[Skip-CI] WIP Working config generation

c4k-website now generates multiple configs depending on the number
of list items in :websites and :auth lists.
This commit is contained in:
erik 2022-10-12 15:54:55 +02:00
parent 31f490e286
commit d9e22a26ed
9 changed files with 34 additions and 684 deletions

View file

@ -50,19 +50,19 @@
config config
(assoc-in [:websites] (rest (config :websites))) (assoc-in [:websites] (rest (config :websites)))
(assoc-in [:auth] (rest (config :auth)))) (assoc-in [:auth] (rest (config :auth))))
(merge result (conj result
(website/generate-nginx-deployment (flatten-and-reduce-config config)) (website/generate-nginx-deployment (flatten-and-reduce-config config))
(website/generate-nginx-configmap (flatten-and-reduce-config config)) (website/generate-nginx-configmap (flatten-and-reduce-config config))
(website/generate-nginx-service (flatten-and-reduce-config config)) (website/generate-nginx-service (flatten-and-reduce-config config))
(website/generate-website-content-volume (flatten-and-reduce-config config)) (website/generate-website-content-volume (flatten-and-reduce-config config))
(website/generate-website-http-ingress (flatten-and-reduce-config config)) (website/generate-website-http-ingress (flatten-and-reduce-config config))
(website/generate-website-https-ingress (flatten-and-reduce-config config)) (website/generate-website-https-ingress (flatten-and-reduce-config config))
(website/generate-website-certificate (flatten-and-reduce-config config)) (website/generate-website-certificate (flatten-and-reduce-config config))
(website/generate-website-build-cron (flatten-and-reduce-config config)) (website/generate-website-build-cron (flatten-and-reduce-config config))
(website/generate-website-build-secret (flatten-and-reduce-config config))))))) (website/generate-website-build-secret (flatten-and-reduce-config config)))))))
(defn k8s-objects [config] (defn k8s-objects [config]
(cm/concat-vec (cm/concat-vec
(map yaml/to-string (map yaml/to-string
(filter #(not (nil? %)) (filter #(not (nil? %))
[(generate-configs config)])))) (generate-configs config)))))

View file

@ -1,17 +0,0 @@
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: NAME-cert
namespace: default
spec:
secretName: NAME-cert
commonName: FQDN
duration: 2160h # 90d
renewBefore: 360h # 15d
dnsNames:
- FQDN
- FQDN1
issuerRef:
name: staging
kind: ClusterIssuer

View file

@ -1,36 +0,0 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: NAME-ingress
namespace: default
annotations:
ingress.kubernetes.io/ssl-redirect: "true"
traefik.ingress.kubernetes.io/router.middlewares: default-redirect-https@kubernetescrd
spec:
tls:
- hosts:
- FQDN
- FQDN1
secretName: NAME-cert
rules:
- host: FQDN
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: NAME-service
port:
number: 80
- host: FQDN1
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: NAME-service
port:
number: 80

View file

@ -1,99 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: NAME-configmap
namespace: default
data:
nginx.conf: |
user nginx;
worker_processes 3;
error_log /var/log/nginx/error.log;
pid /var/log/nginx/nginx.pid;
worker_rlimit_nofile 8192;
events {
worker_connections 4096;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] $status'
'"$request" $body_bytes_sent "$http_referer"'
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
keepalive_timeout 65;
server_names_hash_bucket_size 128;
include /etc/nginx/conf.d/website.conf;
}
mime.types: |
types {
text/html html htm shtml;
text/css css;
text/xml xml rss;
image/gif gif;
image/jpeg jpeg jpg;
application/x-javascript js;
text/plain txt;
text/x-component htc;
text/mathml mml;
image/png png;
image/x-icon ico;
image/x-jng jng;
image/vnd.wap.wbmp wbmp;
application/java-archive jar war ear;
application/mac-binhex40 hqx;
application/pdf pdf;
application/x-cocoa cco;
application/x-java-archive-diff jardiff;
application/x-java-jnlp-file jnlp;
application/x-makeself run;
application/x-perl pl pm;
application/x-pilot prc pdb;
application/x-rar-compressed rar;
application/x-redhat-package-manager rpm;
application/x-sea sea;
application/x-shockwave-flash swf;
application/x-stuffit sit;
application/x-tcl tcl tk;
application/x-x509-ca-cert der pem crt;
application/x-xpinstall xpi;
application/zip zip;
application/octet-stream deb;
application/octet-stream bin exe dll;
application/octet-stream dmg;
application/octet-stream eot;
application/octet-stream iso img;
application/octet-stream msi msp msm;
audio/mpeg mp3;
audio/x-realaudio ra;
video/mpeg mpeg mpg;
video/quicktime mov;
video/x-flv flv;
video/x-msvideo avi;
video/x-ms-wmv wmv;
video/x-ms-asf asx asf;
video/x-mng mng;
}
website.conf: |
server {
listen 80 default_server;
listen [::]:80 default_server;
listen 443 ssl;
ssl_certificate /etc/certs/tls.crt;
ssl_certificate_key /etc/certs/tls.key;
server_name FQDN FQDN1
add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload';
add_header Content-Security-Policy "default-src 'self'; font-src *;img-src * data:; script-src *; style-src *";
add_header X-XSS-Protection "1; mode=block";
add_header X-Frame-Options "SAMEORIGIN";
add_header X-Content-Type-Options nosniff;
add_header Referrer-Policy "strict-origin";
# add_header Permissions-Policy "permissions here";
root /var/www/html/website/;
index index.html;
location / {
try_files $uri $uri/ /index.html =404;
}
}

View file

@ -1,16 +0,0 @@
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: CERTNAME
namespace: default
spec:
secretName: CERTNAME
commonName: FQDN
duration: 2160h # 90d
renewBefore: 360h # 15d
dnsNames:
- FQDN
issuerRef:
name: staging
kind: ClusterIssuer

View file

@ -1,24 +0,0 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: NAME-ingress
namespace: default
annotations:
ingress.kubernetes.io/ssl-redirect: "true"
traefik.ingress.kubernetes.io/router.middlewares: default-redirect-https@kubernetescrd
spec:
tls:
- hosts:
- FQDN
secretName: NAME-cert
rules:
- host: FQDN
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: NAME-service
port:
number: 80

View file

@ -1,99 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: NAME-configmap
namespace: default
data:
nginx.conf: |
user nginx;
worker_processes 3;
error_log /var/log/nginx/error.log;
pid /var/log/nginx/nginx.pid;
worker_rlimit_nofile 8192;
events {
worker_connections 4096;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] $status'
'"$request" $body_bytes_sent "$http_referer"'
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
keepalive_timeout 65;
server_names_hash_bucket_size 128;
include /etc/nginx/conf.d/website.conf;
}
mime.types: |
types {
text/html html htm shtml;
text/css css;
text/xml xml rss;
image/gif gif;
image/jpeg jpeg jpg;
application/x-javascript js;
text/plain txt;
text/x-component htc;
text/mathml mml;
image/png png;
image/x-icon ico;
image/x-jng jng;
image/vnd.wap.wbmp wbmp;
application/java-archive jar war ear;
application/mac-binhex40 hqx;
application/pdf pdf;
application/x-cocoa cco;
application/x-java-archive-diff jardiff;
application/x-java-jnlp-file jnlp;
application/x-makeself run;
application/x-perl pl pm;
application/x-pilot prc pdb;
application/x-rar-compressed rar;
application/x-redhat-package-manager rpm;
application/x-sea sea;
application/x-shockwave-flash swf;
application/x-stuffit sit;
application/x-tcl tcl tk;
application/x-x509-ca-cert der pem crt;
application/x-xpinstall xpi;
application/zip zip;
application/octet-stream deb;
application/octet-stream bin exe dll;
application/octet-stream dmg;
application/octet-stream eot;
application/octet-stream iso img;
application/octet-stream msi msp msm;
audio/mpeg mp3;
audio/x-realaudio ra;
video/mpeg mpeg mpg;
video/quicktime mov;
video/x-flv flv;
video/x-msvideo avi;
video/x-ms-wmv wmv;
video/x-ms-asf asx asf;
video/x-mng mng;
}
website.conf: |
server {
listen 80 default_server;
listen [::]:80 default_server;
listen 443 ssl;
ssl_certificate /etc/certs/tls.crt;
ssl_certificate_key /etc/certs/tls.key;
server_name FQDN
add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload';
add_header Content-Security-Policy "default-src 'self'; font-src *;img-src * data:; script-src *; style-src *";
add_header X-XSS-Protection "1; mode=block";
add_header X-Frame-Options "SAMEORIGIN";
add_header X-Content-Type-Options nosniff;
add_header Referrer-Policy "strict-origin";
# add_header Permissions-Policy "permissions here";
root /var/www/html/website/;
index index.html;
location / {
try_files $uri $uri/ /index.html =404;
}
}

View file

@ -1,262 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx
spec:
replicas: 1
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:latest
imagePullPolicy: "Always"
ports:
- containerPort: 80
volumeMounts:
- mountPath: /etc/nginx # mount nginx volume to /etc/nginx
readOnly: true
name: nginx-conf
- mountPath: /var/log/nginx
name: log
- mountPath: /var/www/html/repo.test.meissa.de
name: website-content-volume
- mountPath: /etc/certs
name: website-cert
readOnly: true
volumes:
- name: nginx-conf
configMap:
name: nginx-conf # place ConfigMap `nginx-conf` on /etc/nginx
items:
- key: nginx.conf
path: nginx.conf
- key: repo.test.meissa.de.conf
path: conf.d/repo.test.meissa.de.conf
- key: mime.types
path: mime.types # dig directory
- name: log
emptyDir: {}
- name: website-content-volume
persistentVolumeClaim:
claimName: website-content-pvc
- name: website-cert
secret:
secretName: website-cert
items:
- key: tls.crt
path: tls.crt
- key: tls.key
path: tls.key
---
apiVersion: v1
kind: ConfigMap
metadata:
name: nginx-conf
namespace: default
data:
nginx.conf: |
user nginx;
worker_processes 3;
error_log /var/log/nginx/error.log;
pid /var/log/nginx/nginx.pid;
worker_rlimit_nofile 8192;
events {
worker_connections 4096; ## Default: 1024
}
# daemon off; # run in foreground
http {
include /etc/nginx/mime.types; # should be replaced by c4k
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] $status '
'"$request" $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
keepalive_timeout 65;
server_names_hash_bucket_size 128; # this seems to be required for some vhosts
# it might be a good idea to set a common reverse proxy
# which points to the ingress?
include /etc/nginx/conf.d/repo.test.meissa.de.conf; # should be replaced by c4k
}
mime.types: |
types {
text/html html htm shtml;
text/css css;
text/xml xml rss;
image/gif gif;
image/jpeg jpeg jpg;
application/x-javascript js;
text/plain txt;
text/x-component htc;
text/mathml mml;
image/png png;
image/x-icon ico;
image/x-jng jng;
image/vnd.wap.wbmp wbmp;
application/java-archive jar war ear;
application/mac-binhex40 hqx;
application/pdf pdf;
application/x-cocoa cco;
application/x-java-archive-diff jardiff;
application/x-java-jnlp-file jnlp;
application/x-makeself run;
application/x-perl pl pm;
application/x-pilot prc pdb;
application/x-rar-compressed rar;
application/x-redhat-package-manager rpm;
application/x-sea sea;
application/x-shockwave-flash swf;
application/x-stuffit sit;
application/x-tcl tcl tk;
application/x-x509-ca-cert der pem crt;
application/x-xpinstall xpi;
application/zip zip;
application/octet-stream deb;
application/octet-stream bin exe dll;
application/octet-stream dmg;
application/octet-stream eot;
application/octet-stream iso img;
application/octet-stream msi msp msm;
audio/mpeg mp3;
audio/x-realaudio ra;
video/mpeg mpeg mpg;
video/quicktime mov;
video/x-flv flv;
video/x-msvideo avi;
video/x-ms-wmv wmv;
video/x-ms-asf asx asf;
video/x-mng mng;
}
repo.test.meissa.de.conf: |
server {
listen 80 default_server;
listen [::]:80 default_server;
listen 443 ssl;
ssl_certificate /etc/certs/tls.crt;
ssl_certificate_key /etc/certs/tls.key;
server_name repo.test.meissa.de www.repo.test.meissa.de;
# security headers
add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload';
add_header Content-Security-Policy "default-src 'self'; font-src *;img-src * data:; script-src *; style-src *";
add_header X-XSS-Protection "1; mode=block";
add_header X-Frame-Options "SAMEORIGIN";
add_header X-Content-Type-Options nosniff;
add_header Referrer-Policy "strict-origin";
# maybe need to add:
# add_header Permissions-Policy "permissions here";
# root /var/www/html/repo.test.meissa.de;
root /usr/share/nginx/html/;
index index.html;
try_files $uri /index.html;
}
---
kind: Service
apiVersion: v1
metadata:
name: nginx-service
labels:
app: nginx
namespace: default
spec:
type: LoadBalancer
ipFamilyPolicy: PreferDualStack
selector:
app: nginx
ports:
- port: 80
targetPort: 80
name: http
- port: 443
targetPort: 443
name: https
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: website-content-pvc
namespace: default
labels:
app: nginx
spec:
storageClassName: local-path
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-website
namespace: default
annotations:
ingress.kubernetes.io/ssl-redirect: "true"
traefik.ingress.kubernetes.io/router.middlewares: default-redirect-https@kubernetescrd
spec:
tls:
- hosts:
- repo.test.meissa.de
secretName: website-cert
rules:
- host: repo.test.meissa.de
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: website-service
port:
number: 80
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: website-cert
namespace: default
spec:
secretName: website-cert
commonName: repo.test.meissa.de
duration: 2160h # 90d
renewBefore: 360h # 15d
dnsNames:
- repo.test.meissa.de
issuerRef:
name: staging
kind: ClusterIssuer

View file

@ -16,7 +16,7 @@
(st/instrument `cut/generate-multi-nginx-configmap) (st/instrument `cut/generate-multi-nginx-configmap)
(st/instrument `cut/generate-website-content-volume) (st/instrument `cut/generate-website-content-volume)
(deftest should-generate-single-certificate (deftest should-generate-certificate
(is (= {:name-c2 "prod", :name-c1 "staging"} (is (= {:name-c2 "prod", :name-c1 "staging"}
(th/map-diff (cut/generate-single-certificate {:fqdn "test.de" (th/map-diff (cut/generate-single-certificate {:fqdn "test.de"
:fqdn1 "test.org" :fqdn1 "test.org"
@ -30,7 +30,7 @@
:fqdn2 "bla.com" :fqdn2 "bla.com"
:multi ["fqdn1", "fqdn"]}))))) :multi ["fqdn1", "fqdn"]})))))
(deftest should-generate-single-ingress (deftest should-generate-ingress
(is (= {:apiVersion "networking.k8s.io/v1", (is (= {:apiVersion "networking.k8s.io/v1",
:kind "Ingress", :kind "Ingress",
:metadata :metadata
@ -50,7 +50,27 @@
:multi ["fqdn1", "fqdn"] :multi ["fqdn1", "fqdn"]
:single "fqdn"})))) :single "fqdn"}))))
(deftest should-generate-single-nginx-configmap (deftest should-generate-ingress
(is (= {:apiVersion "networking.k8s.io/v1",
:kind "Ingress",
:metadata
{:name "test-de-ingress",
:namespace "default",
:annotations
{:ingress.kubernetes.io/ssl-redirect "true",
:traefik.ingress.kubernetes.io/router.middlewares "default-redirect-https@kubernetescrd"}},
:spec
{:tls [{:hosts ["test.de"], :secretName "test-de-cert"}],
:rules
[{:host "test.de",
:http {:paths [{:pathType "Prefix", :path "/", :backend {:service {:name "test-de-service", :port {:number 80}}}}]}}]}}
(cut/generate-single-ingress {:fqdn "test.de"
:fqdn1 "test.org"
:fqdn2 "bla.com"
:multi ["fqdn1", "fqdn"]
:single "fqdn"}))))
(deftest should-generate-nginx-configmap
(is (= {:website.conf-c1 "server {\n listen 80 default_server;\n listen [::]:80 default_server;\n listen 443 ssl;\n ssl_certificate /etc/certs/tls.crt;\n ssl_certificate_key /etc/certs/tls.key;\n server_name test.de; \n add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload';\n add_header Content-Security-Policy \"default-src 'self'; font-src *;img-src * data:; script-src *; style-src *\";\n add_header X-XSS-Protection \"1; mode=block\";\n add_header X-Frame-Options \"SAMEORIGIN\";\n add_header X-Content-Type-Options nosniff;\n add_header Referrer-Policy \"strict-origin\";\n # add_header Permissions-Policy \"permissions here\";\n root /var/www/html/website/;\n index index.html;\n location / {\n try_files $uri $uri/ /index.html =404;\n }\n}\n", (is (= {:website.conf-c1 "server {\n listen 80 default_server;\n listen [::]:80 default_server;\n listen 443 ssl;\n ssl_certificate /etc/certs/tls.crt;\n ssl_certificate_key /etc/certs/tls.key;\n server_name test.de; \n add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload';\n add_header Content-Security-Policy \"default-src 'self'; font-src *;img-src * data:; script-src *; style-src *\";\n add_header X-XSS-Protection \"1; mode=block\";\n add_header X-Frame-Options \"SAMEORIGIN\";\n add_header X-Content-Type-Options nosniff;\n add_header Referrer-Policy \"strict-origin\";\n # add_header Permissions-Policy \"permissions here\";\n root /var/www/html/website/;\n index index.html;\n location / {\n try_files $uri $uri/ /index.html =404;\n }\n}\n",
:website.conf-c2 "server {\n listen 80 default_server;\n listen [::]:80 default_server;\n listen 443 ssl;\n ssl_certificate /etc/certs/tls.crt;\n ssl_certificate_key /etc/certs/tls.key;\n server_name test.com; \n add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload';\n add_header Content-Security-Policy \"default-src 'self'; font-src *;img-src * data:; script-src *; style-src *\";\n add_header X-XSS-Protection \"1; mode=block\";\n add_header X-Frame-Options \"SAMEORIGIN\";\n add_header X-Content-Type-Options nosniff;\n add_header Referrer-Policy \"strict-origin\";\n # add_header Permissions-Policy \"permissions here\";\n root /var/www/html/website/;\n index index.html;\n location / {\n try_files $uri $uri/ /index.html =404;\n }\n}\n", :website.conf-c2 "server {\n listen 80 default_server;\n listen [::]:80 default_server;\n listen 443 ssl;\n ssl_certificate /etc/certs/tls.crt;\n ssl_certificate_key /etc/certs/tls.key;\n server_name test.com; \n add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload';\n add_header Content-Security-Policy \"default-src 'self'; font-src *;img-src * data:; script-src *; style-src *\";\n add_header X-XSS-Protection \"1; mode=block\";\n add_header X-Frame-Options \"SAMEORIGIN\";\n add_header X-Content-Type-Options nosniff;\n add_header Referrer-Policy \"strict-origin\";\n # add_header Permissions-Policy \"permissions here\";\n root /var/www/html/website/;\n index index.html;\n location / {\n try_files $uri $uri/ /index.html =404;\n }\n}\n",
:name-c1 "test-de-configmap", :name-c1 "test-de-configmap",
@ -66,58 +86,6 @@
:fqdn2 "bla.com" :fqdn2 "bla.com"
:multi ["fqdn1", "fqdn"]}))))) :multi ["fqdn1", "fqdn"]})))))
(deftest should-generate-multi-certificate
(is (= {:name-c2 "prod", :name-c1 "staging"}
(th/map-diff (cut/generate-multi-certificate {:fqdn "test.de"
:fqdn1 "test.com"
:fqdn2 "test.io"
:single "fqdn1"
:multi ["fqdn", "fqdn2"]})
(cut/generate-multi-certificate {:fqdn "test.io"
:fqdn1 "test.com"
:fqdn2 "test.de"
:single "fqdn1"
:multi ["fqdn2", "fqdn"]
:issuer "prod"})))))
(deftest should-generate-multi-ingress
(is (= {:apiVersion "networking.k8s.io/v1",
:kind "Ingress",
:metadata
{:name "test-de-ingress",
:namespace "default",
:annotations
{:ingress.kubernetes.io/ssl-redirect "true",
:traefik.ingress.kubernetes.io/router.middlewares "default-redirect-https@kubernetescrd"}},
:spec
{:tls [{:hosts ["test.de", "test.io"], :secretName "test-de-cert"}],
:rules
[{:host "test.de",
:http {:paths [{:pathType "Prefix", :path "/", :backend {:service {:name "test-de-service", :port {:number 80}}}}]}}
{:host "test.io",
:http {:paths [{:pathType "Prefix", :path "/", :backend {:service {:name "test-de-service", :port {:number 80}}}}]}}]}}
(cut/generate-multi-ingress {:fqdn "test.de"
:fqdn1 "test.com"
:fqdn2 "test.io"
:single "fqdn1"
:multi ["fqdn", "fqdn2"]}))))
(deftest should-generate-nginx-multi-configmap
(is (= {:website.conf-c1 "server {\n listen 80 default_server;\n listen [::]:80 default_server;\n listen 443 ssl;\n ssl_certificate /etc/certs/tls.crt;\n ssl_certificate_key /etc/certs/tls.key;\n server_name test.de test.io; \n add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload';\n add_header Content-Security-Policy \"default-src 'self'; font-src *;img-src * data:; script-src *; style-src *\";\n add_header X-XSS-Protection \"1; mode=block\";\n add_header X-Frame-Options \"SAMEORIGIN\";\n add_header X-Content-Type-Options nosniff;\n add_header Referrer-Policy \"strict-origin\";\n # add_header Permissions-Policy \"permissions here\";\n root /var/www/html/website/;\n index index.html;\n location / {\n try_files $uri $uri/ /index.html =404;\n }\n}\n",
:website.conf-c2 "server {\n listen 80 default_server;\n listen [::]:80 default_server;\n listen 443 ssl;\n ssl_certificate /etc/certs/tls.crt;\n ssl_certificate_key /etc/certs/tls.key;\n server_name test.com test.io; \n add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload';\n add_header Content-Security-Policy \"default-src 'self'; font-src *;img-src * data:; script-src *; style-src *\";\n add_header X-XSS-Protection \"1; mode=block\";\n add_header X-Frame-Options \"SAMEORIGIN\";\n add_header X-Content-Type-Options nosniff;\n add_header Referrer-Policy \"strict-origin\";\n # add_header Permissions-Policy \"permissions here\";\n root /var/www/html/website/;\n index index.html;\n location / {\n try_files $uri $uri/ /index.html =404;\n }\n}\n",
:name-c1 "test-de-configmap",
:name-c2 "test-com-configmap"}
(th/map-diff (cut/generate-multi-nginx-configmap {:fqdn "test.de"
:fqdn1 "test.com"
:fqdn2 "test.io"
:single "fqdn1"
:multi ["fqdn", "fqdn2"]})
(cut/generate-multi-nginx-configmap {:fqdn "test.de"
:fqdn1 "test.com"
:fqdn2 "test.io"
:single "fqdn2"
:multi ["fqdn1", "fqdn2"]})))))
(deftest should-generate-nginx-deployment (deftest should-generate-nginx-deployment
(is (= {:apiVersion "apps/v1", (is (= {:apiVersion "apps/v1",
:kind "Deployment", :kind "Deployment",
@ -157,46 +125,6 @@
:single "fqdn2" :single "fqdn2"
:multi ["fqdn1", "fqdn2"]})))) :multi ["fqdn1", "fqdn2"]}))))
(deftest should-generate-nginx-deployment-set-single
(is (= {:apiVersion "apps/v1",
:kind "Deployment",
:metadata {:name "test-de-deployment"},
:spec
{:replicas 1,
:selector {:matchLabels {:app "test-de-nginx"}},
:template
{:metadata {:labels {:app "test-de-nginx"}},
:spec
{:containers
[{:name "test-de-nginx",
:image "nginx:latest",
:imagePullPolicy "IfNotPresent",
:ports [{:containerPort 80}],
:volumeMounts
[{:mountPath "/etc/nginx", :readOnly true, :name "nginx-config-volume"}
{:mountPath "/var/log/nginx", :name "log"}
{:mountPath "/var/www/html/website", :name "website-content-volume", :readOnly true}
{:mountPath "/etc/certs", :name "website-cert", :readOnly true}]}],
:volumes
[{:name "nginx-config-volume",
:configMap
{:name "test-de-configmap",
:items
[{:key "nginx.conf", :path "nginx.conf"}
{:key "website.conf", :path "conf.d/website.conf"}
{:key "mime.types", :path "mime.types"}]}}
{:name "log", :emptyDir {}}
{:name "website-content-volume", :persistentVolumeClaim {:claimName "test-de-content-volume"}}
{:name "website-cert",
:secret
{:secretName "test-de-cert", :items [{:key "tls.crt", :path "tls.crt"} {:key "tls.key", :path "tls.key"}]}}]}}}}
(cut/generate-nginx-deployment (cutc/set-single-fqdn
{:fqdn "test.io"
:fqdn1 "test.com"
:fqdn2 "test.de"
:single "fqdn2"
:multi ["fqdn1", "fqdn2"]})))))
(deftest should-generate-nginx-service (deftest should-generate-nginx-service
(is (= {:name-c1 "test-de-service", (is (= {:name-c1 "test-de-service",
:name-c2 "test-com-service", :name-c2 "test-com-service",
@ -289,31 +217,6 @@
:authtoken "token2" :authtoken "token2"
:gitrepourl "test.com/user/repo.git" :gitrepourl "test.com/user/repo.git"
:singlegitrepourl "test.com/user/otherrepo.git"}))))) :singlegitrepourl "test.com/user/otherrepo.git"})))))
(deftest should-generate-website-build-secret-set-single
(is (= {:name-c1 "test-de-secret",
:name-c2 "test-com-secret",
:AUTHTOKEN-c1 (b64/encode "token1"),
:AUTHTOKEN-c2 (b64/encode "token2"),
:GITREPOURL-c1 (b64/encode "test.de/user/main.git"),
:GITREPOURL-c2 (b64/encode "test.com/user/master.git")}
(th/map-diff (cut/generate-website-build-secret (cutc/set-single-repo-url
{:fqdn "test.de"
:fqdn1 "bla.de"
:fqdn2 "bla.com"
:single "fqdn"
:multi ["fqdn", "fqdn"]
:authtoken "token1"
:gitrepourl "test.de/user/repo.git"
:singlegitrepourl "test.de/user/main.git"}))
(cut/generate-website-build-secret (cutc/set-single-repo-url
{:fqdn "test.com"
:fqdn1 "bla.de"
:fqdn2 "bla.com"
:single "fqdn"
:multi ["fqdn1", "fqdn"]
:authtoken "token2"
:gitrepourl "test.com/user/repo.git"
:singlegitrepourl "test.com/user/master.git"}))))))
(deftest should-generate-website-content-volume (deftest should-generate-website-content-volume
(is (= {:name-c1 "test-de-content-volume", (is (= {:name-c1 "test-de-content-volume",