blob: 0a23d9637f2b2cacf4353d12dd61053401be4738 [file] [log] [blame]
local kube = import '../../kube/hscloud.libsonnet';
{
local top = self,
local cfg = top.cfg,
cfg:: {
name: 'walne',
namespace: 'walne',
domain: 'walne.hackerspace.pl',
image: 'registry.k0.hswaw.net/radex/walne:1698228636',
oauthClientId: '992f3daf-a30e-4409-baad-e7b0e4bc2a2e',
},
// kubectl -n walne create secret generic walne --from-literal=ldap_password=xxx --from-literal=oauth_secret=xxx --from-literal=next_auth_secret=$(pwgen 32 1)
secrets:: {
ldap: { secretKeyRef: { name: cfg.name, key: 'ldap_password' },},
ouath: { secretKeyRef: { name: cfg.name, key: 'oauth_secret' } },
nextAuth: { secretKeyRef: { name: cfg.name, key: 'next_auth_secret' } },
},
ns: kube.Namespace(cfg.namespace),
deployment: top.ns.Contain(kube.Deployment(cfg.name)) {
spec+: {
template+: {
spec+: {
containers_: {
default: kube.Container('default') {
image: cfg.image,
ports_: {
web: { containerPort: 3000 },
},
env_: {
LDAP_USER_DN: 'cn=walone-generator,ou=services,dc=hackerspace,dc=pl',
LDAP_USER_PW: top.secrets.ldap,
ALLOWED_LDAP_GROUPS: 'zarzad,rewizja,staff,walne-users',
HSWAW_AUTH_CLIENT_ID: cfg.oauthClientId,
HSWAW_AUTH_CLIENT_SECRET: top.secrets.ouath,
AUTH_SECRET: top.secrets.nextAuth,
REDIRECT_PROXY_URL: 'https://' + cfg.domain + '/auth',
},
},
},
},
},
},
},
service: top.ns.Contain(kube.Service(cfg.name)) {
target:: top.deployment,
},
ingress: top.ns.Contain(kube.SimpleIngress(cfg.name)) {
hosts:: [cfg.domain],
target_service:: top.service,
},
}