Gitiles
Code Review Sign In
gerrit.hackerspace.pl / hscloud / 3e2a5a5957cdffd6e7b6c705ed8b8aa0eed1fd57 / . / devtools / issues / redmine.libsonnet
blob: 208009300d779f73a94a2a490cb3754a6ec89d58 [file] [log] [blame]
local kube = import "../../kube/kube.libsonnet";
local postgres = import "../../kube/postgres.libsonnet";
{
local app = self,
local cfg = app.cfg,
cfg:: {
namespace: "redmine",
image: "registry.k0.hswaw.net/informatic/redmine@sha256:b04d1fd04549424e505722c9feb0b6741a057cb8f0fab68ad3730ecb167417df",
domain: error "domain must be set",
storageClassName: "waw-hdd-redundant-3",
database: {
host: "postgres",
name: "redmine",
username: "redmine",
password: { secretKeyRef: { name: "redmine", key: "postgres_password" } },
port: 5432,
},
b: {
domains: [],
image: "registry.k0.hswaw.net/q3k/b:315532800-6cc2f867951e123909b23955cd7bcbcc3ec24f8a",
},
storage: {
endpoint: error "storage.endpoint must be set",
region: error "storage.region must be set",
bucket: error "storage.bucket must be set",
accessKey: error "storage.accessKey must be set",
secretKey: error "storage.secretKey must be set",
},
oidc: {
server: error "oidc.server must be set",
clientID: error "oidc.clientID must be set",
clientSecret: error "oidc.clientSecret must be set",
},
# Mailing configuration object passed to smtp_settings
mailing: {
address: error "mailing.address must be set",
port: 465,
ssl: true,
domain: error "mailing.domain must be set",
authentication: ":login",
user_name: error "mailing.user_name must be set",
password: error "mailing.password must be set",
},
},
# Generates YAML file while preserving specified ruby-style symbols.
# (ie. removes surrounding quotes)
rubyYaml(obj, symbols):: std.foldr(function (symbol, str) std.strReplace(str, '"%s"' % symbol, symbol), symbols, std.manifestYamlDoc(obj)),
ns: kube.Namespace(app.cfg.namespace),
postgres: postgres {
cfg+: {
namespace: cfg.namespace,
appName: "redmine",
database: cfg.database.name,
username: cfg.database.username,
password: cfg.database.password,
storageClassName: cfg.storageClassName,
},
},
deployment: app.ns.Contain(kube.Deployment("redmine")) {
spec+: {
replicas: 1,
template+: {
spec+: {
securityContext: {
runAsUser: 999,
runAsGroup: 999,
fsGroup: 999,
},
containers_: {
web: kube.Container("redmine") {
image: cfg.image,
args: ['sh', '-c', |||
set -e
echo "${X_EXTRA_CONFIGURATION}" > config/configuration.yml
exec /docker-entrypoint.sh rails server -b 0.0.0.0
|||],
ports_: {
http: { containerPort: 3000 },
},
env_: {
REDMINE_DB_POSTGRES: cfg.database.host,
REDMINE_DB_PORT: cfg.database.port,
REDMINE_DB_USERNAME: cfg.database.username,
REDMINE_DB_PASSWORD: cfg.database.password,
REDMINE_DB_DATABASE: cfg.database.name,
REDMINE_SECRET_KEY_BASE: { secretKeyRef: { name: "redmine", key: "secret_key" } },
REDMINE_OIDC_SERVER: cfg.oidc.server,
REDMINE_OIDC_CLIENT_ID: cfg.oidc.clientID,
REDMINE_OIDC_CLIENT_SECRET: cfg.oidc.clientSecret,
REDMINE_OIDC_ADMIN_GROUP: "issues-admin",
REDMINE_S3_ENDPOINT: cfg.storage.endpoint,
REDMINE_S3_BUCKET: cfg.storage.bucket,
REDMINE_S3_ACCESS_KEY_ID: cfg.storage.accessKey,
REDMINE_S3_SECRET_ACCESS_KEY: cfg.storage.secretKey,
REDMINE_S3_REGION: cfg.storage.region,
REDMINE_MAILING_PASSWORD: cfg.mailing.password,
X_EXTRA_CONFIGURATION: app.rubyYaml({
production: {
email_delivery: {
delivery_method: ":smtp",
smtp_settings: cfg.mailing {
password: "$(REDMINE_MAILING_PASSWORD)",
},
}
},
}, [":smtp", ":login"]),
},
},
},
},
},
},
},
svc: app.ns.Contain(kube.Service("redmine")) {
target_pod:: app.deployment.spec.template,
},
ingress: app.ns.Contain(kube.Ingress("redmine")) {
metadata+: {
annotations+: {
"kubernetes.io/tls-acme": "true",
"certmanager.k8s.io/cluster-issuer": "letsencrypt-prod",
"nginx.ingress.kubernetes.io/proxy-body-size": "0",
},
},
spec+: {
tls: [
{
hosts: [cfg.domain],
secretName: "redmine-tls",
},
],
rules: [
{
host: cfg.domain,
http: {
paths: [
{ path: "/", backend: app.svc.name_port },
]
},
}
],
},
},
b: (if std.length(cfg.b.domains) > 0 then {
deployment: app.ns.Contain(kube.Deployment("b")) {
spec+: {
replicas: 3,
template+: {
spec+: {
containers_: {
default: kube.Container("default") {
image: "registry.k0.hswaw.net/q3k/b:315532800-6cc2f867951e123909b23955cd7bcbcc3ec24f8a",
ports_: {
http: { containerPort: 8000 },
},
command: [
"/devtools/issues/b",
],
},
},
},
},
},
},
svc: app.ns.Contain(kube.Service("b")) {
target_pod:: app.b.deployment.spec.template,
},
ingress: app.ns.Contain(kube.Ingress("b")) {
metadata+: {
annotations+: {
"kubernetes.io/tls-acme": "true",
"certmanager.k8s.io/cluster-issuer": "letsencrypt-prod",
"nginx.ingress.kubernetes.io/proxy-body-size": "0",
},
},
spec+: {
tls: [
{
hosts: cfg.b.domains,
secretName: "b-tls",
},
],
rules: [
{
host: domain,
http: {
paths: [
{ path: "/", backend: app.b.svc.name_port },
]
},
}
for domain in cfg.b.domains
],
},
}
} else {}),
}