[Skip-Ci] WIP Prepare fqdn generalization

This commit is contained in:
erik 2022-10-11 18:07:01 +02:00
parent 59c96b4da9
commit 95d8b636a0
6 changed files with 176 additions and 14 deletions

View file

@ -1,14 +1,21 @@
# stable release (should be done from master) # Release process for stable release
``` bash
git checkout main # for old projects replace main with master
``` ```
#adjust [version]
vi package.json
Open package.json, find ":version" keyword and remove "-SNAPSHOT" from version number.
``` bash
lein release lein release
git push --follow-tags git push --follow-tags
```
# bump version - increase version and add -SNAPSHOT Open package.json again, increase version increment by one and add "-SNAPSHOT".
vi package.json
``` bash
git commit -am "version bump" git commit -am "version bump"
git push git push
``` ```
Done.

View file

@ -41,6 +41,14 @@
[fqdn] [fqdn]
(st/replace fqdn #"\." "-")) (st/replace fqdn #"\." "-"))
(defn generate-service-name
[name]
(str (unique-name-from-fqdn name) "-service"))
(defn generate-cert-name
[name]
(str (unique-name-from-fqdn name) "-cert"))
; ToDo: Move to common? ; ToDo: Move to common?
(defn-spec replace-all-matching-subvalues-in-string-start pred/map-or-seq? (defn-spec replace-all-matching-subvalues-in-string-start pred/map-or-seq?
[col string? ;ToDo richtig spec-en [col string? ;ToDo richtig spec-en
@ -72,6 +80,103 @@
(defmethod yaml/load-as-edn :website [resource-name] (defmethod yaml/load-as-edn :website [resource-name]
(yaml/from-string (yaml/load-resource resource-name)))) (yaml/from-string (yaml/load-resource resource-name))))
; ability extend input map (e.g. ingress or cert) with additional values (e.g. FQDNs)
; use for website-ingress generation
(defn add-to-col-within-map [inmap keywordlist value]
(-> inmap
(get-in keywordlist)
(conj value)
(#(assoc-in inmap keywordlist %))))
; generate a list of host-rules from a list of fqdns
(defn make-host-rules-from-fqdns
[rule fqdns]
;function that creates a rule from host names
(map #(assoc-in rule [:host] %) fqdns))
;create working ingress
(defn generate-common-http-ingress [config]
(let [{:keys [fqdn service-name]} config]
(->
(yaml/load-as-edn "website/http-ingress.yaml")
(cm/replace-all-matching-values-by-new-value "SERVICENAME" service-name)
(cm/replace-all-matching-values-by-new-value "FQDN" fqdn))))
(defn generate-website-http-ingress [config]
(let [{:keys [uname fqdns]} config
fqdn (first fqdns)
spec-rules [:spec :rules]
service-name (generate-service-name uname)]
(->
(generate-common-http-ingress
{:fqdn fqdn :service-name service-name})
(assoc-in
[:metadata :name]
(str (unique-name-from-fqdn uname) "-http-ingress"))
(#(assoc-in %
spec-rules
(make-host-rules-from-fqdns
(-> % :spec :rules first) ;get first ingress rule
fqdns))))))
;create working ingress
(defn generate-common-https-ingress [config]
(let [{:keys [fqdn service-name cert-name]} config]
(->
(yaml/load-as-edn "website/https-ingress.yaml")
(cm/replace-all-matching-values-by-new-value "SERVICENAME" service-name)
(cm/replace-all-matching-values-by-new-value "CERTNAME" cert-name)
(cm/replace-all-matching-values-by-new-value "FQDN" fqdn))))
(defn generate-website-https-ingress [config]
(let [{:keys [uname fqdns]} config
fqdn (first fqdns)
spec-rules [:spec :rules]
spec-tls-hosts [:spec :tls 0 :hosts]
service-name (generate-service-name uname)
cert-name (generate-cert-name uname)]
(->
(generate-common-https-ingress
{:fqdn fqdn :service-name service-name :cert-name cert-name})
(assoc-in
[:metadata :name]
(str (unique-name-from-fqdn uname) "-https-ingress"))
(#(assoc-in %
spec-tls-hosts
fqdns))
(#(add-to-col-within-map %
spec-rules
(make-host-rules-from-fqdns
(-> % :spec :rules first) ;get first ingress rule
fqdns))))))
(defn generate-common-certificate
[config]
(let [{:keys [uname fqdns issuer]
:or {issuer "staging"}} config
fqdn (first fqdns)
letsencrypt-issuer (name issuer)
cert-name (generate-cert-name uname)]
(->
(yaml/load-as-edn "website/certificate.yaml")
(assoc-in [:spec :issuerRef :name] letsencrypt-issuer)
(cm/replace-all-matching-values-by-new-value "CERTNAME" cert-name)
(cm/replace-all-matching-values-by-new-value "FQDN" fqdn))))
(defn generate-website-certificate
[config]
(let [{:keys [uname fqdns issuer]
:or {issuer "staging"}} config
fqdn (first fqdns)
spec-dnsNames [:spec :dnsNames]
letsencrypt-issuer (name issuer)
cert-name (generate-cert-name uname)]
(->
(yaml/load-as-edn "website/certificate.yaml")
(assoc-in [:spec :issuerRef :name] letsencrypt-issuer)
(cm/replace-all-matching-values-by-new-value "CERTNAME" cert-name)
(cm/replace-all-matching-values-by-new-value "FQDN" fqdn))))
(defn-spec generate-single-certificate pred/map-or-seq? (defn-spec generate-single-certificate pred/map-or-seq?
[config config?] [config config?]
(let [{:keys [issuer single] (let [{:keys [issuer single]

View file

@ -0,0 +1,20 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: http-ingress
namespace: default
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: web
traefik.ingress.kubernetes.io/router.middlewares: default-redirect-https@kubernetescrd
spec:
rules:
- host: FQDN
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: SERVICENAME
port:
number: 80

View file

@ -0,0 +1,24 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: https-ingress-gitea
namespace: default
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.tls: "true"
spec:
tls:
- hosts:
- FQDN
secretName: CERTNAME
rules:
- host: FQDN
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: SERVICENAME
port:
number: 80

View file

@ -2,4 +2,10 @@
:gitrepourl "https://some.de/path/to/repo.zip" :gitrepourl "https://some.de/path/to/repo.zip"
:singlegitrepourl "https://someother.de/path/to/repo.zip"} :singlegitrepourl "https://someother.de/path/to/repo.zip"}
{:auth [{:name "meissa.io" :username "" :auth-token ""}]} {:auth
[{:name "meissa.io"
:username ""
:authtoken ""}
{:name "dda.io"
:username ""
:authtoken ""}]}

View file

@ -1,20 +1,20 @@
{:fqdn "meissa.de" {:fqdn "meissa.de"
:fqdn1 "meissa-gmbh.de" :fqdn1 "meissa-gmbh.de"
:fqdn2 "domaindrivenarchitecture.org" :fqdn2 "domaindrivenarchitecture.org"
:multi ["fqdn", "fqdn1"] :multi ["fqdn" "fqdn1"]
:single "fqdn2" :single "fqdn2"
:issuer "staging"} :issuer "staging"}
{:issuer "staging" {:issuer "staging"
:websites :websites
[{:name "meissa.io" [{:name "meissa.io"
:fqdns ["meissa.de", "meissa-gmbh.de", "www.meissa-gmbh.de", :fqdns ["meissa.de" "meissa-gmbh.de" "www.meissa-gmbh.de"
"www.meissa.de", "www.prod.meissa-gmbh.de", "www.prod.meissa.de"] "www.meissa.de" "www.prod.meissa-gmbh.de" "www.prod.meissa.de"]
:gitea-host "repo.prod.meissa.de" :gitea-host "repo.prod.meissa.de"
:gitea-repo "repo"} :gitea-repo "repo"}
; -> "https://" + git-host + "/api/v1/" + user + "/" + git-repo ; -> "https://" + git-host + "/api/v1/" + user + "/" + git-repo
{:fqdns ["domaindrivenarchitecture.org", "www.domaindrivenarchitecture.org", {:name "dda.io"
:fqdns ["domaindrivenarchitecture.org", "www.domaindrivenarchitecture.org",
"www.prod.domaindrivenarchitecture.org"] "www.prod.domaindrivenarchitecture.org"]
:git-url ""} :gitea-host "repo.prod.meissa.de"
] :gitea-repo "repo"}]}
}