Add dummy auth
It seems, that an auth file is necessary for conf creation. So added a dummy file containing one key value pair. Also update of names and formati in configmap and deployment. Also added valid_config and valid auth.
This commit is contained in:
parent
4013da36b5
commit
4cf689e27f
7 changed files with 39 additions and 60 deletions
|
@ -5,5 +5,6 @@
|
|||
[dda.c4k-website.website :as website]
|
||||
[dda.c4k-common.uberjar :as uberjar]))
|
||||
|
||||
|
||||
(defn -main [& cmd-args]
|
||||
(uberjar/main-common "c4k-website" website/config? nil website/config-defaults core/k8s-objects cmd-args))
|
||||
(uberjar/main-common "c4k-website" website/config? website/auth? website/config-defaults core/k8s-objects cmd-args))
|
||||
|
|
|
@ -7,10 +7,10 @@
|
|||
(defn k8s-objects [config]
|
||||
(cm/concat-vec
|
||||
(map yaml/to-string
|
||||
(filter #(not (nil? %))
|
||||
[(website/generate-certificate config)
|
||||
(website/generate-ingress config)
|
||||
(website/generate-nginx-configmap config)
|
||||
(website/generate-nginx-deployment)
|
||||
(website/generate-nginx-service)
|
||||
(website/generate-website-content-volume config)]))))
|
||||
[(website/generate-nginx-deployment)
|
||||
(website/generate-nginx-configmap config)
|
||||
(website/generate-nginx-service)
|
||||
(website/generate-website-content-volume config)
|
||||
(website/generate-ingress config)
|
||||
(website/generate-certificate config)
|
||||
])))
|
||||
|
|
|
@ -27,6 +27,8 @@
|
|||
(def config? (s/keys :req-un [::fqdn]
|
||||
:opt-un [::issuer]))
|
||||
|
||||
(def auth? (s/keys :req-un [::none]))
|
||||
|
||||
(def vol? (s/keys :req-un [::volume-total-storage-size
|
||||
::number-of-websites]))
|
||||
|
||||
|
@ -61,7 +63,7 @@
|
|||
|
||||
(defn-spec generate-ingress pred/map-or-seq?
|
||||
[config config?]
|
||||
(let [{:keys [fqdn issuer]} config]
|
||||
(let [{:keys [fqdn]} config]
|
||||
(->
|
||||
(yaml/load-as-edn "website/ingress.yaml")
|
||||
(cm/replace-all-matching-values-by-new-value "FQDN" fqdn))))
|
||||
|
@ -72,7 +74,7 @@
|
|||
configmap (yaml/load-as-edn "website/nginx-configmap.yaml")]
|
||||
(->
|
||||
configmap
|
||||
(assoc-in [:data :website.conf] (st/replace (-> configmap :data :website.conf) #"FQDN" fqdn))
|
||||
(assoc-in [:data :website.conf] (st/replace (-> configmap :data :website.conf) #"FQDN" (str fqdn ";")))
|
||||
)
|
||||
))
|
||||
|
||||
|
|
|
@ -1,52 +1,31 @@
|
|||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: nginx-conf
|
||||
name: nginxconf
|
||||
namespace: default
|
||||
data:
|
||||
nginx.conf: |
|
||||
user nginx;
|
||||
|
||||
worker_processes 3;
|
||||
|
||||
error_log /var/log/nginx/error.log;
|
||||
|
||||
pid /var/log/nginx/nginx.pid;
|
||||
|
||||
worker_processes 3;
|
||||
error_log /var/log/nginx/error.log;
|
||||
pid /var/log/nginx/nginx.pid;
|
||||
worker_rlimit_nofile 8192;
|
||||
|
||||
events {
|
||||
worker_connections 4096; ## Default: 1024
|
||||
worker_connections 4096;
|
||||
}
|
||||
|
||||
# daemon off; # run in foreground
|
||||
|
||||
http {
|
||||
|
||||
include /etc/nginx/mime.types; # should be replaced by c4k
|
||||
|
||||
include /etc/nginx/mime.types;
|
||||
default_type application/octet-stream;
|
||||
|
||||
log_format main '$remote_addr - $remote_user [$time_local] $status '
|
||||
'"$request" $body_bytes_sent "$http_referer" '
|
||||
'"$http_user_agent" "$http_x_forwarded_for"';
|
||||
|
||||
access_log /var/log/nginx/access.log main;
|
||||
|
||||
sendfile on;
|
||||
|
||||
tcp_nopush on;
|
||||
|
||||
log_format main '$remote_addr - $remote_user [$time_local] $status'
|
||||
'"$request" $body_bytes_sent "$http_referer"'
|
||||
'"$http_user_agent" "$http_x_forwarded_for"';
|
||||
access_log /var/log/nginx/access.log main;
|
||||
sendfile on;
|
||||
tcp_nopush on;
|
||||
keepalive_timeout 65;
|
||||
|
||||
server_names_hash_bucket_size 128; # this seems to be required for some vhosts
|
||||
|
||||
# it might be a good idea to set a common reverse proxy
|
||||
# which points to the ingress?
|
||||
|
||||
server_names_hash_bucket_size 128;
|
||||
include /etc/nginx/conf.d/website.conf;
|
||||
}
|
||||
|
||||
mime.types: |
|
||||
types {
|
||||
text/html html htm shtml;
|
||||
|
@ -98,17 +77,12 @@ data:
|
|||
}
|
||||
website.conf: |
|
||||
server {
|
||||
|
||||
listen 80 default_server;
|
||||
listen [::]:80 default_server;
|
||||
|
||||
listen 443 ssl;
|
||||
|
||||
ssl_certificate /etc/certs/tls.crt;
|
||||
ssl_certificate_key /etc/certs/tls.key;
|
||||
|
||||
server_name FQDN
|
||||
|
||||
# security headers
|
||||
add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload';
|
||||
add_header Content-Security-Policy "default-src 'self'; font-src *;img-src * data:; script-src *; style-src *";
|
||||
|
@ -118,12 +92,8 @@ data:
|
|||
add_header Referrer-Policy "strict-origin";
|
||||
# maybe need to add:
|
||||
# add_header Permissions-Policy "permissions here";
|
||||
|
||||
root /var/www/html/website/;
|
||||
# root /usr/share/nginx/html/; # testing purposes
|
||||
|
||||
index index.html;
|
||||
|
||||
try_files $uri /index.html;
|
||||
|
||||
}
|
|
@ -19,9 +19,9 @@ spec:
|
|||
ports:
|
||||
- containerPort: 80
|
||||
volumeMounts:
|
||||
- mountPath: /etc/nginx # mount nginx volume to /etc/nginx
|
||||
- mountPath: /etc/nginx
|
||||
readOnly: true
|
||||
name: nginx-conf
|
||||
name: nginxconfigvol
|
||||
- mountPath: /var/log/nginx
|
||||
name: log
|
||||
- mountPath: /var/www/html/website
|
||||
|
@ -30,9 +30,9 @@ spec:
|
|||
name: website-cert
|
||||
readOnly: true
|
||||
volumes:
|
||||
- name: nginx-conf
|
||||
- name: nginxconfigvol
|
||||
configMap:
|
||||
name: nginx-conf
|
||||
name: nginxconf
|
||||
items:
|
||||
- key: nginx.conf
|
||||
path: nginx.conf
|
||||
|
|
1
valid-auth.edn
Normal file
1
valid-auth.edn
Normal file
|
@ -0,0 +1 @@
|
|||
{:none "none"}
|
5
valid-config.edn
Normal file
5
valid-config.edn
Normal file
|
@ -0,0 +1,5 @@
|
|||
{:fqdn "repo.test.meissa.de"
|
||||
:issuer "staging"
|
||||
:volume-total-storage-size 20
|
||||
:number-of-websites 5
|
||||
}
|
Loading…
Reference in a new issue