meissa/c4k-website
6
5
Fork 0
Code Issues Pull requests Projects Releases 8 Packages Wiki Activity

Add dummy auth

Browse source 
It seems, that an auth file is necessary for conf creation.
So added a dummy file containing one key value pair.
Also update of names and formati in configmap and deployment.
Also added valid_config and valid auth.
This commit is contained in:
erik 2022-09-22 12:48:11 +02:00
parent 4013da36b5
commit 4cf689e27f
7 changed files with 39 additions and 60 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
src/main/clj/dda/c4k_website/uberjar.clj
View file

@ -5,5 +5,6 @@
[dda.c4k-website.website :as website] [dda.c4k-website.website :as website]
[dda.c4k-common.uberjar :as uberjar])) [dda.c4k-common.uberjar :as uberjar]))
(defn -main [& cmd-args] (defn -main [& cmd-args]
(uberjar/main-common "c4k-website" website/config? nil website/config-defaults core/k8s-objects cmd-args)) (uberjar/main-common "c4k-website" website/config? website/auth? website/config-defaults core/k8s-objects cmd-args))

10
src/main/cljc/dda/c4k_website/core.cljc
View file

@ -7,10 +7,10 @@
(defn k8s-objects [config] (defn k8s-objects [config]
(cm/concat-vec (cm/concat-vec
(map yaml/to-string (map yaml/to-string
(filter #(not (nil? %)) [(website/generate-nginx-deployment)
[(website/generate-certificate config)
(website/generate-ingress config)
(website/generate-nginx-configmap config) (website/generate-nginx-configmap config)
(website/generate-nginx-deployment)
(website/generate-nginx-service) (website/generate-nginx-service)
(website/generate-website-content-volume config)])))) (website/generate-website-content-volume config)
(website/generate-ingress config)
(website/generate-certificate config)
])))

6
src/main/cljc/dda/c4k_website/website.cljc
View file

@ -27,6 +27,8 @@
(def config? (s/keys :req-un [::fqdn] (def config? (s/keys :req-un [::fqdn]
:opt-un [::issuer])) :opt-un [::issuer]))
(def auth? (s/keys :req-un [::none]))
(def vol? (s/keys :req-un [::volume-total-storage-size (def vol? (s/keys :req-un [::volume-total-storage-size
::number-of-websites])) ::number-of-websites]))
@ -61,7 +63,7 @@
(defn-spec generate-ingress pred/map-or-seq? (defn-spec generate-ingress pred/map-or-seq?
[config config?] [config config?]
(let [{:keys [fqdn issuer]} config] (let [{:keys [fqdn]} config]
(-> (->
(yaml/load-as-edn "website/ingress.yaml") (yaml/load-as-edn "website/ingress.yaml")
(cm/replace-all-matching-values-by-new-value "FQDN" fqdn)))) (cm/replace-all-matching-values-by-new-value "FQDN" fqdn))))
@ -72,7 +74,7 @@
configmap (yaml/load-as-edn "website/nginx-configmap.yaml")] configmap (yaml/load-as-edn "website/nginx-configmap.yaml")]
(-> (->
configmap configmap
(assoc-in [:data :website.conf] (st/replace (-> configmap :data :website.conf) #"FQDN" fqdn)) (assoc-in [:data :website.conf] (st/replace (-> configmap :data :website.conf) #"FQDN" (str fqdn ";")))
) )
)) ))

38
src/main/resources/website/nginx-configmap.yaml
View file

@ -1,52 +1,31 @@
apiVersion: v1 apiVersion: v1
kind: ConfigMap kind: ConfigMap
metadata: metadata:
name: nginx-conf name: nginxconf
namespace: default namespace: default
data: data:
nginx.conf: | nginx.conf: |
user nginx; user nginx;
worker_processes 3; worker_processes 3;
error_log /var/log/nginx/error.log; error_log /var/log/nginx/error.log;
pid /var/log/nginx/nginx.pid; pid /var/log/nginx/nginx.pid;
worker_rlimit_nofile 8192; worker_rlimit_nofile 8192;
events { events {
worker_connections 4096; ## Default: 1024 worker_connections 4096;
} }
# daemon off; # run in foreground
http { http {
include /etc/nginx/mime.types;
include /etc/nginx/mime.types; # should be replaced by c4k
default_type application/octet-stream; default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] $status' log_format main '$remote_addr - $remote_user [$time_local] $status'
'"$request" $body_bytes_sent "$http_referer"' '"$request" $body_bytes_sent "$http_referer"'
'"$http_user_agent" "$http_x_forwarded_for"'; '"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main; access_log /var/log/nginx/access.log main;
sendfile on; sendfile on;
tcp_nopush on; tcp_nopush on;
keepalive_timeout 65; keepalive_timeout 65;
server_names_hash_bucket_size 128;
server_names_hash_bucket_size 128; # this seems to be required for some vhosts
# it might be a good idea to set a common reverse proxy
# which points to the ingress?
include /etc/nginx/conf.d/website.conf; include /etc/nginx/conf.d/website.conf;
} }
mime.types: | mime.types: |
types { types {
text/html html htm shtml; text/html html htm shtml;
@ -98,17 +77,12 @@ data:
} }
website.conf: | website.conf: |
server { server {
listen 80 default_server; listen 80 default_server;
listen [::]:80 default_server; listen [::]:80 default_server;
listen 443 ssl; listen 443 ssl;
ssl_certificate /etc/certs/tls.crt; ssl_certificate /etc/certs/tls.crt;
ssl_certificate_key /etc/certs/tls.key; ssl_certificate_key /etc/certs/tls.key;
server_name FQDN server_name FQDN
# security headers # security headers
add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload'; add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload';
add_header Content-Security-Policy "default-src 'self'; font-src *;img-src * data:; script-src *; style-src *"; add_header Content-Security-Policy "default-src 'self'; font-src *;img-src * data:; script-src *; style-src *";
@ -118,12 +92,8 @@ data:
add_header Referrer-Policy "strict-origin"; add_header Referrer-Policy "strict-origin";
# maybe need to add: # maybe need to add:
# add_header Permissions-Policy "permissions here"; # add_header Permissions-Policy "permissions here";
root /var/www/html/website/; root /var/www/html/website/;
# root /usr/share/nginx/html/; # testing purposes # root /usr/share/nginx/html/; # testing purposes
index index.html; index index.html;
try_files $uri /index.html; try_files $uri /index.html;
} }

8
src/main/resources/website/nginx-deployment.yaml
View file

@ -19,9 +19,9 @@ spec:
ports: ports:
- containerPort: 80 - containerPort: 80
volumeMounts: volumeMounts:
- mountPath: /etc/nginx # mount nginx volume to /etc/nginx - mountPath: /etc/nginx
readOnly: true readOnly: true
name: nginx-conf name: nginxconfigvol
- mountPath: /var/log/nginx - mountPath: /var/log/nginx
name: log name: log
- mountPath: /var/www/html/website - mountPath: /var/www/html/website
@ -30,9 +30,9 @@ spec:
name: website-cert name: website-cert
readOnly: true readOnly: true
volumes: volumes:
- name: nginx-conf - name: nginxconfigvol
configMap: configMap:
name: nginx-conf name: nginxconf
items: items:
- key: nginx.conf - key: nginx.conf
path: nginx.conf path: nginx.conf

1
valid-auth.edn Normal file
View file

@ -0,0 +1 @@
{:none "none"}

5
valid-config.edn Normal file
View file

@ -0,0 +1,5 @@
{:fqdn "repo.test.meissa.de"
:issuer "staging"
:volume-total-storage-size 20
:number-of-websites 5
}