Better leverage namespaces

2025-09-24 12:49:24 -05:00
parent 6bbd69d0e6
commit 4edc82d041
2 changed files with 5 additions and 10 deletions
--- a/iac/src/main/k8s/services/nextcloud/service.cljs
+++ b/iac/src/main/k8s/services/nextcloud/service.cljs
@@ -0,0 +1,67 @@
+(ns k8s.services.nextcloud.service
+  (:require
+   ["@pulumi/kubernetes" :as k8s]
+   ["@pulumi/pulumi" :as pulumi]
+   ["@pulumi/vault" :as vault]
+   ["fs" :as fs]
+   ["js-yaml" :as yaml]
+   ["path" :as path]
+   [clojure.core.async :refer [go]]))
+
+(defn- get-secret-val
+  "Extract a specific key from a Vault secret Output/Promise."
+  [secret-promise key]
+  (.then secret-promise #(aget (.-data %) key)))
+
+(defn deploy-nextcloud
+  "Deploy Nextcloud using direct vault connection info."
+  [provider vault-provider]
+  (let [core-v1 (.. k8s -core -v1)
+        helm-v3 (.. k8s -helm -v3) 
+        nextcloud-secrets (.getSecret (.-generic vault)
+                                      (clj->js {:path "secret/nextcloud"})
+                                      (clj->js {:provider  vault-provider}))
+
+        ns (new (.. core-v1 -Namespace)
+                "nextcloud-ns"
+                (clj->js {:metadata {:name "nextcloud"}})
+                (clj->js {:provider provider}))
+
+        admin-secret (new (.. core-v1 -Secret)
+                          "nextcloud-admin-secret"
+                          (clj->js {:metadata {:name      "nextcloud-admin-secret"
+                                               :namespace (.. ns -metadata -name)}
+                                    :stringData {:password (get-secret-val nextcloud-secrets "adminPassword")}})
+                          (clj->js {:provider provider}))
+
+        db-secret (new (.. core-v1 -Secret)
+                       "nextcloud-db-secret"
+                       (clj->js {:metadata {:name      "nextcloud-db-secret"
+                                            :namespace (.. ns -metadata -name)}
+                                 :stringData {"mariadb-root-password" (get-secret-val nextcloud-secrets "dbPassword")
+                                              "mariadb-password"      (get-secret-val nextcloud-secrets "dbPassword")}})
+                       (clj->js {:provider provider}))
+
+        values-path (.join path js/__dirname ".." "resources" "nextcloud.yml")
+        helm-values (-> values-path
+                        (fs/readFileSync "utf8")
+                        (yaml/load))
+        _ (aset (aget (aget (aget helm-values "ingress") "hosts") 0)
+                "host"
+                (get-secret-val nextcloud-secrets "host"))
+
+        chart (new (.. helm-v3 -Chart)
+                   "nextcloud"
+                   (clj->js {:chart     "nextcloud"
+                             :fetchOpts {:repo "https://nextcloud.github.io/helm/"}
+                             :namespace (.. ns -metadata -name)
+                             :values    helm-values})
+                   (clj->js {:provider provider
+                             :dependsOn [admin-secret db-secret]}))]
+
+    {:namespace    ns
+     :admin-secret admin-secret
+     :db-secret    db-secret
+     :chart        chart
+     :nextcloud-url (.then nextcloud-secrets
+                           #(str "https://" (aget (.-data %) "host")))}))