diff --git a/src/main/cljc/dda/c4k_website/core.cljc b/src/main/cljc/dda/c4k_website/core.cljc index 964b790..c3d9e91 100644 --- a/src/main/cljc/dda/c4k_website/core.cljc +++ b/src/main/cljc/dda/c4k_website/core.cljc @@ -50,19 +50,19 @@ config (assoc-in [:websites] (rest (config :websites))) (assoc-in [:auth] (rest (config :auth)))) - (merge result - (website/generate-nginx-deployment (flatten-and-reduce-config config)) - (website/generate-nginx-configmap (flatten-and-reduce-config config)) - (website/generate-nginx-service (flatten-and-reduce-config config)) - (website/generate-website-content-volume (flatten-and-reduce-config config)) - (website/generate-website-http-ingress (flatten-and-reduce-config config)) - (website/generate-website-https-ingress (flatten-and-reduce-config config)) - (website/generate-website-certificate (flatten-and-reduce-config config)) - (website/generate-website-build-cron (flatten-and-reduce-config config)) - (website/generate-website-build-secret (flatten-and-reduce-config config))))))) + (conj result + (website/generate-nginx-deployment (flatten-and-reduce-config config)) + (website/generate-nginx-configmap (flatten-and-reduce-config config)) + (website/generate-nginx-service (flatten-and-reduce-config config)) + (website/generate-website-content-volume (flatten-and-reduce-config config)) + (website/generate-website-http-ingress (flatten-and-reduce-config config)) + (website/generate-website-https-ingress (flatten-and-reduce-config config)) + (website/generate-website-certificate (flatten-and-reduce-config config)) + (website/generate-website-build-cron (flatten-and-reduce-config config)) + (website/generate-website-build-secret (flatten-and-reduce-config config))))))) (defn k8s-objects [config] (cm/concat-vec (map yaml/to-string (filter #(not (nil? %)) - [(generate-configs config)])))) + (generate-configs config))))) diff --git a/src/main/resources/website/multi-certificate.yaml b/src/main/resources/website/multi-certificate.yaml deleted file mode 100644 index 27768b3..0000000 --- a/src/main/resources/website/multi-certificate.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: NAME-cert - namespace: default -spec: - secretName: NAME-cert - commonName: FQDN - duration: 2160h # 90d - renewBefore: 360h # 15d - dnsNames: - - FQDN - - FQDN1 - issuerRef: - name: staging - kind: ClusterIssuer - \ No newline at end of file diff --git a/src/main/resources/website/multi-ingress.yaml b/src/main/resources/website/multi-ingress.yaml deleted file mode 100644 index a37e8db..0000000 --- a/src/main/resources/website/multi-ingress.yaml +++ /dev/null @@ -1,36 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: NAME-ingress - namespace: default - annotations: - ingress.kubernetes.io/ssl-redirect: "true" - traefik.ingress.kubernetes.io/router.middlewares: default-redirect-https@kubernetescrd -spec: - tls: - - hosts: - - FQDN - - FQDN1 - secretName: NAME-cert - rules: - - host: FQDN - http: - paths: - - pathType: Prefix - path: "/" - backend: - service: - name: NAME-service - port: - number: 80 - - host: FQDN1 - http: - paths: - - pathType: Prefix - path: "/" - backend: - service: - name: NAME-service - port: - number: 80 - \ No newline at end of file diff --git a/src/main/resources/website/multi-nginx-configmap.yaml b/src/main/resources/website/multi-nginx-configmap.yaml deleted file mode 100644 index a8e0348..0000000 --- a/src/main/resources/website/multi-nginx-configmap.yaml +++ /dev/null @@ -1,99 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: NAME-configmap - namespace: default -data: - nginx.conf: | - user nginx; - worker_processes 3; - error_log /var/log/nginx/error.log; - pid /var/log/nginx/nginx.pid; - worker_rlimit_nofile 8192; - events { - worker_connections 4096; - } - http { - include /etc/nginx/mime.types; - default_type application/octet-stream; - log_format main '$remote_addr - $remote_user [$time_local] $status' - '"$request" $body_bytes_sent "$http_referer"' - '"$http_user_agent" "$http_x_forwarded_for"'; - access_log /var/log/nginx/access.log main; - sendfile on; - tcp_nopush on; - keepalive_timeout 65; - server_names_hash_bucket_size 128; - include /etc/nginx/conf.d/website.conf; - } - mime.types: | - types { - text/html html htm shtml; - text/css css; - text/xml xml rss; - image/gif gif; - image/jpeg jpeg jpg; - application/x-javascript js; - text/plain txt; - text/x-component htc; - text/mathml mml; - image/png png; - image/x-icon ico; - image/x-jng jng; - image/vnd.wap.wbmp wbmp; - application/java-archive jar war ear; - application/mac-binhex40 hqx; - application/pdf pdf; - application/x-cocoa cco; - application/x-java-archive-diff jardiff; - application/x-java-jnlp-file jnlp; - application/x-makeself run; - application/x-perl pl pm; - application/x-pilot prc pdb; - application/x-rar-compressed rar; - application/x-redhat-package-manager rpm; - application/x-sea sea; - application/x-shockwave-flash swf; - application/x-stuffit sit; - application/x-tcl tcl tk; - application/x-x509-ca-cert der pem crt; - application/x-xpinstall xpi; - application/zip zip; - application/octet-stream deb; - application/octet-stream bin exe dll; - application/octet-stream dmg; - application/octet-stream eot; - application/octet-stream iso img; - application/octet-stream msi msp msm; - audio/mpeg mp3; - audio/x-realaudio ra; - video/mpeg mpeg mpg; - video/quicktime mov; - video/x-flv flv; - video/x-msvideo avi; - video/x-ms-wmv wmv; - video/x-ms-asf asx asf; - video/x-mng mng; - } - website.conf: | - server { - listen 80 default_server; - listen [::]:80 default_server; - listen 443 ssl; - ssl_certificate /etc/certs/tls.crt; - ssl_certificate_key /etc/certs/tls.key; - server_name FQDN FQDN1 - add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload'; - add_header Content-Security-Policy "default-src 'self'; font-src *;img-src * data:; script-src *; style-src *"; - add_header X-XSS-Protection "1; mode=block"; - add_header X-Frame-Options "SAMEORIGIN"; - add_header X-Content-Type-Options nosniff; - add_header Referrer-Policy "strict-origin"; - # add_header Permissions-Policy "permissions here"; - root /var/www/html/website/; - index index.html; - location / { - try_files $uri $uri/ /index.html =404; - } - } - \ No newline at end of file diff --git a/src/main/resources/website/single-certificate.yaml b/src/main/resources/website/single-certificate.yaml deleted file mode 100644 index 5f60906..0000000 --- a/src/main/resources/website/single-certificate.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: CERTNAME - namespace: default -spec: - secretName: CERTNAME - commonName: FQDN - duration: 2160h # 90d - renewBefore: 360h # 15d - dnsNames: - - FQDN - issuerRef: - name: staging - kind: ClusterIssuer - \ No newline at end of file diff --git a/src/main/resources/website/single-ingress.yaml b/src/main/resources/website/single-ingress.yaml deleted file mode 100644 index c1003cf..0000000 --- a/src/main/resources/website/single-ingress.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: NAME-ingress - namespace: default - annotations: - ingress.kubernetes.io/ssl-redirect: "true" - traefik.ingress.kubernetes.io/router.middlewares: default-redirect-https@kubernetescrd -spec: - tls: - - hosts: - - FQDN - secretName: NAME-cert - rules: - - host: FQDN - http: - paths: - - pathType: Prefix - path: "/" - backend: - service: - name: NAME-service - port: - number: 80 diff --git a/src/main/resources/website/single-nginx-configmap.yaml b/src/main/resources/website/single-nginx-configmap.yaml deleted file mode 100644 index 1bdee73..0000000 --- a/src/main/resources/website/single-nginx-configmap.yaml +++ /dev/null @@ -1,99 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: NAME-configmap - namespace: default -data: - nginx.conf: | - user nginx; - worker_processes 3; - error_log /var/log/nginx/error.log; - pid /var/log/nginx/nginx.pid; - worker_rlimit_nofile 8192; - events { - worker_connections 4096; - } - http { - include /etc/nginx/mime.types; - default_type application/octet-stream; - log_format main '$remote_addr - $remote_user [$time_local] $status' - '"$request" $body_bytes_sent "$http_referer"' - '"$http_user_agent" "$http_x_forwarded_for"'; - access_log /var/log/nginx/access.log main; - sendfile on; - tcp_nopush on; - keepalive_timeout 65; - server_names_hash_bucket_size 128; - include /etc/nginx/conf.d/website.conf; - } - mime.types: | - types { - text/html html htm shtml; - text/css css; - text/xml xml rss; - image/gif gif; - image/jpeg jpeg jpg; - application/x-javascript js; - text/plain txt; - text/x-component htc; - text/mathml mml; - image/png png; - image/x-icon ico; - image/x-jng jng; - image/vnd.wap.wbmp wbmp; - application/java-archive jar war ear; - application/mac-binhex40 hqx; - application/pdf pdf; - application/x-cocoa cco; - application/x-java-archive-diff jardiff; - application/x-java-jnlp-file jnlp; - application/x-makeself run; - application/x-perl pl pm; - application/x-pilot prc pdb; - application/x-rar-compressed rar; - application/x-redhat-package-manager rpm; - application/x-sea sea; - application/x-shockwave-flash swf; - application/x-stuffit sit; - application/x-tcl tcl tk; - application/x-x509-ca-cert der pem crt; - application/x-xpinstall xpi; - application/zip zip; - application/octet-stream deb; - application/octet-stream bin exe dll; - application/octet-stream dmg; - application/octet-stream eot; - application/octet-stream iso img; - application/octet-stream msi msp msm; - audio/mpeg mp3; - audio/x-realaudio ra; - video/mpeg mpeg mpg; - video/quicktime mov; - video/x-flv flv; - video/x-msvideo avi; - video/x-ms-wmv wmv; - video/x-ms-asf asx asf; - video/x-mng mng; - } - website.conf: | - server { - listen 80 default_server; - listen [::]:80 default_server; - listen 443 ssl; - ssl_certificate /etc/certs/tls.crt; - ssl_certificate_key /etc/certs/tls.key; - server_name FQDN - add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload'; - add_header Content-Security-Policy "default-src 'self'; font-src *;img-src * data:; script-src *; style-src *"; - add_header X-XSS-Protection "1; mode=block"; - add_header X-Frame-Options "SAMEORIGIN"; - add_header X-Content-Type-Options nosniff; - add_header Referrer-Policy "strict-origin"; - # add_header Permissions-Policy "permissions here"; - root /var/www/html/website/; - index index.html; - location / { - try_files $uri $uri/ /index.html =404; - } - } - \ No newline at end of file diff --git a/src/main/resources/website/testconfig.yaml b/src/main/resources/website/testconfig.yaml deleted file mode 100644 index e0fc9db..0000000 --- a/src/main/resources/website/testconfig.yaml +++ /dev/null @@ -1,262 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: nginx -spec: - replicas: 1 - selector: - matchLabels: - app: nginx - template: - metadata: - labels: - app: nginx - spec: - containers: - - name: nginx - image: nginx:latest - imagePullPolicy: "Always" - ports: - - containerPort: 80 - volumeMounts: - - mountPath: /etc/nginx # mount nginx volume to /etc/nginx - readOnly: true - name: nginx-conf - - mountPath: /var/log/nginx - name: log - - mountPath: /var/www/html/repo.test.meissa.de - name: website-content-volume - - mountPath: /etc/certs - name: website-cert - readOnly: true - volumes: - - name: nginx-conf - configMap: - name: nginx-conf # place ConfigMap `nginx-conf` on /etc/nginx - items: - - key: nginx.conf - path: nginx.conf - - key: repo.test.meissa.de.conf - path: conf.d/repo.test.meissa.de.conf - - key: mime.types - path: mime.types # dig directory - - name: log - emptyDir: {} - - name: website-content-volume - persistentVolumeClaim: - claimName: website-content-pvc - - name: website-cert - secret: - secretName: website-cert - items: - - key: tls.crt - path: tls.crt - - key: tls.key - path: tls.key ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: nginx-conf - namespace: default -data: - nginx.conf: | - user nginx; - - worker_processes 3; - - error_log /var/log/nginx/error.log; - - pid /var/log/nginx/nginx.pid; - - worker_rlimit_nofile 8192; - - events { - worker_connections 4096; ## Default: 1024 - } - - # daemon off; # run in foreground - - http { - - include /etc/nginx/mime.types; # should be replaced by c4k - - default_type application/octet-stream; - - log_format main '$remote_addr - $remote_user [$time_local] $status ' - '"$request" $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; - - access_log /var/log/nginx/access.log main; - - sendfile on; - - tcp_nopush on; - - keepalive_timeout 65; - - server_names_hash_bucket_size 128; # this seems to be required for some vhosts - - # it might be a good idea to set a common reverse proxy - # which points to the ingress? - - include /etc/nginx/conf.d/repo.test.meissa.de.conf; # should be replaced by c4k - } - - mime.types: | - types { - text/html html htm shtml; - text/css css; - text/xml xml rss; - image/gif gif; - image/jpeg jpeg jpg; - application/x-javascript js; - text/plain txt; - text/x-component htc; - text/mathml mml; - image/png png; - image/x-icon ico; - image/x-jng jng; - image/vnd.wap.wbmp wbmp; - application/java-archive jar war ear; - application/mac-binhex40 hqx; - application/pdf pdf; - application/x-cocoa cco; - application/x-java-archive-diff jardiff; - application/x-java-jnlp-file jnlp; - application/x-makeself run; - application/x-perl pl pm; - application/x-pilot prc pdb; - application/x-rar-compressed rar; - application/x-redhat-package-manager rpm; - application/x-sea sea; - application/x-shockwave-flash swf; - application/x-stuffit sit; - application/x-tcl tcl tk; - application/x-x509-ca-cert der pem crt; - application/x-xpinstall xpi; - application/zip zip; - application/octet-stream deb; - application/octet-stream bin exe dll; - application/octet-stream dmg; - application/octet-stream eot; - application/octet-stream iso img; - application/octet-stream msi msp msm; - audio/mpeg mp3; - audio/x-realaudio ra; - video/mpeg mpeg mpg; - video/quicktime mov; - video/x-flv flv; - video/x-msvideo avi; - video/x-ms-wmv wmv; - video/x-ms-asf asx asf; - video/x-mng mng; - } - repo.test.meissa.de.conf: | - server { - - listen 80 default_server; - listen [::]:80 default_server; - - listen 443 ssl; - - ssl_certificate /etc/certs/tls.crt; - ssl_certificate_key /etc/certs/tls.key; - - server_name repo.test.meissa.de www.repo.test.meissa.de; - - # security headers - add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload'; - add_header Content-Security-Policy "default-src 'self'; font-src *;img-src * data:; script-src *; style-src *"; - add_header X-XSS-Protection "1; mode=block"; - add_header X-Frame-Options "SAMEORIGIN"; - add_header X-Content-Type-Options nosniff; - add_header Referrer-Policy "strict-origin"; - # maybe need to add: - # add_header Permissions-Policy "permissions here"; - - # root /var/www/html/repo.test.meissa.de; - root /usr/share/nginx/html/; - - index index.html; - - try_files $uri /index.html; - - } ---- -kind: Service -apiVersion: v1 -metadata: - name: nginx-service - labels: - app: nginx - namespace: default -spec: - type: LoadBalancer - ipFamilyPolicy: PreferDualStack - selector: - app: nginx - ports: - - port: 80 - targetPort: 80 - name: http - - port: 443 - targetPort: 443 - name: https - ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: website-content-pvc - namespace: default - labels: - app: nginx -spec: - storageClassName: local-path - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 5Gi ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: ingress-website - namespace: default - annotations: - ingress.kubernetes.io/ssl-redirect: "true" - traefik.ingress.kubernetes.io/router.middlewares: default-redirect-https@kubernetescrd -spec: - tls: - - hosts: - - repo.test.meissa.de - secretName: website-cert - rules: - - host: repo.test.meissa.de - http: - paths: - - pathType: Prefix - path: "/" - backend: - service: - name: website-service - port: - number: 80 ---- -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: website-cert - namespace: default -spec: - secretName: website-cert - commonName: repo.test.meissa.de - duration: 2160h # 90d - renewBefore: 360h # 15d - dnsNames: - - repo.test.meissa.de - issuerRef: - name: staging - kind: ClusterIssuer diff --git a/src/test/cljc/dda/c4k_website/website_test.cljc b/src/test/cljc/dda/c4k_website/website_test.cljc index e07722d..ceff551 100644 --- a/src/test/cljc/dda/c4k_website/website_test.cljc +++ b/src/test/cljc/dda/c4k_website/website_test.cljc @@ -16,7 +16,7 @@ (st/instrument `cut/generate-multi-nginx-configmap) (st/instrument `cut/generate-website-content-volume) -(deftest should-generate-single-certificate +(deftest should-generate-certificate (is (= {:name-c2 "prod", :name-c1 "staging"} (th/map-diff (cut/generate-single-certificate {:fqdn "test.de" :fqdn1 "test.org" @@ -30,7 +30,7 @@ :fqdn2 "bla.com" :multi ["fqdn1", "fqdn"]}))))) -(deftest should-generate-single-ingress +(deftest should-generate-ingress (is (= {:apiVersion "networking.k8s.io/v1", :kind "Ingress", :metadata @@ -50,7 +50,27 @@ :multi ["fqdn1", "fqdn"] :single "fqdn"})))) -(deftest should-generate-single-nginx-configmap +(deftest should-generate-ingress + (is (= {:apiVersion "networking.k8s.io/v1", + :kind "Ingress", + :metadata + {:name "test-de-ingress", + :namespace "default", + :annotations + {:ingress.kubernetes.io/ssl-redirect "true", + :traefik.ingress.kubernetes.io/router.middlewares "default-redirect-https@kubernetescrd"}}, + :spec + {:tls [{:hosts ["test.de"], :secretName "test-de-cert"}], + :rules + [{:host "test.de", + :http {:paths [{:pathType "Prefix", :path "/", :backend {:service {:name "test-de-service", :port {:number 80}}}}]}}]}} + (cut/generate-single-ingress {:fqdn "test.de" + :fqdn1 "test.org" + :fqdn2 "bla.com" + :multi ["fqdn1", "fqdn"] + :single "fqdn"})))) + +(deftest should-generate-nginx-configmap (is (= {:website.conf-c1 "server {\n listen 80 default_server;\n listen [::]:80 default_server;\n listen 443 ssl;\n ssl_certificate /etc/certs/tls.crt;\n ssl_certificate_key /etc/certs/tls.key;\n server_name test.de; \n add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload';\n add_header Content-Security-Policy \"default-src 'self'; font-src *;img-src * data:; script-src *; style-src *\";\n add_header X-XSS-Protection \"1; mode=block\";\n add_header X-Frame-Options \"SAMEORIGIN\";\n add_header X-Content-Type-Options nosniff;\n add_header Referrer-Policy \"strict-origin\";\n # add_header Permissions-Policy \"permissions here\";\n root /var/www/html/website/;\n index index.html;\n location / {\n try_files $uri $uri/ /index.html =404;\n }\n}\n", :website.conf-c2 "server {\n listen 80 default_server;\n listen [::]:80 default_server;\n listen 443 ssl;\n ssl_certificate /etc/certs/tls.crt;\n ssl_certificate_key /etc/certs/tls.key;\n server_name test.com; \n add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload';\n add_header Content-Security-Policy \"default-src 'self'; font-src *;img-src * data:; script-src *; style-src *\";\n add_header X-XSS-Protection \"1; mode=block\";\n add_header X-Frame-Options \"SAMEORIGIN\";\n add_header X-Content-Type-Options nosniff;\n add_header Referrer-Policy \"strict-origin\";\n # add_header Permissions-Policy \"permissions here\";\n root /var/www/html/website/;\n index index.html;\n location / {\n try_files $uri $uri/ /index.html =404;\n }\n}\n", :name-c1 "test-de-configmap", @@ -66,58 +86,6 @@ :fqdn2 "bla.com" :multi ["fqdn1", "fqdn"]}))))) -(deftest should-generate-multi-certificate - (is (= {:name-c2 "prod", :name-c1 "staging"} - (th/map-diff (cut/generate-multi-certificate {:fqdn "test.de" - :fqdn1 "test.com" - :fqdn2 "test.io" - :single "fqdn1" - :multi ["fqdn", "fqdn2"]}) - (cut/generate-multi-certificate {:fqdn "test.io" - :fqdn1 "test.com" - :fqdn2 "test.de" - :single "fqdn1" - :multi ["fqdn2", "fqdn"] - :issuer "prod"}))))) - -(deftest should-generate-multi-ingress - (is (= {:apiVersion "networking.k8s.io/v1", - :kind "Ingress", - :metadata - {:name "test-de-ingress", - :namespace "default", - :annotations - {:ingress.kubernetes.io/ssl-redirect "true", - :traefik.ingress.kubernetes.io/router.middlewares "default-redirect-https@kubernetescrd"}}, - :spec - {:tls [{:hosts ["test.de", "test.io"], :secretName "test-de-cert"}], - :rules - [{:host "test.de", - :http {:paths [{:pathType "Prefix", :path "/", :backend {:service {:name "test-de-service", :port {:number 80}}}}]}} - {:host "test.io", - :http {:paths [{:pathType "Prefix", :path "/", :backend {:service {:name "test-de-service", :port {:number 80}}}}]}}]}} - (cut/generate-multi-ingress {:fqdn "test.de" - :fqdn1 "test.com" - :fqdn2 "test.io" - :single "fqdn1" - :multi ["fqdn", "fqdn2"]})))) - -(deftest should-generate-nginx-multi-configmap - (is (= {:website.conf-c1 "server {\n listen 80 default_server;\n listen [::]:80 default_server;\n listen 443 ssl;\n ssl_certificate /etc/certs/tls.crt;\n ssl_certificate_key /etc/certs/tls.key;\n server_name test.de test.io; \n add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload';\n add_header Content-Security-Policy \"default-src 'self'; font-src *;img-src * data:; script-src *; style-src *\";\n add_header X-XSS-Protection \"1; mode=block\";\n add_header X-Frame-Options \"SAMEORIGIN\";\n add_header X-Content-Type-Options nosniff;\n add_header Referrer-Policy \"strict-origin\";\n # add_header Permissions-Policy \"permissions here\";\n root /var/www/html/website/;\n index index.html;\n location / {\n try_files $uri $uri/ /index.html =404;\n }\n}\n", - :website.conf-c2 "server {\n listen 80 default_server;\n listen [::]:80 default_server;\n listen 443 ssl;\n ssl_certificate /etc/certs/tls.crt;\n ssl_certificate_key /etc/certs/tls.key;\n server_name test.com test.io; \n add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload';\n add_header Content-Security-Policy \"default-src 'self'; font-src *;img-src * data:; script-src *; style-src *\";\n add_header X-XSS-Protection \"1; mode=block\";\n add_header X-Frame-Options \"SAMEORIGIN\";\n add_header X-Content-Type-Options nosniff;\n add_header Referrer-Policy \"strict-origin\";\n # add_header Permissions-Policy \"permissions here\";\n root /var/www/html/website/;\n index index.html;\n location / {\n try_files $uri $uri/ /index.html =404;\n }\n}\n", - :name-c1 "test-de-configmap", - :name-c2 "test-com-configmap"} - (th/map-diff (cut/generate-multi-nginx-configmap {:fqdn "test.de" - :fqdn1 "test.com" - :fqdn2 "test.io" - :single "fqdn1" - :multi ["fqdn", "fqdn2"]}) - (cut/generate-multi-nginx-configmap {:fqdn "test.de" - :fqdn1 "test.com" - :fqdn2 "test.io" - :single "fqdn2" - :multi ["fqdn1", "fqdn2"]}))))) - (deftest should-generate-nginx-deployment (is (= {:apiVersion "apps/v1", :kind "Deployment", @@ -157,46 +125,6 @@ :single "fqdn2" :multi ["fqdn1", "fqdn2"]})))) -(deftest should-generate-nginx-deployment-set-single - (is (= {:apiVersion "apps/v1", - :kind "Deployment", - :metadata {:name "test-de-deployment"}, - :spec - {:replicas 1, - :selector {:matchLabels {:app "test-de-nginx"}}, - :template - {:metadata {:labels {:app "test-de-nginx"}}, - :spec - {:containers - [{:name "test-de-nginx", - :image "nginx:latest", - :imagePullPolicy "IfNotPresent", - :ports [{:containerPort 80}], - :volumeMounts - [{:mountPath "/etc/nginx", :readOnly true, :name "nginx-config-volume"} - {:mountPath "/var/log/nginx", :name "log"} - {:mountPath "/var/www/html/website", :name "website-content-volume", :readOnly true} - {:mountPath "/etc/certs", :name "website-cert", :readOnly true}]}], - :volumes - [{:name "nginx-config-volume", - :configMap - {:name "test-de-configmap", - :items - [{:key "nginx.conf", :path "nginx.conf"} - {:key "website.conf", :path "conf.d/website.conf"} - {:key "mime.types", :path "mime.types"}]}} - {:name "log", :emptyDir {}} - {:name "website-content-volume", :persistentVolumeClaim {:claimName "test-de-content-volume"}} - {:name "website-cert", - :secret - {:secretName "test-de-cert", :items [{:key "tls.crt", :path "tls.crt"} {:key "tls.key", :path "tls.key"}]}}]}}}} - (cut/generate-nginx-deployment (cutc/set-single-fqdn - {:fqdn "test.io" - :fqdn1 "test.com" - :fqdn2 "test.de" - :single "fqdn2" - :multi ["fqdn1", "fqdn2"]}))))) - (deftest should-generate-nginx-service (is (= {:name-c1 "test-de-service", :name-c2 "test-com-service", @@ -289,31 +217,6 @@ :authtoken "token2" :gitrepourl "test.com/user/repo.git" :singlegitrepourl "test.com/user/otherrepo.git"}))))) -(deftest should-generate-website-build-secret-set-single - (is (= {:name-c1 "test-de-secret", - :name-c2 "test-com-secret", - :AUTHTOKEN-c1 (b64/encode "token1"), - :AUTHTOKEN-c2 (b64/encode "token2"), - :GITREPOURL-c1 (b64/encode "test.de/user/main.git"), - :GITREPOURL-c2 (b64/encode "test.com/user/master.git")} - (th/map-diff (cut/generate-website-build-secret (cutc/set-single-repo-url - {:fqdn "test.de" - :fqdn1 "bla.de" - :fqdn2 "bla.com" - :single "fqdn" - :multi ["fqdn", "fqdn"] - :authtoken "token1" - :gitrepourl "test.de/user/repo.git" - :singlegitrepourl "test.de/user/main.git"})) - (cut/generate-website-build-secret (cutc/set-single-repo-url - {:fqdn "test.com" - :fqdn1 "bla.de" - :fqdn2 "bla.com" - :single "fqdn" - :multi ["fqdn1", "fqdn"] - :authtoken "token2" - :gitrepourl "test.com/user/repo.git" - :singlegitrepourl "test.com/user/master.git"})))))) (deftest should-generate-website-content-volume (is (= {:name-c1 "test-de-content-volume",