[Skip-Ci] WIP Add generalized cert gen
This commit is contained in:
parent
95d8b636a0
commit
b8482cf51c
4 changed files with 27 additions and 17 deletions
|
|
@ -42,12 +42,12 @@
|
||||||
(st/replace fqdn #"\." "-"))
|
(st/replace fqdn #"\." "-"))
|
||||||
|
|
||||||
(defn generate-service-name
|
(defn generate-service-name
|
||||||
[name]
|
[uname]
|
||||||
(str (unique-name-from-fqdn name) "-service"))
|
(str (unique-name-from-fqdn uname) "-service"))
|
||||||
|
|
||||||
(defn generate-cert-name
|
(defn generate-cert-name
|
||||||
[name]
|
[uname]
|
||||||
(str (unique-name-from-fqdn name) "-cert"))
|
(str (unique-name-from-fqdn uname) "-cert"))
|
||||||
|
|
||||||
; ToDo: Move to common?
|
; ToDo: Move to common?
|
||||||
(defn-spec replace-all-matching-subvalues-in-string-start pred/map-or-seq?
|
(defn-spec replace-all-matching-subvalues-in-string-start pred/map-or-seq?
|
||||||
|
|
@ -165,17 +165,11 @@
|
||||||
|
|
||||||
(defn generate-website-certificate
|
(defn generate-website-certificate
|
||||||
[config]
|
[config]
|
||||||
(let [{:keys [uname fqdns issuer]
|
(let [{:keys [fqdns]} config
|
||||||
:or {issuer "staging"}} config
|
spec-dnsNames [:spec :dnsNames]]
|
||||||
fqdn (first fqdns)
|
|
||||||
spec-dnsNames [:spec :dnsNames]
|
|
||||||
letsencrypt-issuer (name issuer)
|
|
||||||
cert-name (generate-cert-name uname)]
|
|
||||||
(->
|
(->
|
||||||
(yaml/load-as-edn "website/certificate.yaml")
|
(generate-common-certificate config)
|
||||||
(assoc-in [:spec :issuerRef :name] letsencrypt-issuer)
|
(assoc-in spec-dnsNames fqdns))))
|
||||||
(cm/replace-all-matching-values-by-new-value "CERTNAME" cert-name)
|
|
||||||
(cm/replace-all-matching-values-by-new-value "FQDN" fqdn))))
|
|
||||||
|
|
||||||
(defn-spec generate-single-certificate pred/map-or-seq?
|
(defn-spec generate-single-certificate pred/map-or-seq?
|
||||||
[config config?]
|
[config config?]
|
||||||
|
|
|
||||||
16
src/main/resources/website/certificate.yaml
Normal file
16
src/main/resources/website/certificate.yaml
Normal file
|
|
@ -0,0 +1,16 @@
|
||||||
|
apiVersion: cert-manager.io/v1
|
||||||
|
kind: Certificate
|
||||||
|
metadata:
|
||||||
|
name: CERTNAME
|
||||||
|
namespace: default
|
||||||
|
spec:
|
||||||
|
secretName: CERTNAME
|
||||||
|
commonName: FQDN
|
||||||
|
duration: 2160h # 90d
|
||||||
|
renewBefore: 360h # 15d
|
||||||
|
dnsNames:
|
||||||
|
- FQDN
|
||||||
|
issuerRef:
|
||||||
|
name: staging
|
||||||
|
kind: ClusterIssuer
|
||||||
|
|
||||||
|
|
@ -1,10 +1,10 @@
|
||||||
apiVersion: cert-manager.io/v1
|
apiVersion: cert-manager.io/v1
|
||||||
kind: Certificate
|
kind: Certificate
|
||||||
metadata:
|
metadata:
|
||||||
name: NAME-cert
|
name: CERTNAME
|
||||||
namespace: default
|
namespace: default
|
||||||
spec:
|
spec:
|
||||||
secretName: NAME-cert
|
secretName: CERTNAME
|
||||||
commonName: FQDN
|
commonName: FQDN
|
||||||
duration: 2160h # 90d
|
duration: 2160h # 90d
|
||||||
renewBefore: 360h # 15d
|
renewBefore: 360h # 15d
|
||||||
|
|
|
||||||
|
|
@ -7,7 +7,7 @@
|
||||||
|
|
||||||
{:issuer "staging"
|
{:issuer "staging"
|
||||||
:websites
|
:websites
|
||||||
[{:name "meissa.io"
|
[{:uname "meissa.io"
|
||||||
:fqdns ["meissa.de" "meissa-gmbh.de" "www.meissa-gmbh.de"
|
:fqdns ["meissa.de" "meissa-gmbh.de" "www.meissa-gmbh.de"
|
||||||
"www.meissa.de" "www.prod.meissa-gmbh.de" "www.prod.meissa.de"]
|
"www.meissa.de" "www.prod.meissa-gmbh.de" "www.prod.meissa.de"]
|
||||||
:gitea-host "repo.prod.meissa.de"
|
:gitea-host "repo.prod.meissa.de"
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue
