[Skip-Ci] WIP Prepare fqdn generalization
This commit is contained in:
parent
59c96b4da9
commit
95d8b636a0
6 changed files with 176 additions and 14 deletions
|
@ -1,14 +1,21 @@
|
|||
# stable release (should be done from master)
|
||||
# Release process for stable release
|
||||
|
||||
``` bash
|
||||
git checkout main # for old projects replace main with master
|
||||
```
|
||||
#adjust [version]
|
||||
vi package.json
|
||||
|
||||
Open package.json, find ":version" keyword and remove "-SNAPSHOT" from version number.
|
||||
|
||||
``` bash
|
||||
lein release
|
||||
git push --follow-tags
|
||||
```
|
||||
|
||||
# bump version - increase version and add -SNAPSHOT
|
||||
vi package.json
|
||||
Open package.json again, increase version increment by one and add "-SNAPSHOT".
|
||||
|
||||
``` bash
|
||||
git commit -am "version bump"
|
||||
git push
|
||||
```
|
||||
|
||||
Done.
|
|
@ -41,6 +41,14 @@
|
|||
[fqdn]
|
||||
(st/replace fqdn #"\." "-"))
|
||||
|
||||
(defn generate-service-name
|
||||
[name]
|
||||
(str (unique-name-from-fqdn name) "-service"))
|
||||
|
||||
(defn generate-cert-name
|
||||
[name]
|
||||
(str (unique-name-from-fqdn name) "-cert"))
|
||||
|
||||
; ToDo: Move to common?
|
||||
(defn-spec replace-all-matching-subvalues-in-string-start pred/map-or-seq?
|
||||
[col string? ;ToDo richtig spec-en
|
||||
|
@ -72,6 +80,103 @@
|
|||
(defmethod yaml/load-as-edn :website [resource-name]
|
||||
(yaml/from-string (yaml/load-resource resource-name))))
|
||||
|
||||
; ability extend input map (e.g. ingress or cert) with additional values (e.g. FQDNs)
|
||||
; use for website-ingress generation
|
||||
(defn add-to-col-within-map [inmap keywordlist value]
|
||||
(-> inmap
|
||||
(get-in keywordlist)
|
||||
(conj value)
|
||||
(#(assoc-in inmap keywordlist %))))
|
||||
|
||||
; generate a list of host-rules from a list of fqdns
|
||||
(defn make-host-rules-from-fqdns
|
||||
[rule fqdns]
|
||||
;function that creates a rule from host names
|
||||
(map #(assoc-in rule [:host] %) fqdns))
|
||||
|
||||
;create working ingress
|
||||
(defn generate-common-http-ingress [config]
|
||||
(let [{:keys [fqdn service-name]} config]
|
||||
(->
|
||||
(yaml/load-as-edn "website/http-ingress.yaml")
|
||||
(cm/replace-all-matching-values-by-new-value "SERVICENAME" service-name)
|
||||
(cm/replace-all-matching-values-by-new-value "FQDN" fqdn))))
|
||||
|
||||
(defn generate-website-http-ingress [config]
|
||||
(let [{:keys [uname fqdns]} config
|
||||
fqdn (first fqdns)
|
||||
spec-rules [:spec :rules]
|
||||
service-name (generate-service-name uname)]
|
||||
(->
|
||||
(generate-common-http-ingress
|
||||
{:fqdn fqdn :service-name service-name})
|
||||
(assoc-in
|
||||
[:metadata :name]
|
||||
(str (unique-name-from-fqdn uname) "-http-ingress"))
|
||||
(#(assoc-in %
|
||||
spec-rules
|
||||
(make-host-rules-from-fqdns
|
||||
(-> % :spec :rules first) ;get first ingress rule
|
||||
fqdns))))))
|
||||
|
||||
;create working ingress
|
||||
(defn generate-common-https-ingress [config]
|
||||
(let [{:keys [fqdn service-name cert-name]} config]
|
||||
(->
|
||||
(yaml/load-as-edn "website/https-ingress.yaml")
|
||||
(cm/replace-all-matching-values-by-new-value "SERVICENAME" service-name)
|
||||
(cm/replace-all-matching-values-by-new-value "CERTNAME" cert-name)
|
||||
(cm/replace-all-matching-values-by-new-value "FQDN" fqdn))))
|
||||
|
||||
(defn generate-website-https-ingress [config]
|
||||
(let [{:keys [uname fqdns]} config
|
||||
fqdn (first fqdns)
|
||||
spec-rules [:spec :rules]
|
||||
spec-tls-hosts [:spec :tls 0 :hosts]
|
||||
service-name (generate-service-name uname)
|
||||
cert-name (generate-cert-name uname)]
|
||||
(->
|
||||
(generate-common-https-ingress
|
||||
{:fqdn fqdn :service-name service-name :cert-name cert-name})
|
||||
(assoc-in
|
||||
[:metadata :name]
|
||||
(str (unique-name-from-fqdn uname) "-https-ingress"))
|
||||
(#(assoc-in %
|
||||
spec-tls-hosts
|
||||
fqdns))
|
||||
(#(add-to-col-within-map %
|
||||
spec-rules
|
||||
(make-host-rules-from-fqdns
|
||||
(-> % :spec :rules first) ;get first ingress rule
|
||||
fqdns))))))
|
||||
|
||||
(defn generate-common-certificate
|
||||
[config]
|
||||
(let [{:keys [uname fqdns issuer]
|
||||
:or {issuer "staging"}} config
|
||||
fqdn (first fqdns)
|
||||
letsencrypt-issuer (name issuer)
|
||||
cert-name (generate-cert-name uname)]
|
||||
(->
|
||||
(yaml/load-as-edn "website/certificate.yaml")
|
||||
(assoc-in [:spec :issuerRef :name] letsencrypt-issuer)
|
||||
(cm/replace-all-matching-values-by-new-value "CERTNAME" cert-name)
|
||||
(cm/replace-all-matching-values-by-new-value "FQDN" fqdn))))
|
||||
|
||||
(defn generate-website-certificate
|
||||
[config]
|
||||
(let [{:keys [uname fqdns issuer]
|
||||
:or {issuer "staging"}} config
|
||||
fqdn (first fqdns)
|
||||
spec-dnsNames [:spec :dnsNames]
|
||||
letsencrypt-issuer (name issuer)
|
||||
cert-name (generate-cert-name uname)]
|
||||
(->
|
||||
(yaml/load-as-edn "website/certificate.yaml")
|
||||
(assoc-in [:spec :issuerRef :name] letsencrypt-issuer)
|
||||
(cm/replace-all-matching-values-by-new-value "CERTNAME" cert-name)
|
||||
(cm/replace-all-matching-values-by-new-value "FQDN" fqdn))))
|
||||
|
||||
(defn-spec generate-single-certificate pred/map-or-seq?
|
||||
[config config?]
|
||||
(let [{:keys [issuer single]
|
||||
|
|
20
src/main/resources/website/http-ingress.yaml
Normal file
20
src/main/resources/website/http-ingress.yaml
Normal file
|
@ -0,0 +1,20 @@
|
|||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: http-ingress
|
||||
namespace: default
|
||||
annotations:
|
||||
traefik.ingress.kubernetes.io/router.entrypoints: web
|
||||
traefik.ingress.kubernetes.io/router.middlewares: default-redirect-https@kubernetescrd
|
||||
spec:
|
||||
rules:
|
||||
- host: FQDN
|
||||
http:
|
||||
paths:
|
||||
- pathType: Prefix
|
||||
path: "/"
|
||||
backend:
|
||||
service:
|
||||
name: SERVICENAME
|
||||
port:
|
||||
number: 80
|
24
src/main/resources/website/https-ingress.yaml
Normal file
24
src/main/resources/website/https-ingress.yaml
Normal file
|
@ -0,0 +1,24 @@
|
|||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: https-ingress-gitea
|
||||
namespace: default
|
||||
annotations:
|
||||
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||||
traefik.ingress.kubernetes.io/router.tls: "true"
|
||||
spec:
|
||||
tls:
|
||||
- hosts:
|
||||
- FQDN
|
||||
secretName: CERTNAME
|
||||
rules:
|
||||
- host: FQDN
|
||||
http:
|
||||
paths:
|
||||
- pathType: Prefix
|
||||
path: "/"
|
||||
backend:
|
||||
service:
|
||||
name: SERVICENAME
|
||||
port:
|
||||
number: 80
|
|
@ -2,4 +2,10 @@
|
|||
:gitrepourl "https://some.de/path/to/repo.zip"
|
||||
:singlegitrepourl "https://someother.de/path/to/repo.zip"}
|
||||
|
||||
{:auth [{:name "meissa.io" :username "" :auth-token ""}]}
|
||||
{:auth
|
||||
[{:name "meissa.io"
|
||||
:username ""
|
||||
:authtoken ""}
|
||||
{:name "dda.io"
|
||||
:username ""
|
||||
:authtoken ""}]}
|
||||
|
|
|
@ -1,20 +1,20 @@
|
|||
{:fqdn "meissa.de"
|
||||
:fqdn1 "meissa-gmbh.de"
|
||||
:fqdn2 "domaindrivenarchitecture.org"
|
||||
:multi ["fqdn", "fqdn1"]
|
||||
:multi ["fqdn" "fqdn1"]
|
||||
:single "fqdn2"
|
||||
:issuer "staging"}
|
||||
|
||||
{:issuer "staging"
|
||||
:websites
|
||||
[{:name "meissa.io"
|
||||
:fqdns ["meissa.de", "meissa-gmbh.de", "www.meissa-gmbh.de",
|
||||
"www.meissa.de", "www.prod.meissa-gmbh.de", "www.prod.meissa.de"]
|
||||
:fqdns ["meissa.de" "meissa-gmbh.de" "www.meissa-gmbh.de"
|
||||
"www.meissa.de" "www.prod.meissa-gmbh.de" "www.prod.meissa.de"]
|
||||
:gitea-host "repo.prod.meissa.de"
|
||||
:gitea-repo "repo"}
|
||||
; -> "https://" + git-host + "/api/v1/" + user + "/" + git-repo
|
||||
{:fqdns ["domaindrivenarchitecture.org", "www.domaindrivenarchitecture.org",
|
||||
{:name "dda.io"
|
||||
:fqdns ["domaindrivenarchitecture.org", "www.domaindrivenarchitecture.org",
|
||||
"www.prod.domaindrivenarchitecture.org"]
|
||||
:git-url ""}
|
||||
]
|
||||
}
|
||||
:gitea-host "repo.prod.meissa.de"
|
||||
:gitea-repo "repo"}]}
|
||||
|
|
Loading…
Reference in a new issue