Compare commits

..

No commits in common. "3a216d52df30e6f11ad073fd41453faaebfc1331" and "9c5ca90eefb879dba5de5953f269a5286b428a80" have entirely different histories.

5 changed files with 98 additions and 168 deletions

View file

@ -67,10 +67,10 @@
[(website/generate-nginx-deployment (flatten-and-reduce-config config))
(website/generate-nginx-configmap (flatten-and-reduce-config config))
(website/generate-nginx-service (flatten-and-reduce-config config))
(website/generate-content-pvc (flatten-and-reduce-config config))
(website/generate-hash-state-pvc (flatten-and-reduce-config config))
(website/generate-build-cron (flatten-and-reduce-config config))
(website/generate-build-secret (flatten-and-reduce-config config)
(website/generate-website-content-volume (flatten-and-reduce-config config))
(website/generate-hashfile-volume (flatten-and-reduce-config config))
(website/generate-website-build-cron (flatten-and-reduce-config config))
(website/generate-website-build-secret (flatten-and-reduce-config config)
(flatten-and-reduce-auth auth))]
(website/generate-ingress (flatten-and-reduce-config config))
)))))

View file

@ -40,8 +40,7 @@
:build-cpu-limit "1700m"
:build-memory-request "256Mi"
:build-memory-limit "512Mi"
:volume-size "3"
:redirects []})
:volume-size "3"})
(defn-spec generate-nginx-deployment map?
[config websiteconfig?]
@ -64,32 +63,32 @@
(int/generate-nginx-service final-config)))
(defn-spec generate-content-pvc map?
(defn-spec generate-website-content-volume map?
[config websiteconfig?]
(let [final-config (merge config-defaults
config)]
(int/generate-content-pvc final-config)))
(int/generate-website-content-volume final-config)))
(defn-spec generate-hash-state-pvc map?
(defn-spec generate-hashfile-volume map?
[config websiteconfig?]
(let [final-config (merge config-defaults
config)]
(int/generate-hash-state-pvc final-config)))
(int/generate-hashfile-volume final-config)))
(defn-spec generate-build-cron map?
(defn-spec generate-website-build-cron map?
[config websiteconfig?]
(let [final-config (merge config-defaults
config)]
(int/generate-build-cron final-config)))
(int/generate-website-build-cron final-config)))
(defn-spec generate-build-secret map?
(defn-spec generate-website-build-secret map?
[config websiteconfig?
auth websiteauth?]
(let [final-config (merge config-defaults
config)]
(int/generate-build-secret final-config auth)))
(int/generate-website-build-secret final-config auth)))
(defn-spec generate-namespcae seq?
[config websiteconfig?]

View file

@ -8,7 +8,8 @@
[dda.c4k-common.yaml :as yaml]
[dda.c4k-common.common :as cm]
[dda.c4k-common.base64 :as b64]
[dda.c4k-common.predicate :as pred]))
[dda.c4k-common.predicate :as pred]
[dda.c4k-common.ingress :as ing]))
(defn fqdn-list?
[input]
@ -27,9 +28,6 @@
(s/def ::build-memory-request string?)
(s/def ::build-cpu-limit string?)
(s/def ::build-memory-limit string?)
(s/def ::redirect (s/tuple string? string?))
(s/def ::redirects (s/coll-of ::redirect))
(def websiteconfig? (s/keys :req-un [::unique-name
::fqdns
@ -41,8 +39,7 @@
::build-cpu-request
::build-cpu-limit
::build-memory-request
::build-memory-limit
::redirects]))
::build-memory-limit]))
(def websiteauth? (s/keys :req-un [::unique-name ::username ::authtoken]))
@ -73,9 +70,8 @@
user string?]
(str "https://" host "/api/v1/repos/" user "/" repo "/git/" "commits/" "HEAD"))
(defn-spec replace-all-matching-prefixes map?
[col map?
(defn-spec replace-all-matching-substrings-beginning-with pred/map-or-seq?
[col pred/map-or-seq?
value-to-partly-match string?
value-to-inplace string?]
(clojure.walk/postwalk #(if (and (= (type value-to-partly-match) (type %))
@ -84,15 +80,19 @@
col))
(defn-spec generate-redirects string?
[config websiteconfig?
indent (s/or :pos pos-int? :zero zero?)]
(let [{:keys [redirects]} config]
(str/join
(str "\n" (str/join (take indent (repeat " "))))
(map
#(str "rewrite ^" (first %1) "\\$ " (second %1) " permanent;")
redirects))))
(defn-spec generate-nginx-deployment map?
[config websiteconfig?]
(let [{:keys [unique-name build-cpu-request build-cpu-limit
build-memory-request build-memory-limit]} config
name (replace-dots-by-minus unique-name)]
(->
(yaml/load-as-edn "website/nginx-deployment.yaml")
(assoc-in [:metadata :namespace] name)
(replace-all-matching-substrings-beginning-with "NAME" name)
(cm/replace-all-matching-values-by-new-value "BUILD_CPU_REQUEST" build-cpu-request)
(cm/replace-all-matching-values-by-new-value "BUILD_CPU_LIMIT" build-cpu-limit)
(cm/replace-all-matching-values-by-new-value "BUILD_MEMORY_REQUEST" build-memory-request)
(cm/replace-all-matching-values-by-new-value "BUILD_MEMORY_LIMIT" build-memory-limit))))
(defn-spec generate-nginx-configmap map?
@ -101,20 +101,39 @@
name (replace-dots-by-minus unique-name)]
(->
(yaml/load-as-edn "website/nginx-configmap.yaml")
(replace-all-matching-prefixes "NAME" name)
(#(assoc-in % [:data :website.conf]
(assoc-in [:metadata :namespace] name)
(replace-all-matching-substrings-beginning-with "NAME" name)
(#(assoc-in %
[:data :website.conf]
(str/replace
(-> % :data :website.conf)
#"FQDN"
(str (str/join " " fqdns) ";"))))
(#(assoc-in % [:data :website.conf]
(str/replace
(-> % :data :website.conf)
#"REDIRECTS"
(generate-redirects config 2)))))))
(-> % :data :website.conf) #"FQDN" (str (str/join " " fqdns) ";")))))))
(defn-spec generate-build-secret pred/map-or-seq?
(defn-spec generate-nginx-service map?
[config websiteconfig?]
(let [{:keys [unique-name]} config
name (replace-dots-by-minus unique-name)]
(->
(yaml/load-as-edn "website/nginx-service.yaml")
(assoc-in [:metadata :namespace] name)
(replace-all-matching-substrings-beginning-with "NAME" name))))
(defn-spec generate-website-build-cron map?
[config websiteconfig?]
(let [{:keys [unique-name build-cpu-request build-cpu-limit build-memory-request
build-memory-limit]} config
name (replace-dots-by-minus unique-name)]
(->
(yaml/load-as-edn "website/build-cron.yaml")
(replace-all-matching-substrings-beginning-with "NAME" name)
(cm/replace-all-matching-values-by-new-value "BUILD_CPU_REQUEST" build-cpu-request)
(cm/replace-all-matching-values-by-new-value "BUILD_CPU_LIMIT" build-cpu-limit)
(cm/replace-all-matching-values-by-new-value "BUILD_MEMORY_REQUEST" build-memory-request)
(cm/replace-all-matching-values-by-new-value "BUILD_MEMORY_LIMIT" build-memory-limit))))
(defn-spec generate-website-build-secret pred/map-or-seq?
[config websiteconfig?
auth websiteauth?]
(let [{:keys [unique-name
@ -126,7 +145,7 @@
name (replace-dots-by-minus unique-name)]
(->
(yaml/load-as-edn "website/build-secret.yaml")
(replace-all-matching-prefixes "NAME" name)
(replace-all-matching-substrings-beginning-with "NAME" name)
(cm/replace-all-matching-values-by-new-value "TOKEN" (b64/encode authtoken))
(cm/replace-all-matching-values-by-new-value "REPOURL" (b64/encode
(generate-gitrepourl
@ -141,63 +160,24 @@
username))))))
(defn-spec generate-content-pvc map?
(defn-spec generate-website-content-volume map?
[config websiteconfig?]
(let [{:keys [unique-name volume-size]} config
name (replace-dots-by-minus unique-name)]
(->
(yaml/load-as-edn "website/content-pvc.yaml")
(replace-all-matching-prefixes "NAME" name)
(replace-all-matching-substrings-beginning-with "NAME" name)
(cm/replace-all-matching-values-by-new-value "WEBSITESTORAGESIZE" (str volume-size "Gi")))))
; TODO: Non-Secret-Parts should be config map
(defn-spec generate-hash-state-pvc map?
(defn-spec generate-hashfile-volume map?
[config websiteconfig?]
(let [{:keys [unique-name]} config
name (replace-dots-by-minus unique-name)]
(->
(yaml/load-as-edn "website/hash-state-pvc.yaml")
(replace-all-matching-prefixes "NAME" name))))
(defn-spec generate-nginx-deployment map?
[config websiteconfig?]
(let [{:keys [unique-name build-cpu-request build-cpu-limit
build-memory-request build-memory-limit]} config
name (replace-dots-by-minus unique-name)]
(->
(yaml/load-as-edn "website/nginx-deployment.yaml")
(assoc-in [:metadata :namespace] name)
(replace-all-matching-prefixes "NAME" name)
(cm/replace-all-matching-values-by-new-value "BUILD_CPU_REQUEST" build-cpu-request)
(cm/replace-all-matching-values-by-new-value "BUILD_CPU_LIMIT" build-cpu-limit)
(cm/replace-all-matching-values-by-new-value "BUILD_MEMORY_REQUEST" build-memory-request)
(cm/replace-all-matching-values-by-new-value "BUILD_MEMORY_LIMIT" build-memory-limit))))
(defn-spec generate-build-cron map?
[config websiteconfig?]
(let [{:keys [unique-name build-cpu-request build-cpu-limit build-memory-request
build-memory-limit]} config
name (replace-dots-by-minus unique-name)]
(->
(yaml/load-as-edn "website/build-cron.yaml")
(replace-all-matching-prefixes "NAME" name)
(cm/replace-all-matching-values-by-new-value "BUILD_CPU_REQUEST" build-cpu-request)
(cm/replace-all-matching-values-by-new-value "BUILD_CPU_LIMIT" build-cpu-limit)
(cm/replace-all-matching-values-by-new-value "BUILD_MEMORY_REQUEST" build-memory-request)
(cm/replace-all-matching-values-by-new-value "BUILD_MEMORY_LIMIT" build-memory-limit))))
(defn-spec generate-nginx-service map?
[config websiteconfig?]
(let [{:keys [unique-name]} config
name (replace-dots-by-minus unique-name)]
(->
(yaml/load-as-edn "website/nginx-service.yaml")
(assoc-in [:metadata :namespace] name)
(replace-all-matching-prefixes "NAME" name))))
(replace-all-matching-substrings-beginning-with "NAME" name))))
#?(:cljs

View file

@ -2,7 +2,7 @@ apiVersion: v1
kind: ConfigMap
metadata:
name: etc-nginx
namespace: NAME
namespace: default
labels:
app.kubernetes.part-of: NAME-website
data:
@ -93,7 +93,5 @@ data:
location / {
try_files $uri $uri/ /index.html =404;
}
# redirects
REDIRECTS
}

View file

@ -5,49 +5,14 @@
[clojure.spec.test.alpha :as st]
[dda.c4k-website.website.website-internal :as cut]))
(st/instrument `cut/replace-dots-by-minus)
(st/instrument `cut/generate-gitrepourl)
(st/instrument `cut/generate-gitcommiturl)
(st/instrument `cut/replace-all-matching-prefixes)
(st/instrument `cut/generate-redirects)
(st/instrument `cut/generate-nginx-configmap)
(st/instrument `cut/generate-build-secret)
(st/instrument `cut/generate-content-pvc)
(st/instrument `cut/generate-hash-state-pvc)
(st/instrument `cut/generate-build-cron)
(st/instrument `cut/generate-nginx-service)
(deftest should-generate-redirects
(is (= "rewrite ^/products.html\\$ /offer.html permanent;\n rewrite ^/one-more\\$ /redirect permanent;"
(cut/generate-redirects {:issuer "staging"
:build-cpu-request "500m"
:build-cpu-limit "1700m"
:build-memory-request "256Mi"
:build-memory-limit "512Mi"
:volume-size "3"
:unique-name "test.io",
:redirects [["/products.html", "/offer.html"]
["/one-more", "/redirect"]]
:forgejo-host "gitea.evilorg",
:forgejo-repo "none",
:branchname "mablain",
:fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]}
2)))
(is (= ""
(cut/generate-redirects {:issuer "staging"
:build-cpu-request "500m"
:build-cpu-limit "1700m"
:build-memory-request "256Mi"
:build-memory-limit "512Mi"
:volume-size "3"
:unique-name "test.io",
:redirects []
:forgejo-host "gitea.evilorg",
:forgejo-repo "none",
:branchname "mablain",
:fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]}
0))))
(st/instrument `cut/generate-website-content-volume)
(st/instrument `cut/generate-hashfile-volume)
(st/instrument `cut/generate-website-ingress)
(st/instrument `cut/generate-website-certificate)
(st/instrument `cut/generate-website-build-cron)
(st/instrument `cut/generate-website-build-secret)
(deftest should-generate-resource-requests
(is (= {:requests {:cpu "1500m", :memory "512Mi"}, :limits {:cpu "3000m", :memory "1024Mi"}}
@ -56,8 +21,7 @@
:forgejo-repo "repo",
:issuer "staging",
:branchname "main",
:unique-name "test.io",
:redirects [],
:unique-name "test.io"
:build-cpu-request "1500m"
:build-cpu-limit "3000m"
:build-memory-request "512Mi"
@ -70,8 +34,7 @@
:forgejo-repo "repo",
:issuer "staging",
:branchname "main",
:unique-name "test.io",
:redirects [],
:unique-name "test.io"
:build-cpu-request "1500m"
:build-cpu-limit "3000m"
:build-memory-request "512Mi"
@ -79,8 +42,9 @@
:volume-size 3})
:metadata :namespace))))
(deftest should-generate-nginx-configmap-website
(is (= "server {\n listen 80 default_server;\n listen [::]:80 default_server;\n server_name test.de www.test.de test-it.de www.test-it.de;\n add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload'; \n add_header X-Frame-Options \"SAMEORIGIN\";\n add_header X-Content-Type-Options nosniff;\n add_header Referrer-Policy \"strict-origin\";\n # add_header Permissions-Policy \"permissions here\";\n root /var/www/html/website/;\n index index.html;\n location / {\n try_files $uri $uri/ /index.html =404;\n }\n # redirects\n rewrite ^/products.html$ /offer.html permanent;\n rewrite ^/one-more$ /redirect permanent;\n}\n"
(is (= "server {\n listen 80 default_server;\n listen [::]:80 default_server;\n server_name test.de www.test.de test-it.de www.test-it.de;\n add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload'; \n add_header X-Frame-Options \"SAMEORIGIN\";\n add_header X-Content-Type-Options nosniff;\n add_header Referrer-Policy \"strict-origin\";\n # add_header Permissions-Policy \"permissions here\";\n root /var/www/html/website/;\n index index.html;\n location / {\n try_files $uri $uri/ /index.html =404;\n }\n}\n"
(:website.conf (:data (cut/generate-nginx-configmap {:issuer "staging"
:build-cpu-request "500m"
:build-cpu-limit "1700m"
@ -88,8 +52,6 @@
:build-memory-limit "512Mi"
:volume-size "3"
:unique-name "test.io",
:redirects [["/products.html", "/offer.html"]
["/one-more", "/redirect"]]
:forgejo-host "gitea.evilorg",
:forgejo-repo "none",
:branchname "mablain",
@ -102,7 +64,6 @@
:build-memory-limit "512Mi"
:volume-size "3"
:unique-name "test.io",
:redirects [],
:forgejo-host "gitea.evilorg",
:forgejo-repo "none",
:branchname "mablain",
@ -115,7 +76,6 @@
:build-memory-limit "512Mi"
:volume-size "3"
:unique-name "test.io",
:redirects [],
:forgejo-host "gitea.evilorg",
:forgejo-repo "none",
:branchname "mablain",
@ -132,7 +92,6 @@
:build-memory-limit "512Mi"
:volume-size "3"
:unique-name "test.io",
:redirects [],
:forgejo-host "gitea.evilorg",
:forgejo-repo "none",
:branchname "mablain",
@ -148,21 +107,19 @@
:spec
{:selector {:app "nginx"}, :ports [{:name "nginx-http", :port 80}]}}
(cut/generate-nginx-service {:issuer "staging"
:build-cpu-request "500m"
:build-cpu-limit "1700m"
:build-memory-request "256Mi"
:build-memory-limit "512Mi"
:volume-size "3"
:unique-name "test.io",
:redirects [],
:forgejo-host "gitea.evilorg",
:forgejo-repo "none",
:branchname "mablain",
:fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]})
:build-cpu-request "500m"
:build-cpu-limit "1700m"
:build-memory-request "256Mi"
:build-memory-limit "512Mi"
:volume-size "3"
:unique-name "test.io",
:forgejo-host "gitea.evilorg",
:forgejo-repo "none",
:branchname "mablain",
:fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]})
)))
(deftest should-generate-build-cron
(deftest should-generate-website-build-cron
(is (= {:apiVersion "batch/v1",
:kind "CronJob",
:metadata {:name "build-cron",
@ -192,7 +149,7 @@
:volumes [{:name "content-volume", :persistentVolumeClaim {:claimName "content-volume"}}
{:name "hash-state-volume", :persistentVolumeClaim {:claimName "hash-state-volume"}}],
:restartPolicy "OnFailure"}}}}}}
(cut/generate-build-cron {:issuer "staging"
(cut/generate-website-build-cron {:issuer "staging"
:build-cpu-request "500m"
:build-cpu-limit "1700m"
:build-memory-request "256Mi"
@ -202,10 +159,10 @@
:fqdns ["test.de" "test.org" "www.test.de" "www.test.org"],
:forgejo-repo "repo",
:branchname "main",
:unique-name "test.io",
:redirects [],}))))
:unique-name "test.io"}))))
(deftest should-generate-build-secret
(deftest should-generate-website-build-secret
(is (= {:apiVersion "v1",
:kind "Secret",
:metadata {:name "build-secret",
@ -215,12 +172,11 @@
{:AUTHTOKEN "YWJlZGpnYmFzZG9kag==",
:GITREPOURL "aHR0cHM6Ly9naXRsYWIuZGUvYXBpL3YxL3JlcG9zL3NvbWV1c2VyL3JlcG8vYXJjaGl2ZS9tYWluLnppcA==",
:GITCOMMITURL "aHR0cHM6Ly9naXRsYWIuZGUvYXBpL3YxL3JlcG9zL3NvbWV1c2VyL3JlcG8vZ2l0L2NvbW1pdHMvSEVBRA=="}}
(cut/generate-build-secret {:fqdns ["test.de" "test.org" "www.test.de" "www.test.org"],
(cut/generate-website-build-secret {:fqdns ["test.de" "test.org" "www.test.de" "www.test.org"],
:forgejo-repo "repo",
:issuer "staging",
:branchname "main",
:unique-name "test.io",
:redirects [],
:forgejo-host "gitlab.de"
:build-cpu-request "500m"
:build-cpu-limit "1700m"
@ -231,7 +187,7 @@
:authtoken "abedjgbasdodj",
:username "someuser"}))))
(deftest should-generate-content-pvc
(deftest should-generate-website-content-volume
(is (= {:apiVersion "v1",
:kind "PersistentVolumeClaim",
:metadata
@ -242,21 +198,19 @@
{:storageClassName "local-path",
:accessModes ["ReadWriteOnce"],
:resources {:requests {:storage "3Gi"}}}}
(cut/generate-content-pvc {:issuer "staging"
(cut/generate-website-content-volume {:issuer "staging"
:build-cpu-request "500m"
:build-cpu-limit "1700m"
:build-memory-request "256Mi"
:build-memory-limit "512Mi"
:volume-size "3"
:unique-name "test.io",
:redirects [],
:forgejo-host "gitea.evilorg",
:forgejo-repo "none",
:branchname "mablain",
:fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]}))))
(deftest should-generate-hash-state-pvc
(deftest should-generate-hashfile-volume
(is (= {:apiVersion "v1",
:kind "PersistentVolumeClaim",
:metadata
@ -266,15 +220,14 @@
:spec {:storageClassName "local-path",
:accessModes ["ReadWriteOnce"],
:resources {:requests {:storage "16Mi"}}}}
(cut/generate-hash-state-pvc {:issuer "staging"
(cut/generate-hashfile-volume {:issuer "staging"
:build-cpu-request "500m"
:build-cpu-limit "1700m"
:build-memory-request "256Mi"
:build-memory-limit "512Mi"
:volume-size "3"
:unique-name "test.io",
:redirects [],
:forgejo-host "gitea.evilorg",
:forgejo-repo "none",
:branchname "mablain",
:fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]}))))
:fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]}))))