Add dummy auth

It seems, that an auth file is necessary for conf creation.
So added a dummy file containing one key value pair.
Also update of names and formati in configmap and deployment.
Also added valid_config and valid auth.

src/main/clj/dda/c4k_website/uberjar.clj

@@ -5,5 +5,6 @@
    [dda.c4k-website.website :as website]
    [dda.c4k-common.uberjar :as uberjar]))
 
+
 (defn -main [& cmd-args]
-  (uberjar/main-common "c4k-website" website/config? nil website/config-defaults core/k8s-objects cmd-args))
+  (uberjar/main-common "c4k-website" website/config? website/auth? website/config-defaults core/k8s-objects cmd-args))

src/main/cljc/dda/c4k_website/core.cljc

@@ -7,10 +7,10 @@
 (defn k8s-objects [config]  
     (cm/concat-vec
      (map yaml/to-string
-          (filter #(not (nil? %))
-                  [(website/generate-certificate config)
-                   (website/generate-ingress config)
+          [(website/generate-nginx-deployment)
            (website/generate-nginx-configmap config)
-                   (website/generate-nginx-deployment)
            (website/generate-nginx-service)
-                   (website/generate-website-content-volume config)]))))
+           (website/generate-website-content-volume config)
+           (website/generate-ingress config)
+           (website/generate-certificate config)
+           ])))

src/main/cljc/dda/c4k_website/website.cljc

@@ -27,6 +27,8 @@
 (def config? (s/keys :req-un [::fqdn]
                      :opt-un [::issuer]))
 
+(def auth? (s/keys  :req-un [::none]))
+
 (def vol? (s/keys :req-un [::volume-total-storage-size
                            ::number-of-websites]))
 
@@ -61,7 +63,7 @@
 
 (defn-spec generate-ingress pred/map-or-seq?
   [config config?]
-  (let [{:keys [fqdn issuer]} config]
+  (let [{:keys [fqdn]} config]
     (->
      (yaml/load-as-edn "website/ingress.yaml")
      (cm/replace-all-matching-values-by-new-value "FQDN" fqdn))))
@@ -72,7 +74,7 @@
         configmap (yaml/load-as-edn "website/nginx-configmap.yaml")]         
     (-> 
      configmap
-     (assoc-in [:data :website.conf] (st/replace (-> configmap :data :website.conf) #"FQDN" fqdn))
+     (assoc-in [:data :website.conf] (st/replace (-> configmap :data :website.conf) #"FQDN" (str fqdn ";")))
      )
   ))     
 

src/main/resources/website/nginx-configmap.yaml

@@ -1,52 +1,31 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
-  name: nginx-conf
+  name: nginxconf
   namespace: default
 data:
   nginx.conf: |
     user nginx;
-
     worker_processes 3;
-
     error_log /var/log/nginx/error.log;
-
     pid /var/log/nginx/nginx.pid;
-
     worker_rlimit_nofile 8192;
-
     events { 
-      worker_connections  4096;  ## Default: 1024
+      worker_connections 4096; 
     }
-
-    # daemon off; # run in foreground
-
     http {
-        
-      include /etc/nginx/mime.types; # should be replaced by c4k
-
+      include /etc/nginx/mime.types; 
       default_type application/octet-stream;
-
       log_format   main '$remote_addr - $remote_user [$time_local] $status'
       '"$request" $body_bytes_sent "$http_referer"'
       '"$http_user_agent" "$http_x_forwarded_for"';
-
       access_log /var/log/nginx/access.log main;
-
       sendfile on;
-
       tcp_nopush on;
-
       keepalive_timeout 65;
-      
-      server_names_hash_bucket_size 128; # this seems to be required for some vhosts
-
-      # it might be a good idea to set a common reverse proxy 
-      # which points to the ingress?
-
+      server_names_hash_bucket_size 128;
       include /etc/nginx/conf.d/website.conf;
     }
-    
   mime.types: |
     types {
       text/html                             html htm shtml;
@@ -98,17 +77,12 @@ data:
     }
   website.conf: |
     server {
-
       listen 80 default_server;
       listen [::]:80 default_server;
-
       listen 443 ssl;
-
       ssl_certificate /etc/certs/tls.crt;
       ssl_certificate_key /etc/certs/tls.key;
-
       server_name FQDN
-
       # security headers
       add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload';
       add_header Content-Security-Policy "default-src 'self'; font-src *;img-src * data:; script-src *; style-src *";
@@ -118,12 +92,8 @@ data:
       add_header Referrer-Policy "strict-origin";
       # maybe need to add:
       # add_header Permissions-Policy "permissions here";
-
       root /var/www/html/website/;
       # root /usr/share/nginx/html/; # testing purposes
-
       index index.html;
-
       try_files $uri /index.html;
-
     }

src/main/resources/website/nginx-deployment.yaml

@@ -19,9 +19,9 @@ spec:
         ports:
         - containerPort: 80
         volumeMounts:
-        - mountPath: /etc/nginx # mount nginx volume to /etc/nginx
+        - mountPath: /etc/nginx 
           readOnly: true
-          name: nginx-conf
+          name: nginxconfigvol
         - mountPath: /var/log/nginx
           name: log                    
         - mountPath: /var/www/html/website
@@ -30,9 +30,9 @@ spec:
           name: website-cert
           readOnly: true
       volumes:
-        - name: nginx-conf
+        - name: nginxconfigvol
           configMap:
-            name: nginx-conf 
+            name: nginxconf 
             items:
               - key: nginx.conf
                 path: nginx.conf

valid-auth.edn

@@ -0,0 +1 @@
+{:none "none"}

valid-config.edn

@@ -0,0 +1,5 @@
+{:fqdn "repo.test.meissa.de"  
+ :issuer "staging"
+ :volume-total-storage-size 20
+ :number-of-websites 5
+ }