feature/introduce-namespaces #3
9 changed files with 583 additions and 377 deletions
|
@ -17,3 +17,65 @@ sequenceDiagram
|
||||||
j ->> j: cp /target/html to website
|
j ->> j: cp /target/html to website
|
||||||
deactivate j
|
deactivate j
|
||||||
```
|
```
|
||||||
|
|
||||||
|
# Runtime view
|
||||||
|
|
||||||
|
For the example configuration
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
issuer: "staging"
|
||||||
|
websites:
|
||||||
|
- unique-name: "test.io"
|
||||||
|
fqdns: ["test.de", "test.org", "www.test.de", "www.test.org"]
|
||||||
|
forgejo-host: "codeberg.org"
|
||||||
|
forgejo-repo: "repo"
|
||||||
|
branchname: "main"
|
||||||
|
- unique-name: "example.io"
|
||||||
|
fqdns: ["example.org", "www.example.com"]
|
||||||
|
forgejo-host: "fineForgejoHost.net"
|
||||||
|
forgejo-repo: "repo"
|
||||||
|
branchname: "main"
|
||||||
|
mon-cfg:
|
||||||
|
grafana-cloud-url: "url-for-your-prom-remote-write-endpoint"
|
||||||
|
cluster-name: "website"
|
||||||
|
cluster-stage: "test"
|
||||||
|
```
|
||||||
|
|
||||||
|
the website runtime looks like:
|
||||||
|
|
||||||
|
```mermaid
|
||||||
|
C4Context
|
||||||
|
title c4k-webserver
|
||||||
|
Boundary(k8s, "cluster") {
|
||||||
|
Boundary(test_io, "namespace test-io"){
|
||||||
|
System(website_ingt, "ingress f. test.de")
|
||||||
|
Boundary(test_de_srv_t, "webserver") {
|
||||||
|
System(wst, "webserver")
|
||||||
|
SystemDb(file_htmlt, "static html")
|
||||||
|
Rel(wst, file_htmlt, "file ro")
|
||||||
|
}
|
||||||
|
Boundary(aab, "cron generate website") {
|
||||||
|
System(git_clonet, "git clone/pull & generate.sh & copy to static html")
|
||||||
|
SystemDb(file_gitt, "git repo for test.io")
|
||||||
|
Rel(git_clonet, file_gitt, "file rw")
|
||||||
|
Rel(file_gitt, file_htmlt, "file rw")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
Rel(website_ingt, wst, "http")
|
||||||
|
Boundary(example_io, "namespace example-io"){
|
||||||
|
System(website_inge, "ingress f. example.org")
|
||||||
|
Boundary(test_de_srv_e, "webserver") {
|
||||||
|
System(wse, "webserver")
|
||||||
|
SystemDb(file_htmle, "static html")
|
||||||
|
Rel(wse, file_htmle, "file ro")
|
||||||
|
}
|
||||||
|
Boundary(aeb, "cron generate website") {
|
||||||
|
System(git_clonee, "git clone/pull & generate.sh & copy to static html")
|
||||||
|
SystemDb(file_gite, "git repo for example.io")
|
||||||
|
Rel(git_clonee, file_gite, "file rw")
|
||||||
|
Rel(file_gite, file_htmle, "file rw")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
Rel(website_inge, wse, "http")
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
|
@ -49,7 +49,9 @@
|
||||||
[auth auth?]
|
[auth auth?]
|
||||||
(-> auth :auth first))
|
(-> auth :auth first))
|
||||||
|
|
||||||
(defn generate-configs [config auth]
|
(defn-spec generate seq?
|
||||||
|
[config config?
|
||||||
|
auth auth?]
|
||||||
(loop [config (sort-config config)
|
(loop [config (sort-config config)
|
||||||
auth (sort-auth auth)
|
auth (sort-auth auth)
|
||||||
result []]
|
result []]
|
||||||
|
@ -64,14 +66,16 @@
|
||||||
(assoc-in [:auth] (rest (auth :auth))))
|
(assoc-in [:auth] (rest (auth :auth))))
|
||||||
(conj result
|
(conj result
|
||||||
(website/generate-nginx-deployment (flatten-and-reduce-config config))
|
(website/generate-nginx-deployment (flatten-and-reduce-config config))
|
||||||
(website/generate-nginx-configmap (flatten-and-reduce-config config))
|
;(website/generate-nginx-configmap (flatten-and-reduce-config config))
|
||||||
(website/generate-nginx-service (flatten-and-reduce-config config))
|
;(website/generate-nginx-service (flatten-and-reduce-config config))
|
||||||
(website/generate-website-content-volume (flatten-and-reduce-config config))
|
;(website/generate-website-content-volume (flatten-and-reduce-config config))
|
||||||
(website/generate-hashfile-volume (flatten-and-reduce-config config))
|
;(website/generate-hashfile-volume (flatten-and-reduce-config config))
|
||||||
(website/generate-website-ingress (flatten-and-reduce-config config))
|
;(website/generate-website-ingress (flatten-and-reduce-config config))
|
||||||
(website/generate-website-certificate (flatten-and-reduce-config config))
|
;(website/generate-website-certificate (flatten-and-reduce-config config))
|
||||||
(website/generate-website-build-cron (flatten-and-reduce-config config))
|
;(website/generate-website-build-cron (flatten-and-reduce-config config))
|
||||||
(website/generate-website-build-secret (flatten-and-reduce-config config) (flatten-and-reduce-auth auth)))))))
|
;(website/generate-website-build-secret (flatten-and-reduce-config config)
|
||||||
|
; (flatten-and-reduce-auth auth))
|
||||||
|
)))))
|
||||||
|
|
||||||
(defn-spec k8s-objects cp/map-or-seq?
|
(defn-spec k8s-objects cp/map-or-seq?
|
||||||
[config config?
|
[config config?
|
||||||
|
@ -81,6 +85,6 @@
|
||||||
(filter
|
(filter
|
||||||
#(not (nil? %))
|
#(not (nil? %))
|
||||||
(cm/concat-vec
|
(cm/concat-vec
|
||||||
(generate-configs config auth)
|
(generate config auth)
|
||||||
(when (:contains? config :mon-cfg)
|
(when (:contains? config :mon-cfg)
|
||||||
(mon/generate (:mon-cfg config) (:mon-auth auth))))))))
|
(mon/generate (:mon-cfg config) (:mon-auth auth))))))))
|
||||||
|
|
|
@ -3,32 +3,21 @@
|
||||||
[clojure.spec.alpha :as s]
|
[clojure.spec.alpha :as s]
|
||||||
#?(:clj [orchestra.core :refer [defn-spec]]
|
#?(:clj [orchestra.core :refer [defn-spec]]
|
||||||
:cljs [orchestra.core :refer-macros [defn-spec]])
|
:cljs [orchestra.core :refer-macros [defn-spec]])
|
||||||
#?(:cljs [dda.c4k-common.macros :refer-macros [inline-resources]])
|
[dda.c4k-website.website.website-internal :as int]))
|
||||||
[dda.c4k-common.yaml :as yaml]
|
|
||||||
[dda.c4k-common.common :as cm]
|
|
||||||
[dda.c4k-common.base64 :as b64]
|
|
||||||
[dda.c4k-common.predicate :as pred]
|
|
||||||
[dda.c4k-common.ingress :as ing]
|
|
||||||
[clojure.string :as str]))
|
|
||||||
|
|
||||||
(defn fqdn-list?
|
(s/def ::unique-name ::int/unique-name)
|
||||||
[input]
|
(s/def ::issuer ::int/issuer)
|
||||||
(every? true? (map pred/fqdn-string? input)))
|
(s/def ::volume-size ::int/volume-size)
|
||||||
|
(s/def ::authtoken ::int/authtoken)
|
||||||
(s/def ::unique-name string?)
|
(s/def ::fqdns ::int/fqdns)
|
||||||
(s/def ::sha256sum-output string?)
|
(s/def ::forgejo-host ::int/forgejo-host)
|
||||||
(s/def ::issuer pred/letsencrypt-issuer?)
|
(s/def ::forgejo-repo ::int/forgejo-repo)
|
||||||
(s/def ::volume-size pred/integer-string?)
|
(s/def ::branchname ::int/branchname)
|
||||||
(s/def ::authtoken pred/bash-env-string?)
|
(s/def ::username ::int/username)
|
||||||
(s/def ::fqdns (s/coll-of pred/fqdn-string?))
|
(s/def ::build-cpu-request ::int/build-cpu-request)
|
||||||
(s/def ::forgejo-host pred/fqdn-string?)
|
(s/def ::build-memory-request ::int/build-memory-request)
|
||||||
(s/def ::forgejo-repo string?)
|
(s/def ::build-cpu-limit ::int/build-cpu-limit)
|
||||||
(s/def ::branchname string?)
|
(s/def ::build-memory-limit ::int/build-memory-limit)
|
||||||
(s/def ::username string?)
|
|
||||||
(s/def ::build-cpu-request string?)
|
|
||||||
(s/def ::build-memory-request string?)
|
|
||||||
(s/def ::build-cpu-limit string?)
|
|
||||||
(s/def ::build-memory-limit string?)
|
|
||||||
|
|
||||||
(def websiteconfig? (s/keys :req-un [::unique-name
|
(def websiteconfig? (s/keys :req-un [::unique-name
|
||||||
::fqdns
|
::fqdns
|
||||||
|
@ -44,169 +33,15 @@
|
||||||
|
|
||||||
(def websiteauth? (s/keys :req-un [::unique-name ::username ::authtoken]))
|
(def websiteauth? (s/keys :req-un [::unique-name ::username ::authtoken]))
|
||||||
|
|
||||||
(s/def ::websites (s/coll-of websiteconfig?))
|
(def config-defaults {:issuer "staging"
|
||||||
|
:build-cpu-request "500m"
|
||||||
|
:build-cpu-limit "1700m"
|
||||||
|
:build-memory-request "256Mi"
|
||||||
|
:build-memory-limit "512Mi"
|
||||||
|
:volume-size "3"})
|
||||||
|
|
||||||
(s/def ::auth (s/coll-of websiteauth?))
|
(defn-spec generate-nginx-deployment map?
|
||||||
|
|
||||||
(def websites? (s/keys :req-un [::websites]))
|
|
||||||
|
|
||||||
(def auth? (s/keys :req-un [::auth]))
|
|
||||||
|
|
||||||
(defn-spec get-hash-from-sha256sum-output string?
|
|
||||||
[sha256sum-output string?]
|
|
||||||
(if (nil? sha256sum-output)
|
|
||||||
nil
|
|
||||||
(first (str/split sha256sum-output #"\ +"))))
|
|
||||||
|
|
||||||
(defn-spec get-file-name-from-sha256sum-output string?
|
|
||||||
[sha256sum-output string?]
|
|
||||||
(if (nil? sha256sum-output)
|
|
||||||
nil
|
|
||||||
(second (str/split (str/trim sha256sum-output) #"\ +"))))
|
|
||||||
|
|
||||||
(defn-spec replace-dots-by-minus string?
|
|
||||||
[fqdn pred/fqdn-string?]
|
|
||||||
(str/replace fqdn #"\." "-"))
|
|
||||||
|
|
||||||
(defn-spec generate-app-name string?
|
|
||||||
[unique-name pred/fqdn-string?]
|
|
||||||
(str (replace-dots-by-minus unique-name) "-website"))
|
|
||||||
|
|
||||||
(defn-spec generate-service-name string?
|
|
||||||
[unique-name pred/fqdn-string?]
|
|
||||||
(str (replace-dots-by-minus unique-name) "-service"))
|
|
||||||
|
|
||||||
(defn-spec generate-cert-name string?
|
|
||||||
[unique-name pred/fqdn-string?]
|
|
||||||
(str (replace-dots-by-minus unique-name) "-cert"))
|
|
||||||
|
|
||||||
(defn-spec generate-ingress-name string?
|
|
||||||
[unique-name pred/fqdn-string?]
|
|
||||||
(str (replace-dots-by-minus unique-name) "-ingress"))
|
|
||||||
|
|
||||||
; https://your.gitea.host/api/v1/repos/<owner>/<repo>/archive/<branch>.zip
|
|
||||||
(defn-spec generate-gitrepourl string?
|
|
||||||
[host pred/fqdn-string?
|
|
||||||
repo string?
|
|
||||||
user string?
|
|
||||||
branch string?]
|
|
||||||
(str "https://" host "/api/v1/repos/" user "/" repo "/archive/" branch ".zip"))
|
|
||||||
|
|
||||||
; https://your.gitea.host/api/v1/repos/<owner>/<repo>/git/commits/HEAD
|
|
||||||
(defn-spec generate-gitcommiturl string?
|
|
||||||
[host pred/fqdn-string?
|
|
||||||
repo string?
|
|
||||||
user string?]
|
|
||||||
(str "https://" host "/api/v1/repos/" user "/" repo "/git/" "commits/" "HEAD"))
|
|
||||||
|
|
||||||
(defn-spec replace-all-matching-substrings-beginning-with pred/map-or-seq?
|
|
||||||
[col pred/map-or-seq?
|
|
||||||
value-to-partly-match string?
|
|
||||||
value-to-inplace string?]
|
|
||||||
(clojure.walk/postwalk #(if (and (= (type value-to-partly-match) (type %))
|
|
||||||
(re-matches (re-pattern (str value-to-partly-match ".*")) %))
|
|
||||||
(str/replace % value-to-partly-match value-to-inplace) %)
|
|
||||||
col))
|
|
||||||
|
|
||||||
(defn-spec replace-common-data pred/map-or-seq?
|
|
||||||
[resource-file string?
|
|
||||||
config websiteconfig?]
|
|
||||||
(let [{:keys [unique-name]} config]
|
|
||||||
(->
|
|
||||||
(yaml/load-as-edn resource-file)
|
|
||||||
(assoc-in [:metadata :labels :app.kubernetes.part-of] (generate-app-name unique-name))
|
|
||||||
(replace-all-matching-substrings-beginning-with "NAME" (replace-dots-by-minus unique-name)))))
|
|
||||||
|
|
||||||
(defn-spec replace-build-data pred/map-or-seq?
|
|
||||||
[resource-file string?
|
|
||||||
config websiteconfig?]
|
|
||||||
(let [{:keys [build-cpu-request build-cpu-limit build-memory-request build-memory-limit]
|
|
||||||
:or {build-cpu-request "500m" build-cpu-limit "1700m" build-memory-request "256Mi" build-memory-limit "512Mi"}} config]
|
|
||||||
(->
|
|
||||||
(replace-common-data resource-file config)
|
|
||||||
(cm/replace-all-matching-values-by-new-value "BUILD_CPU_REQUEST" build-cpu-request)
|
|
||||||
(cm/replace-all-matching-values-by-new-value "BUILD_CPU_LIMIT" build-cpu-limit)
|
|
||||||
(cm/replace-all-matching-values-by-new-value "BUILD_MEMORY_REQUEST" build-memory-request)
|
|
||||||
(cm/replace-all-matching-values-by-new-value "BUILD_MEMORY_LIMIT" build-memory-limit))))
|
|
||||||
|
|
||||||
#?(:cljs
|
|
||||||
(defmethod yaml/load-resource :website [resource-name]
|
|
||||||
(get (inline-resources "website") resource-name)))
|
|
||||||
|
|
||||||
(defn-spec generate-nginx-deployment pred/map-or-seq?
|
|
||||||
[config websiteconfig?]
|
[config websiteconfig?]
|
||||||
(replace-build-data "website/nginx-deployment.yaml" config))
|
(let [final-config (merge config-defaults
|
||||||
|
config)]
|
||||||
(defn-spec generate-nginx-configmap pred/map-or-seq?
|
(int/generate-nginx-deployment final-config)))
|
||||||
[config websiteconfig?]
|
|
||||||
(let [{:keys [fqdns]} config]
|
|
||||||
(->
|
|
||||||
(replace-common-data "website/nginx-configmap.yaml" config)
|
|
||||||
(#(assoc-in %
|
|
||||||
[:data :website.conf]
|
|
||||||
(str/replace
|
|
||||||
(-> % :data :website.conf) #"FQDN" (str (str/join " " fqdns) ";")))))))
|
|
||||||
|
|
||||||
(defn-spec generate-nginx-service pred/map-or-seq?
|
|
||||||
[config websiteconfig?]
|
|
||||||
(replace-common-data "website/nginx-service.yaml" config))
|
|
||||||
|
|
||||||
(defn-spec generate-website-content-volume pred/map-or-seq?
|
|
||||||
[config websiteconfig?]
|
|
||||||
(let [{:keys [volume-size]
|
|
||||||
:or {volume-size "3"}} config]
|
|
||||||
(->
|
|
||||||
(replace-common-data "website/website-content-volume.yaml" config)
|
|
||||||
(cm/replace-all-matching-values-by-new-value "WEBSITESTORAGESIZE" (str volume-size "Gi")))))
|
|
||||||
|
|
||||||
(defn-spec generate-hashfile-volume pred/map-or-seq?
|
|
||||||
[config websiteconfig?]
|
|
||||||
(replace-common-data "website/hashfile-volume.yaml" config))
|
|
||||||
|
|
||||||
; using simple ingress instead removes the need of cert handling
|
|
||||||
(defn-spec generate-website-ingress pred/map-or-seq?
|
|
||||||
[config websiteconfig?]
|
|
||||||
(let [{:keys [unique-name fqdns]} config]
|
|
||||||
(ing/generate-ingress {:fqdns fqdns
|
|
||||||
:app-name (generate-app-name unique-name)
|
|
||||||
:ingress-name (generate-ingress-name unique-name)
|
|
||||||
:service-name (generate-service-name unique-name)
|
|
||||||
:service-port 80})))
|
|
||||||
|
|
||||||
(defn-spec generate-website-certificate pred/map-or-seq?
|
|
||||||
[config websiteconfig?]
|
|
||||||
(let [{:keys [unique-name issuer fqdns]
|
|
||||||
:or {issuer "staging"}} config]
|
|
||||||
(ing/generate-certificate {:fqdns fqdns
|
|
||||||
:app-name (generate-app-name unique-name)
|
|
||||||
:cert-name (generate-cert-name unique-name)
|
|
||||||
:issuer issuer})))
|
|
||||||
|
|
||||||
(defn-spec generate-website-build-cron pred/map-or-seq?
|
|
||||||
[config websiteconfig?]
|
|
||||||
(replace-build-data "website/website-build-cron.yaml" config))
|
|
||||||
|
|
||||||
; TODO: repo & commit-url sounds more like config map?
|
|
||||||
(defn-spec generate-website-build-secret pred/map-or-seq?
|
|
||||||
[config websiteconfig?
|
|
||||||
auth websiteauth?]
|
|
||||||
(let [{:keys [forgejo-host
|
|
||||||
forgejo-repo
|
|
||||||
branchname]} config
|
|
||||||
{:keys [authtoken
|
|
||||||
username]} auth]
|
|
||||||
(->
|
|
||||||
(replace-common-data "website/website-build-secret.yaml" config)
|
|
||||||
(cm/replace-all-matching-values-by-new-value "TOKEN" (b64/encode authtoken))
|
|
||||||
(cm/replace-all-matching-values-by-new-value "REPOURL" (b64/encode
|
|
||||||
(generate-gitrepourl
|
|
||||||
forgejo-host
|
|
||||||
forgejo-repo
|
|
||||||
username
|
|
||||||
branchname)))
|
|
||||||
(cm/replace-all-matching-values-by-new-value "COMMITURL" (b64/encode
|
|
||||||
(generate-gitcommiturl
|
|
||||||
forgejo-host
|
|
||||||
forgejo-repo
|
|
||||||
username))))))
|
|
||||||
|
|
||||||
|
|
235
src/main/cljc/dda/c4k_website/website/website_internal.cljc
Normal file
235
src/main/cljc/dda/c4k_website/website/website_internal.cljc
Normal file
|
@ -0,0 +1,235 @@
|
||||||
|
(ns dda.c4k-website.website.website-internal
|
||||||
|
(:require
|
||||||
|
[clojure.spec.alpha :as s]
|
||||||
|
[clojure.string :as str]
|
||||||
|
#?(:clj [orchestra.core :refer [defn-spec]]
|
||||||
|
:cljs [orchestra.core :refer-macros [defn-spec]])
|
||||||
|
#?(:cljs [dda.c4k-common.macros :refer-macros [inline-resources]])
|
||||||
|
[dda.c4k-common.yaml :as yaml]
|
||||||
|
[dda.c4k-common.common :as cm]
|
||||||
|
[dda.c4k-common.base64 :as b64]
|
||||||
|
[dda.c4k-common.predicate :as pred]
|
||||||
|
[dda.c4k-common.ingress :as ing]))
|
||||||
|
|
||||||
|
(defn fqdn-list?
|
||||||
|
[input]
|
||||||
|
(every? true? (map pred/fqdn-string? input)))
|
||||||
|
|
||||||
|
(s/def ::unique-name string?)
|
||||||
|
(s/def ::issuer pred/letsencrypt-issuer?)
|
||||||
|
(s/def ::volume-size pred/integer-string?)
|
||||||
|
(s/def ::authtoken pred/bash-env-string?)
|
||||||
|
(s/def ::fqdns (s/coll-of pred/fqdn-string?))
|
||||||
|
(s/def ::forgejo-host pred/fqdn-string?)
|
||||||
|
(s/def ::forgejo-repo string?)
|
||||||
|
(s/def ::branchname string?)
|
||||||
|
(s/def ::username string?)
|
||||||
|
(s/def ::build-cpu-request string?)
|
||||||
|
(s/def ::build-memory-request string?)
|
||||||
|
(s/def ::build-cpu-limit string?)
|
||||||
|
(s/def ::build-memory-limit string?)
|
||||||
|
|
||||||
|
(def websiteconfig? (s/keys :req-un [::unique-name
|
||||||
|
::fqdns
|
||||||
|
::forgejo-host
|
||||||
|
::forgejo-repo
|
||||||
|
::branchname
|
||||||
|
::issuer
|
||||||
|
::volume-size
|
||||||
|
::build-cpu-request
|
||||||
|
::build-cpu-limit
|
||||||
|
::build-memory-request
|
||||||
|
::build-memory-limit]))
|
||||||
|
|
||||||
|
(def websiteauth? (s/keys :req-un [::unique-name ::username ::authtoken]))
|
||||||
|
|
||||||
|
(s/def ::websites (s/coll-of websiteconfig?))
|
||||||
|
|
||||||
|
(s/def ::auth (s/coll-of websiteauth?))
|
||||||
|
|
||||||
|
(def websites? (s/keys :req-un [::websites]))
|
||||||
|
|
||||||
|
(def auth? (s/keys :req-un [::auth]))
|
||||||
|
|
||||||
|
(defn-spec replace-dots-by-minus string?
|
||||||
|
[fqdn pred/fqdn-string?]
|
||||||
|
(str/replace fqdn #"\." "-"))
|
||||||
|
|
||||||
|
; TODO: remove
|
||||||
|
(defn-spec generate-app-name string?
|
||||||
|
[unique-name pred/fqdn-string?]
|
||||||
|
(str (replace-dots-by-minus unique-name) "-website"))
|
||||||
|
|
||||||
|
; TODO: remove
|
||||||
|
(defn-spec generate-service-name string?
|
||||||
|
[unique-name pred/fqdn-string?]
|
||||||
|
(str (replace-dots-by-minus unique-name) "-service"))
|
||||||
|
|
||||||
|
; TODO: remove
|
||||||
|
(defn-spec generate-cert-name string?
|
||||||
|
[unique-name pred/fqdn-string?]
|
||||||
|
(str (replace-dots-by-minus unique-name) "-cert"))
|
||||||
|
|
||||||
|
; TODO: remove
|
||||||
|
(defn-spec generate-ingress-name string?
|
||||||
|
[unique-name pred/fqdn-string?]
|
||||||
|
(str (replace-dots-by-minus unique-name) "-ingress"))
|
||||||
|
|
||||||
|
; https://your.gitea.host/api/v1/repos/<owner>/<repo>/archive/<branch>.zip
|
||||||
|
(defn-spec generate-gitrepourl string?
|
||||||
|
[host pred/fqdn-string?
|
||||||
|
repo string?
|
||||||
|
user string?
|
||||||
|
branch string?]
|
||||||
|
(str "https://" host "/api/v1/repos/" user "/" repo "/archive/" branch ".zip"))
|
||||||
|
|
||||||
|
; https://your.gitea.host/api/v1/repos/<owner>/<repo>/git/commits/HEAD
|
||||||
|
(defn-spec generate-gitcommiturl string?
|
||||||
|
[host pred/fqdn-string?
|
||||||
|
repo string?
|
||||||
|
user string?]
|
||||||
|
(str "https://" host "/api/v1/repos/" user "/" repo "/git/" "commits/" "HEAD"))
|
||||||
|
|
||||||
|
(defn-spec replace-all-matching-substrings-beginning-with pred/map-or-seq?
|
||||||
|
[col pred/map-or-seq?
|
||||||
|
value-to-partly-match string?
|
||||||
|
value-to-inplace string?]
|
||||||
|
(clojure.walk/postwalk #(if (and (= (type value-to-partly-match) (type %))
|
||||||
|
(re-matches (re-pattern (str value-to-partly-match ".*")) %))
|
||||||
|
(str/replace % value-to-partly-match value-to-inplace) %)
|
||||||
|
col))
|
||||||
|
|
||||||
|
|
||||||
|
(defn-spec generate-nginx-deployment map?
|
||||||
|
[config websiteconfig?]
|
||||||
|
(let [{:keys [unique-name build-cpu-request build-cpu-limit
|
||||||
|
build-memory-request build-memory-limit]} config
|
||||||
|
name (replace-dots-by-minus unique-name)]
|
||||||
|
(->
|
||||||
|
(yaml/load-as-edn "website/nginx-deployment.yaml")
|
||||||
|
(assoc-in [:metadata :labels :app.kubernetes.part-of] name)
|
||||||
|
(assoc-in [:metadata :namespace] name)
|
||||||
|
(replace-all-matching-substrings-beginning-with "NAME" name)
|
||||||
|
(cm/replace-all-matching-values-by-new-value "BUILD_CPU_REQUEST" build-cpu-request)
|
||||||
|
(cm/replace-all-matching-values-by-new-value "BUILD_CPU_LIMIT" build-cpu-limit)
|
||||||
|
(cm/replace-all-matching-values-by-new-value "BUILD_MEMORY_REQUEST" build-memory-request)
|
||||||
|
(cm/replace-all-matching-values-by-new-value "BUILD_MEMORY_LIMIT" build-memory-limit)
|
||||||
|
)))
|
||||||
|
|
||||||
|
|
||||||
|
(defn-spec generate-nginx-configmap map?
|
||||||
|
[config websiteconfig?]
|
||||||
|
(let [{:keys [fqdns unique-name]} config
|
||||||
|
name (replace-dots-by-minus unique-name)]
|
||||||
|
(->
|
||||||
|
(yaml/load-as-edn "website/nginx-configmap.yaml")
|
||||||
|
(assoc-in [:metadata :labels :app.kubernetes.part-of] name)
|
||||||
|
(assoc-in [:metadata :namespace] name)
|
||||||
|
(replace-all-matching-substrings-beginning-with "NAME" name)
|
||||||
|
(#(assoc-in %
|
||||||
|
[:data :website.conf]
|
||||||
|
(str/replace
|
||||||
|
(-> % :data :website.conf) #"FQDN" (str (str/join " " fqdns) ";")))))))
|
||||||
|
|
||||||
|
|
||||||
|
(defn-spec generate-nginx-service map?
|
||||||
|
[config websiteconfig?]
|
||||||
|
(let [{:keys [unique-name]} config
|
||||||
|
name (replace-dots-by-minus unique-name)]
|
||||||
|
(->
|
||||||
|
(yaml/load-as-edn "website/nginx-service.yaml")
|
||||||
|
(assoc-in [:metadata :labels :app.kubernetes.part-of] name)
|
||||||
|
(assoc-in [:metadata :namespace] name)
|
||||||
|
(replace-all-matching-substrings-beginning-with "NAME" name))))
|
||||||
|
|
||||||
|
|
||||||
|
(defn-spec generate-website-content-volume map?
|
||||||
|
[config websiteconfig?]
|
||||||
|
(let [{:keys [unique-name volume-size]} config
|
||||||
|
name (replace-dots-by-minus unique-name)]
|
||||||
|
(->
|
||||||
|
(yaml/load-as-edn "website/website-content-volume.yaml")
|
||||||
|
(assoc-in [:metadata :labels :app.kubernetes.part-of] name)
|
||||||
|
(replace-all-matching-substrings-beginning-with "NAME" name)
|
||||||
|
(cm/replace-all-matching-values-by-new-value "WEBSITESTORAGESIZE" (str volume-size "Gi")))))
|
||||||
|
|
||||||
|
|
||||||
|
(defn-spec generate-hashfile-volume map?
|
||||||
|
[config websiteconfig?]
|
||||||
|
(let [{:keys [unique-name]} config
|
||||||
|
name (replace-dots-by-minus unique-name)]
|
||||||
|
(->
|
||||||
|
(yaml/load-as-edn "website/hashfile-volume.yaml")
|
||||||
|
(assoc-in [:metadata :labels :app.kubernetes.part-of] name)
|
||||||
|
(replace-all-matching-substrings-beginning-with "NAME" name))))
|
||||||
|
|
||||||
|
|
||||||
|
; TODO: remove
|
||||||
|
(defn-spec generate-website-ingress pred/map-or-seq?
|
||||||
|
[config websiteconfig?]
|
||||||
|
(let [{:keys [unique-name fqdns]} config]
|
||||||
|
(ing/generate-ingress {:fqdns fqdns
|
||||||
|
:app-name (generate-app-name unique-name)
|
||||||
|
:ingress-name (generate-ingress-name unique-name)
|
||||||
|
:service-name (generate-service-name unique-name)
|
||||||
|
:service-port 80})))
|
||||||
|
|
||||||
|
; TODO: remove - using simple ingress instead removes the need of cert handling
|
||||||
|
(defn-spec generate-website-certificate pred/map-or-seq?
|
||||||
|
[config websiteconfig?]
|
||||||
|
(let [{:keys [unique-name issuer fqdns]
|
||||||
|
:or {issuer "staging"}} config]
|
||||||
|
(ing/generate-certificate {:fqdns fqdns
|
||||||
|
:app-name (generate-app-name unique-name)
|
||||||
|
:cert-name (generate-cert-name unique-name)
|
||||||
|
:issuer issuer})))
|
||||||
|
|
||||||
|
|
||||||
|
(defn-spec generate-website-build-cron map?
|
||||||
|
[config websiteconfig?]
|
||||||
|
(let [{:keys [unique-name build-cpu-request build-cpu-limit build-memory-request
|
||||||
|
build-memory-limit]} config
|
||||||
|
name (replace-dots-by-minus unique-name)]
|
||||||
|
(->
|
||||||
|
(yaml/load-as-edn "website/website-build-cron.yaml")
|
||||||
|
(assoc-in [:metadata :labels :app.kubernetes.part-of] name)
|
||||||
|
(replace-all-matching-substrings-beginning-with "NAME" name)
|
||||||
|
(cm/replace-all-matching-values-by-new-value "BUILD_CPU_REQUEST" build-cpu-request)
|
||||||
|
(cm/replace-all-matching-values-by-new-value "BUILD_CPU_LIMIT" build-cpu-limit)
|
||||||
|
(cm/replace-all-matching-values-by-new-value "BUILD_MEMORY_REQUEST" build-memory-request)
|
||||||
|
(cm/replace-all-matching-values-by-new-value "BUILD_MEMORY_LIMIT" build-memory-limit))))
|
||||||
|
|
||||||
|
|
||||||
|
; TODO: Non-Secret-Parts should be config map
|
||||||
|
(defn-spec generate-website-build-secret pred/map-or-seq?
|
||||||
|
[config websiteconfig?
|
||||||
|
auth websiteauth?]
|
||||||
|
(let [{:keys [unique-name
|
||||||
|
forgejo-host
|
||||||
|
forgejo-repo
|
||||||
|
branchname]} config
|
||||||
|
{:keys [authtoken
|
||||||
|
username]} auth
|
||||||
|
name (replace-dots-by-minus unique-name)]
|
||||||
|
(->
|
||||||
|
(yaml/load-as-edn "website/website-build-secret.yaml")
|
||||||
|
(assoc-in [:metadata :labels :app.kubernetes.part-of] name)
|
||||||
|
(replace-all-matching-substrings-beginning-with "NAME" name)
|
||||||
|
(cm/replace-all-matching-values-by-new-value "TOKEN" (b64/encode authtoken))
|
||||||
|
(cm/replace-all-matching-values-by-new-value "REPOURL" (b64/encode
|
||||||
|
(generate-gitrepourl
|
||||||
|
forgejo-host
|
||||||
|
forgejo-repo
|
||||||
|
username
|
||||||
|
branchname)))
|
||||||
|
(cm/replace-all-matching-values-by-new-value "COMMITURL" (b64/encode
|
||||||
|
(generate-gitcommiturl
|
||||||
|
forgejo-host
|
||||||
|
forgejo-repo
|
||||||
|
username))))))
|
||||||
|
|
||||||
|
|
||||||
|
#?(:cljs
|
||||||
|
(defmethod yaml/load-resource :website [resource-name]
|
||||||
|
(get (inline-resources "website") resource-name)))
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: ConfigMap
|
kind: ConfigMap
|
||||||
metadata:
|
metadata:
|
||||||
name: NAME-configmap
|
name: etc-ngingx
|
||||||
namespace: default
|
namespace: default
|
||||||
labels:
|
labels:
|
||||||
app.kubernetes.part-of: NAME-website
|
app.kubernetes.part-of: NAME-website
|
||||||
|
|
|
@ -2,6 +2,7 @@ apiVersion: apps/v1
|
||||||
kind: Deployment
|
kind: Deployment
|
||||||
metadata:
|
metadata:
|
||||||
name: NAME-deployment
|
name: NAME-deployment
|
||||||
|
namespace: webserver
|
||||||
labels:
|
labels:
|
||||||
app.kubernetes.part-of: NAME-website
|
app.kubernetes.part-of: NAME-website
|
||||||
spec:
|
spec:
|
||||||
|
@ -11,6 +12,7 @@ spec:
|
||||||
app: NAME-nginx
|
app: NAME-nginx
|
||||||
template:
|
template:
|
||||||
metadata:
|
metadata:
|
||||||
|
namespace: webserver
|
||||||
labels:
|
labels:
|
||||||
app: NAME-nginx
|
app: NAME-nginx
|
||||||
spec:
|
spec:
|
||||||
|
@ -23,7 +25,7 @@ spec:
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- mountPath: /etc/nginx
|
- mountPath: /etc/nginx
|
||||||
readOnly: true
|
readOnly: true
|
||||||
name: nginx-config-volume
|
name: etc-ngingx
|
||||||
- mountPath: /var/log/nginx
|
- mountPath: /var/log/nginx
|
||||||
name: log
|
name: log
|
||||||
- mountPath: /var/www/html/website
|
- mountPath: /var/www/html/website
|
||||||
|
@ -50,9 +52,9 @@ spec:
|
||||||
- name: hashfile-volume
|
- name: hashfile-volume
|
||||||
mountPath: /var/hashfile.d
|
mountPath: /var/hashfile.d
|
||||||
volumes:
|
volumes:
|
||||||
- name: nginx-config-volume
|
- name: etc-ngingx
|
||||||
configMap:
|
configMap:
|
||||||
name: NAME-configmap
|
name: etc-ngingx
|
||||||
items:
|
items:
|
||||||
- key: nginx.conf
|
- key: nginx.conf
|
||||||
path: nginx.conf
|
path: nginx.conf
|
||||||
|
|
|
@ -1,14 +1,14 @@
|
||||||
kind: Service
|
kind: Service
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
metadata:
|
metadata:
|
||||||
name: NAME-service
|
name: NAME
|
||||||
labels:
|
|
||||||
app: NAME-nginx
|
|
||||||
app.kubernetes.part-of: NAME-website
|
|
||||||
namespace: default
|
namespace: default
|
||||||
|
labels:
|
||||||
|
app: NAME
|
||||||
|
app.kubernetes.part-of: NAME
|
||||||
spec:
|
spec:
|
||||||
selector:
|
selector:
|
||||||
app: NAME-nginx
|
app: NAME
|
||||||
ports:
|
ports:
|
||||||
- name: nginx-http
|
- name: nginx-http
|
||||||
port: 80
|
port: 80
|
||||||
|
|
228
src/test/cljc/dda/c4k_website/website/website_internal_test.cljc
Normal file
228
src/test/cljc/dda/c4k_website/website/website_internal_test.cljc
Normal file
|
@ -0,0 +1,228 @@
|
||||||
|
(ns dda.c4k-website.website.website-internal-test
|
||||||
|
(:require
|
||||||
|
#?(:clj [clojure.test :refer [deftest is are testing run-tests]]
|
||||||
|
:cljs [cljs.test :refer-macros [deftest is are testing run-tests]])
|
||||||
|
[clojure.spec.test.alpha :as st]
|
||||||
|
[dda.c4k-common.test-helper :as th]
|
||||||
|
[dda.c4k-website.website.website-internal :as cut]))
|
||||||
|
|
||||||
|
(st/instrument `cut/generate-nginx-configmap)
|
||||||
|
(st/instrument `cut/generate-nginx-service)
|
||||||
|
(st/instrument `cut/generate-website-content-volume)
|
||||||
|
(st/instrument `cut/generate-hashfile-volume)
|
||||||
|
(st/instrument `cut/generate-website-ingress)
|
||||||
|
(st/instrument `cut/generate-website-certificate)
|
||||||
|
(st/instrument `cut/generate-website-build-cron)
|
||||||
|
(st/instrument `cut/generate-website-build-secret)
|
||||||
|
|
||||||
|
(deftest should-generate-resource-requests
|
||||||
|
(is (= {:requests {:cpu "1500m", :memory "512Mi"}, :limits {:cpu "3000m", :memory "1024Mi"}}
|
||||||
|
(-> (cut/generate-nginx-deployment {:forgejo-host "gitlab.de",
|
||||||
|
:fqdns ["test.de" "test.org" "www.test.de" "www.test.org"],
|
||||||
|
:forgejo-repo "repo",
|
||||||
|
:issuer "staging",
|
||||||
|
:branchname "main",
|
||||||
|
:unique-name "test.io"
|
||||||
|
:build-cpu-request "1500m"
|
||||||
|
:build-cpu-limit "3000m"
|
||||||
|
:build-memory-request "512Mi"
|
||||||
|
:build-memory-limit "1024Mi"
|
||||||
|
:volume-size 3})
|
||||||
|
:spec :template :spec :initContainers first :resources))))
|
||||||
|
|
||||||
|
|
||||||
|
(deftest should-generate-nginx-configmap-website
|
||||||
|
(is (= "server {\n listen 80 default_server;\n listen [::]:80 default_server;\n server_name test.de www.test.de test-it.de www.test-it.de;\n add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload'; \n add_header X-Frame-Options \"SAMEORIGIN\";\n add_header X-Content-Type-Options nosniff;\n add_header Referrer-Policy \"strict-origin\";\n # add_header Permissions-Policy \"permissions here\";\n root /var/www/html/website/;\n index index.html;\n location / {\n try_files $uri $uri/ /index.html =404;\n }\n}\n"
|
||||||
|
(:website.conf (:data (cut/generate-nginx-configmap {:issuer "staging"
|
||||||
|
:build-cpu-request "500m"
|
||||||
|
:build-cpu-limit "1700m"
|
||||||
|
:build-memory-request "256Mi"
|
||||||
|
:build-memory-limit "512Mi"
|
||||||
|
:volume-size "3"
|
||||||
|
:unique-name "test.io",
|
||||||
|
:forgejo-host "gitea.evilorg",
|
||||||
|
:forgejo-repo "none",
|
||||||
|
:branchname "mablain",
|
||||||
|
:fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]})))))
|
||||||
|
(is (= "types {\n text/html html htm shtml;\n text/css css;\n text/xml xml rss;\n image/gif gif;\n image/jpeg jpeg jpg;\n application/x-javascript js;\n text/plain txt;\n text/x-component htc;\n text/mathml mml;\n image/svg+xml svg svgz;\n image/png png;\n image/x-icon ico;\n image/x-jng jng;\n image/vnd.wap.wbmp wbmp;\n application/java-archive jar war ear;\n application/mac-binhex40 hqx;\n application/pdf pdf;\n application/x-cocoa cco;\n application/x-java-archive-diff jardiff;\n application/x-java-jnlp-file jnlp;\n application/x-makeself run;\n application/x-perl pl pm;\n application/x-pilot prc pdb;\n application/x-rar-compressed rar;\n application/x-redhat-package-manager rpm;\n application/x-sea sea;\n application/x-shockwave-flash swf;\n application/x-stuffit sit;\n application/x-tcl tcl tk;\n application/x-x509-ca-cert der pem crt;\n application/x-xpinstall xpi;\n application/zip zip;\n application/octet-stream deb;\n application/octet-stream bin exe dll;\n application/octet-stream dmg;\n application/octet-stream eot;\n application/octet-stream iso img;\n application/octet-stream msi msp msm;\n audio/mpeg mp3;\n audio/x-realaudio ra;\n video/mpeg mpeg mpg;\n video/quicktime mov;\n video/x-flv flv;\n video/x-msvideo avi;\n video/x-ms-wmv wmv;\n video/x-ms-asf asx asf;\n video/x-mng mng;\n}\n"
|
||||||
|
(:mime.types (:data (cut/generate-nginx-configmap {:issuer "staging"
|
||||||
|
:build-cpu-request "500m"
|
||||||
|
:build-cpu-limit "1700m"
|
||||||
|
:build-memory-request "256Mi"
|
||||||
|
:build-memory-limit "512Mi"
|
||||||
|
:volume-size "3"
|
||||||
|
:unique-name "test.io",
|
||||||
|
:forgejo-host "gitea.evilorg",
|
||||||
|
:forgejo-repo "none",
|
||||||
|
:branchname "mablain",
|
||||||
|
:fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]})))))
|
||||||
|
(is (= "user nginx;\nworker_processes 3;\nerror_log /var/log/nginx/error.log;\npid /var/log/nginx/nginx.pid;\nworker_rlimit_nofile 8192;\nevents {\n worker_connections 4096;\n}\nhttp {\n include /etc/nginx/mime.types;\n default_type application/octet-stream;\n log_format main '$remote_addr - $remote_user [$time_local] $status'\n '\"$request\" $body_bytes_sent \"$http_referer\"'\n '\"$http_user_agent\" \"$http_x_forwarded_for\"';\n access_log /var/log/nginx/access.log main;\n sendfile on;\n tcp_nopush on;\n keepalive_timeout 65;\n server_names_hash_bucket_size 128;\n include /etc/nginx/conf.d/website.conf;\n}\n"
|
||||||
|
(:nginx.conf (:data (cut/generate-nginx-configmap {:issuer "staging"
|
||||||
|
:build-cpu-request "500m"
|
||||||
|
:build-cpu-limit "1700m"
|
||||||
|
:build-memory-request "256Mi"
|
||||||
|
:build-memory-limit "512Mi"
|
||||||
|
:volume-size "3"
|
||||||
|
:unique-name "test.io",
|
||||||
|
:forgejo-host "gitea.evilorg",
|
||||||
|
:forgejo-repo "none",
|
||||||
|
:branchname "mablain",
|
||||||
|
:fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]})))))
|
||||||
|
(is (= {:apiVersion "v1",
|
||||||
|
:kind "ConfigMap",
|
||||||
|
:metadata {:labels {:app.kubernetes.part-of "test-io"},
|
||||||
|
:namespace "test-io",
|
||||||
|
:name "etc-ngingx"}}
|
||||||
|
(dissoc (cut/generate-nginx-configmap {:issuer "staging"
|
||||||
|
:build-cpu-request "500m"
|
||||||
|
:build-cpu-limit "1700m"
|
||||||
|
:build-memory-request "256Mi"
|
||||||
|
:build-memory-limit "512Mi"
|
||||||
|
:volume-size "3"
|
||||||
|
:unique-name "test.io",
|
||||||
|
:forgejo-host "gitea.evilorg",
|
||||||
|
:forgejo-repo "none",
|
||||||
|
:branchname "mablain",
|
||||||
|
:fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]}) :data))))
|
||||||
|
|
||||||
|
(deftest should-generate-nginx-service
|
||||||
|
(is (= {:name-c1 "test-io",
|
||||||
|
:name-c2 "test-org",
|
||||||
|
:app-c1 "test-io",
|
||||||
|
:app-c2 "test-org",
|
||||||
|
:app.kubernetes.part-of-c1 "test-io",
|
||||||
|
:app.kubernetes.part-of-c2 "test-org"
|
||||||
|
:namespace-c1 "test-io",
|
||||||
|
:namespace-c2 "test-org"}
|
||||||
|
(th/map-diff (cut/generate-nginx-service {:issuer "staging"
|
||||||
|
:build-cpu-request "500m"
|
||||||
|
:build-cpu-limit "1700m"
|
||||||
|
:build-memory-request "256Mi"
|
||||||
|
:build-memory-limit "512Mi"
|
||||||
|
:volume-size "3"
|
||||||
|
:unique-name "test.io",
|
||||||
|
:forgejo-host "gitea.evilorg",
|
||||||
|
:forgejo-repo "none",
|
||||||
|
:branchname "mablain",
|
||||||
|
:fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]})
|
||||||
|
(cut/generate-nginx-service {:issuer "staging"
|
||||||
|
:build-cpu-request "500m"
|
||||||
|
:build-cpu-limit "1700m"
|
||||||
|
:build-memory-request "256Mi"
|
||||||
|
:build-memory-limit "512Mi"
|
||||||
|
:volume-size "3"
|
||||||
|
:unique-name "test.org",
|
||||||
|
:forgejo-host "gitea.evilorg",
|
||||||
|
:forgejo-repo "none",
|
||||||
|
:branchname "mablain",
|
||||||
|
:fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]})))))
|
||||||
|
|
||||||
|
(deftest should-generate-website-build-cron
|
||||||
|
(is (= {:apiVersion "batch/v1",
|
||||||
|
:kind "CronJob",
|
||||||
|
:metadata {:name "test-io-build-cron",
|
||||||
|
:labels {:app.kubernetes.part-of "test-io"}},
|
||||||
|
:spec
|
||||||
|
{:schedule "0/7 * * * *",
|
||||||
|
:successfulJobsHistoryLimit 1,
|
||||||
|
:failedJobsHistoryLimit 1,
|
||||||
|
:jobTemplate
|
||||||
|
{:spec
|
||||||
|
{:template
|
||||||
|
{:spec
|
||||||
|
{:containers
|
||||||
|
[{:image "domaindrivenarchitecture/c4k-website-build",
|
||||||
|
:name "test-io-build-app",
|
||||||
|
:imagePullPolicy "IfNotPresent",
|
||||||
|
:resources {:requests {:cpu "500m", :memory "256Mi"}, :limits {:cpu "1700m", :memory "512Mi"}},
|
||||||
|
:command ["/entrypoint.sh"],
|
||||||
|
:envFrom [{:secretRef {:name "test-io-secret"}}],
|
||||||
|
:volumeMounts [{:name "content-volume", :mountPath "/var/www/html/website"}
|
||||||
|
{:name "hashfile-volume", :mountPath "/var/hashfile.d"}]}],
|
||||||
|
:volumes [{:name "content-volume", :persistentVolumeClaim {:claimName "test-io-content-volume"}}
|
||||||
|
{:name "hashfile-volume", :persistentVolumeClaim {:claimName "test-io-hashfile-volume"}}],
|
||||||
|
:restartPolicy "OnFailure"}}}}}}
|
||||||
|
(cut/generate-website-build-cron {:issuer "staging"
|
||||||
|
:build-cpu-request "500m"
|
||||||
|
:build-cpu-limit "1700m"
|
||||||
|
:build-memory-request "256Mi"
|
||||||
|
:build-memory-limit "512Mi"
|
||||||
|
:volume-size "3"
|
||||||
|
:forgejo-host "gitlab.de",
|
||||||
|
:fqdns ["test.de" "test.org" "www.test.de" "www.test.org"],
|
||||||
|
:forgejo-repo "repo",
|
||||||
|
:branchname "main",
|
||||||
|
:unique-name "test.io"}))))
|
||||||
|
|
||||||
|
(deftest should-generate-website-build-secret
|
||||||
|
(is (= {:apiVersion "v1",
|
||||||
|
:kind "Secret",
|
||||||
|
:metadata {:name "test-io-secret", :labels {:app.kubernetes.part-of "test-io"}},
|
||||||
|
:data
|
||||||
|
{:AUTHTOKEN "YWJlZGpnYmFzZG9kag==",
|
||||||
|
:GITREPOURL "aHR0cHM6Ly9naXRsYWIuZGUvYXBpL3YxL3JlcG9zL3NvbWV1c2VyL3JlcG8vYXJjaGl2ZS9tYWluLnppcA==",
|
||||||
|
:GITCOMMITURL "aHR0cHM6Ly9naXRsYWIuZGUvYXBpL3YxL3JlcG9zL3NvbWV1c2VyL3JlcG8vZ2l0L2NvbW1pdHMvSEVBRA=="}}
|
||||||
|
(cut/generate-website-build-secret {:fqdns ["test.de" "test.org" "www.test.de" "www.test.org"],
|
||||||
|
:forgejo-repo "repo",
|
||||||
|
:issuer "staging",
|
||||||
|
:branchname "main",
|
||||||
|
:unique-name "test.io",
|
||||||
|
:forgejo-host "gitlab.de"
|
||||||
|
:build-cpu-request "500m"
|
||||||
|
:build-cpu-limit "1700m"
|
||||||
|
:build-memory-request "256Mi"
|
||||||
|
:build-memory-limit "512Mi"
|
||||||
|
:volume-size "3"}
|
||||||
|
{:unique-name "test.io",
|
||||||
|
:authtoken "abedjgbasdodj",
|
||||||
|
:username "someuser"}))))
|
||||||
|
|
||||||
|
(deftest should-generate-website-content-volume
|
||||||
|
(is (= {:name-c1 "test-io-content-volume",
|
||||||
|
:name-c2 "test-org-content-volume",
|
||||||
|
:app-c1 "test-io-nginx",
|
||||||
|
:app-c2 "test-org-nginx",
|
||||||
|
:app.kubernetes.part-of-c1 "test-io",
|
||||||
|
:app.kubernetes.part-of-c2 "test-org"}
|
||||||
|
(th/map-diff (cut/generate-website-content-volume {:issuer "staging"
|
||||||
|
:build-cpu-request "500m"
|
||||||
|
:build-cpu-limit "1700m"
|
||||||
|
:build-memory-request "256Mi"
|
||||||
|
:build-memory-limit "512Mi"
|
||||||
|
:volume-size "3"
|
||||||
|
:unique-name "test.io",
|
||||||
|
:forgejo-host "gitea.evilorg",
|
||||||
|
:forgejo-repo "none",
|
||||||
|
:branchname "mablain",
|
||||||
|
:fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]})
|
||||||
|
(cut/generate-website-content-volume {:issuer "staging"
|
||||||
|
:build-cpu-request "500m"
|
||||||
|
:build-cpu-limit "1700m"
|
||||||
|
:build-memory-request "256Mi"
|
||||||
|
:build-memory-limit "512Mi"
|
||||||
|
:volume-size "3"
|
||||||
|
:unique-name "test.org",
|
||||||
|
:forgejo-host "gitea.evilorg",
|
||||||
|
:forgejo-repo "none",
|
||||||
|
:branchname "mablain",
|
||||||
|
:fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]})))))
|
||||||
|
|
||||||
|
(deftest should-generate-hashfile-volume
|
||||||
|
(is (= {:apiVersion "v1",
|
||||||
|
:kind "PersistentVolumeClaim",
|
||||||
|
:metadata
|
||||||
|
{:name "test-io-hashfile-volume",
|
||||||
|
:namespace "default",
|
||||||
|
:labels {:app "test-io-nginx", :app.kubernetes.part-of "test-io"}},
|
||||||
|
:spec {:storageClassName "local-path", :accessModes ["ReadWriteOnce"], :resources {:requests {:storage "16Mi"}}}}
|
||||||
|
(cut/generate-hashfile-volume {:issuer "staging"
|
||||||
|
:build-cpu-request "500m"
|
||||||
|
:build-cpu-limit "1700m"
|
||||||
|
:build-memory-request "256Mi"
|
||||||
|
:build-memory-limit "512Mi"
|
||||||
|
:volume-size "3"
|
||||||
|
:unique-name "test.io",
|
||||||
|
:forgejo-host "gitea.evilorg",
|
||||||
|
:forgejo-repo "none",
|
||||||
|
:branchname "mablain",
|
||||||
|
:fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]}))))
|
|
@ -6,55 +6,18 @@
|
||||||
[dda.c4k-common.test-helper :as th]
|
[dda.c4k-common.test-helper :as th]
|
||||||
[dda.c4k-website.website :as cut]))
|
[dda.c4k-website.website :as cut]))
|
||||||
|
|
||||||
(st/instrument `cut/generate-nginx-configmap)
|
|
||||||
(st/instrument `cut/generate-nginx-deployment)
|
|
||||||
(st/instrument `cut/generate-nginx-service)
|
|
||||||
(st/instrument `cut/generate-website-content-volume)
|
|
||||||
(st/instrument `cut/generate-hashfile-volume)
|
|
||||||
(st/instrument `cut/generate-website-ingress)
|
|
||||||
(st/instrument `cut/generate-website-certificate)
|
|
||||||
(st/instrument `cut/generate-website-build-cron)
|
|
||||||
(st/instrument `cut/generate-website-build-secret)
|
|
||||||
|
|
||||||
(deftest should-generate-nginx-configmap-website
|
|
||||||
(is (= "server {\n listen 80 default_server;\n listen [::]:80 default_server;\n server_name test.de www.test.de test-it.de www.test-it.de;\n add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload'; \n add_header X-Frame-Options \"SAMEORIGIN\";\n add_header X-Content-Type-Options nosniff;\n add_header Referrer-Policy \"strict-origin\";\n # add_header Permissions-Policy \"permissions here\";\n root /var/www/html/website/;\n index index.html;\n location / {\n try_files $uri $uri/ /index.html =404;\n }\n}\n"
|
|
||||||
(:website.conf (:data (cut/generate-nginx-configmap {:unique-name "test.io",
|
|
||||||
:forgejo-host "gitea.evilorg",
|
|
||||||
:forgejo-repo "none",
|
|
||||||
:branchname "mablain",
|
|
||||||
:fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]})))))
|
|
||||||
(is (= "types {\n text/html html htm shtml;\n text/css css;\n text/xml xml rss;\n image/gif gif;\n image/jpeg jpeg jpg;\n application/x-javascript js;\n text/plain txt;\n text/x-component htc;\n text/mathml mml;\n image/svg+xml svg svgz;\n image/png png;\n image/x-icon ico;\n image/x-jng jng;\n image/vnd.wap.wbmp wbmp;\n application/java-archive jar war ear;\n application/mac-binhex40 hqx;\n application/pdf pdf;\n application/x-cocoa cco;\n application/x-java-archive-diff jardiff;\n application/x-java-jnlp-file jnlp;\n application/x-makeself run;\n application/x-perl pl pm;\n application/x-pilot prc pdb;\n application/x-rar-compressed rar;\n application/x-redhat-package-manager rpm;\n application/x-sea sea;\n application/x-shockwave-flash swf;\n application/x-stuffit sit;\n application/x-tcl tcl tk;\n application/x-x509-ca-cert der pem crt;\n application/x-xpinstall xpi;\n application/zip zip;\n application/octet-stream deb;\n application/octet-stream bin exe dll;\n application/octet-stream dmg;\n application/octet-stream eot;\n application/octet-stream iso img;\n application/octet-stream msi msp msm;\n audio/mpeg mp3;\n audio/x-realaudio ra;\n video/mpeg mpeg mpg;\n video/quicktime mov;\n video/x-flv flv;\n video/x-msvideo avi;\n video/x-ms-wmv wmv;\n video/x-ms-asf asx asf;\n video/x-mng mng;\n}\n"
|
|
||||||
(:mime.types (:data (cut/generate-nginx-configmap {:unique-name "test.io",
|
|
||||||
:forgejo-host "gitea.evilorg",
|
|
||||||
:forgejo-repo "none",
|
|
||||||
:branchname "mablain",
|
|
||||||
:fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]})))))
|
|
||||||
(is (= "user nginx;\nworker_processes 3;\nerror_log /var/log/nginx/error.log;\npid /var/log/nginx/nginx.pid;\nworker_rlimit_nofile 8192;\nevents {\n worker_connections 4096;\n}\nhttp {\n include /etc/nginx/mime.types;\n default_type application/octet-stream;\n log_format main '$remote_addr - $remote_user [$time_local] $status'\n '\"$request\" $body_bytes_sent \"$http_referer\"'\n '\"$http_user_agent\" \"$http_x_forwarded_for\"';\n access_log /var/log/nginx/access.log main;\n sendfile on;\n tcp_nopush on;\n keepalive_timeout 65;\n server_names_hash_bucket_size 128;\n include /etc/nginx/conf.d/website.conf;\n}\n"
|
|
||||||
(:nginx.conf (:data (cut/generate-nginx-configmap {:unique-name "test.io",
|
|
||||||
:forgejo-host "gitea.evilorg",
|
|
||||||
:forgejo-repo "none",
|
|
||||||
:branchname "mablain",
|
|
||||||
:fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]})))))
|
|
||||||
(is (= {:apiVersion "v1",
|
|
||||||
:kind "ConfigMap",
|
|
||||||
:metadata {:name "test-io-configmap",
|
|
||||||
:labels {:app.kubernetes.part-of "test-io-website"},
|
|
||||||
:namespace "default"}}
|
|
||||||
(dissoc (cut/generate-nginx-configmap {:unique-name "test.io",
|
|
||||||
:forgejo-host "gitea.evilorg",
|
|
||||||
:forgejo-repo "none",
|
|
||||||
:branchname "mablain",
|
|
||||||
:fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]}) :data))))
|
|
||||||
|
|
||||||
(deftest should-generate-nginx-deployment
|
(deftest should-generate-nginx-deployment
|
||||||
(is (= {:apiVersion "apps/v1",
|
(is (= {:apiVersion "apps/v1",
|
||||||
:kind "Deployment",
|
:kind "Deployment",
|
||||||
:metadata {:name "test-io-deployment", :labels {:app.kubernetes.part-of "test-io-website"}},
|
:metadata {:name "test-io-deployment",
|
||||||
|
:namespace "test-io"
|
||||||
|
:labels {:app.kubernetes.part-of "test-io"}},
|
||||||
:spec
|
:spec
|
||||||
{:replicas 1,
|
{:replicas 1,
|
||||||
:selector {:matchLabels {:app "test-io-nginx"}},
|
:selector {:matchLabels {:app "test-io-nginx"}},
|
||||||
:template
|
:template
|
||||||
{:metadata {:labels {:app "test-io-nginx"}},
|
{:metadata {:namespace "webserver"
|
||||||
|
:labels {:app "test-io-nginx"}},
|
||||||
:spec
|
:spec
|
||||||
{:containers
|
{:containers
|
||||||
[{:name "test-io-nginx",
|
[{:name "test-io-nginx",
|
||||||
|
@ -62,7 +25,7 @@
|
||||||
:imagePullPolicy "IfNotPresent",
|
:imagePullPolicy "IfNotPresent",
|
||||||
:ports [{:containerPort 80}],
|
:ports [{:containerPort 80}],
|
||||||
:volumeMounts
|
:volumeMounts
|
||||||
[{:mountPath "/etc/nginx", :readOnly true, :name "nginx-config-volume"}
|
[{:mountPath "/etc/nginx", :readOnly true, :name "etc-ngingx"}
|
||||||
{:mountPath "/var/log/nginx", :name "log"}
|
{:mountPath "/var/log/nginx", :name "log"}
|
||||||
{:mountPath "/var/www/html/website", :name "content-volume", :readOnly true}]}],
|
{:mountPath "/var/www/html/website", :name "content-volume", :readOnly true}]}],
|
||||||
:initContainers
|
:initContainers
|
||||||
|
@ -75,9 +38,9 @@
|
||||||
:volumeMounts [{:name "content-volume", :mountPath "/var/www/html/website"}
|
:volumeMounts [{:name "content-volume", :mountPath "/var/www/html/website"}
|
||||||
{:name "hashfile-volume", :mountPath "/var/hashfile.d"}]}],
|
{:name "hashfile-volume", :mountPath "/var/hashfile.d"}]}],
|
||||||
:volumes
|
:volumes
|
||||||
[{:name "nginx-config-volume",
|
[{:name "etc-ngingx",
|
||||||
:configMap
|
:configMap
|
||||||
{:name "test-io-configmap",
|
{:name "etc-ngingx",
|
||||||
:items
|
:items
|
||||||
[{:key "nginx.conf", :path "nginx.conf"}
|
[{:key "nginx.conf", :path "nginx.conf"}
|
||||||
{:key "website.conf", :path "conf.d/website.conf"}
|
{:key "website.conf", :path "conf.d/website.conf"}
|
||||||
|
@ -92,126 +55,3 @@
|
||||||
:issuer "staging",
|
:issuer "staging",
|
||||||
:branchname "main",
|
:branchname "main",
|
||||||
:unique-name "test.io"}))))
|
:unique-name "test.io"}))))
|
||||||
|
|
||||||
(deftest should-generate-resource-requests
|
|
||||||
(is (= {:requests {:cpu "500m", :memory "256Mi"}, :limits {:cpu "1700m", :memory "512Mi"}}
|
|
||||||
(-> (cut/generate-nginx-deployment {:forgejo-host "gitlab.de",
|
|
||||||
:fqdns ["test.de" "test.org" "www.test.de" "www.test.org"],
|
|
||||||
:forgejo-repo "repo",
|
|
||||||
:sha256sum-output "123456789ab123cd345de script-file-name.sh",
|
|
||||||
:issuer "staging",
|
|
||||||
:branchname "main",
|
|
||||||
:unique-name "test.io"})
|
|
||||||
:spec :template :spec :initContainers first :resources )))
|
|
||||||
(is (= {:requests {:cpu "1500m", :memory "512Mi"}, :limits {:cpu "3000m", :memory "1024Mi"}}
|
|
||||||
(-> (cut/generate-nginx-deployment {:forgejo-host "gitlab.de",
|
|
||||||
:fqdns ["test.de" "test.org" "www.test.de" "www.test.org"],
|
|
||||||
:forgejo-repo "repo",
|
|
||||||
:sha256sum-output "123456789ab123cd345de script-file-name.sh",
|
|
||||||
:issuer "staging",
|
|
||||||
:branchname "main",
|
|
||||||
:unique-name "test.io"
|
|
||||||
:build-cpu-request "1500m"
|
|
||||||
:build-cpu-limit "3000m"
|
|
||||||
:build-memory-request "512Mi"
|
|
||||||
:build-memory-limit "1024Mi"})
|
|
||||||
:spec :template :spec :initContainers first :resources))))
|
|
||||||
|
|
||||||
(deftest should-generate-nginx-service
|
|
||||||
(is (= {:name-c1 "test-io-service",
|
|
||||||
:name-c2 "test-org-service",
|
|
||||||
:app-c1 "test-io-nginx",
|
|
||||||
:app-c2 "test-org-nginx",
|
|
||||||
:app.kubernetes.part-of-c1 "test-io-website",
|
|
||||||
:app.kubernetes.part-of-c2 "test-org-website"}
|
|
||||||
(th/map-diff (cut/generate-nginx-service {:unique-name "test.io",
|
|
||||||
:forgejo-host "gitea.evilorg",
|
|
||||||
:forgejo-repo "none",
|
|
||||||
:branchname "mablain",
|
|
||||||
:fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]})
|
|
||||||
(cut/generate-nginx-service {:unique-name "test.org",
|
|
||||||
:forgejo-host "gitea.evilorg",
|
|
||||||
:forgejo-repo "none",
|
|
||||||
:branchname "mablain",
|
|
||||||
:fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]})))))
|
|
||||||
|
|
||||||
(deftest should-generate-website-build-cron
|
|
||||||
(is (= {:apiVersion "batch/v1",
|
|
||||||
:kind "CronJob",
|
|
||||||
:metadata {:name "test-io-build-cron", :labels {:app.kubernetes.part-of "test-io-website"}},
|
|
||||||
:spec
|
|
||||||
{:schedule "0/7 * * * *",
|
|
||||||
:successfulJobsHistoryLimit 1,
|
|
||||||
:failedJobsHistoryLimit 1,
|
|
||||||
:jobTemplate
|
|
||||||
{:spec
|
|
||||||
{:template
|
|
||||||
{:spec
|
|
||||||
{:containers
|
|
||||||
[{:image "domaindrivenarchitecture/c4k-website-build",
|
|
||||||
:name "test-io-build-app",
|
|
||||||
:imagePullPolicy "IfNotPresent",
|
|
||||||
:resources {:requests {:cpu "500m", :memory "256Mi"}, :limits {:cpu "1700m", :memory "512Mi"}},
|
|
||||||
:command ["/entrypoint.sh"],
|
|
||||||
:envFrom [{:secretRef {:name "test-io-secret"}}],
|
|
||||||
:volumeMounts [{:name "content-volume", :mountPath "/var/www/html/website"}
|
|
||||||
{:name "hashfile-volume", :mountPath "/var/hashfile.d"}]}],
|
|
||||||
:volumes [{:name "content-volume", :persistentVolumeClaim {:claimName "test-io-content-volume"}}
|
|
||||||
{:name "hashfile-volume", :persistentVolumeClaim {:claimName "test-io-hashfile-volume"}}],
|
|
||||||
:restartPolicy "OnFailure"}}}}}}
|
|
||||||
(cut/generate-website-build-cron {:forgejo-host "gitlab.de",
|
|
||||||
:fqdns ["test.de" "test.org" "www.test.de" "www.test.org"],
|
|
||||||
:forgejo-repo "repo",
|
|
||||||
:issuer "staging",
|
|
||||||
:branchname "main",
|
|
||||||
:unique-name "test.io"}))))
|
|
||||||
|
|
||||||
(deftest should-generate-website-build-secret
|
|
||||||
(is (= {:apiVersion "v1",
|
|
||||||
:kind "Secret",
|
|
||||||
:metadata {:name "test-io-secret", :labels {:app.kubernetes.part-of "test-io-website"}},
|
|
||||||
:data
|
|
||||||
{:AUTHTOKEN "YWJlZGpnYmFzZG9kag==",
|
|
||||||
:GITREPOURL "aHR0cHM6Ly9naXRsYWIuZGUvYXBpL3YxL3JlcG9zL3NvbWV1c2VyL3JlcG8vYXJjaGl2ZS9tYWluLnppcA==",
|
|
||||||
:GITCOMMITURL "aHR0cHM6Ly9naXRsYWIuZGUvYXBpL3YxL3JlcG9zL3NvbWV1c2VyL3JlcG8vZ2l0L2NvbW1pdHMvSEVBRA=="}}
|
|
||||||
(cut/generate-website-build-secret {:fqdns ["test.de" "test.org" "www.test.de" "www.test.org"],
|
|
||||||
:forgejo-repo "repo",
|
|
||||||
:issuer "staging",
|
|
||||||
:branchname "main",
|
|
||||||
:unique-name "test.io",
|
|
||||||
:forgejo-host "gitlab.de"}
|
|
||||||
{:unique-name "test.io",
|
|
||||||
:authtoken "abedjgbasdodj",
|
|
||||||
:username "someuser"}))))
|
|
||||||
|
|
||||||
(deftest should-generate-website-content-volume
|
|
||||||
(is (= {:name-c1 "test-io-content-volume",
|
|
||||||
:name-c2 "test-org-content-volume",
|
|
||||||
:app-c1 "test-io-nginx",
|
|
||||||
:app-c2 "test-org-nginx",
|
|
||||||
:app.kubernetes.part-of-c1 "test-io-website",
|
|
||||||
:app.kubernetes.part-of-c2 "test-org-website"}
|
|
||||||
(th/map-diff (cut/generate-website-content-volume {:unique-name "test.io",
|
|
||||||
:forgejo-host "gitea.evilorg",
|
|
||||||
:forgejo-repo "none",
|
|
||||||
:branchname "mablain",
|
|
||||||
:fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]})
|
|
||||||
(cut/generate-website-content-volume {:unique-name "test.org",
|
|
||||||
:forgejo-host "gitea.evilorg",
|
|
||||||
:forgejo-repo "none",
|
|
||||||
:branchname "mablain",
|
|
||||||
:fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]})))))
|
|
||||||
|
|
||||||
(deftest should-generate-hashfile-volume
|
|
||||||
(is (= {:apiVersion "v1",
|
|
||||||
:kind "PersistentVolumeClaim",
|
|
||||||
:metadata
|
|
||||||
{:name "test-io-hashfile-volume",
|
|
||||||
:namespace "default",
|
|
||||||
:labels {:app "test-io-nginx", :app.kubernetes.part-of "test-io-website"}},
|
|
||||||
:spec {:storageClassName "local-path", :accessModes ["ReadWriteOnce"], :resources {:requests {:storage "16Mi"}}}}
|
|
||||||
(cut/generate-hashfile-volume {:unique-name "test.io",
|
|
||||||
:forgejo-host "gitea.evilorg",
|
|
||||||
:forgejo-repo "none",
|
|
||||||
:branchname "mablain",
|
|
||||||
:fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]}))))
|
|
||||||
|
|
Loading…
Reference in a new issue