Revise to be functional? Does technically get the secrets... Need to look into why it doesn't actually create the Cloudflare entries
This commit is contained in:
@@ -1,10 +1,6 @@
|
|||||||
(ns infra.dns
|
(ns infra.dns
|
||||||
(:require
|
(:require
|
||||||
[clojure.string :as str]
|
[clojure.string :as str]
|
||||||
[utils.vault :as utils]
|
|
||||||
["@pulumi/pulumi" :as pulumi]
|
|
||||||
["@pulumi/kubernetes" :as k8s]
|
|
||||||
["@pulumi/vault" :as vault]
|
|
||||||
["@pulumi/cloudflare" :as cloudflare]
|
["@pulumi/cloudflare" :as cloudflare]
|
||||||
["@pulumi/command/local" :as local]))
|
["@pulumi/command/local" :as local]))
|
||||||
|
|
||||||
@@ -18,52 +14,45 @@
|
|||||||
(defn- get-node-ips []
|
(defn- get-node-ips []
|
||||||
(str "kubectl get nodes -o jsonpath='{range .items[*]}{.status.addresses[?(@.type==\"ExternalIP\")].address}{\"\\n\"}{end}'"))
|
(str "kubectl get nodes -o jsonpath='{range .items[*]}{.status.addresses[?(@.type==\"ExternalIP\")].address}{\"\\n\"}{end}'"))
|
||||||
|
|
||||||
(defn setup-dns [env]
|
(defn setup-dns [{:keys [pulumi-cfg secrets]}]
|
||||||
(let [
|
(let [get-node-ips (local/Command.
|
||||||
{:keys [pulumi-cfg dns-secrets]} env
|
|
||||||
get-node-ips (local/Command.
|
|
||||||
"get-node-ips"
|
"get-node-ips"
|
||||||
(clj->js {:create (get-node-ips)
|
(clj->js {:create (get-node-ips)
|
||||||
:environment {:KUBECONFIG "./kubeconfig.yaml"}}))
|
:environment {:KUBECONFIG "./kubeconfig.yaml"}}))
|
||||||
token (.requireSecret pulumi-cfg "apiToken")
|
token (.requireSecret pulumi-cfg "apiToken")
|
||||||
cloudflare-provider (new cloudflare/Provider "cloudflare-provider"
|
cloudflare-provider (new cloudflare/Provider "cloudflare-provider"
|
||||||
(clj->js {:apiToken token}))
|
(clj->js {:apiToken token}))
|
||||||
node-ips-output (.-stdout get-node-ips)
|
node-ips-output (.-stdout get-node-ips)]
|
||||||
_ (js/console.log env)
|
|
||||||
]
|
|
||||||
|
|
||||||
|
|
||||||
(.apply node-ips-output
|
(.apply node-ips-output
|
||||||
(fn [command-output]
|
(fn [command-output]
|
||||||
(let [node-ips (-> command-output
|
(let [node-ips (-> command-output
|
||||||
str/split-lines
|
str/split-lines
|
||||||
(->> (map #(first (str/split % #" ")))
|
(->> (map #(first (str/split % #" ")))
|
||||||
(filter seq)))
|
(filter seq)))]
|
||||||
]
|
(.apply secrets
|
||||||
(.apply dns-secrets
|
(fn [secret-data]
|
||||||
(fn [secret-data]
|
(let [hostname-to-zone (-> (.-data secret-data)
|
||||||
(let [hostname-to-zone (-> (.-data secret-data)
|
(js->clj :keywordize-keys true))]
|
||||||
(js->clj :keywordize-keys true))
|
(vec
|
||||||
_ (println "Ass ass")]
|
(for [[hostname zone-id] hostname-to-zone
|
||||||
(vec
|
[index ip] (map-indexed vector node-ips)
|
||||||
(for [[hostname zone-id] hostname-to-zone
|
:when (and hostname zone-id ip)]
|
||||||
[index ip] (map-indexed vector node-ips)
|
(new cloudflare/DnsRecord
|
||||||
:when (and hostname zone-id ip)]
|
(str "dns-" (name hostname) "-node-" index)
|
||||||
(new cloudflare/DnsRecord
|
(clj->js {:zoneId zone-id
|
||||||
(str "dns-" (name hostname) "-node-" index)
|
:name hostname
|
||||||
(clj->js {:zoneId zone-id
|
:content ip
|
||||||
:name hostname
|
:type (get-record-type ip)
|
||||||
:content ip
|
:ttl 300
|
||||||
:type (get-record-type ip)
|
:proxied true})
|
||||||
:ttl 300})
|
(clj->js {:provider cloudflare-provider}))))))))))))
|
||||||
(clj->js {:provider cloudflare-provider}))))))))))))
|
|
||||||
|
|
||||||
(def config
|
(def config
|
||||||
{:stack [:vault:prepare :k8s:secret :generic:execute]
|
{:stack [:vault:prepare :generic:execute]
|
||||||
:app-name "dns"
|
:app-name "dns"
|
||||||
:app-namespace "dns"
|
:no-namespace true
|
||||||
:exec-fn setup-dns
|
:exec-fn setup-dns})
|
||||||
:vault:prepare-opts {:app-name "dns"
|
|
||||||
:app-namespace "dns"}})
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user