[Skip-Ci] WIP Prepare fqdn generalization

doc/Releasing.md

@@ -1,14 +1,21 @@
-# stable release (should be done from master)
+# Release process for stable release
 
+``` bash
+git checkout main # for old projects replace main with master
 ```
-#adjust [version]
-vi package.json
 
+Open package.json, find ":version" keyword and remove "-SNAPSHOT" from version number.
+
+``` bash
 lein release
 git push --follow-tags
+```
 
-# bump version - increase version and add -SNAPSHOT
+Open package.json again, increase version increment by one and add "-SNAPSHOT".
-vi package.json
+
+``` bash
 git commit -am "version bump"
 git push
 ```
+
+Done.

src/main/cljc/dda/c4k_website/website.cljc

@@ -41,6 +41,14 @@
   [fqdn]
   (st/replace fqdn #"\." "-"))
 
+(defn generate-service-name
+  [name]
+  (str (unique-name-from-fqdn name) "-service"))
+
+(defn generate-cert-name
+  [name]
+  (str (unique-name-from-fqdn name) "-cert"))
+
 ; ToDo: Move to common?
 (defn-spec replace-all-matching-subvalues-in-string-start pred/map-or-seq?
   [col string? ;ToDo richtig spec-en
@@ -72,6 +80,103 @@
    (defmethod yaml/load-as-edn :website [resource-name]
      (yaml/from-string (yaml/load-resource resource-name))))
 
+; ability extend input map (e.g. ingress or cert) with additional values (e.g. FQDNs)
+; use for website-ingress generation
+(defn add-to-col-within-map [inmap keywordlist value]
+  (-> inmap
+      (get-in keywordlist)
+      (conj value)
+      (#(assoc-in inmap keywordlist %))))
+
+; generate a list of host-rules from a list of fqdns
+(defn make-host-rules-from-fqdns
+  [rule fqdns]
+  ;function that creates a rule from host names
+  (map #(assoc-in rule [:host] %) fqdns))
+
+;create working ingress
+(defn generate-common-http-ingress [config]
+  (let [{:keys [fqdn service-name]} config]
+    (->
+     (yaml/load-as-edn "website/http-ingress.yaml")
+     (cm/replace-all-matching-values-by-new-value "SERVICENAME" service-name)
+     (cm/replace-all-matching-values-by-new-value "FQDN" fqdn))))
+
+(defn generate-website-http-ingress [config]
+  (let [{:keys [uname fqdns]} config
+        fqdn (first fqdns)
+        spec-rules [:spec :rules]
+        service-name (generate-service-name uname)]
+    (->
+     (generate-common-http-ingress
+      {:fqdn fqdn :service-name service-name})
+     (assoc-in
+      [:metadata :name]
+      (str (unique-name-from-fqdn uname) "-http-ingress"))
+     (#(assoc-in %
+                 spec-rules
+                 (make-host-rules-from-fqdns
+                  (-> % :spec :rules first) ;get first ingress rule
+                  fqdns))))))
+
+;create working ingress
+(defn generate-common-https-ingress [config]
+  (let [{:keys [fqdn service-name cert-name]} config]
+    (->
+     (yaml/load-as-edn "website/https-ingress.yaml")
+     (cm/replace-all-matching-values-by-new-value "SERVICENAME" service-name)
+     (cm/replace-all-matching-values-by-new-value "CERTNAME" cert-name)
+     (cm/replace-all-matching-values-by-new-value "FQDN" fqdn))))
+
+(defn generate-website-https-ingress [config]
+  (let [{:keys [uname fqdns]} config
+        fqdn (first fqdns)
+        spec-rules [:spec :rules]
+        spec-tls-hosts [:spec :tls 0 :hosts]
+        service-name (generate-service-name uname)
+        cert-name (generate-cert-name uname)]
+    (->
+     (generate-common-https-ingress
+      {:fqdn fqdn :service-name service-name :cert-name cert-name})
+     (assoc-in
+      [:metadata :name]
+      (str (unique-name-from-fqdn uname) "-https-ingress"))
+     (#(assoc-in %
+                 spec-tls-hosts
+                 fqdns))
+     (#(add-to-col-within-map %
+                              spec-rules
+                              (make-host-rules-from-fqdns
+                               (-> % :spec :rules first) ;get first ingress rule
+                               fqdns))))))
+
+(defn generate-common-certificate
+  [config]
+  (let [{:keys [uname fqdns issuer]
+         :or {issuer "staging"}} config
+        fqdn (first fqdns)        
+        letsencrypt-issuer (name issuer)
+        cert-name (generate-cert-name uname)]
+    (->
+     (yaml/load-as-edn "website/certificate.yaml")
+     (assoc-in [:spec :issuerRef :name] letsencrypt-issuer)
+     (cm/replace-all-matching-values-by-new-value "CERTNAME" cert-name)
+     (cm/replace-all-matching-values-by-new-value "FQDN" fqdn))))
+
+(defn generate-website-certificate
+  [config]
+  (let [{:keys [uname fqdns issuer]
+         :or {issuer "staging"}} config
+        fqdn (first fqdns)
+        spec-dnsNames [:spec :dnsNames]
+        letsencrypt-issuer (name issuer)
+        cert-name (generate-cert-name uname)]
+    (->
+     (yaml/load-as-edn "website/certificate.yaml")
+     (assoc-in [:spec :issuerRef :name] letsencrypt-issuer)
+     (cm/replace-all-matching-values-by-new-value "CERTNAME" cert-name)
+     (cm/replace-all-matching-values-by-new-value "FQDN" fqdn))))
+
 (defn-spec generate-single-certificate pred/map-or-seq?
   [config config?]
   (let [{:keys [issuer single]

src/main/resources/website/http-ingress.yaml

@@ -0,0 +1,20 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: http-ingress
+  namespace: default
+  annotations:    
+    traefik.ingress.kubernetes.io/router.entrypoints: web    
+    traefik.ingress.kubernetes.io/router.middlewares: default-redirect-https@kubernetescrd    
+spec:
+  rules:
+    - host: FQDN
+      http:
+        paths:
+          - pathType: Prefix
+            path: "/"
+            backend:
+              service:
+                name: SERVICENAME
+                port:
+                  number: 80

src/main/resources/website/https-ingress.yaml

@@ -0,0 +1,24 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: https-ingress-gitea
+  namespace: default
+  annotations:
+    traefik.ingress.kubernetes.io/router.entrypoints: websecure
+    traefik.ingress.kubernetes.io/router.tls: "true"    
+spec:
+  tls:
+    - hosts:
+        - FQDN
+      secretName: CERTNAME
+  rules:
+    - host: FQDN
+      http:
+        paths:
+          - pathType: Prefix
+            path: "/"
+            backend:
+              service:
+                name: SERVICENAME
+                port:
+                  number: 80

valid-auth.edn

@@ -2,4 +2,10 @@
  :gitrepourl "https://some.de/path/to/repo.zip"
  :singlegitrepourl "https://someother.de/path/to/repo.zip"}
 
-{:auth [{:name "meissa.io" :username "" :auth-token ""}]}
+{:auth
+ [{:name "meissa.io"
+   :username ""
+   :authtoken ""}
+  {:name "dda.io"
+   :username ""
+   :authtoken ""}]}

valid-config.edn

@@ -1,20 +1,20 @@
 {:fqdn "meissa.de"
  :fqdn1 "meissa-gmbh.de"
  :fqdn2 "domaindrivenarchitecture.org"
- :multi ["fqdn", "fqdn1"]
+ :multi ["fqdn" "fqdn1"]
  :single "fqdn2"
  :issuer "staging"}
 
 {:issuer "staging"
  :websites
  [{:name "meissa.io"
-   :fqdns ["meissa.de", "meissa-gmbh.de", "www.meissa-gmbh.de",
+   :fqdns ["meissa.de" "meissa-gmbh.de" "www.meissa-gmbh.de"
-           "www.meissa.de", "www.prod.meissa-gmbh.de", "www.prod.meissa.de"]
+           "www.meissa.de" "www.prod.meissa-gmbh.de" "www.prod.meissa.de"]
    :gitea-host "repo.prod.meissa.de"
    :gitea-repo "repo"}
   ; -> "https://" + git-host + "/api/v1/" + user + "/" + git-repo
-  {:fqdns ["domaindrivenarchitecture.org", "www.domaindrivenarchitecture.org", 
+  {:name "dda.io"
+   :fqdns ["domaindrivenarchitecture.org", "www.domaindrivenarchitecture.org",
            "www.prod.domaindrivenarchitecture.org"]
-   :git-url ""}
+   :gitea-host "repo.prod.meissa.de"
-  ]
+   :gitea-repo "repo"}]}
- }