[Skip-CI] WIP Working config generation
c4k-website now generates multiple configs depending on the number of list items in :websites and :auth lists.
This commit is contained in:
parent
31f490e286
commit
d9e22a26ed
9 changed files with 34 additions and 684 deletions
|
@ -50,19 +50,19 @@
|
|||
config
|
||||
(assoc-in [:websites] (rest (config :websites)))
|
||||
(assoc-in [:auth] (rest (config :auth))))
|
||||
(merge result
|
||||
(website/generate-nginx-deployment (flatten-and-reduce-config config))
|
||||
(website/generate-nginx-configmap (flatten-and-reduce-config config))
|
||||
(website/generate-nginx-service (flatten-and-reduce-config config))
|
||||
(website/generate-website-content-volume (flatten-and-reduce-config config))
|
||||
(website/generate-website-http-ingress (flatten-and-reduce-config config))
|
||||
(website/generate-website-https-ingress (flatten-and-reduce-config config))
|
||||
(website/generate-website-certificate (flatten-and-reduce-config config))
|
||||
(website/generate-website-build-cron (flatten-and-reduce-config config))
|
||||
(website/generate-website-build-secret (flatten-and-reduce-config config)))))))
|
||||
(conj result
|
||||
(website/generate-nginx-deployment (flatten-and-reduce-config config))
|
||||
(website/generate-nginx-configmap (flatten-and-reduce-config config))
|
||||
(website/generate-nginx-service (flatten-and-reduce-config config))
|
||||
(website/generate-website-content-volume (flatten-and-reduce-config config))
|
||||
(website/generate-website-http-ingress (flatten-and-reduce-config config))
|
||||
(website/generate-website-https-ingress (flatten-and-reduce-config config))
|
||||
(website/generate-website-certificate (flatten-and-reduce-config config))
|
||||
(website/generate-website-build-cron (flatten-and-reduce-config config))
|
||||
(website/generate-website-build-secret (flatten-and-reduce-config config)))))))
|
||||
|
||||
(defn k8s-objects [config]
|
||||
(cm/concat-vec
|
||||
(map yaml/to-string
|
||||
(filter #(not (nil? %))
|
||||
[(generate-configs config)]))))
|
||||
(generate-configs config)))))
|
||||
|
|
|
@ -1,17 +0,0 @@
|
|||
apiVersion: cert-manager.io/v1
|
||||
kind: Certificate
|
||||
metadata:
|
||||
name: NAME-cert
|
||||
namespace: default
|
||||
spec:
|
||||
secretName: NAME-cert
|
||||
commonName: FQDN
|
||||
duration: 2160h # 90d
|
||||
renewBefore: 360h # 15d
|
||||
dnsNames:
|
||||
- FQDN
|
||||
- FQDN1
|
||||
issuerRef:
|
||||
name: staging
|
||||
kind: ClusterIssuer
|
||||
|
|
@ -1,36 +0,0 @@
|
|||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: NAME-ingress
|
||||
namespace: default
|
||||
annotations:
|
||||
ingress.kubernetes.io/ssl-redirect: "true"
|
||||
traefik.ingress.kubernetes.io/router.middlewares: default-redirect-https@kubernetescrd
|
||||
spec:
|
||||
tls:
|
||||
- hosts:
|
||||
- FQDN
|
||||
- FQDN1
|
||||
secretName: NAME-cert
|
||||
rules:
|
||||
- host: FQDN
|
||||
http:
|
||||
paths:
|
||||
- pathType: Prefix
|
||||
path: "/"
|
||||
backend:
|
||||
service:
|
||||
name: NAME-service
|
||||
port:
|
||||
number: 80
|
||||
- host: FQDN1
|
||||
http:
|
||||
paths:
|
||||
- pathType: Prefix
|
||||
path: "/"
|
||||
backend:
|
||||
service:
|
||||
name: NAME-service
|
||||
port:
|
||||
number: 80
|
||||
|
|
@ -1,99 +0,0 @@
|
|||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: NAME-configmap
|
||||
namespace: default
|
||||
data:
|
||||
nginx.conf: |
|
||||
user nginx;
|
||||
worker_processes 3;
|
||||
error_log /var/log/nginx/error.log;
|
||||
pid /var/log/nginx/nginx.pid;
|
||||
worker_rlimit_nofile 8192;
|
||||
events {
|
||||
worker_connections 4096;
|
||||
}
|
||||
http {
|
||||
include /etc/nginx/mime.types;
|
||||
default_type application/octet-stream;
|
||||
log_format main '$remote_addr - $remote_user [$time_local] $status'
|
||||
'"$request" $body_bytes_sent "$http_referer"'
|
||||
'"$http_user_agent" "$http_x_forwarded_for"';
|
||||
access_log /var/log/nginx/access.log main;
|
||||
sendfile on;
|
||||
tcp_nopush on;
|
||||
keepalive_timeout 65;
|
||||
server_names_hash_bucket_size 128;
|
||||
include /etc/nginx/conf.d/website.conf;
|
||||
}
|
||||
mime.types: |
|
||||
types {
|
||||
text/html html htm shtml;
|
||||
text/css css;
|
||||
text/xml xml rss;
|
||||
image/gif gif;
|
||||
image/jpeg jpeg jpg;
|
||||
application/x-javascript js;
|
||||
text/plain txt;
|
||||
text/x-component htc;
|
||||
text/mathml mml;
|
||||
image/png png;
|
||||
image/x-icon ico;
|
||||
image/x-jng jng;
|
||||
image/vnd.wap.wbmp wbmp;
|
||||
application/java-archive jar war ear;
|
||||
application/mac-binhex40 hqx;
|
||||
application/pdf pdf;
|
||||
application/x-cocoa cco;
|
||||
application/x-java-archive-diff jardiff;
|
||||
application/x-java-jnlp-file jnlp;
|
||||
application/x-makeself run;
|
||||
application/x-perl pl pm;
|
||||
application/x-pilot prc pdb;
|
||||
application/x-rar-compressed rar;
|
||||
application/x-redhat-package-manager rpm;
|
||||
application/x-sea sea;
|
||||
application/x-shockwave-flash swf;
|
||||
application/x-stuffit sit;
|
||||
application/x-tcl tcl tk;
|
||||
application/x-x509-ca-cert der pem crt;
|
||||
application/x-xpinstall xpi;
|
||||
application/zip zip;
|
||||
application/octet-stream deb;
|
||||
application/octet-stream bin exe dll;
|
||||
application/octet-stream dmg;
|
||||
application/octet-stream eot;
|
||||
application/octet-stream iso img;
|
||||
application/octet-stream msi msp msm;
|
||||
audio/mpeg mp3;
|
||||
audio/x-realaudio ra;
|
||||
video/mpeg mpeg mpg;
|
||||
video/quicktime mov;
|
||||
video/x-flv flv;
|
||||
video/x-msvideo avi;
|
||||
video/x-ms-wmv wmv;
|
||||
video/x-ms-asf asx asf;
|
||||
video/x-mng mng;
|
||||
}
|
||||
website.conf: |
|
||||
server {
|
||||
listen 80 default_server;
|
||||
listen [::]:80 default_server;
|
||||
listen 443 ssl;
|
||||
ssl_certificate /etc/certs/tls.crt;
|
||||
ssl_certificate_key /etc/certs/tls.key;
|
||||
server_name FQDN FQDN1
|
||||
add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload';
|
||||
add_header Content-Security-Policy "default-src 'self'; font-src *;img-src * data:; script-src *; style-src *";
|
||||
add_header X-XSS-Protection "1; mode=block";
|
||||
add_header X-Frame-Options "SAMEORIGIN";
|
||||
add_header X-Content-Type-Options nosniff;
|
||||
add_header Referrer-Policy "strict-origin";
|
||||
# add_header Permissions-Policy "permissions here";
|
||||
root /var/www/html/website/;
|
||||
index index.html;
|
||||
location / {
|
||||
try_files $uri $uri/ /index.html =404;
|
||||
}
|
||||
}
|
||||
|
|
@ -1,16 +0,0 @@
|
|||
apiVersion: cert-manager.io/v1
|
||||
kind: Certificate
|
||||
metadata:
|
||||
name: CERTNAME
|
||||
namespace: default
|
||||
spec:
|
||||
secretName: CERTNAME
|
||||
commonName: FQDN
|
||||
duration: 2160h # 90d
|
||||
renewBefore: 360h # 15d
|
||||
dnsNames:
|
||||
- FQDN
|
||||
issuerRef:
|
||||
name: staging
|
||||
kind: ClusterIssuer
|
||||
|
|
@ -1,24 +0,0 @@
|
|||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: NAME-ingress
|
||||
namespace: default
|
||||
annotations:
|
||||
ingress.kubernetes.io/ssl-redirect: "true"
|
||||
traefik.ingress.kubernetes.io/router.middlewares: default-redirect-https@kubernetescrd
|
||||
spec:
|
||||
tls:
|
||||
- hosts:
|
||||
- FQDN
|
||||
secretName: NAME-cert
|
||||
rules:
|
||||
- host: FQDN
|
||||
http:
|
||||
paths:
|
||||
- pathType: Prefix
|
||||
path: "/"
|
||||
backend:
|
||||
service:
|
||||
name: NAME-service
|
||||
port:
|
||||
number: 80
|
|
@ -1,99 +0,0 @@
|
|||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: NAME-configmap
|
||||
namespace: default
|
||||
data:
|
||||
nginx.conf: |
|
||||
user nginx;
|
||||
worker_processes 3;
|
||||
error_log /var/log/nginx/error.log;
|
||||
pid /var/log/nginx/nginx.pid;
|
||||
worker_rlimit_nofile 8192;
|
||||
events {
|
||||
worker_connections 4096;
|
||||
}
|
||||
http {
|
||||
include /etc/nginx/mime.types;
|
||||
default_type application/octet-stream;
|
||||
log_format main '$remote_addr - $remote_user [$time_local] $status'
|
||||
'"$request" $body_bytes_sent "$http_referer"'
|
||||
'"$http_user_agent" "$http_x_forwarded_for"';
|
||||
access_log /var/log/nginx/access.log main;
|
||||
sendfile on;
|
||||
tcp_nopush on;
|
||||
keepalive_timeout 65;
|
||||
server_names_hash_bucket_size 128;
|
||||
include /etc/nginx/conf.d/website.conf;
|
||||
}
|
||||
mime.types: |
|
||||
types {
|
||||
text/html html htm shtml;
|
||||
text/css css;
|
||||
text/xml xml rss;
|
||||
image/gif gif;
|
||||
image/jpeg jpeg jpg;
|
||||
application/x-javascript js;
|
||||
text/plain txt;
|
||||
text/x-component htc;
|
||||
text/mathml mml;
|
||||
image/png png;
|
||||
image/x-icon ico;
|
||||
image/x-jng jng;
|
||||
image/vnd.wap.wbmp wbmp;
|
||||
application/java-archive jar war ear;
|
||||
application/mac-binhex40 hqx;
|
||||
application/pdf pdf;
|
||||
application/x-cocoa cco;
|
||||
application/x-java-archive-diff jardiff;
|
||||
application/x-java-jnlp-file jnlp;
|
||||
application/x-makeself run;
|
||||
application/x-perl pl pm;
|
||||
application/x-pilot prc pdb;
|
||||
application/x-rar-compressed rar;
|
||||
application/x-redhat-package-manager rpm;
|
||||
application/x-sea sea;
|
||||
application/x-shockwave-flash swf;
|
||||
application/x-stuffit sit;
|
||||
application/x-tcl tcl tk;
|
||||
application/x-x509-ca-cert der pem crt;
|
||||
application/x-xpinstall xpi;
|
||||
application/zip zip;
|
||||
application/octet-stream deb;
|
||||
application/octet-stream bin exe dll;
|
||||
application/octet-stream dmg;
|
||||
application/octet-stream eot;
|
||||
application/octet-stream iso img;
|
||||
application/octet-stream msi msp msm;
|
||||
audio/mpeg mp3;
|
||||
audio/x-realaudio ra;
|
||||
video/mpeg mpeg mpg;
|
||||
video/quicktime mov;
|
||||
video/x-flv flv;
|
||||
video/x-msvideo avi;
|
||||
video/x-ms-wmv wmv;
|
||||
video/x-ms-asf asx asf;
|
||||
video/x-mng mng;
|
||||
}
|
||||
website.conf: |
|
||||
server {
|
||||
listen 80 default_server;
|
||||
listen [::]:80 default_server;
|
||||
listen 443 ssl;
|
||||
ssl_certificate /etc/certs/tls.crt;
|
||||
ssl_certificate_key /etc/certs/tls.key;
|
||||
server_name FQDN
|
||||
add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload';
|
||||
add_header Content-Security-Policy "default-src 'self'; font-src *;img-src * data:; script-src *; style-src *";
|
||||
add_header X-XSS-Protection "1; mode=block";
|
||||
add_header X-Frame-Options "SAMEORIGIN";
|
||||
add_header X-Content-Type-Options nosniff;
|
||||
add_header Referrer-Policy "strict-origin";
|
||||
# add_header Permissions-Policy "permissions here";
|
||||
root /var/www/html/website/;
|
||||
index index.html;
|
||||
location / {
|
||||
try_files $uri $uri/ /index.html =404;
|
||||
}
|
||||
}
|
||||
|
|
@ -1,262 +0,0 @@
|
|||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: nginx
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: nginx
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: nginx
|
||||
spec:
|
||||
containers:
|
||||
- name: nginx
|
||||
image: nginx:latest
|
||||
imagePullPolicy: "Always"
|
||||
ports:
|
||||
- containerPort: 80
|
||||
volumeMounts:
|
||||
- mountPath: /etc/nginx # mount nginx volume to /etc/nginx
|
||||
readOnly: true
|
||||
name: nginx-conf
|
||||
- mountPath: /var/log/nginx
|
||||
name: log
|
||||
- mountPath: /var/www/html/repo.test.meissa.de
|
||||
name: website-content-volume
|
||||
- mountPath: /etc/certs
|
||||
name: website-cert
|
||||
readOnly: true
|
||||
volumes:
|
||||
- name: nginx-conf
|
||||
configMap:
|
||||
name: nginx-conf # place ConfigMap `nginx-conf` on /etc/nginx
|
||||
items:
|
||||
- key: nginx.conf
|
||||
path: nginx.conf
|
||||
- key: repo.test.meissa.de.conf
|
||||
path: conf.d/repo.test.meissa.de.conf
|
||||
- key: mime.types
|
||||
path: mime.types # dig directory
|
||||
- name: log
|
||||
emptyDir: {}
|
||||
- name: website-content-volume
|
||||
persistentVolumeClaim:
|
||||
claimName: website-content-pvc
|
||||
- name: website-cert
|
||||
secret:
|
||||
secretName: website-cert
|
||||
items:
|
||||
- key: tls.crt
|
||||
path: tls.crt
|
||||
- key: tls.key
|
||||
path: tls.key
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: nginx-conf
|
||||
namespace: default
|
||||
data:
|
||||
nginx.conf: |
|
||||
user nginx;
|
||||
|
||||
worker_processes 3;
|
||||
|
||||
error_log /var/log/nginx/error.log;
|
||||
|
||||
pid /var/log/nginx/nginx.pid;
|
||||
|
||||
worker_rlimit_nofile 8192;
|
||||
|
||||
events {
|
||||
worker_connections 4096; ## Default: 1024
|
||||
}
|
||||
|
||||
# daemon off; # run in foreground
|
||||
|
||||
http {
|
||||
|
||||
include /etc/nginx/mime.types; # should be replaced by c4k
|
||||
|
||||
default_type application/octet-stream;
|
||||
|
||||
log_format main '$remote_addr - $remote_user [$time_local] $status '
|
||||
'"$request" $body_bytes_sent "$http_referer" '
|
||||
'"$http_user_agent" "$http_x_forwarded_for"';
|
||||
|
||||
access_log /var/log/nginx/access.log main;
|
||||
|
||||
sendfile on;
|
||||
|
||||
tcp_nopush on;
|
||||
|
||||
keepalive_timeout 65;
|
||||
|
||||
server_names_hash_bucket_size 128; # this seems to be required for some vhosts
|
||||
|
||||
# it might be a good idea to set a common reverse proxy
|
||||
# which points to the ingress?
|
||||
|
||||
include /etc/nginx/conf.d/repo.test.meissa.de.conf; # should be replaced by c4k
|
||||
}
|
||||
|
||||
mime.types: |
|
||||
types {
|
||||
text/html html htm shtml;
|
||||
text/css css;
|
||||
text/xml xml rss;
|
||||
image/gif gif;
|
||||
image/jpeg jpeg jpg;
|
||||
application/x-javascript js;
|
||||
text/plain txt;
|
||||
text/x-component htc;
|
||||
text/mathml mml;
|
||||
image/png png;
|
||||
image/x-icon ico;
|
||||
image/x-jng jng;
|
||||
image/vnd.wap.wbmp wbmp;
|
||||
application/java-archive jar war ear;
|
||||
application/mac-binhex40 hqx;
|
||||
application/pdf pdf;
|
||||
application/x-cocoa cco;
|
||||
application/x-java-archive-diff jardiff;
|
||||
application/x-java-jnlp-file jnlp;
|
||||
application/x-makeself run;
|
||||
application/x-perl pl pm;
|
||||
application/x-pilot prc pdb;
|
||||
application/x-rar-compressed rar;
|
||||
application/x-redhat-package-manager rpm;
|
||||
application/x-sea sea;
|
||||
application/x-shockwave-flash swf;
|
||||
application/x-stuffit sit;
|
||||
application/x-tcl tcl tk;
|
||||
application/x-x509-ca-cert der pem crt;
|
||||
application/x-xpinstall xpi;
|
||||
application/zip zip;
|
||||
application/octet-stream deb;
|
||||
application/octet-stream bin exe dll;
|
||||
application/octet-stream dmg;
|
||||
application/octet-stream eot;
|
||||
application/octet-stream iso img;
|
||||
application/octet-stream msi msp msm;
|
||||
audio/mpeg mp3;
|
||||
audio/x-realaudio ra;
|
||||
video/mpeg mpeg mpg;
|
||||
video/quicktime mov;
|
||||
video/x-flv flv;
|
||||
video/x-msvideo avi;
|
||||
video/x-ms-wmv wmv;
|
||||
video/x-ms-asf asx asf;
|
||||
video/x-mng mng;
|
||||
}
|
||||
repo.test.meissa.de.conf: |
|
||||
server {
|
||||
|
||||
listen 80 default_server;
|
||||
listen [::]:80 default_server;
|
||||
|
||||
listen 443 ssl;
|
||||
|
||||
ssl_certificate /etc/certs/tls.crt;
|
||||
ssl_certificate_key /etc/certs/tls.key;
|
||||
|
||||
server_name repo.test.meissa.de www.repo.test.meissa.de;
|
||||
|
||||
# security headers
|
||||
add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload';
|
||||
add_header Content-Security-Policy "default-src 'self'; font-src *;img-src * data:; script-src *; style-src *";
|
||||
add_header X-XSS-Protection "1; mode=block";
|
||||
add_header X-Frame-Options "SAMEORIGIN";
|
||||
add_header X-Content-Type-Options nosniff;
|
||||
add_header Referrer-Policy "strict-origin";
|
||||
# maybe need to add:
|
||||
# add_header Permissions-Policy "permissions here";
|
||||
|
||||
# root /var/www/html/repo.test.meissa.de;
|
||||
root /usr/share/nginx/html/;
|
||||
|
||||
index index.html;
|
||||
|
||||
try_files $uri /index.html;
|
||||
|
||||
}
|
||||
---
|
||||
kind: Service
|
||||
apiVersion: v1
|
||||
metadata:
|
||||
name: nginx-service
|
||||
labels:
|
||||
app: nginx
|
||||
namespace: default
|
||||
spec:
|
||||
type: LoadBalancer
|
||||
ipFamilyPolicy: PreferDualStack
|
||||
selector:
|
||||
app: nginx
|
||||
ports:
|
||||
- port: 80
|
||||
targetPort: 80
|
||||
name: http
|
||||
- port: 443
|
||||
targetPort: 443
|
||||
name: https
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: website-content-pvc
|
||||
namespace: default
|
||||
labels:
|
||||
app: nginx
|
||||
spec:
|
||||
storageClassName: local-path
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
resources:
|
||||
requests:
|
||||
storage: 5Gi
|
||||
---
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: ingress-website
|
||||
namespace: default
|
||||
annotations:
|
||||
ingress.kubernetes.io/ssl-redirect: "true"
|
||||
traefik.ingress.kubernetes.io/router.middlewares: default-redirect-https@kubernetescrd
|
||||
spec:
|
||||
tls:
|
||||
- hosts:
|
||||
- repo.test.meissa.de
|
||||
secretName: website-cert
|
||||
rules:
|
||||
- host: repo.test.meissa.de
|
||||
http:
|
||||
paths:
|
||||
- pathType: Prefix
|
||||
path: "/"
|
||||
backend:
|
||||
service:
|
||||
name: website-service
|
||||
port:
|
||||
number: 80
|
||||
---
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: Certificate
|
||||
metadata:
|
||||
name: website-cert
|
||||
namespace: default
|
||||
spec:
|
||||
secretName: website-cert
|
||||
commonName: repo.test.meissa.de
|
||||
duration: 2160h # 90d
|
||||
renewBefore: 360h # 15d
|
||||
dnsNames:
|
||||
- repo.test.meissa.de
|
||||
issuerRef:
|
||||
name: staging
|
||||
kind: ClusterIssuer
|
|
@ -16,7 +16,7 @@
|
|||
(st/instrument `cut/generate-multi-nginx-configmap)
|
||||
(st/instrument `cut/generate-website-content-volume)
|
||||
|
||||
(deftest should-generate-single-certificate
|
||||
(deftest should-generate-certificate
|
||||
(is (= {:name-c2 "prod", :name-c1 "staging"}
|
||||
(th/map-diff (cut/generate-single-certificate {:fqdn "test.de"
|
||||
:fqdn1 "test.org"
|
||||
|
@ -30,7 +30,7 @@
|
|||
:fqdn2 "bla.com"
|
||||
:multi ["fqdn1", "fqdn"]})))))
|
||||
|
||||
(deftest should-generate-single-ingress
|
||||
(deftest should-generate-ingress
|
||||
(is (= {:apiVersion "networking.k8s.io/v1",
|
||||
:kind "Ingress",
|
||||
:metadata
|
||||
|
@ -50,7 +50,27 @@
|
|||
:multi ["fqdn1", "fqdn"]
|
||||
:single "fqdn"}))))
|
||||
|
||||
(deftest should-generate-single-nginx-configmap
|
||||
(deftest should-generate-ingress
|
||||
(is (= {:apiVersion "networking.k8s.io/v1",
|
||||
:kind "Ingress",
|
||||
:metadata
|
||||
{:name "test-de-ingress",
|
||||
:namespace "default",
|
||||
:annotations
|
||||
{:ingress.kubernetes.io/ssl-redirect "true",
|
||||
:traefik.ingress.kubernetes.io/router.middlewares "default-redirect-https@kubernetescrd"}},
|
||||
:spec
|
||||
{:tls [{:hosts ["test.de"], :secretName "test-de-cert"}],
|
||||
:rules
|
||||
[{:host "test.de",
|
||||
:http {:paths [{:pathType "Prefix", :path "/", :backend {:service {:name "test-de-service", :port {:number 80}}}}]}}]}}
|
||||
(cut/generate-single-ingress {:fqdn "test.de"
|
||||
:fqdn1 "test.org"
|
||||
:fqdn2 "bla.com"
|
||||
:multi ["fqdn1", "fqdn"]
|
||||
:single "fqdn"}))))
|
||||
|
||||
(deftest should-generate-nginx-configmap
|
||||
(is (= {:website.conf-c1 "server {\n listen 80 default_server;\n listen [::]:80 default_server;\n listen 443 ssl;\n ssl_certificate /etc/certs/tls.crt;\n ssl_certificate_key /etc/certs/tls.key;\n server_name test.de; \n add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload';\n add_header Content-Security-Policy \"default-src 'self'; font-src *;img-src * data:; script-src *; style-src *\";\n add_header X-XSS-Protection \"1; mode=block\";\n add_header X-Frame-Options \"SAMEORIGIN\";\n add_header X-Content-Type-Options nosniff;\n add_header Referrer-Policy \"strict-origin\";\n # add_header Permissions-Policy \"permissions here\";\n root /var/www/html/website/;\n index index.html;\n location / {\n try_files $uri $uri/ /index.html =404;\n }\n}\n",
|
||||
:website.conf-c2 "server {\n listen 80 default_server;\n listen [::]:80 default_server;\n listen 443 ssl;\n ssl_certificate /etc/certs/tls.crt;\n ssl_certificate_key /etc/certs/tls.key;\n server_name test.com; \n add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload';\n add_header Content-Security-Policy \"default-src 'self'; font-src *;img-src * data:; script-src *; style-src *\";\n add_header X-XSS-Protection \"1; mode=block\";\n add_header X-Frame-Options \"SAMEORIGIN\";\n add_header X-Content-Type-Options nosniff;\n add_header Referrer-Policy \"strict-origin\";\n # add_header Permissions-Policy \"permissions here\";\n root /var/www/html/website/;\n index index.html;\n location / {\n try_files $uri $uri/ /index.html =404;\n }\n}\n",
|
||||
:name-c1 "test-de-configmap",
|
||||
|
@ -66,58 +86,6 @@
|
|||
:fqdn2 "bla.com"
|
||||
:multi ["fqdn1", "fqdn"]})))))
|
||||
|
||||
(deftest should-generate-multi-certificate
|
||||
(is (= {:name-c2 "prod", :name-c1 "staging"}
|
||||
(th/map-diff (cut/generate-multi-certificate {:fqdn "test.de"
|
||||
:fqdn1 "test.com"
|
||||
:fqdn2 "test.io"
|
||||
:single "fqdn1"
|
||||
:multi ["fqdn", "fqdn2"]})
|
||||
(cut/generate-multi-certificate {:fqdn "test.io"
|
||||
:fqdn1 "test.com"
|
||||
:fqdn2 "test.de"
|
||||
:single "fqdn1"
|
||||
:multi ["fqdn2", "fqdn"]
|
||||
:issuer "prod"})))))
|
||||
|
||||
(deftest should-generate-multi-ingress
|
||||
(is (= {:apiVersion "networking.k8s.io/v1",
|
||||
:kind "Ingress",
|
||||
:metadata
|
||||
{:name "test-de-ingress",
|
||||
:namespace "default",
|
||||
:annotations
|
||||
{:ingress.kubernetes.io/ssl-redirect "true",
|
||||
:traefik.ingress.kubernetes.io/router.middlewares "default-redirect-https@kubernetescrd"}},
|
||||
:spec
|
||||
{:tls [{:hosts ["test.de", "test.io"], :secretName "test-de-cert"}],
|
||||
:rules
|
||||
[{:host "test.de",
|
||||
:http {:paths [{:pathType "Prefix", :path "/", :backend {:service {:name "test-de-service", :port {:number 80}}}}]}}
|
||||
{:host "test.io",
|
||||
:http {:paths [{:pathType "Prefix", :path "/", :backend {:service {:name "test-de-service", :port {:number 80}}}}]}}]}}
|
||||
(cut/generate-multi-ingress {:fqdn "test.de"
|
||||
:fqdn1 "test.com"
|
||||
:fqdn2 "test.io"
|
||||
:single "fqdn1"
|
||||
:multi ["fqdn", "fqdn2"]}))))
|
||||
|
||||
(deftest should-generate-nginx-multi-configmap
|
||||
(is (= {:website.conf-c1 "server {\n listen 80 default_server;\n listen [::]:80 default_server;\n listen 443 ssl;\n ssl_certificate /etc/certs/tls.crt;\n ssl_certificate_key /etc/certs/tls.key;\n server_name test.de test.io; \n add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload';\n add_header Content-Security-Policy \"default-src 'self'; font-src *;img-src * data:; script-src *; style-src *\";\n add_header X-XSS-Protection \"1; mode=block\";\n add_header X-Frame-Options \"SAMEORIGIN\";\n add_header X-Content-Type-Options nosniff;\n add_header Referrer-Policy \"strict-origin\";\n # add_header Permissions-Policy \"permissions here\";\n root /var/www/html/website/;\n index index.html;\n location / {\n try_files $uri $uri/ /index.html =404;\n }\n}\n",
|
||||
:website.conf-c2 "server {\n listen 80 default_server;\n listen [::]:80 default_server;\n listen 443 ssl;\n ssl_certificate /etc/certs/tls.crt;\n ssl_certificate_key /etc/certs/tls.key;\n server_name test.com test.io; \n add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload';\n add_header Content-Security-Policy \"default-src 'self'; font-src *;img-src * data:; script-src *; style-src *\";\n add_header X-XSS-Protection \"1; mode=block\";\n add_header X-Frame-Options \"SAMEORIGIN\";\n add_header X-Content-Type-Options nosniff;\n add_header Referrer-Policy \"strict-origin\";\n # add_header Permissions-Policy \"permissions here\";\n root /var/www/html/website/;\n index index.html;\n location / {\n try_files $uri $uri/ /index.html =404;\n }\n}\n",
|
||||
:name-c1 "test-de-configmap",
|
||||
:name-c2 "test-com-configmap"}
|
||||
(th/map-diff (cut/generate-multi-nginx-configmap {:fqdn "test.de"
|
||||
:fqdn1 "test.com"
|
||||
:fqdn2 "test.io"
|
||||
:single "fqdn1"
|
||||
:multi ["fqdn", "fqdn2"]})
|
||||
(cut/generate-multi-nginx-configmap {:fqdn "test.de"
|
||||
:fqdn1 "test.com"
|
||||
:fqdn2 "test.io"
|
||||
:single "fqdn2"
|
||||
:multi ["fqdn1", "fqdn2"]})))))
|
||||
|
||||
(deftest should-generate-nginx-deployment
|
||||
(is (= {:apiVersion "apps/v1",
|
||||
:kind "Deployment",
|
||||
|
@ -157,46 +125,6 @@
|
|||
:single "fqdn2"
|
||||
:multi ["fqdn1", "fqdn2"]}))))
|
||||
|
||||
(deftest should-generate-nginx-deployment-set-single
|
||||
(is (= {:apiVersion "apps/v1",
|
||||
:kind "Deployment",
|
||||
:metadata {:name "test-de-deployment"},
|
||||
:spec
|
||||
{:replicas 1,
|
||||
:selector {:matchLabels {:app "test-de-nginx"}},
|
||||
:template
|
||||
{:metadata {:labels {:app "test-de-nginx"}},
|
||||
:spec
|
||||
{:containers
|
||||
[{:name "test-de-nginx",
|
||||
:image "nginx:latest",
|
||||
:imagePullPolicy "IfNotPresent",
|
||||
:ports [{:containerPort 80}],
|
||||
:volumeMounts
|
||||
[{:mountPath "/etc/nginx", :readOnly true, :name "nginx-config-volume"}
|
||||
{:mountPath "/var/log/nginx", :name "log"}
|
||||
{:mountPath "/var/www/html/website", :name "website-content-volume", :readOnly true}
|
||||
{:mountPath "/etc/certs", :name "website-cert", :readOnly true}]}],
|
||||
:volumes
|
||||
[{:name "nginx-config-volume",
|
||||
:configMap
|
||||
{:name "test-de-configmap",
|
||||
:items
|
||||
[{:key "nginx.conf", :path "nginx.conf"}
|
||||
{:key "website.conf", :path "conf.d/website.conf"}
|
||||
{:key "mime.types", :path "mime.types"}]}}
|
||||
{:name "log", :emptyDir {}}
|
||||
{:name "website-content-volume", :persistentVolumeClaim {:claimName "test-de-content-volume"}}
|
||||
{:name "website-cert",
|
||||
:secret
|
||||
{:secretName "test-de-cert", :items [{:key "tls.crt", :path "tls.crt"} {:key "tls.key", :path "tls.key"}]}}]}}}}
|
||||
(cut/generate-nginx-deployment (cutc/set-single-fqdn
|
||||
{:fqdn "test.io"
|
||||
:fqdn1 "test.com"
|
||||
:fqdn2 "test.de"
|
||||
:single "fqdn2"
|
||||
:multi ["fqdn1", "fqdn2"]})))))
|
||||
|
||||
(deftest should-generate-nginx-service
|
||||
(is (= {:name-c1 "test-de-service",
|
||||
:name-c2 "test-com-service",
|
||||
|
@ -289,31 +217,6 @@
|
|||
:authtoken "token2"
|
||||
:gitrepourl "test.com/user/repo.git"
|
||||
:singlegitrepourl "test.com/user/otherrepo.git"})))))
|
||||
(deftest should-generate-website-build-secret-set-single
|
||||
(is (= {:name-c1 "test-de-secret",
|
||||
:name-c2 "test-com-secret",
|
||||
:AUTHTOKEN-c1 (b64/encode "token1"),
|
||||
:AUTHTOKEN-c2 (b64/encode "token2"),
|
||||
:GITREPOURL-c1 (b64/encode "test.de/user/main.git"),
|
||||
:GITREPOURL-c2 (b64/encode "test.com/user/master.git")}
|
||||
(th/map-diff (cut/generate-website-build-secret (cutc/set-single-repo-url
|
||||
{:fqdn "test.de"
|
||||
:fqdn1 "bla.de"
|
||||
:fqdn2 "bla.com"
|
||||
:single "fqdn"
|
||||
:multi ["fqdn", "fqdn"]
|
||||
:authtoken "token1"
|
||||
:gitrepourl "test.de/user/repo.git"
|
||||
:singlegitrepourl "test.de/user/main.git"}))
|
||||
(cut/generate-website-build-secret (cutc/set-single-repo-url
|
||||
{:fqdn "test.com"
|
||||
:fqdn1 "bla.de"
|
||||
:fqdn2 "bla.com"
|
||||
:single "fqdn"
|
||||
:multi ["fqdn1", "fqdn"]
|
||||
:authtoken "token2"
|
||||
:gitrepourl "test.com/user/repo.git"
|
||||
:singlegitrepourl "test.com/user/master.git"}))))))
|
||||
|
||||
(deftest should-generate-website-content-volume
|
||||
(is (= {:name-c1 "test-de-content-volume",
|
||||
|
|
Loading…
Reference in a new issue