hswaw/capacifier: migrate deployment away from mirko
Change-Id: Ic15945ae0489cfc3026f4cb11123b8e6b575d471
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1688
Reviewed-by: q3k <q3k@hackerspace.pl>
diff --git a/hswaw/capacifier/README.md b/hswaw/capacifier/README.md
index f2b7741..03ba829 100644
--- a/hswaw/capacifier/README.md
+++ b/hswaw/capacifier/README.md
@@ -1,7 +1,7 @@
capacifier
===
-rewrite-in-go of code.haclerspace.pl/tomek/capacifier.
+rewrite-in-go of code.hackerspace.pl/tomek/capacifier.
This is one of the oldest API services at the Warsaw hackerspace, and exists
solely to provide a generic 'is X a member of Y' functionality. It's generally
diff --git a/hswaw/capacifier/prod.jsonnet b/hswaw/capacifier/prod.jsonnet
new file mode 100644
index 0000000..7984602
--- /dev/null
+++ b/hswaw/capacifier/prod.jsonnet
@@ -0,0 +1,76 @@
+local kube = import "../../kube/kube.libsonnet";
+
+{
+ local top = self,
+ local cfg = self.cfg,
+
+ cfg:: {
+ name: 'capacifier',
+ namespace: 'capacifier',
+ domain: 'capacifier.hackerspace.pl',
+ image: 'registry.k0.hswaw.net/q3k/capacifier:1680390588',
+ },
+
+ ns: kube.Namespace(cfg.namespace),
+
+ deployment: top.ns.Contain(kube.Deployment(cfg.name)) {
+ spec+: {
+ replicas: 3,
+ template+: {
+ spec+: {
+ containers_: {
+ default: kube.Container("default") {
+ image: cfg.image,
+ env_: {
+ LDAP_DN: "cn=capacifier,ou=Services,dc=hackerspace,dc=pl",
+ LDAP_PW: { secretKeyRef: { name: cfg.name, key: 'ldap_pw' } },
+ },
+ command: [
+ "/hswaw/capacifier/capacifier",
+ "-hspki_disable",
+ "-logtostderr",
+ "-api_listen", "0.0.0.0:8080",
+ "-ldap_bind_dn", "$(LDAP_DN)",
+ "-ldap_bind_pw", "$(LDAP_PW)",
+ ],
+ resources: {
+ requests: { cpu: "25m", memory: "64Mi" },
+ limits: { cpu: "500m", memory: "128Mi" },
+ },
+ ports_: {
+ http: { containerPort: 8080 },
+ },
+ },
+ },
+ },
+ },
+ },
+ },
+
+ service: top.ns.Contain(kube.Service(cfg.name)) {
+ target_pod:: top.deployment.spec.template,
+ },
+
+ ingress: top.ns.Contain(kube.Ingress(cfg.name)) {
+ metadata+: {
+ annotations+: {
+ "kubernetes.io/tls-acme": "true",
+ "cert-manager.io/cluster-issuer": "letsencrypt-prod",
+ "nginx.ingress.kubernetes.io/proxy-body-size": "0",
+ },
+ },
+ spec+: {
+ tls: [ { hosts: [ cfg.domain ], secretName: cfg.name + "-tls" } ],
+ rules: [
+ {
+ host: cfg.domain,
+ http: {
+ paths: [
+ { path: "/", backend: top.service.name_port },
+ ],
+ },
+ },
+ ],
+ },
+ },
+}
diff --git a/hswaw/kube/capacifier.libsonnet b/hswaw/kube/capacifier.libsonnet
deleted file mode 100644
index d1eeec1..0000000
--- a/hswaw/kube/capacifier.libsonnet
+++ /dev/null
@@ -1,41 +0,0 @@
-local mirko = import "../../kube/mirko.libsonnet";
-local kube = import "../../kube/kube.libsonnet";
-
-{
- cfg:: {
- ldapBindPassword: error "ldapBindPassword must be set!",
- image: "registry.k0.hswaw.net/q3k/capacifier:1680390588",
- fqdn: "capacifier.hackerspace.pl",
- },
-
- component(cfg, env):: mirko.Component(env, "capacifier") {
- local capacifier = self,
- cfg+: {
- image: cfg.image,
- container: capacifier.GoContainer("main", "/hswaw/capacifier/capacifier") {
- env_: {
- BIND_PW: kube.SecretKeyRef(capacifier.secret, "bindPW"),
- },
- command+: [
- "-api_listen", "0.0.0.0:5000",
- "-ldap_bind_pw", "$(BIND_PW)",
- ],
- },
- ports+: {
- publicHTTP: {
- api: {
- port: 5000,
- dns: cfg.fqdn,
- }
- },
- },
- },
-
- secret: kube.Secret("capacifier") {
- metadata+: capacifier.metadata,
- data_: {
- bindPW: cfg.ldapBindPassword,
- },
- },
- },
-}
diff --git a/hswaw/kube/hswaw.jsonnet b/hswaw/kube/hswaw.jsonnet
index 76d318e..f7206ad 100644
--- a/hswaw/kube/hswaw.jsonnet
+++ b/hswaw/kube/hswaw.jsonnet
@@ -6,7 +6,6 @@
local frab = import "frab.libsonnet";
local pretalx = import "pretalx.libsonnet";
local cebulacamp = import "cebulacamp.libsonnet";
-local capacifier = import "capacifier.libsonnet";
{
hswaw(name):: mirko.Environment(name) {
@@ -19,7 +18,6 @@
frab: frab.cfg,
pretalx: pretalx.cfg,
cebulacamp: cebulacamp.cfg,
- capacifier: capacifier.cfg,
},
components: {
@@ -31,7 +29,6 @@
cronjob: null,
},
cebulacamp: cebulacamp.component(cfg.cebulacamp, env),
- capacifier: capacifier.component(cfg.capacifier, env),
},
},
@@ -68,9 +65,6 @@
cebulacamp+: {
webFQDN: "cebula.camp",
},
- capacifier+: {
- ldapBindPassword: std.split(importstr "secrets/plain/prod-capacifier-password", "\n")[0],
- },
},
},