Add dummy auth

It seems, that an auth file is necessary for conf creation.
So added a dummy file containing one key value pair.
Also update of names and formati in configmap and deployment.
Also added valid_config and valid auth.
This commit is contained in:
erik 2022-09-22 12:48:11 +02:00
parent 4013da36b5
commit 4cf689e27f
7 changed files with 39 additions and 60 deletions

View file

@ -5,5 +5,6 @@
[dda.c4k-website.website :as website]
[dda.c4k-common.uberjar :as uberjar]))
(defn -main [& cmd-args]
(uberjar/main-common "c4k-website" website/config? nil website/config-defaults core/k8s-objects cmd-args))
(uberjar/main-common "c4k-website" website/config? website/auth? website/config-defaults core/k8s-objects cmd-args))

View file

@ -7,10 +7,10 @@
(defn k8s-objects [config]
(cm/concat-vec
(map yaml/to-string
(filter #(not (nil? %))
[(website/generate-certificate config)
(website/generate-ingress config)
[(website/generate-nginx-deployment)
(website/generate-nginx-configmap config)
(website/generate-nginx-deployment)
(website/generate-nginx-service)
(website/generate-website-content-volume config)]))))
(website/generate-website-content-volume config)
(website/generate-ingress config)
(website/generate-certificate config)
])))

View file

@ -27,6 +27,8 @@
(def config? (s/keys :req-un [::fqdn]
:opt-un [::issuer]))
(def auth? (s/keys :req-un [::none]))
(def vol? (s/keys :req-un [::volume-total-storage-size
::number-of-websites]))
@ -61,7 +63,7 @@
(defn-spec generate-ingress pred/map-or-seq?
[config config?]
(let [{:keys [fqdn issuer]} config]
(let [{:keys [fqdn]} config]
(->
(yaml/load-as-edn "website/ingress.yaml")
(cm/replace-all-matching-values-by-new-value "FQDN" fqdn))))
@ -72,7 +74,7 @@
configmap (yaml/load-as-edn "website/nginx-configmap.yaml")]
(->
configmap
(assoc-in [:data :website.conf] (st/replace (-> configmap :data :website.conf) #"FQDN" fqdn))
(assoc-in [:data :website.conf] (st/replace (-> configmap :data :website.conf) #"FQDN" (str fqdn ";")))
)
))

View file

@ -1,52 +1,31 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: nginx-conf
name: nginxconf
namespace: default
data:
nginx.conf: |
user nginx;
worker_processes 3;
error_log /var/log/nginx/error.log;
pid /var/log/nginx/nginx.pid;
worker_rlimit_nofile 8192;
events {
worker_connections 4096; ## Default: 1024
worker_connections 4096;
}
# daemon off; # run in foreground
http {
include /etc/nginx/mime.types; # should be replaced by c4k
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] $status '
'"$request" $body_bytes_sent "$http_referer" '
log_format main '$remote_addr - $remote_user [$time_local] $status'
'"$request" $body_bytes_sent "$http_referer"'
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
keepalive_timeout 65;
server_names_hash_bucket_size 128; # this seems to be required for some vhosts
# it might be a good idea to set a common reverse proxy
# which points to the ingress?
server_names_hash_bucket_size 128;
include /etc/nginx/conf.d/website.conf;
}
mime.types: |
types {
text/html html htm shtml;
@ -98,17 +77,12 @@ data:
}
website.conf: |
server {
listen 80 default_server;
listen [::]:80 default_server;
listen 443 ssl;
ssl_certificate /etc/certs/tls.crt;
ssl_certificate_key /etc/certs/tls.key;
server_name FQDN
# security headers
add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload';
add_header Content-Security-Policy "default-src 'self'; font-src *;img-src * data:; script-src *; style-src *";
@ -118,12 +92,8 @@ data:
add_header Referrer-Policy "strict-origin";
# maybe need to add:
# add_header Permissions-Policy "permissions here";
root /var/www/html/website/;
# root /usr/share/nginx/html/; # testing purposes
index index.html;
try_files $uri /index.html;
}

View file

@ -19,9 +19,9 @@ spec:
ports:
- containerPort: 80
volumeMounts:
- mountPath: /etc/nginx # mount nginx volume to /etc/nginx
- mountPath: /etc/nginx
readOnly: true
name: nginx-conf
name: nginxconfigvol
- mountPath: /var/log/nginx
name: log
- mountPath: /var/www/html/website
@ -30,9 +30,9 @@ spec:
name: website-cert
readOnly: true
volumes:
- name: nginx-conf
- name: nginxconfigvol
configMap:
name: nginx-conf
name: nginxconf
items:
- key: nginx.conf
path: nginx.conf

1
valid-auth.edn Normal file
View file

@ -0,0 +1 @@
{:none "none"}

5
valid-config.edn Normal file
View file

@ -0,0 +1,5 @@
{:fqdn "repo.test.meissa.de"
:issuer "staging"
:volume-total-storage-size 20
:number-of-websites 5
}