| # covid19.hackerspace.pl, a covid-formity instance. |
| # This needs a secret provisioned, create with: |
| # kubectl -n covid-formity create secret generic covid-formity --from-literal=postgres_password=$(pwgen 24 1) --from-literal=secret_key=$(pwgen 24 1) --from-literal=oauth2_secret=... |
| |
| local kube = import "../../kube/kube.libsonnet"; |
| local redis = import "../../kube/redis.libsonnet"; |
| local postgres = import "../../kube/postgres.libsonnet"; |
| |
| { |
| local app = self, |
| local cfg = app.cfg, |
| cfg:: { |
| namespace: "covid-formity", |
| image: "registry.k0.hswaw.net/informatic/covid-formity@sha256:53c5fb0dbc4a6660ab47e39869a516f1e3f833dee5a03867386771bd9ffaf7b8", |
| domain: "covid19.hackerspace.pl", |
| altDomains: ["covid.hackerspace.pl", "www.covid.hackerspace.pl"], |
| }, |
| |
| metadata(component):: { |
| namespace: app.cfg.namespace, |
| labels: { |
| "app.kubernetes.io/name": "covid-formity", |
| "app.kubernetes.io/managed-by": "kubecfg", |
| "app.kubernetes.io/component": component, |
| }, |
| }, |
| |
| namespace: kube.Namespace(app.cfg.namespace), |
| |
| postgres: postgres { |
| cfg+: { |
| namespace: cfg.namespace, |
| appName: "covid-formity", |
| database: "covid-formity", |
| username: "covid-formity", |
| password: { secretKeyRef: { name: "covid-formity", key: "postgres_password" } }, |
| }, |
| }, |
| |
| redis: redis { |
| cfg+: { |
| namespace: cfg.namespace, |
| appName: "covid-formity", |
| password: { secretKeyRef: { name: "covid-formity", key: "redis_password" } }, |
| storageClassName: app.postgres.cfg.storageClassName, |
| }, |
| }, |
| |
| deployment: kube.Deployment("covid-formity") { |
| metadata+: app.metadata("covid-formity"), |
| spec+: { |
| replicas: 1, |
| template+: { |
| spec+: { |
| containers_: { |
| web: kube.Container("covid-formity") { |
| image: cfg.image, |
| ports_: { |
| http: { containerPort: 5000 }, |
| }, |
| env_: { |
| DATABASE_HOSTNAME: "postgres", |
| DATABASE_USERNAME: app.postgres.cfg.username, |
| DATABASE_PASSWORD: app.postgres.cfg.password, |
| CACHE_REDIS_PASSWORD: app.redis.cfg.password, |
| CACHE_REDIS_URL: "redis://default:$(CACHE_REDIS_PASSWORD)@redis", |
| DATABASE_NAME: app.postgres.cfg.appName, |
| SPACEAUTH_CONSUMER_KEY: "covid-formity", |
| SPACEAUTH_CONSUMER_SECRET: { secretKeyRef: { name: "covid-formity", key: "oauth2_secret" } }, |
| SECRET_KEY: { secretKeyRef: { name: "covid-formity", key: "secret_key" } }, |
| SHIPPING_KURJERZY_EMAIL: "qrde@hackerspace.pl", |
| SHIPPING_KURJERZY_PASSWORD: { secretKeyRef: { name: "covid-formity-shipping", key: "kurjerzy_password" } }, |
| }, |
| }, |
| }, |
| }, |
| }, |
| }, |
| }, |
| |
| svc: kube.Service("covid-formity") { |
| metadata+: app.metadata("covid-formity"), |
| target_pod:: app.deployment.spec.template, |
| spec+: { |
| ports: [ |
| { name: "http", port: 5000, targetPort: 5000, protocol: "TCP" }, |
| ], |
| type: "ClusterIP", |
| }, |
| }, |
| |
| ingress: kube.Ingress("covid-formity") { |
| metadata+: app.metadata("covid-formity") { |
| annotations+: { |
| "kubernetes.io/tls-acme": "true", |
| "certmanager.k8s.io/cluster-issuer": "letsencrypt-prod", |
| "nginx.ingress.kubernetes.io/proxy-body-size": "0", |
| "nginx.ingress.kubernetes.io/configuration-snippet": " |
| location /qr1 { rewrite ^/qr1(.*)$ https://covid.hackerspace.pl$1 redirect; } |
| location /video { return 302 https://youtu.be/eC19w2NFO0E; } |
| location /manual { return 302 https://wiki.hackerspace.pl/_media/projects:covid-19:przylbica-instrukcja-v1.0.pdf; } |
| ", |
| }, |
| }, |
| spec+: { |
| tls: [ |
| { |
| hosts: [cfg.domain] + cfg.altDomains, |
| secretName: "covid-formity-tls", |
| }, |
| ], |
| rules: [ |
| { |
| host: dom, |
| http: { |
| paths: [ |
| { path: "/", backend: app.svc.name_port }, |
| ] |
| }, |
| } |
| for dom in [cfg.domain] + cfg.altDomains |
| ], |
| }, |
| }, |
| } |