Add dummy auth
It seems, that an auth file is necessary for conf creation. So added a dummy file containing one key value pair. Also update of names and formati in configmap and deployment. Also added valid_config and valid auth.
This commit is contained in:
parent
4013da36b5
commit
4cf689e27f
7 changed files with 39 additions and 60 deletions
|
@ -5,5 +5,6 @@
|
||||||
[dda.c4k-website.website :as website]
|
[dda.c4k-website.website :as website]
|
||||||
[dda.c4k-common.uberjar :as uberjar]))
|
[dda.c4k-common.uberjar :as uberjar]))
|
||||||
|
|
||||||
|
|
||||||
(defn -main [& cmd-args]
|
(defn -main [& cmd-args]
|
||||||
(uberjar/main-common "c4k-website" website/config? nil website/config-defaults core/k8s-objects cmd-args))
|
(uberjar/main-common "c4k-website" website/config? website/auth? website/config-defaults core/k8s-objects cmd-args))
|
||||||
|
|
|
@ -7,10 +7,10 @@
|
||||||
(defn k8s-objects [config]
|
(defn k8s-objects [config]
|
||||||
(cm/concat-vec
|
(cm/concat-vec
|
||||||
(map yaml/to-string
|
(map yaml/to-string
|
||||||
(filter #(not (nil? %))
|
[(website/generate-nginx-deployment)
|
||||||
[(website/generate-certificate config)
|
(website/generate-nginx-configmap config)
|
||||||
(website/generate-ingress config)
|
(website/generate-nginx-service)
|
||||||
(website/generate-nginx-configmap config)
|
(website/generate-website-content-volume config)
|
||||||
(website/generate-nginx-deployment)
|
(website/generate-ingress config)
|
||||||
(website/generate-nginx-service)
|
(website/generate-certificate config)
|
||||||
(website/generate-website-content-volume config)]))))
|
])))
|
||||||
|
|
|
@ -27,6 +27,8 @@
|
||||||
(def config? (s/keys :req-un [::fqdn]
|
(def config? (s/keys :req-un [::fqdn]
|
||||||
:opt-un [::issuer]))
|
:opt-un [::issuer]))
|
||||||
|
|
||||||
|
(def auth? (s/keys :req-un [::none]))
|
||||||
|
|
||||||
(def vol? (s/keys :req-un [::volume-total-storage-size
|
(def vol? (s/keys :req-un [::volume-total-storage-size
|
||||||
::number-of-websites]))
|
::number-of-websites]))
|
||||||
|
|
||||||
|
@ -61,7 +63,7 @@
|
||||||
|
|
||||||
(defn-spec generate-ingress pred/map-or-seq?
|
(defn-spec generate-ingress pred/map-or-seq?
|
||||||
[config config?]
|
[config config?]
|
||||||
(let [{:keys [fqdn issuer]} config]
|
(let [{:keys [fqdn]} config]
|
||||||
(->
|
(->
|
||||||
(yaml/load-as-edn "website/ingress.yaml")
|
(yaml/load-as-edn "website/ingress.yaml")
|
||||||
(cm/replace-all-matching-values-by-new-value "FQDN" fqdn))))
|
(cm/replace-all-matching-values-by-new-value "FQDN" fqdn))))
|
||||||
|
@ -72,7 +74,7 @@
|
||||||
configmap (yaml/load-as-edn "website/nginx-configmap.yaml")]
|
configmap (yaml/load-as-edn "website/nginx-configmap.yaml")]
|
||||||
(->
|
(->
|
||||||
configmap
|
configmap
|
||||||
(assoc-in [:data :website.conf] (st/replace (-> configmap :data :website.conf) #"FQDN" fqdn))
|
(assoc-in [:data :website.conf] (st/replace (-> configmap :data :website.conf) #"FQDN" (str fqdn ";")))
|
||||||
)
|
)
|
||||||
))
|
))
|
||||||
|
|
||||||
|
|
|
@ -1,52 +1,31 @@
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: ConfigMap
|
kind: ConfigMap
|
||||||
metadata:
|
metadata:
|
||||||
name: nginx-conf
|
name: nginxconf
|
||||||
namespace: default
|
namespace: default
|
||||||
data:
|
data:
|
||||||
nginx.conf: |
|
nginx.conf: |
|
||||||
user nginx;
|
user nginx;
|
||||||
|
worker_processes 3;
|
||||||
worker_processes 3;
|
error_log /var/log/nginx/error.log;
|
||||||
|
pid /var/log/nginx/nginx.pid;
|
||||||
error_log /var/log/nginx/error.log;
|
|
||||||
|
|
||||||
pid /var/log/nginx/nginx.pid;
|
|
||||||
|
|
||||||
worker_rlimit_nofile 8192;
|
worker_rlimit_nofile 8192;
|
||||||
|
events {
|
||||||
events {
|
worker_connections 4096;
|
||||||
worker_connections 4096; ## Default: 1024
|
|
||||||
}
|
}
|
||||||
|
|
||||||
# daemon off; # run in foreground
|
|
||||||
|
|
||||||
http {
|
http {
|
||||||
|
include /etc/nginx/mime.types;
|
||||||
include /etc/nginx/mime.types; # should be replaced by c4k
|
|
||||||
|
|
||||||
default_type application/octet-stream;
|
default_type application/octet-stream;
|
||||||
|
log_format main '$remote_addr - $remote_user [$time_local] $status'
|
||||||
log_format main '$remote_addr - $remote_user [$time_local] $status '
|
'"$request" $body_bytes_sent "$http_referer"'
|
||||||
'"$request" $body_bytes_sent "$http_referer" '
|
'"$http_user_agent" "$http_x_forwarded_for"';
|
||||||
'"$http_user_agent" "$http_x_forwarded_for"';
|
access_log /var/log/nginx/access.log main;
|
||||||
|
sendfile on;
|
||||||
access_log /var/log/nginx/access.log main;
|
tcp_nopush on;
|
||||||
|
|
||||||
sendfile on;
|
|
||||||
|
|
||||||
tcp_nopush on;
|
|
||||||
|
|
||||||
keepalive_timeout 65;
|
keepalive_timeout 65;
|
||||||
|
server_names_hash_bucket_size 128;
|
||||||
server_names_hash_bucket_size 128; # this seems to be required for some vhosts
|
|
||||||
|
|
||||||
# it might be a good idea to set a common reverse proxy
|
|
||||||
# which points to the ingress?
|
|
||||||
|
|
||||||
include /etc/nginx/conf.d/website.conf;
|
include /etc/nginx/conf.d/website.conf;
|
||||||
}
|
}
|
||||||
|
|
||||||
mime.types: |
|
mime.types: |
|
||||||
types {
|
types {
|
||||||
text/html html htm shtml;
|
text/html html htm shtml;
|
||||||
|
@ -96,19 +75,14 @@ data:
|
||||||
video/x-ms-asf asx asf;
|
video/x-ms-asf asx asf;
|
||||||
video/x-mng mng;
|
video/x-mng mng;
|
||||||
}
|
}
|
||||||
website.conf: |
|
website.conf: |
|
||||||
server {
|
server {
|
||||||
|
|
||||||
listen 80 default_server;
|
listen 80 default_server;
|
||||||
listen [::]:80 default_server;
|
listen [::]:80 default_server;
|
||||||
|
|
||||||
listen 443 ssl;
|
listen 443 ssl;
|
||||||
|
|
||||||
ssl_certificate /etc/certs/tls.crt;
|
ssl_certificate /etc/certs/tls.crt;
|
||||||
ssl_certificate_key /etc/certs/tls.key;
|
ssl_certificate_key /etc/certs/tls.key;
|
||||||
|
|
||||||
server_name FQDN
|
server_name FQDN
|
||||||
|
|
||||||
# security headers
|
# security headers
|
||||||
add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload';
|
add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload';
|
||||||
add_header Content-Security-Policy "default-src 'self'; font-src *;img-src * data:; script-src *; style-src *";
|
add_header Content-Security-Policy "default-src 'self'; font-src *;img-src * data:; script-src *; style-src *";
|
||||||
|
@ -118,12 +92,8 @@ data:
|
||||||
add_header Referrer-Policy "strict-origin";
|
add_header Referrer-Policy "strict-origin";
|
||||||
# maybe need to add:
|
# maybe need to add:
|
||||||
# add_header Permissions-Policy "permissions here";
|
# add_header Permissions-Policy "permissions here";
|
||||||
|
|
||||||
root /var/www/html/website/;
|
root /var/www/html/website/;
|
||||||
# root /usr/share/nginx/html/; # testing purposes
|
# root /usr/share/nginx/html/; # testing purposes
|
||||||
|
|
||||||
index index.html;
|
index index.html;
|
||||||
|
|
||||||
try_files $uri /index.html;
|
try_files $uri /index.html;
|
||||||
|
|
||||||
}
|
}
|
|
@ -19,9 +19,9 @@ spec:
|
||||||
ports:
|
ports:
|
||||||
- containerPort: 80
|
- containerPort: 80
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- mountPath: /etc/nginx # mount nginx volume to /etc/nginx
|
- mountPath: /etc/nginx
|
||||||
readOnly: true
|
readOnly: true
|
||||||
name: nginx-conf
|
name: nginxconfigvol
|
||||||
- mountPath: /var/log/nginx
|
- mountPath: /var/log/nginx
|
||||||
name: log
|
name: log
|
||||||
- mountPath: /var/www/html/website
|
- mountPath: /var/www/html/website
|
||||||
|
@ -30,9 +30,9 @@ spec:
|
||||||
name: website-cert
|
name: website-cert
|
||||||
readOnly: true
|
readOnly: true
|
||||||
volumes:
|
volumes:
|
||||||
- name: nginx-conf
|
- name: nginxconfigvol
|
||||||
configMap:
|
configMap:
|
||||||
name: nginx-conf
|
name: nginxconf
|
||||||
items:
|
items:
|
||||||
- key: nginx.conf
|
- key: nginx.conf
|
||||||
path: nginx.conf
|
path: nginx.conf
|
||||||
|
|
1
valid-auth.edn
Normal file
1
valid-auth.edn
Normal file
|
@ -0,0 +1 @@
|
||||||
|
{:none "none"}
|
5
valid-config.edn
Normal file
5
valid-config.edn
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
{:fqdn "repo.test.meissa.de"
|
||||||
|
:issuer "staging"
|
||||||
|
:volume-total-storage-size 20
|
||||||
|
:number-of-websites 5
|
||||||
|
}
|
Loading…
Reference in a new issue