Compare commits

...

5 commits

7 changed files with 160 additions and 159 deletions

View file

@ -6,6 +6,6 @@ metadata:
labels: labels:
app.kubernetes.part-of: NAME-website app.kubernetes.part-of: NAME-website
data: data:
AUTHTOKEN: TOKEN AUTHTOKEN: TOKEN
GITREPOURL: REPOURL GITREPOURL: REPOURL
GITCOMMITURL: COMMITURL GITCOMMITURL: COMMITURL

View file

@ -12,4 +12,3 @@ spec:
resources: resources:
requests: requests:
storage: WEBSITESTORAGESIZE storage: WEBSITESTORAGESIZE

View file

@ -12,4 +12,3 @@ spec:
resources: resources:
requests: requests:
storage: 16Mi storage: 16Mi

View file

@ -9,7 +9,7 @@ data:
nginx.conf: | nginx.conf: |
user nginx; user nginx;
worker_processes 3; worker_processes 3;
error_log stdout info; error_log /var/log/nginx/error.log info;
pid /var/log/nginx/nginx.pid; pid /var/log/nginx/nginx.pid;
worker_rlimit_nofile 8192; worker_rlimit_nofile 8192;
events { events {
@ -21,7 +21,7 @@ data:
log_format main '$remote_addr - $remote_user [$time_local] $status' log_format main '$remote_addr - $remote_user [$time_local] $status'
'"$request" $body_bytes_sent "$http_referer"' '"$request" $body_bytes_sent "$http_referer"'
'"$http_user_agent" "$http_x_forwarded_for"'; '"$http_user_agent" "$http_x_forwarded_for"';
access_log stdout main; access_log /var/log/nginx/access.log main;
sendfile on; sendfile on;
tcp_nopush on; tcp_nopush on;
keepalive_timeout 65; keepalive_timeout 65;
@ -96,4 +96,3 @@ data:
# redirects # redirects
REDIRECTS REDIRECTS
} }

View file

@ -18,40 +18,41 @@ spec:
app.kubernetes.part-of: NAME-website app.kubernetes.part-of: NAME-website
spec: spec:
containers: containers:
- name: nginx - name: nginx
image: nginx:latest image: nginx:latest
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
ports: ports:
- containerPort: 80 - containerPort: 80
volumeMounts: command: [ "/bin/bash", "-c", "nginx -g 'daemon off;'" ]
- mountPath: /etc/nginx volumeMounts:
readOnly: true - mountPath: /etc/nginx
name: etc-ngingx readOnly: true
- mountPath: /var/log/nginx name: etc-nginx
name: log - mountPath: /tmp
- mountPath: /var/www/html/website name: tmp
name: content-volume - mountPath: /var/www/html/website
readOnly: true name: content-volume
readOnly: true
initContainers: initContainers:
- image: domaindrivenarchitecture/c4k-website-build - image: domaindrivenarchitecture/c4k-website-build
name: init-build-container name: init-build-container
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
resources: resources:
requests: requests:
cpu: BUILD_CPU_REQUEST cpu: BUILD_CPU_REQUEST
memory: BUILD_MEMORY_REQUEST memory: BUILD_MEMORY_REQUEST
limits: limits:
cpu: BUILD_CPU_LIMIT cpu: BUILD_CPU_LIMIT
memory: BUILD_MEMORY_LIMIT memory: BUILD_MEMORY_LIMIT
command: ["/entrypoint.sh"] command: ["/entrypoint.sh"]
envFrom: envFrom:
- secretRef: - secretRef:
name: build-secret name: build-secret
volumeMounts: volumeMounts:
- name: content-volume - name: content-volume
mountPath: /var/www/html/website mountPath: /var/www/html/website
- name: hash-state-volume - name: hash-state-volume
mountPath: /var/hashfile.d mountPath: /var/hashfile.d
volumes: volumes:
- name: etc-nginx - name: etc-nginx
configMap: configMap:
@ -62,8 +63,8 @@ spec:
- key: website.conf - key: website.conf
path: conf.d/website.conf path: conf.d/website.conf
- key: mime.types - key: mime.types
path: mime.types path: mime.types
- name: log - name: tmp
emptyDir: {} emptyDir: {}
- name: content-volume - name: content-volume
persistentVolumeClaim: persistentVolumeClaim:
@ -71,4 +72,3 @@ spec:
- name: hash-state-volume - name: hash-state-volume
persistentVolumeClaim: persistentVolumeClaim:
claimName: hash-state-volume claimName: hash-state-volume

View file

@ -6,10 +6,9 @@ metadata:
labels: labels:
app: NAME app: NAME
app.kubernetes.part-of: NAME-website app.kubernetes.part-of: NAME-website
spec: spec:
selector: selector:
app: nginx app: nginx
ports: ports:
- name: nginx-http - name: nginx-http
port: 80 port: 80

View file

@ -1,5 +1,6 @@
(ns dda.c4k-website.website.website-internal-test (ns dda.c4k-website.website.website-internal-test
(:require (:require
[clojure.string :as str]
#?(:clj [clojure.test :refer [deftest is are testing run-tests]] #?(:clj [clojure.test :refer [deftest is are testing run-tests]]
:cljs [cljs.test :refer-macros [deftest is are testing run-tests]]) :cljs [cljs.test :refer-macros [deftest is are testing run-tests]])
[clojure.spec.test.alpha :as st] [clojure.spec.test.alpha :as st]
@ -17,6 +18,7 @@
(st/instrument `cut/generate-build-cron) (st/instrument `cut/generate-build-cron)
(st/instrument `cut/generate-nginx-service) (st/instrument `cut/generate-nginx-service)
(deftest should-generate-redirects (deftest should-generate-redirects
(is (= "rewrite ^/products.html\\$ /offer.html permanent;\n rewrite ^/one-more\\$ /redirect permanent;" (is (= "rewrite ^/products.html\\$ /offer.html permanent;\n rewrite ^/one-more\\$ /redirect permanent;"
(cut/generate-redirects {:issuer "staging" (cut/generate-redirects {:issuer "staging"
@ -78,65 +80,69 @@
:build-memory-limit "1024Mi" :build-memory-limit "1024Mi"
:volume-size 3}) :volume-size 3})
:metadata :namespace)))) :metadata :namespace))))
(deftest should-generate-nginx-configmap-website
#?(:clj (deftest should-generate-nginx-configmap-website (is (str/includes?
(is (= "server {\n listen 80 default_server;\n listen [::]:80 default_server;\n server_name test.de www.test.de test-it.de www.test-it.de;\n add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload'; \n add_header X-Frame-Options \"SAMEORIGIN\";\n add_header X-Content-Type-Options nosniff;\n add_header Referrer-Policy \"strict-origin\";\n # add_header Permissions-Policy \"permissions here\";\n root /var/www/html/website/;\n index index.html;\n location / {\n try_files $uri $uri/ /index.html =404;\n }\n # redirects\n rewrite ^/products.html$ /offer.html permanent;\n rewrite ^/one-more$ /redirect permanent;\n}\n" (:website.conf (:data (cut/generate-nginx-configmap {:issuer "staging"
(:website.conf (:data (cut/generate-nginx-configmap {:issuer "staging" :build-cpu-request "500m"
:build-cpu-request "500m" :build-cpu-limit "1700m"
:build-cpu-limit "1700m" :build-memory-request "256Mi"
:build-memory-request "256Mi" :build-memory-limit "512Mi"
:build-memory-limit "512Mi" :volume-size "3"
:volume-size "3" :unique-name "test.io",
:unique-name "test.io", :redirects [["/products.html", "/offer.html"]
:redirects [["/products.html", "/offer.html"] ["/one-more", "/redirect"]]
["/one-more", "/redirect"]] :forgejo-host "gitea.evilorg",
:forgejo-host "gitea.evilorg", :forgejo-repo "none",
:forgejo-repo "none", :branchname "mablain",
:branchname "mablain", :fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]})))
:fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]}))))) " /offer.html permanent;\n"))
(is (= "types {\n text/html html htm shtml;\n text/css css;\n text/xml xml rss;\n image/gif gif;\n image/jpeg jpeg jpg;\n application/x-javascript js;\n text/plain txt;\n text/x-component htc;\n text/mathml mml;\n image/svg+xml svg svgz;\n image/png png;\n image/x-icon ico;\n image/x-jng jng;\n image/vnd.wap.wbmp wbmp;\n application/java-archive jar war ear;\n application/mac-binhex40 hqx;\n application/pdf pdf;\n application/x-cocoa cco;\n application/x-java-archive-diff jardiff;\n application/x-java-jnlp-file jnlp;\n application/x-makeself run;\n application/x-perl pl pm;\n application/x-pilot prc pdb;\n application/x-rar-compressed rar;\n application/x-redhat-package-manager rpm;\n application/x-sea sea;\n application/x-shockwave-flash swf;\n application/x-stuffit sit;\n application/x-tcl tcl tk;\n application/x-x509-ca-cert der pem crt;\n application/x-xpinstall xpi;\n application/zip zip;\n application/octet-stream deb;\n application/octet-stream bin exe dll;\n application/octet-stream dmg;\n application/octet-stream eot;\n application/octet-stream iso img;\n application/octet-stream msi msp msm;\n audio/mpeg mp3;\n audio/x-realaudio ra;\n video/mpeg mpeg mpg;\n video/quicktime mov;\n video/x-flv flv;\n video/x-msvideo avi;\n video/x-ms-wmv wmv;\n video/x-ms-asf asx asf;\n video/x-mng mng;\n}\n" (is (str/includes?
(:mime.types (:data (cut/generate-nginx-configmap {:issuer "staging" (:website.conf (:data (cut/generate-nginx-configmap {:issuer "staging"
:build-cpu-request "500m" :build-cpu-request "500m"
:build-cpu-limit "1700m" :build-cpu-limit "1700m"
:build-memory-request "256Mi" :build-memory-request "256Mi"
:build-memory-limit "512Mi" :build-memory-limit "512Mi"
:volume-size "3" :volume-size "3"
:unique-name "test.io", :unique-name "test.io",
:redirects [], :redirects [["/products.html", "/offer.html"]
:forgejo-host "gitea.evilorg", ["/one-more", "/redirect"]]
:forgejo-repo "none", :forgejo-host "gitea.evilorg",
:branchname "mablain", :forgejo-repo "none",
:fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]}))))) :branchname "mablain",
(is (= "user nginx;\nworker_processes 3;\nerror_log stdout info;\npid /var/log/nginx/nginx.pid;\nworker_rlimit_nofile 8192;\nevents {\n worker_connections 4096;\n}\nhttp {\n include /etc/nginx/mime.types;\n default_type application/octet-stream;\n log_format main '$remote_addr - $remote_user [$time_local] $status'\n '\"$request\" $body_bytes_sent \"$http_referer\"'\n '\"$http_user_agent\" \"$http_x_forwarded_for\"';\n access_log stdout main;\n sendfile on;\n tcp_nopush on;\n keepalive_timeout 65;\n server_names_hash_bucket_size 128;\n include /etc/nginx/conf.d/website.conf;\n}\n" :fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]})))
(:nginx.conf (:data (cut/generate-nginx-configmap {:issuer "staging" " /redirect permanent;\n"))
:build-cpu-request "500m" (is (str/includes?
:build-cpu-limit "1700m" (:website.conf (:data (cut/generate-nginx-configmap {:issuer "staging"
:build-memory-request "256Mi" :build-cpu-request "500m"
:build-memory-limit "512Mi" :build-cpu-limit "1700m"
:volume-size "3" :build-memory-request "256Mi"
:unique-name "test.io", :build-memory-limit "512Mi"
:redirects [], :volume-size "3"
:forgejo-host "gitea.evilorg", :unique-name "test.io",
:forgejo-repo "none", :redirects [],
:branchname "mablain", :forgejo-host "gitea.evilorg",
:fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]}))))) :forgejo-repo "none",
(is (= {:apiVersion "v1", :branchname "mablain",
:kind "ConfigMap", :fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]})))
:metadata {:labels {:app.kubernetes.part-of "test-io-website"}, "server_name test.de www.test.de test-it.de www.test-it.de;"))
:namespace "test-io", (is (= {:apiVersion "v1",
:name "etc-nginx"}} :kind "ConfigMap",
(dissoc (cut/generate-nginx-configmap {:issuer "staging" :metadata {:labels {:app.kubernetes.part-of "test-io-website"},
:build-cpu-request "500m" :namespace "test-io",
:build-cpu-limit "1700m" :name "etc-nginx"}}
:build-memory-request "256Mi" (dissoc (cut/generate-nginx-configmap {:issuer "staging"
:build-memory-limit "512Mi" :build-cpu-request "500m"
:volume-size "3" :build-cpu-limit "1700m"
:unique-name "test.io", :build-memory-request "256Mi"
:redirects [], :build-memory-limit "512Mi"
:forgejo-host "gitea.evilorg", :volume-size "3"
:forgejo-repo "none", :unique-name "test.io",
:branchname "mablain", :redirects [],
:fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]}) :data))))) :forgejo-host "gitea.evilorg",
:forgejo-repo "none",
:branchname "mablain",
:fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]})
:data))))
(deftest should-generate-nginx-service (deftest should-generate-nginx-service
(is (= {:kind "Service", (is (= {:kind "Service",
@ -158,8 +164,7 @@
:forgejo-host "gitea.evilorg", :forgejo-host "gitea.evilorg",
:forgejo-repo "none", :forgejo-repo "none",
:branchname "mablain", :branchname "mablain",
:fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]}) :fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]}))))
)))
(deftest should-generate-build-cron (deftest should-generate-build-cron
@ -179,7 +184,7 @@
{:namespace "test-io", {:namespace "test-io",
:labels :labels
{:app "build-cron", :app.kubernetes.part-of "test-io-website"}} {:app "build-cron", :app.kubernetes.part-of "test-io-website"}}
:spec :spec
{:containers {:containers
[{:image "domaindrivenarchitecture/c4k-website-build", [{:image "domaindrivenarchitecture/c4k-website-build",
:name "build-cron-container", :name "build-cron-container",
@ -193,22 +198,22 @@
{:name "hash-state-volume", :persistentVolumeClaim {:claimName "hash-state-volume"}}], {:name "hash-state-volume", :persistentVolumeClaim {:claimName "hash-state-volume"}}],
:restartPolicy "OnFailure"}}}}}} :restartPolicy "OnFailure"}}}}}}
(cut/generate-build-cron {:issuer "staging" (cut/generate-build-cron {:issuer "staging"
:build-cpu-request "500m" :build-cpu-request "500m"
:build-cpu-limit "1700m" :build-cpu-limit "1700m"
:build-memory-request "256Mi" :build-memory-request "256Mi"
:build-memory-limit "512Mi" :build-memory-limit "512Mi"
:volume-size "3" :volume-size "3"
:forgejo-host "gitlab.de", :forgejo-host "gitlab.de",
:fqdns ["test.de" "test.org" "www.test.de" "www.test.org"], :fqdns ["test.de" "test.org" "www.test.de" "www.test.org"],
:forgejo-repo "repo", :forgejo-repo "repo",
:branchname "main", :branchname "main",
:unique-name "test.io", :unique-name "test.io",
:redirects [],})))) :redirects []}))))
(deftest should-generate-build-secret (deftest should-generate-build-secret
(is (= {:apiVersion "v1", (is (= {:apiVersion "v1",
:kind "Secret", :kind "Secret",
:metadata {:name "build-secret", :metadata {:name "build-secret",
:namespace "test-io", :namespace "test-io",
:labels {:app.kubernetes.part-of "test-io-website"}}, :labels {:app.kubernetes.part-of "test-io-website"}},
:data :data
@ -216,20 +221,20 @@
:GITREPOURL "aHR0cHM6Ly9naXRsYWIuZGUvYXBpL3YxL3JlcG9zL3NvbWV1c2VyL3JlcG8vYXJjaGl2ZS9tYWluLnppcA==", :GITREPOURL "aHR0cHM6Ly9naXRsYWIuZGUvYXBpL3YxL3JlcG9zL3NvbWV1c2VyL3JlcG8vYXJjaGl2ZS9tYWluLnppcA==",
:GITCOMMITURL "aHR0cHM6Ly9naXRsYWIuZGUvYXBpL3YxL3JlcG9zL3NvbWV1c2VyL3JlcG8vZ2l0L2NvbW1pdHMvSEVBRA=="}} :GITCOMMITURL "aHR0cHM6Ly9naXRsYWIuZGUvYXBpL3YxL3JlcG9zL3NvbWV1c2VyL3JlcG8vZ2l0L2NvbW1pdHMvSEVBRA=="}}
(cut/generate-build-secret {:fqdns ["test.de" "test.org" "www.test.de" "www.test.org"], (cut/generate-build-secret {:fqdns ["test.de" "test.org" "www.test.de" "www.test.org"],
:forgejo-repo "repo", :forgejo-repo "repo",
:issuer "staging", :issuer "staging",
:branchname "main", :branchname "main",
:unique-name "test.io", :unique-name "test.io",
:redirects [], :redirects [],
:forgejo-host "gitlab.de" :forgejo-host "gitlab.de"
:build-cpu-request "500m" :build-cpu-request "500m"
:build-cpu-limit "1700m" :build-cpu-limit "1700m"
:build-memory-request "256Mi" :build-memory-request "256Mi"
:build-memory-limit "512Mi" :build-memory-limit "512Mi"
:volume-size "3"} :volume-size "3"}
{:unique-name "test.io", {:unique-name "test.io",
:authtoken "abedjgbasdodj", :authtoken "abedjgbasdodj",
:username "someuser"})))) :username "someuser"}))))
(deftest should-generate-content-pvc (deftest should-generate-content-pvc
(is (= {:apiVersion "v1", (is (= {:apiVersion "v1",
@ -243,17 +248,17 @@
:accessModes ["ReadWriteOnce"], :accessModes ["ReadWriteOnce"],
:resources {:requests {:storage "3Gi"}}}} :resources {:requests {:storage "3Gi"}}}}
(cut/generate-content-pvc {:issuer "staging" (cut/generate-content-pvc {:issuer "staging"
:build-cpu-request "500m" :build-cpu-request "500m"
:build-cpu-limit "1700m" :build-cpu-limit "1700m"
:build-memory-request "256Mi" :build-memory-request "256Mi"
:build-memory-limit "512Mi" :build-memory-limit "512Mi"
:volume-size "3" :volume-size "3"
:unique-name "test.io", :unique-name "test.io",
:redirects [], :redirects [],
:forgejo-host "gitea.evilorg", :forgejo-host "gitea.evilorg",
:forgejo-repo "none", :forgejo-repo "none",
:branchname "mablain", :branchname "mablain",
:fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]})))) :fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]}))))
(deftest should-generate-hash-state-pvc (deftest should-generate-hash-state-pvc
@ -263,18 +268,18 @@
{:name "hash-state-volume", {:name "hash-state-volume",
:namespace "test-io", :namespace "test-io",
:labels {:app.kubernetes.part-of "test-io-website"}}, :labels {:app.kubernetes.part-of "test-io-website"}},
:spec {:storageClassName "local-path", :spec {:storageClassName "local-path",
:accessModes ["ReadWriteOnce"], :accessModes ["ReadWriteOnce"],
:resources {:requests {:storage "16Mi"}}}} :resources {:requests {:storage "16Mi"}}}}
(cut/generate-hash-state-pvc {:issuer "staging" (cut/generate-hash-state-pvc {:issuer "staging"
:build-cpu-request "500m" :build-cpu-request "500m"
:build-cpu-limit "1700m" :build-cpu-limit "1700m"
:build-memory-request "256Mi" :build-memory-request "256Mi"
:build-memory-limit "512Mi" :build-memory-limit "512Mi"
:volume-size "3" :volume-size "3"
:unique-name "test.io", :unique-name "test.io",
:redirects [], :redirects [],
:forgejo-host "gitea.evilorg", :forgejo-host "gitea.evilorg",
:forgejo-repo "none", :forgejo-repo "none",
:branchname "mablain", :branchname "mablain",
:fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]})))) :fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]}))))