cut/generate-configmap (yaml/load-as-edn "taiga-test/valid-config.yaml")))))
(deftest should-generate-pvc-taiga-media-data
(is (= {:apiVersion "v1",
:kind "PersistentVolumeClaim",
:metadata
{:name "taiga-media-data",
:namespace "default",
:labels {:app "taiga", :app.kubernetes.part-of "taiga"}},
:spec
{:storageClassName "local-path",
:accessModes ["ReadWriteOnce"],
:resources {:requests {:storage "2Gi"}}}}
(cut/generate-pvc-taiga-media-data (yaml/load-as-edn "taiga-test/valid-config.yaml")))))
(deftest should-generate-pvc-taiga-static-data
(is (= {:apiVersion "v1",
:kind "PersistentVolumeClaim",
:metadata
{:name "taiga-static-data",
:namespace "default",
:labels {:app "taiga", :app.kubernetes.part-of "taiga"}},
:spec
{:storageClassName "local-path",
:accessModes ["ReadWriteOnce"],
:resources {:requests {:storage "3Gi"}}}}
(cut/generate-pvc-taiga-static-data (yaml/load-as-edn "taiga-test/valid-config.yaml")))))
(deftest should-generate-rabbitmq-pvc-async
(is (= {:apiVersion "v1",
:kind "PersistentVolumeClaim",
:metadata
{:name "taiga-async-rabbitmq-data",
:namespace "default",
:labels {:app "taiga", :app.kubernetes.part-of "taiga"}},
:spec
{:storageClassName "local-path",
:accessModes ["ReadWriteOnce"],
:resources {:requests {:storage "4Gi"}}}}
(cut/generate-rabbitmq-pvc-async(yaml/load-as-edn "taiga-test/valid-config.yaml")))))
(deftest should-generate-rabbitmq-pvc-events
(is (= {:apiVersion "v1",
:kind "PersistentVolumeClaim",
:metadata
{:name "taiga-events-rabbitmq-data",
:namespace "default",
:labels {:app "taiga", :app.kubernetes.part-of "taiga"}},
:spec
{:storageClassName "local-path",
:accessModes ["ReadWriteOnce"],
:resources {:requests {:storage "5Gi"}}}}
(cut/generate-rabbitmq-pvc-events (yaml/load-as-edn "taiga-test/valid-config.yaml")))))
(deftest should-generate-secret
(is (= {:apiVersion "v1",
:kind "Secret",
:metadata
{:name "taiga-secret", :labels {:app.kubernetes.part-of "taiga"}},
:data
{:TAIGA_SECRET_KEY "c29tZS1rZXk=",
:EMAIL_HOST_USER "bWFpbGVyLXVzZXI=",
:EMAIL_HOST_PASSWORD "bWFpbGVyLXB3",
:RABBITMQ_USER "cmFiYml0LXVzZXI=",
:RABBITMQ_PASS "cmFiYml0LXB3",
:RABBITMQ_ERLANG_COOKIE "cmFiYml0LWVybGFuZw==",
:DJANGO_SUPERUSER_USERNAME "dGFpZ2EtYWRtaW4=",
:DJANGO_SUPERUSER_PASSWORD "c3VwZXItcGFzc3dvcmQ=",
:DJANGO_SUPERUSER_EMAIL "c29tZUBleGFtcGxlLmNvbQ=="}}
(cut/generate-secret (yaml/load-as-edn "taiga-test/valid-auth.yaml")))))

View file

@ -1,121 +0,0 @@
(ns dda.c4k-website.core-test
(:require
#?(:cljs [shadow.resource :as rc])
#?(:clj [clojure.test :refer [deftest is are testing run-tests]]
:cljs [cljs.test :refer-macros [deftest is are testing run-tests]])
[clojure.spec.alpha :as s]
[dda.c4k-common.yaml :as yaml]
[dda.c4k-website.core :as cut]
[clojure.spec.alpha :as s]))
#?(:cljs
(defmethod yaml/load-resource :website-test [resource-name]
(case resource-name
"website-test/valid-auth.yaml" (rc/inline "website-test/valid-auth.yaml")
"website-test/valid-config.yaml" (rc/inline "website-test/valid-config.yaml")
(throw (js/Error. "Undefined Resource!")))))
(deftest validate-valid-resources
(is (s/valid? cut/config? (yaml/load-as-edn "website-test/valid-config.yaml")))
(is (s/valid? cut/auth? (yaml/load-as-edn "website-test/valid-auth.yaml"))))
(def websites1
{:websites
[{:unique-name "example.io"
:fqdns ["example.org", "www.example.com"]
:gitea-host "finegitehost.net"
:gitea-repo "repo"
:branchname "main"}
{:unique-name "test.io"
:fqdns ["test.de" "test.org" "www.test.de" "www.test.org"]
:gitea-host "gitlab.de"
:gitea-repo "repo"
:branchname "main"}]})
(def websites2
{:websites
[{:unique-name "test.io"
:fqdns ["test.de" "test.org" "www.test.de" "www.test.org"]
:gitea-host "gitlab.de"
:gitea-repo "repo"
:branchname "main"}
{:unique-name "example.io"
:fqdns ["example.org", "www.example.com"]
:gitea-host "finegitehost.net"
:gitea-repo "repo"
:branchname "main"}]})
(def auth1
{:auth
[{:unique-name "example.io"
:username "someuser"
:authtoken "abedjgbasdodj"}
{:unique-name "test.io"
:username "someuser"
:authtoken "abedjgbasdodj"}]})
(def auth2
{:auth
[{:unique-name "test.io"
:username "someuser"
:authtoken "abedjgbasdodj"}
{:unique-name "example.io"
:username "someuser"
:authtoken "abedjgbasdodj"}]})
(def flattened-and-reduced-config
{:unique-name "example.io",
:fqdns ["example.org" "www.example.com"],
:gitea-host "finegitehost.net",
:gitea-repo "repo",
:branchname "main"})
(def flattened-and-reduced-auth
{:unique-name "example.io",
:username "someuser",
:authtoken "abedjgbasdodj"})
(deftest sorts-config
(is (= {:issuer "staging",
:websites
[{:unique-name "example.io",
:fqdns ["example.org" "www.example.com"],
:gitea-host "finegitehost.net",
:gitea-repo "repo",
:branchname "main"},
{:unique-name "test.io",
:fqdns ["test.de" "test.org" "www.test.de" "www.test.org"],
:gitea-host "gitlab.de",
:gitea-repo "repo",
:branchname "main",
:sha256sum-output "123456789ab123cd345de script-file-name.sh"}],
:mon-cfg {:grafana-cloud-url "url-for-your-prom-remote-write-endpoint", :cluster-name "jitsi", :cluster-stage "test"}}
(cut/sort-config
{:issuer "staging",
:websites
[{:unique-name "test.io",
:fqdns ["test.de" "test.org" "www.test.de" "www.test.org"],
:gitea-host "gitlab.de",
:gitea-repo "repo",
:branchname "main",
:sha256sum-output "123456789ab123cd345de script-file-name.sh"}
{:unique-name "example.io",
:fqdns ["example.org" "www.example.com"],
:gitea-host "finegitehost.net",
:gitea-repo "repo",
:branchname "main"}],
:mon-cfg {:grafana-cloud-url "url-for-your-prom-remote-write-endpoint", :cluster-name "jitsi", :cluster-stage "test"}}))))
(deftest test-flatten-and-reduce-config
(is (=
flattened-and-reduced-config
(cut/flatten-and-reduce-config (cut/sort-config websites1))))
(is (=
flattened-and-reduced-config
(cut/flatten-and-reduce-config (cut/sort-config websites2)))))
(deftest test-flatten-and-reduce-auth
(is (= flattened-and-reduced-auth
(cut/flatten-and-reduce-auth (cut/sort-auth auth1))))
(is (= flattened-and-reduced-auth
(cut/flatten-and-reduce-auth (cut/sort-auth auth2)))))

View file

@ -1,223 +0,0 @@
(ns dda.c4k-website.website-test
(:require
#?(:clj [clojure.test :refer [deftest is are testing run-tests]]
:cljs [cljs.test :refer-macros [deftest is are testing run-tests]])
[clojure.spec.test.alpha :as st]
[dda.c4k-common.test-helper :as th]
[dda.c4k-common.base64 :as b64]
[dda.c4k-website.website :as cut]
[clojure.spec.alpha :as s]))
(st/instrument `cut/generate-nginx-configmap)
(st/instrument `cut/generate-nginx-deployment)
(st/instrument `cut/generate-nginx-service)
(st/instrument `cut/generate-website-content-volume)
(st/instrument `cut/generate-hashfile-volume)
(st/instrument `cut/generate-website-ingress)
(st/instrument `cut/generate-website-certificate)
(st/instrument `cut/generate-website-build-cron)
(st/instrument `cut/generate-website-build-secret)
(deftest should-generate-nginx-configmap-website
(is (= "server {\n listen 80 default_server;\n listen [::]:80 default_server;\n server_name test.de www.test.de test-it.de www.test-it.de;\n add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload'; \n add_header X-Frame-Options \"SAMEORIGIN\";\n add_header X-Content-Type-Options nosniff;\n add_header Referrer-Policy \"strict-origin\";\n # add_header Permissions-Policy \"permissions here\";\n root /var/www/html/website/;\n index index.html;\n location / {\n try_files $uri $uri/ /index.html =404;\n }\n}\n"
(:website.conf (:data (cut/generate-nginx-configmap {:unique-name "test.io",
:gitea-host "gitea.evilorg",
:gitea-repo "none",
:branchname "mablain",
:fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]})))))
(is (= "types {\n text/html html htm shtml;\n text/css css;\n text/xml xml rss;\n image/gif gif;\n image/jpeg jpeg jpg;\n application/x-javascript js;\n text/plain txt;\n text/x-component htc;\n text/mathml mml;\n image/svg+xml svg svgz;\n image/png png;\n image/x-icon ico;\n image/x-jng jng;\n image/vnd.wap.wbmp wbmp;\n application/java-archive jar war ear;\n application/mac-binhex40 hqx;\n application/pdf pdf;\n application/x-cocoa cco;\n application/x-java-archive-diff jardiff;\n application/x-java-jnlp-file jnlp;\n application/x-makeself run;\n application/x-perl pl pm;\n application/x-pilot prc pdb;\n application/x-rar-compressed rar;\n application/x-redhat-package-manager rpm;\n application/x-sea sea;\n application/x-shockwave-flash swf;\n application/x-stuffit sit;\n application/x-tcl tcl tk;\n application/x-x509-ca-cert der pem crt;\n application/x-xpinstall xpi;\n application/zip zip;\n application/octet-stream deb;\n application/octet-stream bin exe dll;\n application/octet-stream dmg;\n application/octet-stream eot;\n application/octet-stream iso img;\n application/octet-stream msi msp msm;\n audio/mpeg mp3;\n audio/x-realaudio ra;\n video/mpeg mpeg mpg;\n video/quicktime mov;\n video/x-flv flv;\n video/x-msvideo avi;\n video/x-ms-wmv wmv;\n video/x-ms-asf asx asf;\n video/x-mng mng;\n}\n"
(:mime.types (:data (cut/generate-nginx-configmap {:unique-name "test.io",
:gitea-host "gitea.evilorg",
:gitea-repo "none",
:branchname "mablain",
:fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]})))))
(is (= "user nginx;\nworker_processes 3;\nerror_log /var/log/nginx/error.log;\npid /var/log/nginx/nginx.pid;\nworker_rlimit_nofile 8192;\nevents {\n worker_connections 4096;\n}\nhttp {\n include /etc/nginx/mime.types;\n default_type application/octet-stream;\n log_format main '$remote_addr - $remote_user [$time_local] $status'\n '\"$request\" $body_bytes_sent \"$http_referer\"'\n '\"$http_user_agent\" \"$http_x_forwarded_for\"';\n access_log /var/log/nginx/access.log main;\n sendfile on;\n tcp_nopush on;\n keepalive_timeout 65;\n server_names_hash_bucket_size 128;\n include /etc/nginx/conf.d/website.conf;\n}\n"
(:nginx.conf (:data (cut/generate-nginx-configmap {:unique-name "test.io",
:gitea-host "gitea.evilorg",
:gitea-repo "none",
:branchname "mablain",
:fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]})))))
(is (= {:apiVersion "v1",
:kind "ConfigMap",
:metadata {:name "test-io-configmap",
:labels {:app.kubernetes.part-of "test-io-website"},
:namespace "default"}}
(dissoc (cut/generate-nginx-configmap {:unique-name "test.io",
:gitea-host "gitea.evilorg",
:gitea-repo "none",
:branchname "mablain",
:fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]}) :data))))
(deftest should-generate-nginx-deployment
(is (= {:apiVersion "apps/v1",
:kind "Deployment",
:metadata {:name "test-io-deployment", :labels {:app.kubernetes.part-of "test-io-website"}},
:spec
{:replicas 1,
:selector {:matchLabels {:app "test-io-nginx"}},
:template
{:metadata {:labels {:app "test-io-nginx"}},
:spec
{:containers
[{:name "test-io-nginx",
:image "nginx:latest",
:imagePullPolicy "IfNotPresent",
:ports [{:containerPort 80}],
:volumeMounts
[{:mountPath "/etc/nginx", :readOnly true, :name "nginx-config-volume"}
{:mountPath "/var/log/nginx", :name "log"}
{:mountPath "/var/www/html/website", :name "content-volume", :readOnly true}]}],
:initContainers
[{:image "domaindrivenarchitecture/c4k-website-build",
:name "test-io-init-build-container",
:imagePullPolicy "IfNotPresent",
:resources {:requests {:cpu "500m", :memory "256Mi"}, :limits {:cpu "1700m", :memory "512Mi"}},
:command ["/entrypoint.sh"],
:envFrom [{:secretRef {:name "test-io-secret"}}],
:env [{:name "SHA256SUM", :value "123456789ab123cd345de"} {:name "SCRIPTFILE", :value "script-file-name.sh"}],
:volumeMounts [{:name "content-volume", :mountPath "/var/www/html/website"}
{:name "hashfile-volume", :mountPath "/var/hashfile.d"}]}],
:volumes
[{:name "nginx-config-volume",
:configMap
{:name "test-io-configmap",
:items
[{:key "nginx.conf", :path "nginx.conf"}
{:key "website.conf", :path "conf.d/website.conf"}
{:key "mime.types", :path "mime.types"}]}}
{:name "log", :emptyDir {}}
{:name "content-volume", :persistentVolumeClaim {:claimName "test-io-content-volume"}}
{:name "hashfile-volume", :persistentVolumeClaim {:claimName "test-io-hashfile-volume"}}]}}}}
(cut/generate-nginx-deployment {:gitea-host "gitlab.de",
:fqdns ["test.de" "test.org" "www.test.de" "www.test.org"],
:gitea-repo "repo",
:sha256sum-output "123456789ab123cd345de script-file-name.sh",
:issuer "staging",
:branchname "main",
:unique-name "test.io"}))))
(deftest should-generate-resource-requests
(is (= {:requests {:cpu "500m", :memory "256Mi"}, :limits {:cpu "1700m", :memory "512Mi"}}
(-> (cut/generate-nginx-deployment {:gitea-host "gitlab.de",
:fqdns ["test.de" "test.org" "www.test.de" "www.test.org"],
:gitea-repo "repo",
:sha256sum-output "123456789ab123cd345de script-file-name.sh",
:issuer "staging",
:branchname "main",
:unique-name "test.io"})
:spec :template :spec :initContainers first :resources )))
(is (= {:requests {:cpu "1500m", :memory "512Mi"}, :limits {:cpu "3000m", :memory "1024Mi"}}
(-> (cut/generate-nginx-deployment {:gitea-host "gitlab.de",
:fqdns ["test.de" "test.org" "www.test.de" "www.test.org"],
:gitea-repo "repo",
:sha256sum-output "123456789ab123cd345de script-file-name.sh",
:issuer "staging",
:branchname "main",
:unique-name "test.io"
:build-cpu-request "1500m"
:build-cpu-limit "3000m"
:build-memory-request "512Mi"
:build-memory-limit "1024Mi"})
:spec :template :spec :initContainers first :resources))))
(deftest should-generate-nginx-service
(is (= {:name-c1 "test-io-service",
:name-c2 "test-org-service",
:app-c1 "test-io-nginx",
:app-c2 "test-org-nginx",
:app.kubernetes.part-of-c1 "test-io-website",
:app.kubernetes.part-of-c2 "test-org-website"}
(th/map-diff (cut/generate-nginx-service {:unique-name "test.io",
:gitea-host "gitea.evilorg",
:gitea-repo "none",
:branchname "mablain",
:fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]})
(cut/generate-nginx-service {:unique-name "test.org",
:gitea-host "gitea.evilorg",
:gitea-repo "none",
:branchname "mablain",
:fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]})))))
(deftest should-generate-website-build-cron
(is (= {:apiVersion "batch/v1",
:kind "CronJob",
:metadata {:name "test-io-build-cron", :labels {:app.kubernetes.part-of "test-io-website"}},
:spec
{:schedule "0/7 * * * *",
:successfulJobsHistoryLimit 1,
:failedJobsHistoryLimit 1,
:jobTemplate
{:spec
{:template
{:spec
{:containers
[{:image "domaindrivenarchitecture/c4k-website-build",
:name "test-io-build-app",
:imagePullPolicy "IfNotPresent",
:resources {:requests {:cpu "500m", :memory "256Mi"}, :limits {:cpu "1700m", :memory "512Mi"}},
:command ["/entrypoint.sh"],
:envFrom [{:secretRef {:name "test-io-secret"}}],
:env [{:name "SHA256SUM", :value "123456789ab123cd345de"} {:name "SCRIPTFILE", :value "script-file-name.sh"}],
:volumeMounts [{:name "content-volume", :mountPath "/var/www/html/website"}
{:name "hashfile-volume", :mountPath "/var/hashfile.d"}]}],
:volumes [{:name "content-volume", :persistentVolumeClaim {:claimName "test-io-content-volume"}}
{:name "hashfile-volume", :persistentVolumeClaim {:claimName "test-io-hashfile-volume"}}],
:restartPolicy "OnFailure"}}}}}}
(cut/generate-website-build-cron {:gitea-host "gitlab.de",
:fqdns ["test.de" "test.org" "www.test.de" "www.test.org"],
:gitea-repo "repo",
:sha256sum-output "123456789ab123cd345de script-file-name.sh",
:issuer "staging",
:branchname "main",
:unique-name "test.io"}))))
(deftest should-generate-website-build-secret
(is (= {:apiVersion "v1",
:kind "Secret",
:metadata {:name "test-io-secret", :labels {:app.kubernetes.part-of "test-io-website"}},
:data
{:AUTHTOKEN "YWJlZGpnYmFzZG9kag==",
:GITREPOURL "aHR0cHM6Ly9naXRsYWIuZGUvYXBpL3YxL3JlcG9zL3NvbWV1c2VyL3JlcG8vYXJjaGl2ZS9tYWluLnppcA==",
:GITCOMMITURL "aHR0cHM6Ly9naXRsYWIuZGUvYXBpL3YxL3JlcG9zL3NvbWV1c2VyL3JlcG8vZ2l0L2NvbW1pdHMvSEVBRA=="}}
(cut/generate-website-build-secret {:fqdns ["test.de" "test.org" "www.test.de" "www.test.org"],
:gitea-repo "repo",
:sha256sum-output "123456789ab123cd345de script-file-name.sh",
:issuer "staging",
:branchname "main",
:unique-name "test.io",
:gitea-host "gitlab.de"}
{:unique-name "test.io",
:authtoken "abedjgbasdodj",
:username "someuser"}))))
(deftest should-generate-website-content-volume
(is (= {:name-c1 "test-io-content-volume",
:name-c2 "test-org-content-volume",
:app-c1 "test-io-nginx",
:app-c2 "test-org-nginx",
:app.kubernetes.part-of-c1 "test-io-website",
:app.kubernetes.part-of-c2 "test-org-website"}
(th/map-diff (cut/generate-website-content-volume {:unique-name "test.io",
:gitea-host "gitea.evilorg",
:gitea-repo "none",
:branchname "mablain",
:fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]})
(cut/generate-website-content-volume {:unique-name "test.org",
:gitea-host "gitea.evilorg",
:gitea-repo "none",
:branchname "mablain",
:fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]})))))
(deftest should-generate-hashfile-volume
(is (= {:apiVersion "v1",
:kind "PersistentVolumeClaim",
:metadata
{:name "test-io-hashfile-volume",
:namespace "default",
:labels {:app "test-io-nginx", :app.kubernetes.part-of "test-io-website"}},
:spec {:storageClassName "local-path", :accessModes ["ReadWriteOnce"], :resources {:requests {:storage "16Mi"}}}}
(cut/generate-hashfile-volume {:unique-name "test.io",
:gitea-host "gitea.evilorg",
:gitea-repo "none",
:branchname "mablain",
:fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]}))))

View file

@ -0,0 +1,14 @@
taiga-secret-key: "some-key"
postgres-db-user: "forgejo"
postgres-db-password: "forgejo-db-password"
mailer-user: "mailer-user"
mailer-pw: "mailer-pw"
django-superuser-username: "taiga-admin"
django-superuser-password: "super-password"
django-superuser-email: "some@example.com"
rabbitmq-user: "rabbit-user"
rabbitmq-pw: "rabbit-pw"
rabbitmq-erlang-cookie: "rabbit-erlang"
mon-auth:
grafana-cloud-user: "user"
grafana-cloud-password: "password"

View file

@ -0,0 +1,13 @@
issuer: "staging"
fqdn: "taiga.test.meissa.de"
public-register-enabled: "false"
enable-telemetry: "false"
storage-class-name: "local-path"
storage-media-size: 2
storage-static-size: 3
storage-async-rabbitmq-size: 4
storage-events-rabbitmq-size: 5
mon-cfg:
grafana-cloud-url: "url-for-your-prom-remote-write-endpoint"
cluster-name: "jitsi"
cluster-stage: "test"

View file

@ -1,12 +0,0 @@
taiga-secret-key: "some-key"
postgres-db-user: "forgejo"
postgres-db-password: "forgejo-db-password"
mailer-user: ""
mailer-pw: ""
rabbitmq-user: ""
rabbitmq-pw: ""
django-superuser: "taiga-admin"
django-superuser-password: ""
mon-auth:
grafana-cloud-user: "user"
grafana-cloud-password: "password"

View file

@ -1,5 +0,0 @@
issuer: "staging"
mon-cfg:
grafana-cloud-url: "url-for-your-prom-remote-write-endpoint"
cluster-name: "jitsi"
cluster-stage: "test"