fix build-secret names

This commit is contained in:
Michael Jerger 2024-02-27 10:42:36 +01:00
parent 740bd021f2
commit 3d5864f944
5 changed files with 52 additions and 56 deletions

View file

@ -133,28 +133,6 @@
(cm/replace-all-matching-values-by-new-value "BUILD_MEMORY_LIMIT" build-memory-limit)))) (cm/replace-all-matching-values-by-new-value "BUILD_MEMORY_LIMIT" build-memory-limit))))
(defn-spec generate-website-content-volume map?
[config websiteconfig?]
(let [{:keys [unique-name volume-size]} config
name (replace-dots-by-minus unique-name)]
(->
(yaml/load-as-edn "website/website-content-volume.yaml")
(assoc-in [:metadata :labels :app.kubernetes.part-of] name)
(replace-all-matching-substrings-beginning-with "NAME" name)
(cm/replace-all-matching-values-by-new-value "WEBSITESTORAGESIZE" (str volume-size "Gi")))))
(defn-spec generate-hashfile-volume map?
[config websiteconfig?]
(let [{:keys [unique-name]} config
name (replace-dots-by-minus unique-name)]
(->
(yaml/load-as-edn "website/hashfile-volume.yaml")
(assoc-in [:metadata :labels :app.kubernetes.part-of] name)
(replace-all-matching-substrings-beginning-with "NAME" name))))
; TODO: Non-Secret-Parts should be config map
(defn-spec generate-website-build-secret pred/map-or-seq? (defn-spec generate-website-build-secret pred/map-or-seq?
[config websiteconfig? [config websiteconfig?
auth websiteauth?] auth websiteauth?]
@ -167,7 +145,6 @@
name (replace-dots-by-minus unique-name)] name (replace-dots-by-minus unique-name)]
(-> (->
(yaml/load-as-edn "website/website-build-secret.yaml") (yaml/load-as-edn "website/website-build-secret.yaml")
(assoc-in [:metadata :labels :app.kubernetes.part-of] name)
(replace-all-matching-substrings-beginning-with "NAME" name) (replace-all-matching-substrings-beginning-with "NAME" name)
(cm/replace-all-matching-values-by-new-value "TOKEN" (b64/encode authtoken)) (cm/replace-all-matching-values-by-new-value "TOKEN" (b64/encode authtoken))
(cm/replace-all-matching-values-by-new-value "REPOURL" (b64/encode (cm/replace-all-matching-values-by-new-value "REPOURL" (b64/encode
@ -183,6 +160,28 @@
username)))))) username))))))
(defn-spec generate-website-content-volume map?
[config websiteconfig?]
(let [{:keys [unique-name volume-size]} config
name (replace-dots-by-minus unique-name)]
(->
(yaml/load-as-edn "website/website-content-volume.yaml")
(assoc-in [:metadata :labels :app.kubernetes.part-of] name)
(replace-all-matching-substrings-beginning-with "NAME" name)
(cm/replace-all-matching-values-by-new-value "WEBSITESTORAGESIZE" (str volume-size "Gi")))))
; TODO: Non-Secret-Parts should be config map
(defn-spec generate-hashfile-volume map?
[config websiteconfig?]
(let [{:keys [unique-name]} config
name (replace-dots-by-minus unique-name)]
(->
(yaml/load-as-edn "website/hashfile-volume.yaml")
(assoc-in [:metadata :labels :app.kubernetes.part-of] name)
(replace-all-matching-substrings-beginning-with "NAME" name))))
#?(:cljs #?(:cljs
(defmethod yaml/load-resource :website [resource-name] (defmethod yaml/load-resource :website [resource-name]
(get (inline-resources "website") resource-name))) (get (inline-resources "website") resource-name)))

View file

@ -46,7 +46,7 @@ spec:
command: ["/entrypoint.sh"] command: ["/entrypoint.sh"]
envFrom: envFrom:
- secretRef: - secretRef:
name: secret name: build-secret
volumeMounts: volumeMounts:
- name: content-volume - name: content-volume
mountPath: /var/www/html/website mountPath: /var/www/html/website

View file

@ -32,7 +32,7 @@ spec:
command: ["/entrypoint.sh"] command: ["/entrypoint.sh"]
envFrom: envFrom:
- secretRef: - secretRef:
name: NAME-secret name: build-secret
volumeMounts: volumeMounts:
- name: content-volume - name: content-volume
mountPath: /var/www/html/website mountPath: /var/www/html/website

View file

@ -1,7 +1,8 @@
apiVersion: v1 apiVersion: v1
kind: Secret kind: Secret
metadata: metadata:
name: NAME-secret name: build-secret
namespace: NAME
labels: labels:
app.kubernetes.part-of: NAME-website app.kubernetes.part-of: NAME-website
data: data:

View file

@ -144,7 +144,7 @@
:imagePullPolicy "IfNotPresent", :imagePullPolicy "IfNotPresent",
:resources {:requests {:cpu "500m", :memory "256Mi"}, :limits {:cpu "1700m", :memory "512Mi"}}, :resources {:requests {:cpu "500m", :memory "256Mi"}, :limits {:cpu "1700m", :memory "512Mi"}},
:command ["/entrypoint.sh"], :command ["/entrypoint.sh"],
:envFrom [{:secretRef {:name "test-io-secret"}}], :envFrom [{:secretRef {:name "build-secret"}}],
:volumeMounts [{:name "content-volume", :mountPath "/var/www/html/website"} :volumeMounts [{:name "content-volume", :mountPath "/var/www/html/website"}
{:name "hash-state-volume", :mountPath "/var/hashfile.d"}]}], {:name "hash-state-volume", :mountPath "/var/hashfile.d"}]}],
:volumes [{:name "content-volume", :persistentVolumeClaim {:claimName "content-volume"}} :volumes [{:name "content-volume", :persistentVolumeClaim {:claimName "content-volume"}}
@ -162,10 +162,13 @@
:branchname "main", :branchname "main",
:unique-name "test.io"})))) :unique-name "test.io"}))))
(deftest should-generate-website-build-secret (deftest should-generate-website-build-secret
(is (= {:apiVersion "v1", (is (= {:apiVersion "v1",
:kind "Secret", :kind "Secret",
:metadata {:name "test-io-secret", :labels {:app.kubernetes.part-of "test-io"}}, :metadata {:name "build-secret",
:namespace "test-io",
:labels {:app.kubernetes.part-of "test-io-website"}},
:data :data
{:AUTHTOKEN "YWJlZGpnYmFzZG9kag==", {:AUTHTOKEN "YWJlZGpnYmFzZG9kag==",
:GITREPOURL "aHR0cHM6Ly9naXRsYWIuZGUvYXBpL3YxL3JlcG9zL3NvbWV1c2VyL3JlcG8vYXJjaGl2ZS9tYWluLnppcA==", :GITREPOURL "aHR0cHM6Ly9naXRsYWIuZGUvYXBpL3YxL3JlcG9zL3NvbWV1c2VyL3JlcG8vYXJjaGl2ZS9tYWluLnppcA==",
@ -186,13 +189,17 @@
:username "someuser"})))) :username "someuser"}))))
(deftest should-generate-website-content-volume (deftest should-generate-website-content-volume
(is (= {:name-c1 "test-io-content-volume", (is (= {:apiVersion "v1",
:name-c2 "test-org-content-volume", :kind "PersistentVolumeClaim",
:app-c1 "test-io-nginx", :metadata
:app-c2 "test-org-nginx", {:name "content-volume",
:app.kubernetes.part-of-c1 "test-io", :namespace "test-io",
:app.kubernetes.part-of-c2 "test-org"} :labels {:app.kubernetes.part-of "test-io-website"}},
(th/map-diff (cut/generate-website-content-volume {:issuer "staging" :spec
{:storageClassName "local-path",
:accessModes ["ReadWriteOnce"],
:resources {:requests {:storage "3Gi"}}}}
(cut/generate-website-content-volume {:issuer "staging"
:build-cpu-request "500m" :build-cpu-request "500m"
:build-cpu-limit "1700m" :build-cpu-limit "1700m"
:build-memory-request "256Mi" :build-memory-request "256Mi"
@ -202,18 +209,7 @@
:forgejo-host "gitea.evilorg", :forgejo-host "gitea.evilorg",
:forgejo-repo "none", :forgejo-repo "none",
:branchname "mablain", :branchname "mablain",
:fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]}) :fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]}))))
(cut/generate-website-content-volume {:issuer "staging"
:build-cpu-request "500m"
:build-cpu-limit "1700m"
:build-memory-request "256Mi"
:build-memory-limit "512Mi"
:volume-size "3"
:unique-name "test.org",
:forgejo-host "gitea.evilorg",
:forgejo-repo "none",
:branchname "mablain",
:fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]})))))
(deftest should-generate-hashfile-volume (deftest should-generate-hashfile-volume
(is (= {:apiVersion "v1", (is (= {:apiVersion "v1",