feature/introduce-namespaces #3

Merged
jem merged 11 commits from feature/introduce-namespaces into main 2024-02-27 10:13:49 +00:00
14 changed files with 672 additions and 437 deletions

View file

@ -17,3 +17,65 @@ sequenceDiagram
j ->> j: cp /target/html to website j ->> j: cp /target/html to website
deactivate j deactivate j
``` ```
# Runtime view
For the example configuration
```yaml
issuer: "staging"
websites:
- unique-name: "test.io"
fqdns: ["test.de", "test.org", "www.test.de", "www.test.org"]
forgejo-host: "codeberg.org"
forgejo-repo: "repo"
branchname: "main"
- unique-name: "example.io"
fqdns: ["example.org", "www.example.com"]
forgejo-host: "fineForgejoHost.net"
forgejo-repo: "repo"
branchname: "main"
mon-cfg:
grafana-cloud-url: "url-for-your-prom-remote-write-endpoint"
cluster-name: "website"
cluster-stage: "test"
```
the website runtime looks like:
```mermaid
C4Context
title c4k-webserver
Boundary(k8s, "cluster") {
Boundary(test_io, "namespace test-io"){
System(website_ingt, "ingress f. test.de")
Boundary(test_de_srv_t, "webserver") {
System(wst, "webserver")
SystemDb(file_htmlt, "static html")
Rel(wst, file_htmlt, "file ro")
}
Boundary(aab, "cron generate website") {
System(git_clonet, "git clone/pull & generate.sh & copy to static html")
SystemDb(file_gitt, "git repo for test.io")
Rel(git_clonet, file_gitt, "file rw")
Rel(file_gitt, file_htmlt, "file rw")
}
}
Rel(website_ingt, wst, "http")
Boundary(example_io, "namespace example-io"){
System(website_inge, "ingress f. example.org")
Boundary(test_de_srv_e, "webserver") {
System(wse, "webserver")
SystemDb(file_htmle, "static html")
Rel(wse, file_htmle, "file ro")
}
Boundary(aeb, "cron generate website") {
System(git_clonee, "git clone/pull & generate.sh & copy to static html")
SystemDb(file_gite, "git repo for example.io")
Rel(git_clonee, file_gite, "file rw")
Rel(file_gite, file_htmle, "file rw")
}
}
Rel(website_inge, wse, "http")
}
```

View file

@ -9,9 +9,6 @@
[dda.c4k-common.monitoring :as mon] [dda.c4k-common.monitoring :as mon]
[dda.c4k-website.website :as website])) [dda.c4k-website.website :as website]))
(def config-defaults {:issuer "staging"
:volume-size "3"})
(s/def ::mon-cfg ::mon/mon-cfg) (s/def ::mon-cfg ::mon/mon-cfg)
(s/def ::mon-auth ::mon/mon-auth) (s/def ::mon-auth ::mon/mon-auth)
@ -23,19 +20,19 @@
(def auth? (s/keys :req-un [::website/auth] (def auth? (s/keys :req-un [::website/auth]
:opt-un [::mon-auth])) :opt-un [::mon-auth]))
(defn-spec sort-config cp/map-or-seq? (defn-spec sort-config map?
[unsorted-config config?] [unsorted-config config?]
(let [sorted-websites (into [] (sort-by :unique-name (unsorted-config :websites)))] (let [sorted-websites (into [] (sort-by :unique-name (unsorted-config :websites)))]
(-> unsorted-config (-> unsorted-config
(assoc-in [:websites] sorted-websites)))) (assoc-in [:websites] sorted-websites))))
(defn-spec sort-auth cp/map-or-seq? (defn-spec sort-auth map?
[unsorted-auth auth?] [unsorted-auth auth?]
(let [sorted-auth (into [] (sort-by :unique-name (unsorted-auth :auth)))] (let [sorted-auth (into [] (sort-by :unique-name (unsorted-auth :auth)))]
(-> unsorted-auth (-> unsorted-auth
(assoc-in [:auth] sorted-auth)))) (assoc-in [:auth] sorted-auth))))
(defn-spec flatten-and-reduce-config cp/map-or-seq? (defn-spec flatten-and-reduce-config map?
[config config?] [config config?]
(let (let
[first-entry (first (:websites config))] [first-entry (first (:websites config))]
@ -45,11 +42,13 @@
(when (contains? config :volume-size) (when (contains? config :volume-size)
{:volume-size (config :volume-size)})))) {:volume-size (config :volume-size)}))))
(defn-spec flatten-and-reduce-auth cp/map-or-seq? (defn-spec flatten-and-reduce-auth map?
[auth auth?] [auth auth?]
(-> auth :auth first)) (-> auth :auth first))
(defn generate-configs [config auth] (defn-spec generate seq?
[config config?
auth auth?]
(loop [config (sort-config config) (loop [config (sort-config config)
auth (sort-auth auth) auth (sort-auth auth)
result []] result []]
@ -62,16 +61,19 @@
(-> (->
auth auth
(assoc-in [:auth] (rest (auth :auth)))) (assoc-in [:auth] (rest (auth :auth))))
(conj result (cm/concat-vec
(website/generate-nginx-deployment (flatten-and-reduce-config config)) result
(website/generate-namespcae (flatten-and-reduce-config config))
[(website/generate-nginx-deployment (flatten-and-reduce-config config))
(website/generate-nginx-configmap (flatten-and-reduce-config config)) (website/generate-nginx-configmap (flatten-and-reduce-config config))
(website/generate-nginx-service (flatten-and-reduce-config config)) (website/generate-nginx-service (flatten-and-reduce-config config))
(website/generate-website-content-volume (flatten-and-reduce-config config)) (website/generate-website-content-volume (flatten-and-reduce-config config))
(website/generate-hashfile-volume (flatten-and-reduce-config config)) (website/generate-hashfile-volume (flatten-and-reduce-config config))
(website/generate-website-ingress (flatten-and-reduce-config config))
(website/generate-website-certificate (flatten-and-reduce-config config))
(website/generate-website-build-cron (flatten-and-reduce-config config)) (website/generate-website-build-cron (flatten-and-reduce-config config))
(website/generate-website-build-secret (flatten-and-reduce-config config) (flatten-and-reduce-auth auth))))))) (website/generate-website-build-secret (flatten-and-reduce-config config)
(flatten-and-reduce-auth auth))]
(website/generate-ingress (flatten-and-reduce-config config))
)))))
(defn-spec k8s-objects cp/map-or-seq? (defn-spec k8s-objects cp/map-or-seq?
[config config? [config config?
@ -81,6 +83,6 @@
(filter (filter
#(not (nil? %)) #(not (nil? %))
(cm/concat-vec (cm/concat-vec
(generate-configs config auth) (generate config auth)
(when (:contains? config :mon-cfg) (when (:contains? config :mon-cfg)
(mon/generate (:mon-cfg config) (:mon-auth auth)))))))) (mon/generate (:mon-cfg config) (:mon-auth auth))))))))

View file

@ -3,32 +3,23 @@
[clojure.spec.alpha :as s] [clojure.spec.alpha :as s]
#?(:clj [orchestra.core :refer [defn-spec]] #?(:clj [orchestra.core :refer [defn-spec]]
:cljs [orchestra.core :refer-macros [defn-spec]]) :cljs [orchestra.core :refer-macros [defn-spec]])
#?(:cljs [dda.c4k-common.macros :refer-macros [inline-resources]])
[dda.c4k-common.yaml :as yaml]
[dda.c4k-common.common :as cm]
[dda.c4k-common.base64 :as b64]
[dda.c4k-common.predicate :as pred]
[dda.c4k-common.ingress :as ing] [dda.c4k-common.ingress :as ing]
[clojure.string :as str])) [dda.c4k-common.namespace :as ns]
[dda.c4k-website.website.website-internal :as int]))
(defn fqdn-list? (s/def ::unique-name ::int/unique-name)
[input] (s/def ::issuer ::int/issuer)
(every? true? (map pred/fqdn-string? input))) (s/def ::volume-size ::int/volume-size)
(s/def ::authtoken ::int/authtoken)
(s/def ::unique-name string?) (s/def ::fqdns ::int/fqdns)
(s/def ::sha256sum-output string?) (s/def ::forgejo-host ::int/forgejo-host)
(s/def ::issuer pred/letsencrypt-issuer?) (s/def ::forgejo-repo ::int/forgejo-repo)
(s/def ::volume-size pred/integer-string?) (s/def ::branchname ::int/branchname)
(s/def ::authtoken pred/bash-env-string?) (s/def ::username ::int/username)
(s/def ::fqdns (s/coll-of pred/fqdn-string?)) (s/def ::build-cpu-request ::int/build-cpu-request)
(s/def ::forgejo-host pred/fqdn-string?) (s/def ::build-memory-request ::int/build-memory-request)
(s/def ::forgejo-repo string?) (s/def ::build-cpu-limit ::int/build-cpu-limit)
(s/def ::branchname string?) (s/def ::build-memory-limit ::int/build-memory-limit)
(s/def ::username string?)
(s/def ::build-cpu-request string?)
(s/def ::build-memory-request string?)
(s/def ::build-cpu-limit string?)
(s/def ::build-memory-limit string?)
(def websiteconfig? (s/keys :req-un [::unique-name (def websiteconfig? (s/keys :req-un [::unique-name
::fqdns ::fqdns
@ -44,169 +35,75 @@
(def websiteauth? (s/keys :req-un [::unique-name ::username ::authtoken])) (def websiteauth? (s/keys :req-un [::unique-name ::username ::authtoken]))
(s/def ::websites (s/coll-of websiteconfig?)) (def config-defaults {:issuer "staging"
:build-cpu-request "500m"
:build-cpu-limit "1700m"
:build-memory-request "256Mi"
:build-memory-limit "512Mi"
:volume-size "3"})
(s/def ::auth (s/coll-of websiteauth?)) (defn-spec generate-nginx-deployment map?
(def websites? (s/keys :req-un [::websites]))
(def auth? (s/keys :req-un [::auth]))
(defn-spec get-hash-from-sha256sum-output string?
[sha256sum-output string?]
(if (nil? sha256sum-output)
nil
(first (str/split sha256sum-output #"\ +"))))
(defn-spec get-file-name-from-sha256sum-output string?
[sha256sum-output string?]
(if (nil? sha256sum-output)
nil
(second (str/split (str/trim sha256sum-output) #"\ +"))))
(defn-spec replace-dots-by-minus string?
[fqdn pred/fqdn-string?]
(str/replace fqdn #"\." "-"))
(defn-spec generate-app-name string?
[unique-name pred/fqdn-string?]
(str (replace-dots-by-minus unique-name) "-website"))
(defn-spec generate-service-name string?
[unique-name pred/fqdn-string?]
(str (replace-dots-by-minus unique-name) "-service"))
(defn-spec generate-cert-name string?
[unique-name pred/fqdn-string?]
(str (replace-dots-by-minus unique-name) "-cert"))
(defn-spec generate-ingress-name string?
[unique-name pred/fqdn-string?]
(str (replace-dots-by-minus unique-name) "-ingress"))
; https://your.gitea.host/api/v1/repos/<owner>/<repo>/archive/<branch>.zip
(defn-spec generate-gitrepourl string?
[host pred/fqdn-string?
repo string?
user string?
branch string?]
(str "https://" host "/api/v1/repos/" user "/" repo "/archive/" branch ".zip"))
; https://your.gitea.host/api/v1/repos/<owner>/<repo>/git/commits/HEAD
(defn-spec generate-gitcommiturl string?
[host pred/fqdn-string?
repo string?
user string?]
(str "https://" host "/api/v1/repos/" user "/" repo "/git/" "commits/" "HEAD"))
(defn-spec replace-all-matching-substrings-beginning-with pred/map-or-seq?
[col pred/map-or-seq?
value-to-partly-match string?
value-to-inplace string?]
(clojure.walk/postwalk #(if (and (= (type value-to-partly-match) (type %))
(re-matches (re-pattern (str value-to-partly-match ".*")) %))
(str/replace % value-to-partly-match value-to-inplace) %)
col))
(defn-spec replace-common-data pred/map-or-seq?
[resource-file string?
config websiteconfig?]
(let [{:keys [unique-name]} config]
(->
(yaml/load-as-edn resource-file)
(assoc-in [:metadata :labels :app.kubernetes.part-of] (generate-app-name unique-name))
(replace-all-matching-substrings-beginning-with "NAME" (replace-dots-by-minus unique-name)))))
(defn-spec replace-build-data pred/map-or-seq?
[resource-file string?
config websiteconfig?]
(let [{:keys [build-cpu-request build-cpu-limit build-memory-request build-memory-limit]
:or {build-cpu-request "500m" build-cpu-limit "1700m" build-memory-request "256Mi" build-memory-limit "512Mi"}} config]
(->
(replace-common-data resource-file config)
(cm/replace-all-matching-values-by-new-value "BUILD_CPU_REQUEST" build-cpu-request)
(cm/replace-all-matching-values-by-new-value "BUILD_CPU_LIMIT" build-cpu-limit)
(cm/replace-all-matching-values-by-new-value "BUILD_MEMORY_REQUEST" build-memory-request)
(cm/replace-all-matching-values-by-new-value "BUILD_MEMORY_LIMIT" build-memory-limit))))
#?(:cljs
(defmethod yaml/load-resource :website [resource-name]
(get (inline-resources "website") resource-name)))
(defn-spec generate-nginx-deployment pred/map-or-seq?
[config websiteconfig?] [config websiteconfig?]
(replace-build-data "website/nginx-deployment.yaml" config)) (let [final-config (merge config-defaults
config)]
(int/generate-nginx-deployment final-config)))
(defn-spec generate-nginx-configmap pred/map-or-seq?
(defn-spec generate-nginx-configmap map?
[config websiteconfig?] [config websiteconfig?]
(let [{:keys [fqdns]} config] (let [final-config (merge config-defaults
(-> config)]
(replace-common-data "website/nginx-configmap.yaml" config) (int/generate-nginx-configmap final-config)))
(#(assoc-in %
[:data :website.conf]
(str/replace
(-> % :data :website.conf) #"FQDN" (str (str/join " " fqdns) ";")))))))
(defn-spec generate-nginx-service pred/map-or-seq?
(defn-spec generate-nginx-service map?
[config websiteconfig?] [config websiteconfig?]
(replace-common-data "website/nginx-service.yaml" config)) (let [final-config (merge config-defaults
config)]
(int/generate-nginx-service final-config)))
(defn-spec generate-website-content-volume pred/map-or-seq?
(defn-spec generate-website-content-volume map?
[config websiteconfig?] [config websiteconfig?]
(let [{:keys [volume-size] (let [final-config (merge config-defaults
:or {volume-size "3"}} config] config)]
(-> (int/generate-website-content-volume final-config)))
(replace-common-data "website/website-content-volume.yaml" config)
(cm/replace-all-matching-values-by-new-value "WEBSITESTORAGESIZE" (str volume-size "Gi")))))
(defn-spec generate-hashfile-volume pred/map-or-seq?
(defn-spec generate-hashfile-volume map?
[config websiteconfig?] [config websiteconfig?]
(replace-common-data "website/hashfile-volume.yaml" config)) (let [final-config (merge config-defaults
config)]
(int/generate-hashfile-volume final-config)))
; using simple ingress instead removes the need of cert handling (defn-spec generate-website-build-cron map?
(defn-spec generate-website-ingress pred/map-or-seq?
[config websiteconfig?] [config websiteconfig?]
(let [{:keys [unique-name fqdns]} config] (let [final-config (merge config-defaults
(ing/generate-ingress {:fqdns fqdns config)]
:app-name (generate-app-name unique-name) (int/generate-website-build-cron final-config)))
:ingress-name (generate-ingress-name unique-name)
:service-name (generate-service-name unique-name)
:service-port 80})))
(defn-spec generate-website-certificate pred/map-or-seq?
[config websiteconfig?]
(let [{:keys [unique-name issuer fqdns]
:or {issuer "staging"}} config]
(ing/generate-certificate {:fqdns fqdns
:app-name (generate-app-name unique-name)
:cert-name (generate-cert-name unique-name)
:issuer issuer})))
(defn-spec generate-website-build-cron pred/map-or-seq? (defn-spec generate-website-build-secret map?
[config websiteconfig?]
(replace-build-data "website/website-build-cron.yaml" config))
; TODO: repo & commit-url sounds more like config map?
(defn-spec generate-website-build-secret pred/map-or-seq?
[config websiteconfig? [config websiteconfig?
auth websiteauth?] auth websiteauth?]
(let [{:keys [forgejo-host (let [final-config (merge config-defaults
forgejo-repo config)]
branchname]} config (int/generate-website-build-secret final-config auth)))
{:keys [authtoken
username]} auth]
(->
(replace-common-data "website/website-build-secret.yaml" config)
(cm/replace-all-matching-values-by-new-value "TOKEN" (b64/encode authtoken))
(cm/replace-all-matching-values-by-new-value "REPOURL" (b64/encode
(generate-gitrepourl
forgejo-host
forgejo-repo
username
branchname)))
(cm/replace-all-matching-values-by-new-value "COMMITURL" (b64/encode
(generate-gitcommiturl
forgejo-host
forgejo-repo
username))))))
(defn-spec generate-namespcae seq?
[config websiteconfig?]
(let [name (int/replace-dots-by-minus (:unique-name config))
final-config (merge config-defaults
{:namespace name}
config)]
(ns/generate final-config)))
(defn-spec generate-ingress seq?
[config websiteconfig?]
(let [name (int/replace-dots-by-minus (:unique-name config))
final-config (merge config-defaults
{:service-name name
:service-port 80
:namespace name}
config)]
(ing/generate-simple-ingress final-config)))

View file

@ -0,0 +1,186 @@
(ns dda.c4k-website.website.website-internal
(:require
[clojure.spec.alpha :as s]
[clojure.string :as str]
#?(:clj [orchestra.core :refer [defn-spec]]
:cljs [orchestra.core :refer-macros [defn-spec]])
#?(:cljs [dda.c4k-common.macros :refer-macros [inline-resources]])
[dda.c4k-common.yaml :as yaml]
[dda.c4k-common.common :as cm]
[dda.c4k-common.base64 :as b64]
[dda.c4k-common.predicate :as pred]
[dda.c4k-common.ingress :as ing]))
(defn fqdn-list?
[input]
(every? true? (map pred/fqdn-string? input)))
(s/def ::unique-name string?)
(s/def ::issuer pred/letsencrypt-issuer?)
(s/def ::volume-size pred/integer-string?)
(s/def ::authtoken pred/bash-env-string?)
(s/def ::fqdns (s/coll-of pred/fqdn-string?))
(s/def ::forgejo-host pred/fqdn-string?)
(s/def ::forgejo-repo string?)
(s/def ::branchname string?)
(s/def ::username string?)
(s/def ::build-cpu-request string?)
(s/def ::build-memory-request string?)
(s/def ::build-cpu-limit string?)
(s/def ::build-memory-limit string?)
(def websiteconfig? (s/keys :req-un [::unique-name
::fqdns
::forgejo-host
::forgejo-repo
::branchname
::issuer
::volume-size
::build-cpu-request
::build-cpu-limit
::build-memory-request
::build-memory-limit]))
(def websiteauth? (s/keys :req-un [::unique-name ::username ::authtoken]))
(s/def ::websites (s/coll-of websiteconfig?))
(s/def ::auth (s/coll-of websiteauth?))
(def websites? (s/keys :req-un [::websites]))
(def auth? (s/keys :req-un [::auth]))
(defn-spec replace-dots-by-minus string?
[fqdn pred/fqdn-string?]
(str/replace fqdn #"\." "-"))
; https://your.gitea.host/api/v1/repos/<owner>/<repo>/archive/<branch>.zip
(defn-spec generate-gitrepourl string?
[host pred/fqdn-string?
repo string?
user string?
branch string?]
(str "https://" host "/api/v1/repos/" user "/" repo "/archive/" branch ".zip"))
; https://your.gitea.host/api/v1/repos/<owner>/<repo>/git/commits/HEAD
(defn-spec generate-gitcommiturl string?
[host pred/fqdn-string?
repo string?
user string?]
(str "https://" host "/api/v1/repos/" user "/" repo "/git/" "commits/" "HEAD"))
(defn-spec replace-all-matching-substrings-beginning-with pred/map-or-seq?
[col pred/map-or-seq?
value-to-partly-match string?
value-to-inplace string?]
(clojure.walk/postwalk #(if (and (= (type value-to-partly-match) (type %))
(re-matches (re-pattern (str value-to-partly-match ".*")) %))
(str/replace % value-to-partly-match value-to-inplace) %)
col))
(defn-spec generate-nginx-deployment map?
[config websiteconfig?]
(let [{:keys [unique-name build-cpu-request build-cpu-limit
build-memory-request build-memory-limit]} config
name (replace-dots-by-minus unique-name)]
(->
(yaml/load-as-edn "website/nginx-deployment.yaml")
(assoc-in [:metadata :namespace] name)
(replace-all-matching-substrings-beginning-with "NAME" name)
(cm/replace-all-matching-values-by-new-value "BUILD_CPU_REQUEST" build-cpu-request)
(cm/replace-all-matching-values-by-new-value "BUILD_CPU_LIMIT" build-cpu-limit)
(cm/replace-all-matching-values-by-new-value "BUILD_MEMORY_REQUEST" build-memory-request)
(cm/replace-all-matching-values-by-new-value "BUILD_MEMORY_LIMIT" build-memory-limit))))
(defn-spec generate-nginx-configmap map?
[config websiteconfig?]
(let [{:keys [fqdns unique-name]} config
name (replace-dots-by-minus unique-name)]
(->
(yaml/load-as-edn "website/nginx-configmap.yaml")
(assoc-in [:metadata :namespace] name)
(replace-all-matching-substrings-beginning-with "NAME" name)
(#(assoc-in %
[:data :website.conf]
(str/replace
(-> % :data :website.conf) #"FQDN" (str (str/join " " fqdns) ";")))))))
(defn-spec generate-nginx-service map?
[config websiteconfig?]
(let [{:keys [unique-name]} config
name (replace-dots-by-minus unique-name)]
(->
(yaml/load-as-edn "website/nginx-service.yaml")
(assoc-in [:metadata :namespace] name)
(replace-all-matching-substrings-beginning-with "NAME" name))))
(defn-spec generate-website-build-cron map?
[config websiteconfig?]
(let [{:keys [unique-name build-cpu-request build-cpu-limit build-memory-request
build-memory-limit]} config
name (replace-dots-by-minus unique-name)]
(->
(yaml/load-as-edn "website/build-cron.yaml")
(replace-all-matching-substrings-beginning-with "NAME" name)
(cm/replace-all-matching-values-by-new-value "BUILD_CPU_REQUEST" build-cpu-request)
(cm/replace-all-matching-values-by-new-value "BUILD_CPU_LIMIT" build-cpu-limit)
(cm/replace-all-matching-values-by-new-value "BUILD_MEMORY_REQUEST" build-memory-request)
(cm/replace-all-matching-values-by-new-value "BUILD_MEMORY_LIMIT" build-memory-limit))))
(defn-spec generate-website-build-secret pred/map-or-seq?
[config websiteconfig?
auth websiteauth?]
(let [{:keys [unique-name
forgejo-host
forgejo-repo
branchname]} config
{:keys [authtoken
username]} auth
name (replace-dots-by-minus unique-name)]
(->
(yaml/load-as-edn "website/build-secret.yaml")
(replace-all-matching-substrings-beginning-with "NAME" name)
(cm/replace-all-matching-values-by-new-value "TOKEN" (b64/encode authtoken))
(cm/replace-all-matching-values-by-new-value "REPOURL" (b64/encode
(generate-gitrepourl
forgejo-host
forgejo-repo
username
branchname)))
(cm/replace-all-matching-values-by-new-value "COMMITURL" (b64/encode
(generate-gitcommiturl
forgejo-host
forgejo-repo
username))))))
(defn-spec generate-website-content-volume map?
[config websiteconfig?]
(let [{:keys [unique-name volume-size]} config
name (replace-dots-by-minus unique-name)]
(->
(yaml/load-as-edn "website/content-pvc.yaml")
(replace-all-matching-substrings-beginning-with "NAME" name)
(cm/replace-all-matching-values-by-new-value "WEBSITESTORAGESIZE" (str volume-size "Gi")))))
; TODO: Non-Secret-Parts should be config map
(defn-spec generate-hashfile-volume map?
[config websiteconfig?]
(let [{:keys [unique-name]} config
name (replace-dots-by-minus unique-name)]
(->
(yaml/load-as-edn "website/hash-state-pvc.yaml")
(replace-all-matching-substrings-beginning-with "NAME" name))))
#?(:cljs
(defmethod yaml/load-resource :website [resource-name]
(get (inline-resources "website") resource-name)))

View file

@ -1,7 +1,8 @@
apiVersion: batch/v1 apiVersion: batch/v1
kind: CronJob kind: CronJob
metadata: metadata:
name: NAME-build-cron name: build-cron
namespace: NAME
labels: labels:
app.kubernetes.part-of: NAME-website app.kubernetes.part-of: NAME-website
spec: spec:
@ -11,10 +12,15 @@ spec:
jobTemplate: jobTemplate:
spec: spec:
template: template:
metadata:
namespace: NAME
labels:
app: build-cron
app.kubernetes.part-of: NAME-website
spec: spec:
containers: containers:
- image: domaindrivenarchitecture/c4k-website-build - image: domaindrivenarchitecture/c4k-website-build
name: NAME-build-app name: build-cron-container
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
resources: resources:
requests: requests:
@ -26,18 +32,18 @@ spec:
command: ["/entrypoint.sh"] command: ["/entrypoint.sh"]
envFrom: envFrom:
- secretRef: - secretRef:
name: NAME-secret name: build-secret
volumeMounts: volumeMounts:
- name: content-volume - name: content-volume
mountPath: /var/www/html/website mountPath: /var/www/html/website
- name: hashfile-volume - name: hash-state-volume
mountPath: /var/hashfile.d mountPath: /var/hashfile.d
volumes: volumes:
- name: content-volume - name: content-volume
persistentVolumeClaim: persistentVolumeClaim:
claimName: NAME-content-volume claimName: content-volume
- name: hashfile-volume - name: hash-state-volume
persistentVolumeClaim: persistentVolumeClaim:
claimName: NAME-hashfile-volume claimName: hash-state-volume
restartPolicy: OnFailure restartPolicy: OnFailure

View file

@ -1,7 +1,8 @@
apiVersion: v1 apiVersion: v1
kind: Secret kind: Secret
metadata: metadata:
name: NAME-secret name: build-secret
namespace: NAME
labels: labels:
app.kubernetes.part-of: NAME-website app.kubernetes.part-of: NAME-website
data: data:

View file

@ -1,10 +1,9 @@
apiVersion: v1 apiVersion: v1
kind: PersistentVolumeClaim kind: PersistentVolumeClaim
metadata: metadata:
name: NAME-content-volume name: content-volume
namespace: default namespace: NAME
labels: labels:
app: NAME-nginx
app.kubernetes.part-of: NAME-website app.kubernetes.part-of: NAME-website
spec: spec:
storageClassName: local-path storageClassName: local-path

View file

@ -1,10 +1,9 @@
apiVersion: v1 apiVersion: v1
kind: PersistentVolumeClaim kind: PersistentVolumeClaim
metadata: metadata:
name: NAME-hashfile-volume name: hash-state-volume
namespace: default namespace: NAME
labels: labels:
app: NAME-nginx
app.kubernetes.part-of: NAME-website app.kubernetes.part-of: NAME-website
spec: spec:
storageClassName: local-path storageClassName: local-path

View file

@ -1,7 +1,7 @@
apiVersion: v1 apiVersion: v1
kind: ConfigMap kind: ConfigMap
metadata: metadata:
name: NAME-configmap name: etc-nginx
namespace: default namespace: default
labels: labels:
app.kubernetes.part-of: NAME-website app.kubernetes.part-of: NAME-website
@ -9,7 +9,7 @@ data:
nginx.conf: | nginx.conf: |
user nginx; user nginx;
worker_processes 3; worker_processes 3;
error_log /var/log/nginx/error.log; error_log stdout info;
pid /var/log/nginx/nginx.pid; pid /var/log/nginx/nginx.pid;
worker_rlimit_nofile 8192; worker_rlimit_nofile 8192;
events { events {
@ -21,7 +21,7 @@ data:
log_format main '$remote_addr - $remote_user [$time_local] $status' log_format main '$remote_addr - $remote_user [$time_local] $status'
'"$request" $body_bytes_sent "$http_referer"' '"$request" $body_bytes_sent "$http_referer"'
'"$http_user_agent" "$http_x_forwarded_for"'; '"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main; access_log stdout main;
sendfile on; sendfile on;
tcp_nopush on; tcp_nopush on;
keepalive_timeout 65; keepalive_timeout 65;

View file

@ -1,21 +1,24 @@
apiVersion: apps/v1 apiVersion: apps/v1
kind: Deployment kind: Deployment
metadata: metadata:
name: NAME-deployment name: nginx
namespace: NAME
labels: labels:
app.kubernetes.part-of: NAME-website app.kubernetes.part-of: NAME-website
spec: spec:
replicas: 1 replicas: 1
selector: selector:
matchLabels: matchLabels:
app: NAME-nginx app: nginx
template: template:
metadata: metadata:
namespace: NAME
labels: labels:
app: NAME-nginx app: nginx
app.kubernetes.part-of: NAME-website
spec: spec:
containers: containers:
- name: NAME-nginx - name: nginx
image: nginx:latest image: nginx:latest
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
ports: ports:
@ -23,7 +26,7 @@ spec:
volumeMounts: volumeMounts:
- mountPath: /etc/nginx - mountPath: /etc/nginx
readOnly: true readOnly: true
name: nginx-config-volume name: etc-ngingx
- mountPath: /var/log/nginx - mountPath: /var/log/nginx
name: log name: log
- mountPath: /var/www/html/website - mountPath: /var/www/html/website
@ -31,7 +34,7 @@ spec:
readOnly: true readOnly: true
initContainers: initContainers:
- image: domaindrivenarchitecture/c4k-website-build - image: domaindrivenarchitecture/c4k-website-build
name: NAME-init-build-container name: init-build-container
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
resources: resources:
requests: requests:
@ -43,16 +46,16 @@ spec:
command: ["/entrypoint.sh"] command: ["/entrypoint.sh"]
envFrom: envFrom:
- secretRef: - secretRef:
name: NAME-secret name: build-secret
volumeMounts: volumeMounts:
- name: content-volume - name: content-volume
mountPath: /var/www/html/website mountPath: /var/www/html/website
- name: hashfile-volume - name: hash-state-volume
mountPath: /var/hashfile.d mountPath: /var/hashfile.d
volumes: volumes:
- name: nginx-config-volume - name: etc-nginx
configMap: configMap:
name: NAME-configmap name: etc-nginx
items: items:
- key: nginx.conf - key: nginx.conf
path: nginx.conf path: nginx.conf
@ -64,8 +67,8 @@ spec:
emptyDir: {} emptyDir: {}
- name: content-volume - name: content-volume
persistentVolumeClaim: persistentVolumeClaim:
claimName: NAME-content-volume claimName: content-volume
- name: hashfile-volume - name: hash-state-volume
persistentVolumeClaim: persistentVolumeClaim:
claimName: NAME-hashfile-volume claimName: hash-state-volume

View file

@ -1,14 +1,14 @@
kind: Service kind: Service
apiVersion: v1 apiVersion: v1
metadata: metadata:
name: NAME-service name: NAME
labels:
app: NAME-nginx
app.kubernetes.part-of: NAME-website
namespace: default namespace: default
labels:
app: NAME
app.kubernetes.part-of: NAME-website
spec: spec:
selector: selector:
app: NAME-nginx app: nginx
ports: ports:
- name: nginx-http - name: nginx-http
port: 80 port: 80

View file

@ -4,9 +4,15 @@
#?(:clj [clojure.test :refer [deftest is are testing run-tests]] #?(:clj [clojure.test :refer [deftest is are testing run-tests]]
:cljs [cljs.test :refer-macros [deftest is are testing run-tests]]) :cljs [cljs.test :refer-macros [deftest is are testing run-tests]])
[clojure.spec.alpha :as s] [clojure.spec.alpha :as s]
[clojure.spec.test.alpha :as st]
[dda.c4k-common.yaml :as yaml] [dda.c4k-common.yaml :as yaml]
[dda.c4k-website.core :as cut])) [dda.c4k-website.core :as cut]))
(st/instrument `cut/sort-config)
(st/instrument `cut/flattened-and-reduced-config)
(st/instrument `cut/flatten-and-reduce-auth)
(st/instrument `cut/generate)
#?(:cljs #?(:cljs
(defmethod yaml/load-resource :website-test [resource-name] (defmethod yaml/load-resource :website-test [resource-name]
(case resource-name (case resource-name
@ -118,3 +124,8 @@
(cut/flatten-and-reduce-auth (cut/sort-auth auth1)))) (cut/flatten-and-reduce-auth (cut/sort-auth auth1))))
(is (= flattened-and-reduced-auth (is (= flattened-and-reduced-auth
(cut/flatten-and-reduce-auth (cut/sort-auth auth2))))) (cut/flatten-and-reduce-auth (cut/sort-auth auth2)))))
(deftest test-generate
(is (= 22
(count (cut/generate (yaml/load-as-edn "website-test/valid-config.yaml")
(yaml/load-as-edn "website-test/valid-auth.yaml"))))))

View file

@ -0,0 +1,233 @@
(ns dda.c4k-website.website.website-internal-test
(:require
#?(:clj [clojure.test :refer [deftest is are testing run-tests]]
:cljs [cljs.test :refer-macros [deftest is are testing run-tests]])
[clojure.spec.test.alpha :as st]
[dda.c4k-website.website.website-internal :as cut]))
(st/instrument `cut/generate-nginx-configmap)
(st/instrument `cut/generate-nginx-service)
(st/instrument `cut/generate-website-content-volume)
(st/instrument `cut/generate-hashfile-volume)
(st/instrument `cut/generate-website-ingress)
(st/instrument `cut/generate-website-certificate)
(st/instrument `cut/generate-website-build-cron)
(st/instrument `cut/generate-website-build-secret)
(deftest should-generate-resource-requests
(is (= {:requests {:cpu "1500m", :memory "512Mi"}, :limits {:cpu "3000m", :memory "1024Mi"}}
(-> (cut/generate-nginx-deployment {:forgejo-host "gitlab.de",
:fqdns ["test.de" "test.org" "www.test.de" "www.test.org"],
:forgejo-repo "repo",
:issuer "staging",
:branchname "main",
:unique-name "test.io"
:build-cpu-request "1500m"
:build-cpu-limit "3000m"
:build-memory-request "512Mi"
:build-memory-limit "1024Mi"
:volume-size 3})
:spec :template :spec :initContainers first :resources)))
(is (= "test-io"
(-> (cut/generate-nginx-deployment {:forgejo-host "gitlab.de",
:fqdns ["test.de" "test.org" "www.test.de" "www.test.org"],
:forgejo-repo "repo",
:issuer "staging",
:branchname "main",
:unique-name "test.io"
:build-cpu-request "1500m"
:build-cpu-limit "3000m"
:build-memory-request "512Mi"
:build-memory-limit "1024Mi"
:volume-size 3})
:metadata :namespace))))
(deftest should-generate-nginx-configmap-website
(is (= "server {\n listen 80 default_server;\n listen [::]:80 default_server;\n server_name test.de www.test.de test-it.de www.test-it.de;\n add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload'; \n add_header X-Frame-Options \"SAMEORIGIN\";\n add_header X-Content-Type-Options nosniff;\n add_header Referrer-Policy \"strict-origin\";\n # add_header Permissions-Policy \"permissions here\";\n root /var/www/html/website/;\n index index.html;\n location / {\n try_files $uri $uri/ /index.html =404;\n }\n}\n"
(:website.conf (:data (cut/generate-nginx-configmap {:issuer "staging"
:build-cpu-request "500m"
:build-cpu-limit "1700m"
:build-memory-request "256Mi"
:build-memory-limit "512Mi"
:volume-size "3"
:unique-name "test.io",
:forgejo-host "gitea.evilorg",
:forgejo-repo "none",
:branchname "mablain",
:fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]})))))
(is (= "types {\n text/html html htm shtml;\n text/css css;\n text/xml xml rss;\n image/gif gif;\n image/jpeg jpeg jpg;\n application/x-javascript js;\n text/plain txt;\n text/x-component htc;\n text/mathml mml;\n image/svg+xml svg svgz;\n image/png png;\n image/x-icon ico;\n image/x-jng jng;\n image/vnd.wap.wbmp wbmp;\n application/java-archive jar war ear;\n application/mac-binhex40 hqx;\n application/pdf pdf;\n application/x-cocoa cco;\n application/x-java-archive-diff jardiff;\n application/x-java-jnlp-file jnlp;\n application/x-makeself run;\n application/x-perl pl pm;\n application/x-pilot prc pdb;\n application/x-rar-compressed rar;\n application/x-redhat-package-manager rpm;\n application/x-sea sea;\n application/x-shockwave-flash swf;\n application/x-stuffit sit;\n application/x-tcl tcl tk;\n application/x-x509-ca-cert der pem crt;\n application/x-xpinstall xpi;\n application/zip zip;\n application/octet-stream deb;\n application/octet-stream bin exe dll;\n application/octet-stream dmg;\n application/octet-stream eot;\n application/octet-stream iso img;\n application/octet-stream msi msp msm;\n audio/mpeg mp3;\n audio/x-realaudio ra;\n video/mpeg mpeg mpg;\n video/quicktime mov;\n video/x-flv flv;\n video/x-msvideo avi;\n video/x-ms-wmv wmv;\n video/x-ms-asf asx asf;\n video/x-mng mng;\n}\n"
(:mime.types (:data (cut/generate-nginx-configmap {:issuer "staging"
:build-cpu-request "500m"
:build-cpu-limit "1700m"
:build-memory-request "256Mi"
:build-memory-limit "512Mi"
:volume-size "3"
:unique-name "test.io",
:forgejo-host "gitea.evilorg",
:forgejo-repo "none",
:branchname "mablain",
:fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]})))))
(is (= "user nginx;\nworker_processes 3;\nerror_log stdout info;\npid /var/log/nginx/nginx.pid;\nworker_rlimit_nofile 8192;\nevents {\n worker_connections 4096;\n}\nhttp {\n include /etc/nginx/mime.types;\n default_type application/octet-stream;\n log_format main '$remote_addr - $remote_user [$time_local] $status'\n '\"$request\" $body_bytes_sent \"$http_referer\"'\n '\"$http_user_agent\" \"$http_x_forwarded_for\"';\n access_log stdout main;\n sendfile on;\n tcp_nopush on;\n keepalive_timeout 65;\n server_names_hash_bucket_size 128;\n include /etc/nginx/conf.d/website.conf;\n}\n"
(:nginx.conf (:data (cut/generate-nginx-configmap {:issuer "staging"
:build-cpu-request "500m"
:build-cpu-limit "1700m"
:build-memory-request "256Mi"
:build-memory-limit "512Mi"
:volume-size "3"
:unique-name "test.io",
:forgejo-host "gitea.evilorg",
:forgejo-repo "none",
:branchname "mablain",
:fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]})))))
(is (= {:apiVersion "v1",
:kind "ConfigMap",
:metadata {:labels {:app.kubernetes.part-of "test-io-website"},
:namespace "test-io",
:name "etc-nginx"}}
(dissoc (cut/generate-nginx-configmap {:issuer "staging"
:build-cpu-request "500m"
:build-cpu-limit "1700m"
:build-memory-request "256Mi"
:build-memory-limit "512Mi"
:volume-size "3"
:unique-name "test.io",
:forgejo-host "gitea.evilorg",
:forgejo-repo "none",
:branchname "mablain",
:fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]}) :data))))
(deftest should-generate-nginx-service
(is (= {:kind "Service",
:apiVersion "v1",
:metadata
{:name "test-io",
:namespace "test-io",
:labels {:app "test-io", :app.kubernetes.part-of "test-io-website"}},
:spec
{:selector {:app "nginx"}, :ports [{:name "nginx-http", :port 80}]}}
(cut/generate-nginx-service {:issuer "staging"
:build-cpu-request "500m"
:build-cpu-limit "1700m"
:build-memory-request "256Mi"
:build-memory-limit "512Mi"
:volume-size "3"
:unique-name "test.io",
:forgejo-host "gitea.evilorg",
:forgejo-repo "none",
:branchname "mablain",
:fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]})
)))
(deftest should-generate-website-build-cron
(is (= {:apiVersion "batch/v1",
:kind "CronJob",
:metadata {:name "build-cron",
:namespace "test-io",
:labels {:app.kubernetes.part-of "test-io-website"}},
:spec
{:schedule "0/7 * * * *",
:successfulJobsHistoryLimit 1,
:failedJobsHistoryLimit 1,
:jobTemplate
{:spec
{:template
{:metadata
{:namespace "test-io",
:labels
{:app "build-cron", :app.kubernetes.part-of "test-io-website"}}
:spec
{:containers
[{:image "domaindrivenarchitecture/c4k-website-build",
:name "build-cron-container",
:imagePullPolicy "IfNotPresent",
:resources {:requests {:cpu "500m", :memory "256Mi"}, :limits {:cpu "1700m", :memory "512Mi"}},
:command ["/entrypoint.sh"],
:envFrom [{:secretRef {:name "build-secret"}}],
:volumeMounts [{:name "content-volume", :mountPath "/var/www/html/website"}
{:name "hash-state-volume", :mountPath "/var/hashfile.d"}]}],
:volumes [{:name "content-volume", :persistentVolumeClaim {:claimName "content-volume"}}
{:name "hash-state-volume", :persistentVolumeClaim {:claimName "hash-state-volume"}}],
:restartPolicy "OnFailure"}}}}}}
(cut/generate-website-build-cron {:issuer "staging"
:build-cpu-request "500m"
:build-cpu-limit "1700m"
:build-memory-request "256Mi"
:build-memory-limit "512Mi"
:volume-size "3"
:forgejo-host "gitlab.de",
:fqdns ["test.de" "test.org" "www.test.de" "www.test.org"],
:forgejo-repo "repo",
:branchname "main",
:unique-name "test.io"}))))
(deftest should-generate-website-build-secret
(is (= {:apiVersion "v1",
:kind "Secret",
:metadata {:name "build-secret",
:namespace "test-io",
:labels {:app.kubernetes.part-of "test-io-website"}},
:data
{:AUTHTOKEN "YWJlZGpnYmFzZG9kag==",
:GITREPOURL "aHR0cHM6Ly9naXRsYWIuZGUvYXBpL3YxL3JlcG9zL3NvbWV1c2VyL3JlcG8vYXJjaGl2ZS9tYWluLnppcA==",
:GITCOMMITURL "aHR0cHM6Ly9naXRsYWIuZGUvYXBpL3YxL3JlcG9zL3NvbWV1c2VyL3JlcG8vZ2l0L2NvbW1pdHMvSEVBRA=="}}
(cut/generate-website-build-secret {:fqdns ["test.de" "test.org" "www.test.de" "www.test.org"],
:forgejo-repo "repo",
:issuer "staging",
:branchname "main",
:unique-name "test.io",
:forgejo-host "gitlab.de"
:build-cpu-request "500m"
:build-cpu-limit "1700m"
:build-memory-request "256Mi"
:build-memory-limit "512Mi"
:volume-size "3"}
{:unique-name "test.io",
:authtoken "abedjgbasdodj",
:username "someuser"}))))
(deftest should-generate-website-content-volume
(is (= {:apiVersion "v1",
:kind "PersistentVolumeClaim",
:metadata
{:name "content-volume",
:namespace "test-io",
:labels {:app.kubernetes.part-of "test-io-website"}},
:spec
{:storageClassName "local-path",
:accessModes ["ReadWriteOnce"],
:resources {:requests {:storage "3Gi"}}}}
(cut/generate-website-content-volume {:issuer "staging"
:build-cpu-request "500m"
:build-cpu-limit "1700m"
:build-memory-request "256Mi"
:build-memory-limit "512Mi"
:volume-size "3"
:unique-name "test.io",
:forgejo-host "gitea.evilorg",
:forgejo-repo "none",
:branchname "mablain",
:fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]}))))
(deftest should-generate-hashfile-volume
(is (= {:apiVersion "v1",
:kind "PersistentVolumeClaim",
:metadata
{:name "hash-state-volume",
:namespace "test-io",
:labels {:app.kubernetes.part-of "test-io-website"}},
:spec {:storageClassName "local-path",
:accessModes ["ReadWriteOnce"],
:resources {:requests {:storage "16Mi"}}}}
(cut/generate-hashfile-volume {:issuer "staging"
:build-cpu-request "500m"
:build-cpu-limit "1700m"
:build-memory-request "256Mi"
:build-memory-limit "512Mi"
:volume-size "3"
:unique-name "test.io",
:forgejo-host "gitea.evilorg",
:forgejo-repo "none",
:branchname "mablain",
:fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]}))))

View file

@ -3,215 +3,51 @@
#?(:clj [clojure.test :refer [deftest is are testing run-tests]] #?(:clj [clojure.test :refer [deftest is are testing run-tests]]
:cljs [cljs.test :refer-macros [deftest is are testing run-tests]]) :cljs [cljs.test :refer-macros [deftest is are testing run-tests]])
[clojure.spec.test.alpha :as st] [clojure.spec.test.alpha :as st]
[dda.c4k-common.test-helper :as th]
[dda.c4k-website.website :as cut])) [dda.c4k-website.website :as cut]))
(st/instrument `cut/generate-nginx-configmap) (st/instrument `cut/generate-ingress)
(st/instrument `cut/generate-nginx-deployment)
(st/instrument `cut/generate-nginx-service)
(st/instrument `cut/generate-website-content-volume)
(st/instrument `cut/generate-hashfile-volume)
(st/instrument `cut/generate-website-ingress)
(st/instrument `cut/generate-website-certificate)
(st/instrument `cut/generate-website-build-cron)
(st/instrument `cut/generate-website-build-secret)
(deftest should-generate-nginx-configmap-website (deftest should-generate-ingress
(is (= "server {\n listen 80 default_server;\n listen [::]:80 default_server;\n server_name test.de www.test.de test-it.de www.test-it.de;\n add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload'; \n add_header X-Frame-Options \"SAMEORIGIN\";\n add_header X-Content-Type-Options nosniff;\n add_header Referrer-Policy \"strict-origin\";\n # add_header Permissions-Policy \"permissions here\";\n root /var/www/html/website/;\n index index.html;\n location / {\n try_files $uri $uri/ /index.html =404;\n }\n}\n" (is (= [{:host "test.de",
(:website.conf (:data (cut/generate-nginx-configmap {:unique-name "test.io", :http
:forgejo-host "gitea.evilorg", {:paths
:forgejo-repo "none", [{:pathType "Prefix",
:branchname "mablain", :path "/",
:fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]}))))) :backend {:service {:name "test-io", :port {:number 80}}}}]}}
(is (= "types {\n text/html html htm shtml;\n text/css css;\n text/xml xml rss;\n image/gif gif;\n image/jpeg jpeg jpg;\n application/x-javascript js;\n text/plain txt;\n text/x-component htc;\n text/mathml mml;\n image/svg+xml svg svgz;\n image/png png;\n image/x-icon ico;\n image/x-jng jng;\n image/vnd.wap.wbmp wbmp;\n application/java-archive jar war ear;\n application/mac-binhex40 hqx;\n application/pdf pdf;\n application/x-cocoa cco;\n application/x-java-archive-diff jardiff;\n application/x-java-jnlp-file jnlp;\n application/x-makeself run;\n application/x-perl pl pm;\n application/x-pilot prc pdb;\n application/x-rar-compressed rar;\n application/x-redhat-package-manager rpm;\n application/x-sea sea;\n application/x-shockwave-flash swf;\n application/x-stuffit sit;\n application/x-tcl tcl tk;\n application/x-x509-ca-cert der pem crt;\n application/x-xpinstall xpi;\n application/zip zip;\n application/octet-stream deb;\n application/octet-stream bin exe dll;\n application/octet-stream dmg;\n application/octet-stream eot;\n application/octet-stream iso img;\n application/octet-stream msi msp msm;\n audio/mpeg mp3;\n audio/x-realaudio ra;\n video/mpeg mpeg mpg;\n video/quicktime mov;\n video/x-flv flv;\n video/x-msvideo avi;\n video/x-ms-wmv wmv;\n video/x-ms-asf asx asf;\n video/x-mng mng;\n}\n" {:host "test.org",
(:mime.types (:data (cut/generate-nginx-configmap {:unique-name "test.io", :http
:forgejo-host "gitea.evilorg", {:paths
:forgejo-repo "none", [{:pathType "Prefix",
:branchname "mablain", :path "/",
:fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]}))))) :backend {:service {:name "test-io", :port {:number 80}}}}]}}
(is (= "user nginx;\nworker_processes 3;\nerror_log /var/log/nginx/error.log;\npid /var/log/nginx/nginx.pid;\nworker_rlimit_nofile 8192;\nevents {\n worker_connections 4096;\n}\nhttp {\n include /etc/nginx/mime.types;\n default_type application/octet-stream;\n log_format main '$remote_addr - $remote_user [$time_local] $status'\n '\"$request\" $body_bytes_sent \"$http_referer\"'\n '\"$http_user_agent\" \"$http_x_forwarded_for\"';\n access_log /var/log/nginx/access.log main;\n sendfile on;\n tcp_nopush on;\n keepalive_timeout 65;\n server_names_hash_bucket_size 128;\n include /etc/nginx/conf.d/website.conf;\n}\n" {:host "www.test.de",
(:nginx.conf (:data (cut/generate-nginx-configmap {:unique-name "test.io", :http
:forgejo-host "gitea.evilorg", {:paths
:forgejo-repo "none", [{:pathType "Prefix",
:branchname "mablain", :path "/",
:fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]}))))) :backend {:service {:name "test-io", :port {:number 80}}}}]}}
(is (= {:apiVersion "v1", {:host "www.test.org",
:kind "ConfigMap", :http
:metadata {:name "test-io-configmap", {:paths
:labels {:app.kubernetes.part-of "test-io-website"}, [{:pathType "Prefix",
:namespace "default"}} :path "/",
(dissoc (cut/generate-nginx-configmap {:unique-name "test.io", :backend {:service {:name "test-io", :port {:number 80}}}}]}}]
:forgejo-host "gitea.evilorg", (get-in
:forgejo-repo "none", (cut/generate-ingress {:forgejo-host "gitlab.de",
:branchname "mablain",
:fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]}) :data))))
(deftest should-generate-nginx-deployment
(is (= {:apiVersion "apps/v1",
:kind "Deployment",
:metadata {:name "test-io-deployment", :labels {:app.kubernetes.part-of "test-io-website"}},
:spec
{:replicas 1,
:selector {:matchLabels {:app "test-io-nginx"}},
:template
{:metadata {:labels {:app "test-io-nginx"}},
:spec
{:containers
[{:name "test-io-nginx",
:image "nginx:latest",
:imagePullPolicy "IfNotPresent",
:ports [{:containerPort 80}],
:volumeMounts
[{:mountPath "/etc/nginx", :readOnly true, :name "nginx-config-volume"}
{:mountPath "/var/log/nginx", :name "log"}
{:mountPath "/var/www/html/website", :name "content-volume", :readOnly true}]}],
:initContainers
[{:image "domaindrivenarchitecture/c4k-website-build",
:name "test-io-init-build-container",
:imagePullPolicy "IfNotPresent",
:resources {:requests {:cpu "500m", :memory "256Mi"}, :limits {:cpu "1700m", :memory "512Mi"}},
:command ["/entrypoint.sh"],
:envFrom [{:secretRef {:name "test-io-secret"}}],
:volumeMounts [{:name "content-volume", :mountPath "/var/www/html/website"}
{:name "hashfile-volume", :mountPath "/var/hashfile.d"}]}],
:volumes
[{:name "nginx-config-volume",
:configMap
{:name "test-io-configmap",
:items
[{:key "nginx.conf", :path "nginx.conf"}
{:key "website.conf", :path "conf.d/website.conf"}
{:key "mime.types", :path "mime.types"}]}}
{:name "log", :emptyDir {}}
{:name "content-volume", :persistentVolumeClaim {:claimName "test-io-content-volume"}}
{:name "hashfile-volume", :persistentVolumeClaim {:claimName "test-io-hashfile-volume"}}]}}}}
(cut/generate-nginx-deployment {:forgejo-host "gitlab.de",
:fqdns ["test.de" "test.org" "www.test.de" "www.test.org"],
:forgejo-repo "repo",
:sha256sum-output "123456789ab123cd345de script-file-name.sh",
:issuer "staging",
:branchname "main",
:unique-name "test.io"}))))
(deftest should-generate-resource-requests
(is (= {:requests {:cpu "500m", :memory "256Mi"}, :limits {:cpu "1700m", :memory "512Mi"}}
(-> (cut/generate-nginx-deployment {:forgejo-host "gitlab.de",
:fqdns ["test.de" "test.org" "www.test.de" "www.test.org"], :fqdns ["test.de" "test.org" "www.test.de" "www.test.org"],
:forgejo-repo "repo", :forgejo-repo "repo",
:sha256sum-output "123456789ab123cd345de script-file-name.sh", :sha256sum-output "123456789ab123cd345de script-file-name.sh",
:issuer "staging", :issuer "staging",
:branchname "main", :branchname "main",
:unique-name "test.io"}) :unique-name "test.io"})
:spec :template :spec :initContainers first :resources ))) [2 :spec :rules])))
(is (= {:requests {:cpu "1500m", :memory "512Mi"}, :limits {:cpu "3000m", :memory "1024Mi"}} (is (= "test-io"
(-> (cut/generate-nginx-deployment {:forgejo-host "gitlab.de", (get-in
(cut/generate-ingress {:forgejo-host "gitlab.de",
:fqdns ["test.de" "test.org" "www.test.de" "www.test.org"], :fqdns ["test.de" "test.org" "www.test.de" "www.test.org"],
:forgejo-repo "repo", :forgejo-repo "repo",
:sha256sum-output "123456789ab123cd345de script-file-name.sh", :sha256sum-output "123456789ab123cd345de script-file-name.sh",
:issuer "staging", :issuer "staging",
:branchname "main", :branchname "main",
:unique-name "test.io" :unique-name "test.io"})
:build-cpu-request "1500m" [2 :metadata :namespace]))))
:build-cpu-limit "3000m"
:build-memory-request "512Mi"
:build-memory-limit "1024Mi"})
:spec :template :spec :initContainers first :resources))))
(deftest should-generate-nginx-service
(is (= {:name-c1 "test-io-service",
:name-c2 "test-org-service",
:app-c1 "test-io-nginx",
:app-c2 "test-org-nginx",
:app.kubernetes.part-of-c1 "test-io-website",
:app.kubernetes.part-of-c2 "test-org-website"}
(th/map-diff (cut/generate-nginx-service {:unique-name "test.io",
:forgejo-host "gitea.evilorg",
:forgejo-repo "none",
:branchname "mablain",
:fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]})
(cut/generate-nginx-service {:unique-name "test.org",
:forgejo-host "gitea.evilorg",
:forgejo-repo "none",
:branchname "mablain",
:fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]})))))
(deftest should-generate-website-build-cron
(is (= {:apiVersion "batch/v1",
:kind "CronJob",
:metadata {:name "test-io-build-cron", :labels {:app.kubernetes.part-of "test-io-website"}},
:spec
{:schedule "0/7 * * * *",
:successfulJobsHistoryLimit 1,
:failedJobsHistoryLimit 1,
:jobTemplate
{:spec
{:template
{:spec
{:containers
[{:image "domaindrivenarchitecture/c4k-website-build",
:name "test-io-build-app",
:imagePullPolicy "IfNotPresent",
:resources {:requests {:cpu "500m", :memory "256Mi"}, :limits {:cpu "1700m", :memory "512Mi"}},
:command ["/entrypoint.sh"],
:envFrom [{:secretRef {:name "test-io-secret"}}],
:volumeMounts [{:name "content-volume", :mountPath "/var/www/html/website"}
{:name "hashfile-volume", :mountPath "/var/hashfile.d"}]}],
:volumes [{:name "content-volume", :persistentVolumeClaim {:claimName "test-io-content-volume"}}
{:name "hashfile-volume", :persistentVolumeClaim {:claimName "test-io-hashfile-volume"}}],
:restartPolicy "OnFailure"}}}}}}
(cut/generate-website-build-cron {:forgejo-host "gitlab.de",
:fqdns ["test.de" "test.org" "www.test.de" "www.test.org"],
:forgejo-repo "repo",
:issuer "staging",
:branchname "main",
:unique-name "test.io"}))))
(deftest should-generate-website-build-secret
(is (= {:apiVersion "v1",
:kind "Secret",
:metadata {:name "test-io-secret", :labels {:app.kubernetes.part-of "test-io-website"}},
:data
{:AUTHTOKEN "YWJlZGpnYmFzZG9kag==",
:GITREPOURL "aHR0cHM6Ly9naXRsYWIuZGUvYXBpL3YxL3JlcG9zL3NvbWV1c2VyL3JlcG8vYXJjaGl2ZS9tYWluLnppcA==",
:GITCOMMITURL "aHR0cHM6Ly9naXRsYWIuZGUvYXBpL3YxL3JlcG9zL3NvbWV1c2VyL3JlcG8vZ2l0L2NvbW1pdHMvSEVBRA=="}}
(cut/generate-website-build-secret {:fqdns ["test.de" "test.org" "www.test.de" "www.test.org"],
:forgejo-repo "repo",
:issuer "staging",
:branchname "main",
:unique-name "test.io",
:forgejo-host "gitlab.de"}
{:unique-name "test.io",
:authtoken "abedjgbasdodj",
:username "someuser"}))))
(deftest should-generate-website-content-volume
(is (= {:name-c1 "test-io-content-volume",
:name-c2 "test-org-content-volume",
:app-c1 "test-io-nginx",
:app-c2 "test-org-nginx",
:app.kubernetes.part-of-c1 "test-io-website",
:app.kubernetes.part-of-c2 "test-org-website"}
(th/map-diff (cut/generate-website-content-volume {:unique-name "test.io",
:forgejo-host "gitea.evilorg",
:forgejo-repo "none",
:branchname "mablain",
:fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]})
(cut/generate-website-content-volume {:unique-name "test.org",
:forgejo-host "gitea.evilorg",
:forgejo-repo "none",
:branchname "mablain",
:fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]})))))
(deftest should-generate-hashfile-volume
(is (= {:apiVersion "v1",
:kind "PersistentVolumeClaim",
:metadata
{:name "test-io-hashfile-volume",
:namespace "default",
:labels {:app "test-io-nginx", :app.kubernetes.part-of "test-io-website"}},
:spec {:storageClassName "local-path", :accessModes ["ReadWriteOnce"], :resources {:requests {:storage "16Mi"}}}}
(cut/generate-hashfile-volume {:unique-name "test.io",
:forgejo-host "gitea.evilorg",
:forgejo-repo "none",
:branchname "mablain",
:fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]}))))