[Skip-Ci] WIP Add generalized cert gen

2022-10-12 09:58:56 +02:00 · 2022-10-12 09:58:56 +02:00 · b8482cf51c
commit b8482cf51c
parent 95d8b636a0
4 changed files with 27 additions and 17 deletions
--- a/src/main/cljc/dda/c4k_website/website.cljc
+++ b/src/main/cljc/dda/c4k_website/website.cljc
@ -42,12 +42,12 @@
  (st/replace fqdn #"\." "-"))

 (defn generate-service-name
-  [name]
-  (str (unique-name-from-fqdn name) "-service"))
+  [uname]
+  (str (unique-name-from-fqdn uname) "-service"))

 (defn generate-cert-name
-  [name]
-  (str (unique-name-from-fqdn name) "-cert"))
+  [uname]
+  (str (unique-name-from-fqdn uname) "-cert"))

 ; ToDo: Move to common?
 (defn-spec replace-all-matching-subvalues-in-string-start pred/map-or-seq?
@ -165,17 +165,11 @@

 (defn generate-website-certificate
  [config]
-  (let [{:keys [uname fqdns issuer]
-         :or {issuer "staging"}} config
-        fqdn (first fqdns)
-        spec-dnsNames [:spec :dnsNames]
-        letsencrypt-issuer (name issuer)
-        cert-name (generate-cert-name uname)]
+  (let [{:keys [fqdns]} config
+        spec-dnsNames [:spec :dnsNames]]
    (->
-     (yaml/load-as-edn "website/certificate.yaml")
-     (assoc-in [:spec :issuerRef :name] letsencrypt-issuer)
-     (cm/replace-all-matching-values-by-new-value "CERTNAME" cert-name)
-     (cm/replace-all-matching-values-by-new-value "FQDN" fqdn))))
+     (generate-common-certificate config)
+     (assoc-in spec-dnsNames fqdns))))

 (defn-spec generate-single-certificate pred/map-or-seq?
  [config config?]
--- a/src/main/resources/website/certificate.yaml
+++ b/src/main/resources/website/certificate.yaml
@ -0,0 +1,16 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: CERTNAME
+  namespace: default
+spec:
+  secretName: CERTNAME
+  commonName: FQDN
+  duration: 2160h # 90d
+  renewBefore: 360h # 15d
+  dnsNames:
+  - FQDN
+  issuerRef:
+    name: staging
+    kind: ClusterIssuer
+    
--- a/src/main/resources/website/single-certificate.yaml
+++ b/src/main/resources/website/single-certificate.yaml
@ -1,10 +1,10 @@
 apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
-  name: NAME-cert
+  name: CERTNAME
  namespace: default
 spec:
-  secretName: NAME-cert
+  secretName: CERTNAME
  commonName: FQDN
  duration: 2160h # 90d
  renewBefore: 360h # 15d
--- a/valid-config.edn
+++ b/valid-config.edn
@ -7,7 +7,7 @@

 {:issuer "staging"
 :websites
- [{:name "meissa.io"
+ [{:uname "meissa.io"
   :fqdns ["meissa.de" "meissa-gmbh.de" "www.meissa-gmbh.de"
           "www.meissa.de" "www.prod.meissa-gmbh.de" "www.prod.meissa.de"]
   :gitea-host "repo.prod.meissa.de"