app/covid-formity/prod.jsonnet

# covid19.hackerspace.pl, a covid-formity instance.
# This needs a secret provisioned, create with:
#    kubectl -n covid-formity create secret generic covid-formity --from-literal=postgres_password=$(pwgen 24 1) --from-literal=secret_key=$(pwgen 24 1) --from-literal=oauth2_secret=...

local kube = import "../../kube/kube.libsonnet";
local postgres = import "../../kube/postgres.libsonnet";

{
    local app = self,
    local cfg = app.cfg,
    cfg:: {
        namespace: "covid-formity",
        image: "registry.k0.hswaw.net/informatic/covid-formity@sha256:8295f5b6d71266fb758c103210f12380f15903ba2467ead0e48ae0df16b6d608",
        domain: "covid19.hackerspace.pl",
        altDomains: ["covid.hackerspace.pl"],
    },

    metadata(component):: {
        namespace: app.cfg.namespace,
        labels: {
            "app.kubernetes.io/name": "covid-formity",
            "app.kubernetes.io/managed-by": "kubecfg",
            "app.kubernetes.io/component": component,
        },
    },

    namespace: kube.Namespace(app.cfg.namespace),

    postgres: postgres {
        cfg+: {
            namespace: cfg.namespace,
            appName: "covid-formity",
            database: "covid-formity",
            username: "covid-formity",
            password: { secretKeyRef: { name: "covid-formity", key: "postgres_password" } },
        },
    },

    deployment: kube.Deployment("covid-formity") {
        metadata+: app.metadata("covid-formity"),
        spec+: {
            replicas: 1,
            template+: {
                spec+: {
                    containers_: {
                        web: kube.Container("covid-formity") {
                            image: cfg.image,
                            ports_: {
                                http: { containerPort: 5000 },
                            },
                            env_: {
                                DATABASE_HOSTNAME: "postgres",
                                DATABASE_USERNAME: app.postgres.cfg.username,
                                DATABASE_PASSWORD: app.postgres.cfg.password,
                                DATABASE_NAME: app.postgres.cfg.appName,
                                SPACEAUTH_CONSUMER_KEY: "covid-formity",
                                SPACEAUTH_CONSUMER_SECRET: { secretKeyRef: { name: "covid-formity", key: "oauth2_secret" } },
                                SECRET_KEY: { secretKeyRef: { name: "covid-formity", key: "secret_key" } },
                            },
                        },
                    },
                },
            },
        },
    },

    svc: kube.Service("covid-formity") {
        metadata+: app.metadata("covid-formity"),
        target_pod:: app.deployment.spec.template,
        spec+: {
            ports: [
                { name: "http", port: 5000, targetPort: 5000, protocol: "TCP" },
            ],
            type: "ClusterIP",
        },
    },

    ingress: kube.Ingress("covid-formity") {
        metadata+: app.metadata("covid-formity") {
            annotations+: {
                "kubernetes.io/tls-acme": "true",
                "certmanager.k8s.io/cluster-issuer": "letsencrypt-prod",
                "nginx.ingress.kubernetes.io/proxy-body-size": "0",
            },
        },
        spec+: {
            tls: [
                {
                    hosts: [cfg.domain] + cfg.altDomains,
                    secretName: "covid-formity-tls",
                },
            ],
            rules: [
                {
                    host: dom,
                    http: {
                        paths: [
                            { path: "/", backend: app.svc.name_port },
                        ]
                    },
                }
                for dom in [cfg.domain] + cfg.altDomains
            ],
        },
    },
}