Integrate ingress-ns in website
This commit is contained in:
parent
49dd95f78e
commit
1e7b71884d
4 changed files with 32 additions and 98 deletions
|
|
@ -24,49 +24,33 @@
|
||||||
(def certificate? (s/keys :req-un [::fqdns ::cert-name]
|
(def certificate? (s/keys :req-un [::fqdns ::cert-name]
|
||||||
:opt-un [::issuer]))
|
:opt-un [::issuer]))
|
||||||
|
|
||||||
(defn replace-dots-by-minus
|
(defn-spec generate-host-rule pred/map-or-seq?
|
||||||
[fqdn]
|
|
||||||
(str/replace fqdn #"\." "-"))
|
|
||||||
|
|
||||||
(defn generate-cert-name
|
|
||||||
[unique-name]
|
|
||||||
(str (replace-dots-by-minus unique-name) "-cert"))
|
|
||||||
|
|
||||||
(defn generate-http-ingress-name
|
|
||||||
[unique-name]
|
|
||||||
(str (replace-dots-by-minus unique-name) "-http-ingress"))
|
|
||||||
|
|
||||||
(defn generate-https-ingress-name
|
|
||||||
[unique-name]
|
|
||||||
(str (replace-dots-by-minus unique-name) "-https-ingress"))
|
|
||||||
|
|
||||||
(defn-spec generate-rule pred/map-or-seq?
|
|
||||||
[service-name ::service-name
|
[service-name ::service-name
|
||||||
service-port ::service-port
|
service-port ::service-port
|
||||||
fqdn pred/fqdn-string?]
|
fqdn pred/fqdn-string?]
|
||||||
(->
|
(->
|
||||||
(yaml/load-as-edn "ingress/rule.yaml")
|
(yaml/load-as-edn "ingress/host-rule.yaml")
|
||||||
(cm/replace-all-matching-values-by-new-value "FQDN" fqdn)
|
(cm/replace-all-matching-values-by-new-value "FQDN" fqdn)
|
||||||
(cm/replace-all-matching-values-by-new-value "SERVICE_PORT" service-port)
|
(cm/replace-all-matching-values-by-new-value "SERVICE_PORT" service-port)
|
||||||
(cm/replace-all-matching-values-by-new-value "SERVICE_NAME" service-name)))
|
(cm/replace-all-matching-values-by-new-value "SERVICE_NAME" service-name)))
|
||||||
|
|
||||||
(defn-spec generate-http-ingress pred/map-or-seq?
|
(defn-spec generate-http-ingress pred/map-or-seq?
|
||||||
[config ingress?]
|
[config ingress?]
|
||||||
(let [{:keys [ingress-name service-name service-port fqdns]} config]
|
(let [{:keys [http-ingress-name service-name service-port fqdns]} config]
|
||||||
(->
|
(->
|
||||||
(yaml/load-as-edn "ingress/http-ingress.yaml")
|
(yaml/load-as-edn "ingress/http-ingress.yaml")
|
||||||
(assoc-in [:metadata :name] ingress-name)
|
(assoc-in [:metadata :name] http-ingress-name)
|
||||||
(assoc-in [:spec :rules] (mapv (partial generate-rule service-name service-port) fqdns)))))
|
(assoc-in [:spec :rules] (mapv (partial generate-host-rule service-name service-port) fqdns)))))
|
||||||
|
|
||||||
(defn-spec generate-https-ingress pred/map-or-seq?
|
(defn-spec generate-https-ingress pred/map-or-seq?
|
||||||
[config ingress?]
|
[config ingress?]
|
||||||
(let [{:keys [ingress-name cert-name service-name service-port fqdns]} config]
|
(let [{:keys [https-ingress-name cert-name service-name service-port fqdns]} config]
|
||||||
(->
|
(->
|
||||||
(yaml/load-as-edn "ingress/https-ingress.yaml")
|
(yaml/load-as-edn "ingress/https-ingress.yaml")
|
||||||
(assoc-in [:metadata :name] ingress-name)
|
(assoc-in [:metadata :name] https-ingress-name)
|
||||||
(assoc-in [:spec :tls 0 :secretName] cert-name)
|
(assoc-in [:spec :tls 0 :secretName] cert-name)
|
||||||
(assoc-in [:spec :tls 0 :hosts] fqdns)
|
(assoc-in [:spec :tls 0 :hosts] fqdns)
|
||||||
(assoc-in [:spec :rules] (mapv (partial generate-rule service-name service-port) fqdns)))))
|
(assoc-in [:spec :rules] (mapv (partial generate-host-rule service-name service-port) fqdns)))))
|
||||||
|
|
||||||
(defn-spec generate-certificate pred/map-or-seq?
|
(defn-spec generate-certificate pred/map-or-seq?
|
||||||
[config certificate?]
|
[config certificate?]
|
||||||
|
|
|
||||||
|
|
@ -10,6 +10,7 @@
|
||||||
[dda.c4k-common.common :as cm]
|
[dda.c4k-common.common :as cm]
|
||||||
[dda.c4k-common.base64 :as b64]
|
[dda.c4k-common.base64 :as b64]
|
||||||
[dda.c4k-common.predicate :as pred]
|
[dda.c4k-common.predicate :as pred]
|
||||||
|
[dda.c4k-website.ingress :as ing]
|
||||||
[clojure.string :as str]))
|
[clojure.string :as str]))
|
||||||
|
|
||||||
(defn fqdn-list?
|
(defn fqdn-list?
|
||||||
|
|
@ -41,25 +42,25 @@
|
||||||
|
|
||||||
(def volume-size 3)
|
(def volume-size 3)
|
||||||
|
|
||||||
(defn unique-name-from-fqdn
|
(defn replace-dots-by-minus
|
||||||
[fqdn]
|
[fqdn]
|
||||||
(str/replace fqdn #"\." "-"))
|
(str/replace fqdn #"\." "-"))
|
||||||
|
|
||||||
(defn generate-service-name
|
(defn generate-service-name
|
||||||
[unique-name]
|
[unique-name]
|
||||||
(str (unique-name-from-fqdn unique-name) "-service"))
|
(str (replace-dots-by-minus unique-name) "-service"))
|
||||||
|
|
||||||
(defn generate-cert-name
|
(defn generate-cert-name
|
||||||
[unique-name]
|
[unique-name]
|
||||||
(str (unique-name-from-fqdn unique-name) "-cert"))
|
(str (replace-dots-by-minus unique-name) "-cert"))
|
||||||
|
|
||||||
(defn generate-http-ingress-name
|
(defn generate-http-ingress-name
|
||||||
[unique-name]
|
[unique-name]
|
||||||
(str (unique-name-from-fqdn unique-name) "-http-ingress"))
|
(str (replace-dots-by-minus unique-name) "-http-ingress"))
|
||||||
|
|
||||||
(defn generate-https-ingress-name
|
(defn generate-https-ingress-name
|
||||||
[unique-name]
|
[unique-name]
|
||||||
(str (unique-name-from-fqdn unique-name) "-https-ingress"))
|
(str (replace-dots-by-minus unique-name) "-https-ingress"))
|
||||||
|
|
||||||
; https://your.gitea.host/api/v1/repos/<owner>/<repo>/archive/main.zip
|
; https://your.gitea.host/api/v1/repos/<owner>/<repo>/archive/main.zip
|
||||||
(defn make-gitrepourl
|
(defn make-gitrepourl
|
||||||
|
|
@ -107,71 +108,30 @@
|
||||||
;function that creates a rule from host names
|
;function that creates a rule from host names
|
||||||
(mapv #(assoc-in rule [:host] %) fqdns))
|
(mapv #(assoc-in rule [:host] %) fqdns))
|
||||||
|
|
||||||
;create working ingress
|
|
||||||
; todo: move to common/ingress
|
|
||||||
(defn generate-common-http-ingress
|
|
||||||
[config]
|
|
||||||
(let [{:keys [fqdn service-name]} config]
|
|
||||||
(->
|
|
||||||
(yaml/load-as-edn "website/http-ingress.yaml")
|
|
||||||
(cm/replace-all-matching-values-by-new-value "SERVICENAME" service-name)
|
|
||||||
(cm/replace-all-matching-values-by-new-value "FQDN" fqdn))))
|
|
||||||
|
|
||||||
(defn-spec generate-website-http-ingress pred/map-or-seq?
|
(defn-spec generate-website-http-ingress pred/map-or-seq?
|
||||||
[config websitedata?]
|
[config websitedata?]
|
||||||
(let [{:keys [unique-name fqdns]} config
|
(let [{:keys [unique-name fqdns]} config]
|
||||||
spec-rules [:spec :rules]]
|
(ing/generate-http-ingress {:fqdns fqdns
|
||||||
(->
|
:ingress-name (generate-http-ingress-name unique-name)
|
||||||
(generate-common-http-ingress
|
:service-name (generate-service-name unique-name)
|
||||||
{:fqdn (first fqdns) :service-name (generate-service-name unique-name)})
|
:service-port 80})))
|
||||||
(cm/replace-all-matching-values-by-new-value "c4k-common-http-ingress" (generate-http-ingress-name unique-name))
|
|
||||||
(#(assoc-in %
|
|
||||||
spec-rules
|
|
||||||
(make-host-rules-from-fqdns
|
|
||||||
(-> % :spec :rules first) ;get first ingress rule
|
|
||||||
fqdns))))))
|
|
||||||
|
|
||||||
;create working ingress
|
|
||||||
(defn generate-common-https-ingress
|
|
||||||
[config]
|
|
||||||
(let [{:keys [fqdn service-name]} config]
|
|
||||||
(->
|
|
||||||
(yaml/load-as-edn "website/https-ingress.yaml")
|
|
||||||
(cm/replace-all-matching-values-by-new-value "SERVICENAME" service-name)
|
|
||||||
(cm/replace-all-matching-values-by-new-value "FQDN" fqdn))))
|
|
||||||
|
|
||||||
(defn-spec generate-website-https-ingress pred/map-or-seq?
|
(defn-spec generate-website-https-ingress pred/map-or-seq?
|
||||||
[config websitedata?]
|
[config websitedata?]
|
||||||
(let [{:keys [unique-name fqdns]} config
|
(let [{:keys [unique-name fqdns]} config]
|
||||||
spec-rules [:spec :rules]
|
(ing/generate-https-ingress {:fqdns fqdns
|
||||||
spec-tls-hosts [:spec :tls 0 :hosts]]
|
:cert-name (generate-cert-name unique-name)
|
||||||
(->
|
:ingress-name (generate-http-ingress-name unique-name)
|
||||||
(generate-common-https-ingress
|
:service-name (generate-service-name unique-name)
|
||||||
{:fqdn (first fqdns) :service-name (generate-service-name unique-name)})
|
:service-port 80})))
|
||||||
(cm/replace-all-matching-values-by-new-value "c4k-common-https-ingress" (generate-https-ingress-name unique-name))
|
|
||||||
(cm/replace-all-matching-values-by-new-value "c4k-common-cert" (generate-cert-name unique-name))
|
|
||||||
(#(assoc-in % spec-tls-hosts fqdns))
|
|
||||||
(#(assoc-in % spec-rules (make-host-rules-from-fqdns (-> % :spec :rules first) fqdns))))))
|
|
||||||
|
|
||||||
(defn generate-common-certificate
|
|
||||||
[config]
|
|
||||||
(let [{:keys [fqdn issuer]
|
|
||||||
:or {issuer "staging"}} config
|
|
||||||
letsencrypt-issuer (name issuer)]
|
|
||||||
(->
|
|
||||||
(yaml/load-as-edn "website/certificate.yaml")
|
|
||||||
(assoc-in [:spec :issuerRef :name] letsencrypt-issuer)
|
|
||||||
(cm/replace-all-matching-values-by-new-value "FQDN" fqdn))))
|
|
||||||
|
|
||||||
(defn-spec generate-website-certificate pred/map-or-seq?
|
(defn-spec generate-website-certificate pred/map-or-seq?
|
||||||
[config websitedata?]
|
[config websitedata?]
|
||||||
(let [{:keys [unique-name issuer fqdns]} config
|
(let [{:keys [unique-name issuer fqdns]
|
||||||
spec-dnsNames [:spec :dnsNames]]
|
:or {issuer "staging"}} config]
|
||||||
(->
|
(ing/generate-https-ingress {:fqdns fqdns
|
||||||
(generate-common-certificate
|
:cert-name (generate-cert-name unique-name)
|
||||||
{:issuer issuer, :fqdn (first fqdns)})
|
:issuer issuer})))
|
||||||
(cm/replace-all-matching-values-by-new-value "c4k-common-cert" (generate-cert-name unique-name))
|
|
||||||
(assoc-in spec-dnsNames fqdns))))
|
|
||||||
|
|
||||||
(defn-spec generate-nginx-configmap pred/map-or-seq?
|
(defn-spec generate-nginx-configmap pred/map-or-seq?
|
||||||
[config websitedata?]
|
[config websitedata?]
|
||||||
|
|
|
||||||
|
|
@ -1,10 +0,0 @@
|
||||||
host: FQDN
|
|
||||||
http:
|
|
||||||
paths:
|
|
||||||
- pathType: Prefix
|
|
||||||
path: "/"
|
|
||||||
backend:
|
|
||||||
service:
|
|
||||||
name: SERVICE_NAME
|
|
||||||
port:
|
|
||||||
number: SERVICE_PORT
|
|
||||||
|
|
@ -8,7 +8,7 @@
|
||||||
[dda.c4k-website.ingress :as cut]
|
[dda.c4k-website.ingress :as cut]
|
||||||
[clojure.spec.alpha :as s]))
|
[clojure.spec.alpha :as s]))
|
||||||
|
|
||||||
(st/instrument `cut/generate-rule)
|
(st/instrument `cut/generate-host-rule)
|
||||||
(st/instrument `cut/generate-http-ingress)
|
(st/instrument `cut/generate-http-ingress)
|
||||||
(st/instrument `cut/generate-https-ingress)
|
(st/instrument `cut/generate-https-ingress)
|
||||||
(st/instrument `cut/generate-certificate)
|
(st/instrument `cut/generate-certificate)
|
||||||
|
|
@ -23,7 +23,7 @@
|
||||||
:backend
|
:backend
|
||||||
{:service {:name "myservice", :port {:number 3000}}}}]}}
|
{:service {:name "myservice", :port {:number 3000}}}}]}}
|
||||||
|
|
||||||
(cut/generate-rule "myservice" 3000 "test.com"))))
|
(cut/generate-host-rule "myservice" 3000 "test.com"))))
|
||||||
|
|
||||||
|
|
||||||
(deftest should-generate-http-ingress
|
(deftest should-generate-http-ingress
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue
