Integrate ingress-ns in website

This commit is contained in:
erik 2022-10-18 10:30:51 +02:00
parent 49dd95f78e
commit 1e7b71884d
4 changed files with 32 additions and 98 deletions

View file

@ -24,49 +24,33 @@
(def certificate? (s/keys :req-un [::fqdns ::cert-name] (def certificate? (s/keys :req-un [::fqdns ::cert-name]
:opt-un [::issuer])) :opt-un [::issuer]))
(defn replace-dots-by-minus (defn-spec generate-host-rule pred/map-or-seq?
[fqdn]
(str/replace fqdn #"\." "-"))
(defn generate-cert-name
[unique-name]
(str (replace-dots-by-minus unique-name) "-cert"))
(defn generate-http-ingress-name
[unique-name]
(str (replace-dots-by-minus unique-name) "-http-ingress"))
(defn generate-https-ingress-name
[unique-name]
(str (replace-dots-by-minus unique-name) "-https-ingress"))
(defn-spec generate-rule pred/map-or-seq?
[service-name ::service-name [service-name ::service-name
service-port ::service-port service-port ::service-port
fqdn pred/fqdn-string?] fqdn pred/fqdn-string?]
(-> (->
(yaml/load-as-edn "ingress/rule.yaml") (yaml/load-as-edn "ingress/host-rule.yaml")
(cm/replace-all-matching-values-by-new-value "FQDN" fqdn) (cm/replace-all-matching-values-by-new-value "FQDN" fqdn)
(cm/replace-all-matching-values-by-new-value "SERVICE_PORT" service-port) (cm/replace-all-matching-values-by-new-value "SERVICE_PORT" service-port)
(cm/replace-all-matching-values-by-new-value "SERVICE_NAME" service-name))) (cm/replace-all-matching-values-by-new-value "SERVICE_NAME" service-name)))
(defn-spec generate-http-ingress pred/map-or-seq? (defn-spec generate-http-ingress pred/map-or-seq?
[config ingress?] [config ingress?]
(let [{:keys [ingress-name service-name service-port fqdns]} config] (let [{:keys [http-ingress-name service-name service-port fqdns]} config]
(-> (->
(yaml/load-as-edn "ingress/http-ingress.yaml") (yaml/load-as-edn "ingress/http-ingress.yaml")
(assoc-in [:metadata :name] ingress-name) (assoc-in [:metadata :name] http-ingress-name)
(assoc-in [:spec :rules] (mapv (partial generate-rule service-name service-port) fqdns))))) (assoc-in [:spec :rules] (mapv (partial generate-host-rule service-name service-port) fqdns)))))
(defn-spec generate-https-ingress pred/map-or-seq? (defn-spec generate-https-ingress pred/map-or-seq?
[config ingress?] [config ingress?]
(let [{:keys [ingress-name cert-name service-name service-port fqdns]} config] (let [{:keys [https-ingress-name cert-name service-name service-port fqdns]} config]
(-> (->
(yaml/load-as-edn "ingress/https-ingress.yaml") (yaml/load-as-edn "ingress/https-ingress.yaml")
(assoc-in [:metadata :name] ingress-name) (assoc-in [:metadata :name] https-ingress-name)
(assoc-in [:spec :tls 0 :secretName] cert-name) (assoc-in [:spec :tls 0 :secretName] cert-name)
(assoc-in [:spec :tls 0 :hosts] fqdns) (assoc-in [:spec :tls 0 :hosts] fqdns)
(assoc-in [:spec :rules] (mapv (partial generate-rule service-name service-port) fqdns))))) (assoc-in [:spec :rules] (mapv (partial generate-host-rule service-name service-port) fqdns)))))
(defn-spec generate-certificate pred/map-or-seq? (defn-spec generate-certificate pred/map-or-seq?
[config certificate?] [config certificate?]

View file

@ -10,6 +10,7 @@
[dda.c4k-common.common :as cm] [dda.c4k-common.common :as cm]
[dda.c4k-common.base64 :as b64] [dda.c4k-common.base64 :as b64]
[dda.c4k-common.predicate :as pred] [dda.c4k-common.predicate :as pred]
[dda.c4k-website.ingress :as ing]
[clojure.string :as str])) [clojure.string :as str]))
(defn fqdn-list? (defn fqdn-list?
@ -41,25 +42,25 @@
(def volume-size 3) (def volume-size 3)
(defn unique-name-from-fqdn (defn replace-dots-by-minus
[fqdn] [fqdn]
(str/replace fqdn #"\." "-")) (str/replace fqdn #"\." "-"))
(defn generate-service-name (defn generate-service-name
[unique-name] [unique-name]
(str (unique-name-from-fqdn unique-name) "-service")) (str (replace-dots-by-minus unique-name) "-service"))
(defn generate-cert-name (defn generate-cert-name
[unique-name] [unique-name]
(str (unique-name-from-fqdn unique-name) "-cert")) (str (replace-dots-by-minus unique-name) "-cert"))
(defn generate-http-ingress-name (defn generate-http-ingress-name
[unique-name] [unique-name]
(str (unique-name-from-fqdn unique-name) "-http-ingress")) (str (replace-dots-by-minus unique-name) "-http-ingress"))
(defn generate-https-ingress-name (defn generate-https-ingress-name
[unique-name] [unique-name]
(str (unique-name-from-fqdn unique-name) "-https-ingress")) (str (replace-dots-by-minus unique-name) "-https-ingress"))
; https://your.gitea.host/api/v1/repos/<owner>/<repo>/archive/main.zip ; https://your.gitea.host/api/v1/repos/<owner>/<repo>/archive/main.zip
(defn make-gitrepourl (defn make-gitrepourl
@ -107,71 +108,30 @@
;function that creates a rule from host names ;function that creates a rule from host names
(mapv #(assoc-in rule [:host] %) fqdns)) (mapv #(assoc-in rule [:host] %) fqdns))
;create working ingress
; todo: move to common/ingress
(defn generate-common-http-ingress
[config]
(let [{:keys [fqdn service-name]} config]
(->
(yaml/load-as-edn "website/http-ingress.yaml")
(cm/replace-all-matching-values-by-new-value "SERVICENAME" service-name)
(cm/replace-all-matching-values-by-new-value "FQDN" fqdn))))
(defn-spec generate-website-http-ingress pred/map-or-seq? (defn-spec generate-website-http-ingress pred/map-or-seq?
[config websitedata?] [config websitedata?]
(let [{:keys [unique-name fqdns]} config (let [{:keys [unique-name fqdns]} config]
spec-rules [:spec :rules]] (ing/generate-http-ingress {:fqdns fqdns
(-> :ingress-name (generate-http-ingress-name unique-name)
(generate-common-http-ingress :service-name (generate-service-name unique-name)
{:fqdn (first fqdns) :service-name (generate-service-name unique-name)}) :service-port 80})))
(cm/replace-all-matching-values-by-new-value "c4k-common-http-ingress" (generate-http-ingress-name unique-name))
(#(assoc-in %
spec-rules
(make-host-rules-from-fqdns
(-> % :spec :rules first) ;get first ingress rule
fqdns))))))
;create working ingress
(defn generate-common-https-ingress
[config]
(let [{:keys [fqdn service-name]} config]
(->
(yaml/load-as-edn "website/https-ingress.yaml")
(cm/replace-all-matching-values-by-new-value "SERVICENAME" service-name)
(cm/replace-all-matching-values-by-new-value "FQDN" fqdn))))
(defn-spec generate-website-https-ingress pred/map-or-seq? (defn-spec generate-website-https-ingress pred/map-or-seq?
[config websitedata?] [config websitedata?]
(let [{:keys [unique-name fqdns]} config (let [{:keys [unique-name fqdns]} config]
spec-rules [:spec :rules] (ing/generate-https-ingress {:fqdns fqdns
spec-tls-hosts [:spec :tls 0 :hosts]] :cert-name (generate-cert-name unique-name)
(-> :ingress-name (generate-http-ingress-name unique-name)
(generate-common-https-ingress :service-name (generate-service-name unique-name)
{:fqdn (first fqdns) :service-name (generate-service-name unique-name)}) :service-port 80})))
(cm/replace-all-matching-values-by-new-value "c4k-common-https-ingress" (generate-https-ingress-name unique-name))
(cm/replace-all-matching-values-by-new-value "c4k-common-cert" (generate-cert-name unique-name))
(#(assoc-in % spec-tls-hosts fqdns))
(#(assoc-in % spec-rules (make-host-rules-from-fqdns (-> % :spec :rules first) fqdns))))))
(defn generate-common-certificate
[config]
(let [{:keys [fqdn issuer]
:or {issuer "staging"}} config
letsencrypt-issuer (name issuer)]
(->
(yaml/load-as-edn "website/certificate.yaml")
(assoc-in [:spec :issuerRef :name] letsencrypt-issuer)
(cm/replace-all-matching-values-by-new-value "FQDN" fqdn))))
(defn-spec generate-website-certificate pred/map-or-seq? (defn-spec generate-website-certificate pred/map-or-seq?
[config websitedata?] [config websitedata?]
(let [{:keys [unique-name issuer fqdns]} config (let [{:keys [unique-name issuer fqdns]
spec-dnsNames [:spec :dnsNames]] :or {issuer "staging"}} config]
(-> (ing/generate-https-ingress {:fqdns fqdns
(generate-common-certificate :cert-name (generate-cert-name unique-name)
{:issuer issuer, :fqdn (first fqdns)}) :issuer issuer})))
(cm/replace-all-matching-values-by-new-value "c4k-common-cert" (generate-cert-name unique-name))
(assoc-in spec-dnsNames fqdns))))
(defn-spec generate-nginx-configmap pred/map-or-seq? (defn-spec generate-nginx-configmap pred/map-or-seq?
[config websitedata?] [config websitedata?]

View file

@ -1,10 +0,0 @@
host: FQDN
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: SERVICE_NAME
port:
number: SERVICE_PORT

View file

@ -8,7 +8,7 @@
[dda.c4k-website.ingress :as cut] [dda.c4k-website.ingress :as cut]
[clojure.spec.alpha :as s])) [clojure.spec.alpha :as s]))
(st/instrument `cut/generate-rule) (st/instrument `cut/generate-host-rule)
(st/instrument `cut/generate-http-ingress) (st/instrument `cut/generate-http-ingress)
(st/instrument `cut/generate-https-ingress) (st/instrument `cut/generate-https-ingress)
(st/instrument `cut/generate-certificate) (st/instrument `cut/generate-certificate)
@ -23,7 +23,7 @@
:backend :backend
{:service {:name "myservice", :port {:number 3000}}}}]}} {:service {:name "myservice", :port {:number 3000}}}}]}}
(cut/generate-rule "myservice" 3000 "test.com")))) (cut/generate-host-rule "myservice" 3000 "test.com"))))
(deftest should-generate-http-ingress (deftest should-generate-http-ingress