diff --git a/README.md b/README.md index 8c25e8f..10d0321 100644 --- a/README.md +++ b/README.md @@ -6,25 +6,62 @@ ## Purpose -Delivering cryogen generated static sites with the push of a few buttons. +**GitOps for static generated Websites.** -c4k-website generates configuration files for multiple nginx webservers, and -corresponding cryogen static site generator build containers. This automatically downloads a `.zip` from a specified gitea API url. You need an authorization token to access the specified gitea user account. The build container is based on clojure:lein. +c4k-website generates k8s-manifest for a webserver serving static html. -Following the example in valid-config.edn and valid-auth.edn you can add as many websites as you like (provided you have the DNS Routes set up). One set of configmaps, deployment, services etc will be created for each element in the :websites and :auth list. +c4k-website is an example how to create k8s manifests for OneShotDeployments with https://repo.prod.meissa.de/meissa/c4k-common. -Configs generated by c4k-website consists of the following parts: +## Features -* nginx deployment + configmap + service + ingress + certificate definitions -* nginx deployment has init container, building the website at startup time -* cron job for building and build secret for storing auth data -* respective volume claims +- [convention 4 kubernetes: c4k-website](#convention-4-kubernetes-c4k-website) + - [Purpose](#purpose) + - [Features](#features) + - [Serving multiple websites](#serving-multiple-websites) + - [https \& Letsencrypt Certificates](#https--letsencrypt-certificates) + - [Ratelimiting](#ratelimiting) + - [Monitoring](#monitoring) + - [GitOps your Websites](#gitops-your-websites) + - [Support Hugo and Cryogene](#support-hugo-and-cryogene) + - [Try out](#try-out) + - [Usage](#usage) + - [Development \& mirrors](#development--mirrors) + - [License](#license) -c4k-website is an example how to create efficient k8s one shot deployments with https://repo.prod.meissa.de/meissa/c4k-common. +### Serving multiple websites -## Status +You can serve many websites, each of can listen to a list of domain names. E.g. -Stable - we use this setup on production. +```yaml +# Config example +websites: +- unique-name: "test.io" + fqdns: ["test.de", "test.org", "www.test.de", "www.test.org"] +- unique-name: "example.io" + fqdns: ["example.org", "www.example.com"] +``` + +### https & Letsencrypt Certificates + +The domain names listed will get their certificates from letsencrypt out of the box. + +### Ratelimiting + +There is a Ratelimit included for each website. This makes it harder to DOS one or all websites served. + +### Monitoring + +Monitoring on GrafanaCloud (or any other grafana) is included out of the box. + +### GitOps your Websites + +If your repository is on a frogejo or gitea repo, we included GitOps. We ask every ten minutes the repo api for new pushed content. + +If there is new content we generate the new static html & serve it. + +### Support Hugo and Cryogene + +For static html generation we support cryogen & hugo. ## Try out @@ -36,48 +73,18 @@ Your input will stay in your browser. No server interaction is required. You will also be able to try out on cli: ``` -target/graalvm/c4k-website src/test/resources/website-test/valid-config.yaml src/test/resources/website-test/valid-auth.yaml | kubeval - -target/graalvm/c4k-website src/test/resources/website-test/valid-config.yaml src/test/resources/website-test/valid-auth.yaml | kubectl apply -f - +c4k-website src/test/resources/valid-config.yaml src/test/resources/valid-auth.yaml ``` - ## Usage -You need: +Prerequisites: +* DNS routes pointing to your k8s cluster. +* frogejo or gitea instance for your website repo. In doubt use https://codeberg.org +* A git repository with your hugo / cryogene website + * the project provides a `generate.sh` (maybe your generatoin needs some preprocessing) + * `generate.sh` deliver its static generated html to `target/html` -* DNS routes matching the fqdns in the lists -* cryogen as a static site generator -* a cryogen project ready to build -* a gitea account which holds the buildable project -* an authorization token for that account -* and a kubernetes cluster provisioned by [provs] - -Add a unique identifier for each website to config.edn and auth.edn (e.g. domain-name). -Add the list of fqdns, your gitea host, name of the website repo and the respective branch name (usually "main") to config.edn. -Add auth token and gitea user with access to the website repo to auth.edn. -Let c4k-website generate your .yaml file. -Apply this file on your cluster with `kubectl apply -f yourApp.yaml`. -Done. - -### Script Execution - -Optionally you can specify a trusted script in your config.edn. - -1. `sha256sum` "/path/to/your/script/file" -2. copy the output of this command -3. add the :sha256-output "hash-of-file file.name" :key value pair to the respective collection in :websites. - -Also, see the example in valid-config.edn. The script file needs to exist in the `.zip` and path specification to the script file should be relative to the root of the unzipped folder. Scripts can be of any type - as long as an according shebang exists in the first line. - -```bash -sha256sum your-script-file # use output of this call -sha256sum scripts/your-script-file # or this -sha256sum scripts/foo/bar/your-script-file # or this -``` - -### resource requests and limits - -You may want to adjust the resource requests and limits of the build and init containers to your specific scenario. ## Development & mirrors diff --git a/doc/Releasing.md b/doc/Releasing.md deleted file mode 100644 index bce2d2e..0000000 --- a/doc/Releasing.md +++ /dev/null @@ -1,77 +0,0 @@ -# Release process - -## ... for testing (snapshots) - -Make sure your clojars.org credentials are correctly set in your ~/.lein/profiles.clj file. - -``` bash -git add . -git commit -``` - -``` bash -lein deploy # or lein deploy clojars -``` - -## ... for stable release patch version - -Make sure tags are protected in gitlab: -Repository Settings -> Protected Tags -> set \*.\*.\* as tag and save. - -Make sure all your changes are committed: -``` bash -git checkout main # for old projects replace main with master -git add . -git commit -``` - -Open package.json, find "version" keyword and remove "-SNAPSHOT" from version number. - -``` bash -git add . -# REPLACE x.x.x with the correct version -git commit -m "Release vx.x.x" -lein release -git push --follow-tags -``` - -Open package.json again, increase version increment by one and add "-SNAPSHOT". - -``` bash -git commit -am "[Skip-CI] version bump" -git push -``` - -## ... for stable release minor version - -Make sure tags are protected in gitlab: -Repository Settings -> Protected Tags -> set \*.\*.\* as tag and save. - -``` bash -git checkout main # for old projects replace main with master -git add . -git commit -``` - -In package.json, find "version" keyword and remove "-SNAPSHOT" from version number. -Increment minor version by one, set patch version to zero. - -Open project.clj, find ":version" keyword, increment minor version by one, set patch version to zero. -Leave "-SNAPSHOT" be. - -``` bash -git add . -# REPLACE x.x.x with the correct version -git commit -m "Release vx.x.x" -lein release -git push --follow-tags -``` - -Open package.json again, increase version increment by one and add "-SNAPSHOT". - -``` bash -git commit -am "[Skip-CI] version bump" -git push -``` - -Done. diff --git a/doc/architecture.md b/doc/architecture.md index f36a207..111645b 100644 --- a/doc/architecture.md +++ b/doc/architecture.md @@ -1,26 +1,20 @@ +# GitOps for Websites ```mermaid -C4Context - title c4k-webserver - Boundary(website, "website") { - System(website_ing1, "ingress f. host meissa-gmbh.de") - System(website_ing2, "ingress f. host meissa.de") - Boundary(website_pod, "website pod"){ - Boundary(aaa, "website container") { - System(ws, "webserver") - SystemDb(file_html, "static html") - Rel(ws, file_html, "file ro") - } - Boundary(aab, "cron build website") { - System(git_clone, "git clone/pull & lein ring server & copy to static html") - SystemDb(file_git, "git repo") - Rel(git_clone, file_git, "file rw") - Rel(git_clone, file_html, "file rw") - } - } - Rel(website_ing1, ws, "http") - Rel(website_ing2, ws, "http") - } +sequenceDiagram + Actor a as Website Author + participant j as Job triggerd by Cron + participant f as Forgejo Instance + participant g as Your Git Repo for Website + + a ->> g: commit & push some new content + j ->> f: check repo hash for new commits + activate j + f ->> g: get lates commit hash + f -->> j: + j ->> f: download repo + j ->> j: generate.sh + j ->> j: cp /target/html to website + deactivate j ``` -[![](https://mermaid.ink/img/pako:eNqNU8tugzAQ_JWVD1UqJaka5cSxSX-guSIhgxewamxkL01RxL_XQFExSdr6gtee2ccMvrDMCGQRO-wPRhN-UqzBL5KkELL9--aMqUP7gXa8eDGNFty2q_5cEq4hZt_bmD3CZUT169Q6wmrCJVIXzz3Yfy06B_kWSuMIKpTO8U1RpeVW9Dl-y7C7n2FJXjaa1EbMmgUfevys34DEOZ-DM68Nl9qLEM647NRNpFGxeT8h9JiucqkwKalSPccRJ5lBH95kvaEasgekPgBrrgjd3aHSnpZZoyFtpBJw27nFVIWkJFNGD177AIbgqW6UggdQKDVY7wmMQ_ujzNQtkIG_hgql8JmnAhZrc1eGWTtz3ijG-d-0UMRrXjfb_9zMpB0sCX7u0f6SqA6yLYC7BTAs4guwNavQVlwK_y4HW2JGJVbepshvBea8URSzWHce2tSCE74KScayKOfK4Zrxhsyp1RmLyDY4gY6SF5ZX42H3BTITMPU)](https://mermaid.live/edit#pako:eNqNU8tugzAQ_JWVD1UqJaka5cSxSX-guSIhgxewamxkL01RxL_XQFExSdr6gtee2ccMvrDMCGQRO-wPRhN-UqzBL5KkELL9--aMqUP7gXa8eDGNFty2q_5cEq4hZt_bmD3CZUT169Q6wmrCJVIXzz3Yfy06B_kWSuMIKpTO8U1RpeVW9Dl-y7C7n2FJXjaa1EbMmgUfevys34DEOZ-DM68Nl9qLEM647NRNpFGxeT8h9JiucqkwKalSPccRJ5lBH95kvaEasgekPgBrrgjd3aHSnpZZoyFtpBJw27nFVIWkJFNGD177AIbgqW6UggdQKDVY7wmMQ_ujzNQtkIG_hgql8JmnAhZrc1eGWTtz3ijG-d-0UMRrXjfb_9zMpB0sCX7u0f6SqA6yLYC7BTAs4guwNavQVlwK_y4HW2JGJVbepshvBea8URSzWHce2tSCE74KScayKOfK4Zrxhsyp1RmLyDY4gY6SF5ZX42H3BTITMPU) \ No newline at end of file diff --git a/doc/architekturbild-c4k-website.graphml b/doc/architekturbild-c4k-website.graphml deleted file mode 100644 index e6d4fec..0000000 --- a/doc/architekturbild-c4k-website.graphml +++ /dev/null @@ -1,632 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - Client - - - - - - - - - - - Hetzner-Server - - - - - - - - - - - - - - - - - - - Node - - - - - - - - - - - Webserver 1 - - - - - - - - - - - Ingress1 - - - - - - - - - - - Ingress2 - - - - - - - - - - - Webserver 2 - - - - - - - - - - - Metallb - - - - - - - - - - - pybuilder - - - - - - - - - - - provs - - - - - - - - - - - c4k - - - - - - - - - - - terraform - - - - - - - - - - - AWS - - - - - - - - - - - Hetzner - - - - - - - - - - - local build - - - - - - - - - - - Mount - Holds website data - - - - - - - - - - - - Mount - Holds website data - - - - - - - - - - - - ... - - - - - - - - - - - ... - - - - - - - - - - - ... - Holds website data - - - - - - - - - - - - Folder in /var/www/fqdn-folder-name - - - - - - - - - - - Folder in /var/www/fqdn-folder-name - - - - - - - - - - - Folder in /var/www/fqdn-folder-name - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - out_conf.edn -out_auth.edn - - - - - - - - - - - IP -FQDN - - - - - - - - - - - - - DNS Entry - - - - - - - - - - - - - ssh keys -server size - - - - - - - - - - - spin up server -of requested size -with ssh keys - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - k3s and -c4k application - - - - - - - - - - - - - out_conf.edn -out_auth.edn - - - - - - - - - - - - - application yaml files - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - copy to -via scp/rsync - - - - - - - - - - - - - IPv4 -IPv6 - - - - - - - - - - - - - ssh keys - - - - - - - - - diff --git a/doc/architekturbild-c4k-website.jpg b/doc/architekturbild-c4k-website.jpg deleted file mode 100644 index 38e7b9e..0000000 Binary files a/doc/architekturbild-c4k-website.jpg and /dev/null differ diff --git a/doc/meissa-website-arch.png b/doc/meissa-website-arch.png deleted file mode 100644 index c89662f..0000000 Binary files a/doc/meissa-website-arch.png and /dev/null differ diff --git a/infrastructure/build/image/resources/entrypoint.sh b/infrastructure/build/image/resources/entrypoint.sh index f18d5bd..707ea17 100755 --- a/infrastructure/build/image/resources/entrypoint.sh +++ b/infrastructure/build/image/resources/entrypoint.sh @@ -30,7 +30,3 @@ if [[ $currentHash == $newHash ]] echo "Moving files" move-website-files-to-target fi - - - -