From 911f0d5b2750afc3a9f8bad04f0ff8bb9997395a Mon Sep 17 00:00:00 2001 From: erik Date: Tue, 1 Nov 2022 15:05:59 +0100 Subject: [PATCH] Refactor app.kubernetes.part-of into resources --- .../cljc/dda/c4k_website/ingress_cert.cljc | 16 +++++++---- src/main/cljc/dda/c4k_website/website.cljc | 14 ++++++++++ src/main/resources/ingress/certificate.yaml | 2 ++ src/main/resources/ingress/http-ingress.yaml | 2 ++ src/main/resources/ingress/https-ingress.yaml | 2 ++ .../resources/website/nginx-configmap.yaml | 2 ++ .../resources/website/nginx-deployment.yaml | 4 ++- src/main/resources/website/nginx-service.yaml | 5 ++-- .../resources/website/website-build-cron.yaml | 2 +- .../website/website-build-deployment.yaml | 2 ++ .../website/website-build-secret.yaml | 2 ++ .../website/website-content-volume.yaml | 3 +- .../cljc/dda/c4k_website/ingress_test.cljc | 16 +++++++++-- .../cljc/dda/c4k_website/website_test.cljc | 28 +++++++++++++------ 14 files changed, 78 insertions(+), 22 deletions(-) diff --git a/src/main/cljc/dda/c4k_website/ingress_cert.cljc b/src/main/cljc/dda/c4k_website/ingress_cert.cljc index 91ec953..33742c6 100644 --- a/src/main/cljc/dda/c4k_website/ingress_cert.cljc +++ b/src/main/cljc/dda/c4k_website/ingress_cert.cljc @@ -13,15 +13,16 @@ (s/def ::issuer pred/letsencrypt-issuer?) (s/def ::service-name string?) +(s/def ::app-name string?) (s/def ::ingress-name string?) (s/def ::cert-name string?) (s/def ::service-port pos-int?) (s/def ::fqdns (s/coll-of pred/fqdn-string?)) -(def ingress? (s/keys :req-un [::fqdns ::ingress-name ::service-name ::service-port] +(def ingress? (s/keys :req-un [::fqdns ::app-name ::ingress-name ::service-name ::service-port] :opt-un [::issuer ::cert-name])) -(def certificate? (s/keys :req-un [::fqdns ::cert-name] +(def certificate? (s/keys :req-un [::fqdns ::app-name ::cert-name] :opt-un [::issuer])) #?(:cljs @@ -50,30 +51,33 @@ (defn-spec generate-http-ingress pred/map-or-seq? [config ingress?] - (let [{:keys [ingress-name service-name service-port fqdns]} config] + (let [{:keys [ingress-name service-name service-port fqdns app-name]} config] (-> (yaml/load-as-edn "ingress/http-ingress.yaml") - (assoc-in [:metadata :name] ingress-name) + (assoc-in [:metadata :name] ingress-name) + (assoc-in [:metadata :labels :app.kubernetes.part-of] app-name) (assoc-in [:spec :rules] (mapv (partial generate-host-rule service-name service-port) fqdns))))) (defn-spec generate-https-ingress pred/map-or-seq? [config ingress?] - (let [{:keys [ingress-name cert-name service-name service-port fqdns]} config] + (let [{:keys [ingress-name cert-name service-name service-port fqdns app-name]} config] (-> (yaml/load-as-edn "ingress/https-ingress.yaml") (assoc-in [:metadata :name] ingress-name) + (assoc-in [:metadata :labels :app.kubernetes.part-of] app-name) (assoc-in [:spec :tls 0 :secretName] cert-name) (assoc-in [:spec :tls 0 :hosts] fqdns) (assoc-in [:spec :rules] (mapv (partial generate-host-rule service-name service-port) fqdns))))) (defn-spec generate-certificate pred/map-or-seq? [config certificate?] - (let [{:keys [cert-name issuer fqdns] + (let [{:keys [cert-name issuer fqdns app-name] :or {issuer "staging"}} config letsencrypt-issuer (name issuer)] (-> (yaml/load-as-edn "ingress/certificate.yaml") (assoc-in [:metadata :name] cert-name) + (assoc-in [:metadata :labels :app.kubernetes.part-of] app-name) (assoc-in [:spec :secretName] cert-name) (assoc-in [:spec :commonName] (first fqdns)) (assoc-in [:spec :dnsNames] fqdns) diff --git a/src/main/cljc/dda/c4k_website/website.cljc b/src/main/cljc/dda/c4k_website/website.cljc index 778cd00..d829be3 100644 --- a/src/main/cljc/dda/c4k_website/website.cljc +++ b/src/main/cljc/dda/c4k_website/website.cljc @@ -47,6 +47,10 @@ [fqdn pred/fqdn-string?] (str/replace fqdn #"\." "-")) +(defn-spec generate-app-name string? + [unique-name pred/fqdn-string?] + (str (replace-dots-by-minus unique-name) "-website")) + (defn-spec generate-service-name string? [unique-name pred/fqdn-string?] (str (replace-dots-by-minus unique-name) "-service")) @@ -101,6 +105,7 @@ [config flattened-and-reduced-config?] (let [{:keys [unique-name fqdns]} config] (ing/generate-http-ingress {:fqdns fqdns + :app-name (generate-app-name unique-name) :ingress-name (generate-http-ingress-name unique-name) :service-name (generate-service-name unique-name) :service-port 80}))) @@ -110,6 +115,7 @@ (let [{:keys [unique-name fqdns]} config] (ing/generate-https-ingress {:fqdns fqdns :cert-name (generate-cert-name unique-name) + :app-name (generate-app-name unique-name) :ingress-name (generate-https-ingress-name unique-name) :service-name (generate-service-name unique-name) :service-port 80}))) @@ -119,6 +125,7 @@ (let [{:keys [unique-name issuer fqdns] :or {issuer "staging"}} config] (ing/generate-certificate {:fqdns fqdns + :app-name (generate-app-name unique-name) :cert-name (generate-cert-name unique-name) :issuer issuer}))) @@ -127,6 +134,7 @@ (let [{:keys [unique-name fqdns]} config] (-> (yaml/load-as-edn "website/nginx-configmap.yaml") + (assoc-in [:metadata :labels :app.kubernetes.part-of] (generate-app-name unique-name)) (replace-all-matching-subvalues-in-string-start "NAME" (replace-dots-by-minus unique-name)) (#(assoc-in % [:data :website.conf] @@ -138,6 +146,7 @@ (let [{:keys [unique-name]} config] (-> (yaml/load-as-edn "website/nginx-deployment.yaml") + (assoc-in [:metadata :labels :app.kubernetes.part-of] (generate-app-name unique-name)) (replace-all-matching-subvalues-in-string-start "NAME" (replace-dots-by-minus unique-name))))) (defn-spec generate-nginx-service pred/map-or-seq? @@ -145,6 +154,7 @@ (let [{:keys [unique-name]} config] (-> (yaml/load-as-edn "website/nginx-service.yaml") + (assoc-in [:metadata :labels :app.kubernetes.part-of] (generate-app-name unique-name)) (replace-all-matching-subvalues-in-string-start "NAME" (replace-dots-by-minus unique-name))))) (defn-spec generate-website-content-volume pred/map-or-seq? @@ -153,6 +163,7 @@ :or {volume-size "3"}} config] (-> (yaml/load-as-edn "website/website-content-volume.yaml") + (assoc-in [:metadata :labels :app.kubernetes.part-of] (generate-app-name unique-name)) (replace-all-matching-subvalues-in-string-start "NAME" (replace-dots-by-minus unique-name)) (cm/replace-all-matching-values-by-new-value "WEBSITESTORAGESIZE" (str volume-size "Gi"))))) @@ -161,6 +172,7 @@ (let [{:keys [unique-name]} config] (-> (yaml/load-as-edn "website/website-build-cron.yaml") + (assoc-in [:metadata :labels :app.kubernetes.part-of] (generate-app-name unique-name)) (replace-all-matching-subvalues-in-string-start "NAME" (replace-dots-by-minus unique-name))))) (defn-spec generate-website-build-deployment pred/map-or-seq? @@ -168,6 +180,7 @@ (let [{:keys [unique-name]} config] (-> (yaml/load-as-edn "website/website-build-deployment.yaml") + (assoc-in [:metadata :labels :app.kubernetes.part-of] (generate-app-name unique-name)) (replace-all-matching-subvalues-in-string-start "NAME" (replace-dots-by-minus unique-name))))) (defn-spec generate-website-build-secret pred/map-or-seq? @@ -180,6 +193,7 @@ branchname]} auth] (-> (yaml/load-as-edn "website/website-build-secret.yaml") + (assoc-in [:metadata :labels :app.kubernetes.part-of] (generate-app-name unique-name)) (replace-all-matching-subvalues-in-string-start "NAME" (replace-dots-by-minus unique-name)) (cm/replace-all-matching-values-by-new-value "TOKEN" (b64/encode authtoken)) (cm/replace-all-matching-values-by-new-value "URL" (b64/encode diff --git a/src/main/resources/ingress/certificate.yaml b/src/main/resources/ingress/certificate.yaml index 72bf6cd..5020461 100644 --- a/src/main/resources/ingress/certificate.yaml +++ b/src/main/resources/ingress/certificate.yaml @@ -2,6 +2,8 @@ apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: c4k-common-cert + labels: + app.kubernetes.part-of: c4k-common-app namespace: default spec: secretName: c4k-common-cert diff --git a/src/main/resources/ingress/http-ingress.yaml b/src/main/resources/ingress/http-ingress.yaml index 562f17c..4edc6cf 100644 --- a/src/main/resources/ingress/http-ingress.yaml +++ b/src/main/resources/ingress/http-ingress.yaml @@ -3,6 +3,8 @@ kind: Ingress metadata: name: c4k-common-http-ingress namespace: default + labels: + app.kubernetes.part-of: c4k-common-app annotations: traefik.ingress.kubernetes.io/router.entrypoints: web traefik.ingress.kubernetes.io/router.middlewares: default-redirect-https@kubernetescrd diff --git a/src/main/resources/ingress/https-ingress.yaml b/src/main/resources/ingress/https-ingress.yaml index 8798b43..e253be0 100644 --- a/src/main/resources/ingress/https-ingress.yaml +++ b/src/main/resources/ingress/https-ingress.yaml @@ -3,6 +3,8 @@ kind: Ingress metadata: name: c4k-common-https-ingress namespace: default + labels: + app.kubernetes.part-of: c4k-common-app annotations: traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.tls: "true" diff --git a/src/main/resources/website/nginx-configmap.yaml b/src/main/resources/website/nginx-configmap.yaml index 46669fd..34b4309 100644 --- a/src/main/resources/website/nginx-configmap.yaml +++ b/src/main/resources/website/nginx-configmap.yaml @@ -3,6 +3,8 @@ kind: ConfigMap metadata: name: NAME-configmap namespace: default + labels: + app.kubernetes.part-of: NAME-website data: nginx.conf: | user nginx; diff --git a/src/main/resources/website/nginx-deployment.yaml b/src/main/resources/website/nginx-deployment.yaml index e14e3fa..0014bbc 100644 --- a/src/main/resources/website/nginx-deployment.yaml +++ b/src/main/resources/website/nginx-deployment.yaml @@ -1,7 +1,9 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: NAME-deployment #TODO: Review jem 2022/10/26: why mixed case? either calculate the whole name in cljc or use UPPERCASE + name: NAME-deployment + labels: + app.kubernetes.part-of: NAME-website spec: replicas: 1 selector: diff --git a/src/main/resources/website/nginx-service.yaml b/src/main/resources/website/nginx-service.yaml index 05452ba..36ab954 100644 --- a/src/main/resources/website/nginx-service.yaml +++ b/src/main/resources/website/nginx-service.yaml @@ -4,13 +4,12 @@ metadata: name: NAME-service labels: app: NAME-nginx + app.kubernetes.part-of: NAME-website namespace: default spec: selector: app: NAME-nginx ports: - name: nginx-http - port: 80 - - name: nginx-https # TODO: Review jem 2022/10/26: we terminate ssl in ingress, do not pass thru - port: 443 + port: 80 \ No newline at end of file diff --git a/src/main/resources/website/website-build-cron.yaml b/src/main/resources/website/website-build-cron.yaml index 238ad7a..711fdb6 100644 --- a/src/main/resources/website/website-build-cron.yaml +++ b/src/main/resources/website/website-build-cron.yaml @@ -3,7 +3,7 @@ kind: CronJob metadata: name: NAME-build-cron labels: - app.kubernetes.part-of: website # TODO: Review jem 2022/10/26: adjust name, add part of to all + app.kubernetes.part-of: NAME-website spec: schedule: "0/7 * * * *" successfulJobsHistoryLimit: 1 diff --git a/src/main/resources/website/website-build-deployment.yaml b/src/main/resources/website/website-build-deployment.yaml index 40724fe..5dec7b8 100644 --- a/src/main/resources/website/website-build-deployment.yaml +++ b/src/main/resources/website/website-build-deployment.yaml @@ -2,6 +2,8 @@ apiVersion: apps/v1 kind: Deployment metadata: name: NAME-build-deployment + labels: + app.kubernetes.part-of: NAME-website spec: replicas: 0 selector: diff --git a/src/main/resources/website/website-build-secret.yaml b/src/main/resources/website/website-build-secret.yaml index e21583f..33bac32 100644 --- a/src/main/resources/website/website-build-secret.yaml +++ b/src/main/resources/website/website-build-secret.yaml @@ -2,6 +2,8 @@ apiVersion: v1 kind: Secret metadata: name: NAME-secret + labels: + app.kubernetes.part-of: NAME-website data: AUTHTOKEN: TOKEN GITREPOURL: URL diff --git a/src/main/resources/website/website-content-volume.yaml b/src/main/resources/website/website-content-volume.yaml index 1589ea4..4e6f130 100644 --- a/src/main/resources/website/website-content-volume.yaml +++ b/src/main/resources/website/website-content-volume.yaml @@ -4,7 +4,8 @@ metadata: name: NAME-content-volume namespace: default labels: - app: NAME-nginx + app: NAME-nginx + app.kubernetes.part-of: NAME-website spec: storageClassName: local-path accessModes: diff --git a/src/test/cljc/dda/c4k_website/ingress_test.cljc b/src/test/cljc/dda/c4k_website/ingress_test.cljc index 23c6cff..5f1b08b 100644 --- a/src/test/cljc/dda/c4k_website/ingress_test.cljc +++ b/src/test/cljc/dda/c4k_website/ingress_test.cljc @@ -10,6 +10,7 @@ (st/instrument `cut/generate-https-ingress) (st/instrument `cut/generate-certificate) +; ToDo: Refactor to ingress-cert-test (deftest should-generate-rule (is (= {:host "test.com", @@ -28,11 +29,13 @@ :metadata {:name "test-io-http-ingress", :namespace "default", + :labels {:app.kubernetes.part-of "c4k-common-app"}, :annotations #:traefik.ingress.kubernetes.io{:router.entrypoints "web", :router.middlewares "default-redirect-https@kubernetescrd"}}} (dissoc (cut/generate-http-ingress {:issuer "prod" + :app-name "c4k-common-app" :service-name "myservice" :service-port 3000 :ingress-name "test-io-http-ingress" @@ -53,6 +56,7 @@ (:spec (cut/generate-http-ingress {:issuer "prod" :service-name "myservice" + :app-name "c4k-common-app" :service-port 3000 :ingress-name "test-io-http-ingress" :fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]}))))) @@ -63,10 +67,12 @@ :metadata {:name "test-io-https-ingress", :namespace "default", + :labels {:app.kubernetes.part-of "c4k-common-app"}, :annotations #:traefik.ingress.kubernetes.io{:router.entrypoints "websecure", :router.tls "true"}}} (dissoc (cut/generate-https-ingress {:issuer "prod" :service-name "test-io-service" + :app-name "c4k-common-app" :service-port 80 :ingress-name "test-io-https-ingress" :fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]}) :spec))) @@ -88,6 +94,7 @@ :http {:paths [{:pathType "Prefix", :path "/", :backend {:service {:name "test-io-service", :port {:number 80}}}}]}}]} (:spec (cut/generate-https-ingress {:issuer "prod" + :app-name "c4k-common-app" :service-name "test-io-service" :service-port 80 :ingress-name "test-io-https-ingress" @@ -97,14 +104,19 @@ (deftest should-generate-certificate (is (= {:apiVersion "cert-manager.io/v1", :kind "Certificate", - :metadata {:name "test-io-cert", :namespace "default"}, + :metadata { + :name "test-io-cert", + :namespace "default", + :labels {:app.kubernetes.part-of "c4k-common-app"}, + }, :spec {:secretName "test-io-cert", - :commonName "test.de", + :commonName "test.de", :duration "2160h", :renewBefore "360h", :dnsNames ["test.de" "test.org" "www.test.de" "www.test.org"], :issuerRef {:name "prod", :kind "ClusterIssuer"}}} (cut/generate-certificate {:fqdns ["test.de" "test.org" "www.test.de" "www.test.org"] + :app-name "c4k-common-app" :cert-name "test-io-cert" :issuer "prod"})))) \ No newline at end of file diff --git a/src/test/cljc/dda/c4k_website/website_test.cljc b/src/test/cljc/dda/c4k_website/website_test.cljc index 2e44e31..2792dd8 100644 --- a/src/test/cljc/dda/c4k_website/website_test.cljc +++ b/src/test/cljc/dda/c4k_website/website_test.cljc @@ -69,7 +69,9 @@ :authtoken "abedjgbasdodj"}))))) (is (= {:apiVersion "v1", :kind "ConfigMap", - :metadata {:name "test-io-configmap", :namespace "default"}} + :metadata {:name "test-io-configmap", + :labels {:app.kubernetes.part-of "test-io-website"}, + :namespace "default"}} (dissoc (cut/generate-nginx-configmap {:unique-name "test.io", :gitea-host "gitea.evilorg", :gitea-repo "none", @@ -81,7 +83,8 @@ (deftest should-generate-nginx-deployment (is (= {:apiVersion "apps/v1", :kind "Deployment", - :metadata {:name "test-io-deployment"}, + :metadata {:name "test-io-deployment", + :labels {:app.kubernetes.part-of "test-io-website"}}, :spec {:replicas 1, :selector {:matchLabels {:app "test-io-nginx"}}, @@ -123,7 +126,9 @@ (is (= {:name-c1 "test-io-service", :name-c2 "test-org-service", :app-c1 "test-io-nginx", - :app-c2 "test-org-nginx"} + :app-c2 "test-org-nginx", + :app.kubernetes.part-of-c1 "test-io-website", + :app.kubernetes.part-of-c2 "test-org-website"} (th/map-diff (cut/generate-nginx-service {:unique-name "test.io", :gitea-host "gitea.evilorg", :gitea-repo "none", @@ -142,9 +147,11 @@ (deftest should-generate-website-build-cron (is (= {:apiVersion "batch/v1beta1", :kind "CronJob", - :metadata {:name "test-io-build-cron", :labels {:app.kubernetes.part-of "website"}}, + :metadata { + :name "test-io-build-cron", + :labels {:app.kubernetes.part-of "test-io-website"}}, :spec - {:schedule "1,7,14,21,28,35,42,49,54,59 * * * *", + {:schedule "0/7 * * * *", :successfulJobsHistoryLimit 1, :failedJobsHistoryLimit 1, :jobTemplate @@ -171,7 +178,8 @@ (deftest should-generate-website-build-deployment (is (= {:apiVersion "apps/v1", :kind "Deployment", - :metadata {:name "test-io-build-deployment"}, + :metadata {:name "test-io-build-deployment", + :labels {:app.kubernetes.part-of "test-io-website"}}, :spec {:replicas 0, :selector {:matchLabels {:app "test-io-builder"}}, @@ -202,7 +210,9 @@ :AUTHTOKEN-c1 (b64/encode "token1"), :AUTHTOKEN-c2 (b64/encode "token2"), :GITREPOURL-c1 (b64/encode "https://gitlab.org/api/v1/repos/dumpty/websitebau/archive/testname.zip"), - :GITREPOURL-c2 (b64/encode "https://github.com/api/v1/repos/humpty/websitedachs/archive/testname.zip")} + :GITREPOURL-c2 (b64/encode "https://github.com/api/v1/repos/humpty/websitedachs/archive/testname.zip"), + :app.kubernetes.part-of-c1 "test-io-website", + :app.kubernetes.part-of-c2 "test-org-website"} (th/map-diff (cut/generate-website-build-secret {:unique-name "test.io", :authtoken "token1", :gitea-host "gitlab.org", @@ -223,7 +233,9 @@ (is (= {:name-c1 "test-io-content-volume", :name-c2 "test-org-content-volume", :app-c1 "test-io-nginx", - :app-c2 "test-org-nginx"} + :app-c2 "test-org-nginx", + :app.kubernetes.part-of-c1 "test-io-website", + :app.kubernetes.part-of-c2 "test-org-website"} (th/map-diff (cut/generate-website-content-volume {:unique-name "test.io", :gitea-host "gitea.evilorg", :gitea-repo "none",