Revise nextcloud to use reusable template
This commit is contained in:
@@ -1,22 +1,18 @@
|
|||||||
(ns k8s.services.nextcloud.service
|
(ns k8s.services.nextcloud.service
|
||||||
(:require
|
(:require
|
||||||
["@pulumi/kubernetes" :as k8s]
|
|
||||||
["@pulumi/pulumi" :as pulumi]
|
["@pulumi/pulumi" :as pulumi]
|
||||||
["@pulumi/vault" :as vault]
|
[utils.vault :as vault-utils]
|
||||||
["fs" :as fs]
|
[utils.ingress :as ingress-utils]))
|
||||||
["js-yaml" :as yaml]
|
|
||||||
["path" :as path]
|
|
||||||
[utils.vault :refer [get-secret-val]]))
|
|
||||||
|
|
||||||
(defn- add-skip-await-transformation
|
(defn- add-skip-await-transformation
|
||||||
"A Pulumi transformation that adds the skipAwait annotation to problematic resources."
|
"A Pulumi transformation that adds the skipAwait annotation to problematic resources."
|
||||||
[args _opts]
|
[args _opts]
|
||||||
(let [kind (get-in args [:kind])]
|
(let [kind (get-in args [:kind])]
|
||||||
(if (or (= kind "StatefulSet")
|
(if (or
|
||||||
|
(= kind "StatefulSet")
|
||||||
(= kind "PersistentVolumeClaim")
|
(= kind "PersistentVolumeClaim")
|
||||||
(= kind "Ingress"))
|
(= kind "Ingress"))
|
||||||
(let [
|
(let [metadata (get-in args [:metadata] {})
|
||||||
metadata (get-in args [:metadata] {})
|
|
||||||
annotations (get metadata :annotations {})
|
annotations (get metadata :annotations {})
|
||||||
new-annotations (assoc annotations "pulumi.com/skipAwait" "true")
|
new-annotations (assoc annotations "pulumi.com/skipAwait" "true")
|
||||||
new-metadata (assoc metadata :annotations new-annotations)]
|
new-metadata (assoc metadata :annotations new-annotations)]
|
||||||
@@ -26,58 +22,29 @@
|
|||||||
(defn deploy-nextcloud
|
(defn deploy-nextcloud
|
||||||
"Deploy Nextcloud using direct vault connection info."
|
"Deploy Nextcloud using direct vault connection info."
|
||||||
[provider vault-provider]
|
[provider vault-provider]
|
||||||
(let [core-v1 (.. k8s -core -v1)
|
(let [{:keys [helm-v3 secrets yaml-values service-name namespace bind-secrets]} (vault-utils/prepare vault-provider "nextcloud" provider)
|
||||||
helm-v3 (.. k8s -helm -v3)
|
|
||||||
nextcloud-secrets (.getSecret (.-generic vault)
|
|
||||||
(clj->js {:path "secret/nextcloud"})
|
|
||||||
(clj->js {:provider vault-provider}))
|
|
||||||
|
|
||||||
ns (new (.. core-v1 -Namespace)
|
hostname (.. secrets -host)
|
||||||
"nextcloud-ns"
|
|
||||||
(clj->js {:metadata {:name "my-nextcloud"}})
|
|
||||||
(clj->js {:provider provider}))
|
|
||||||
|
|
||||||
admin-secret (new (.. core-v1 -Secret)
|
final-helm-values (-> yaml-values
|
||||||
"nextcloud-admin-secret"
|
(assoc-in [:ingress :enabled] false)
|
||||||
(clj->js {:metadata {:name "nextcloud-admin-secret"
|
|
||||||
:namespace (.. ns -metadata -name)}
|
|
||||||
:stringData {:password (get-secret-val nextcloud-secrets "adminPassword")}})
|
|
||||||
(clj->js {:provider provider}))
|
|
||||||
|
|
||||||
db-secret (new (.. core-v1 -Secret)
|
|
||||||
"nextcloud-db-secret"
|
|
||||||
(clj->js {:metadata {:name "nextcloud-db-secret"
|
|
||||||
:namespace (.. ns -metadata -name)}
|
|
||||||
:stringData {"mariadb-root-password" (get-secret-val nextcloud-secrets "dbPassword")
|
|
||||||
"mariadb-password" (get-secret-val nextcloud-secrets "dbPassword")}})
|
|
||||||
(clj->js {:provider provider}))
|
|
||||||
|
|
||||||
values-path (.join path js/__dirname ".." "resources" "nextcloud.yml")
|
|
||||||
helm-values (js->clj (-> values-path
|
|
||||||
(fs/readFileSync "utf8")
|
|
||||||
(yaml/load)))
|
|
||||||
hostname (get-secret-val nextcloud-secrets "host")
|
|
||||||
|
|
||||||
final-helm-values (-> helm-values
|
|
||||||
(assoc-in [:ingress :hosts 0 :host] hostname)
|
|
||||||
(assoc-in [:ingress :enabled] true)
|
|
||||||
(assoc-in [:nextcloud :host] hostname)
|
(assoc-in [:nextcloud :host] hostname)
|
||||||
(assoc-in [:nextcloud :trusted_domains] [hostname]))
|
(assoc-in [:nextcloud :trusted_domains] [hostname]))
|
||||||
|
|
||||||
|
|
||||||
chart (new (.. helm-v3 -Chart)
|
chart (new (.. helm-v3 -Chart)
|
||||||
"nextcloud"
|
service-name
|
||||||
(clj->js {:chart "nextcloud"
|
(clj->js {:chart service-name
|
||||||
:fetchOpts {:repo "https://nextcloud.github.io/helm/"}
|
:fetchOpts {:repo "https://nextcloud.github.io/helm/"}
|
||||||
:namespace (.. ns -metadata -name)
|
:namespace namespace
|
||||||
:values final-helm-values})
|
:values final-helm-values})
|
||||||
(clj->js {:provider provider
|
(clj->js {:provider provider
|
||||||
:dependsOn [admin-secret db-secret]
|
:dependsOn [bind-secrets]
|
||||||
:transformations [add-skip-await-transformation]}))]
|
:transformations [add-skip-await-transformation]
|
||||||
|
}))
|
||||||
{:namespace ns
|
ingress (ingress-utils/create-ingress hostname namespace service-name 80 chart)
|
||||||
:admin-secret admin-secret
|
;;cert (ingress-utils/create-certificate hostname namespace service-name ingress)
|
||||||
:db-secret db-secret
|
]
|
||||||
|
{:namespace namespace
|
||||||
|
:nextcloud-secrets bind-secrets
|
||||||
:chart chart
|
:chart chart
|
||||||
:nextcloud-url (.then nextcloud-secrets
|
:ingress ingress
|
||||||
#(str "https://" (aget (.-data %) "host")))}))
|
:nextcloud-url (str "https://" hostname)}))
|
||||||
|
|||||||
Reference in New Issue
Block a user