hswaw/walne: initial deployment
Co-authored-by: Palid <palid@hackerspace.pl>
Change-Id: I7c5ef8a1d310821937c49598c4bd983f80a8fbcb
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1741
Reviewed-by: q3k <q3k@hackerspace.pl>
diff --git a/app/walne/prod.jsonnet b/app/walne/prod.jsonnet
new file mode 100644
index 0000000..da98b70
--- /dev/null
+++ b/app/walne/prod.jsonnet
@@ -0,0 +1,57 @@
+local kube = import '../../kube/hscloud.libsonnet';
+
+{
+ local top = self,
+ local cfg = top.cfg,
+
+ cfg:: {
+ name: 'walne',
+ namespace: 'walne',
+ domain: 'walne.hackerspace.pl',
+ image: 'registry.k0.hswaw.net/radex/walne:1698228636',
+ oauthClientId: '992f3daf-a30e-4409-baad-e7b0e4bc2a2e',
+ },
+
+ // kubectl -n walne create secret generic walne --from-literal=ldap_password=xxx --from-literal=oauth_secret=xxx --from-literal=next_auth_secret=$(pwgen 32 1)
+ secrets:: {
+ ldap: { secretKeyRef: { name: cfg.name, key: 'ldap_password' },},
+ ouath: { secretKeyRef: { name: cfg.name, key: 'oauth_secret' } },
+ nextAuth: { secretKeyRef: { name: cfg.name, key: 'next_auth_secret' } },
+ },
+
+ ns: kube.Namespace(cfg.namespace),
+ deployment: top.ns.Contain(kube.Deployment(cfg.name)) {
+ spec+: {
+ template+: {
+ spec+: {
+ containers_: {
+ default: kube.Container('default') {
+ image: cfg.image,
+ ports_: {
+ web: { containerPort: 3000 },
+ },
+ env_: {
+ LDAP_USER_DN: 'cn=walone-generator,ou=services,dc=hackerspace,dc=pl',
+ LDAP_USER_PW: top.secrets.ldap,
+ ALLOWED_LDAP_GROUPS: 'zarzad,rewizja,staff,walne-users',
+ HSWAW_AUTH_CLIENT_ID: cfg.oauthClientId,
+ HSWAW_AUTH_CLIENT_SECRET: top.secrets.ouath,
+ AUTH_SECRET: top.secrets.nextAuth,
+ REDIRECT_PROXY_URL: 'https://' + cfg.domain + '/auth',
+ },
+ },
+ },
+ },
+ },
+ },
+ },
+
+ service: top.ns.Contain(kube.Service(cfg.name)) {
+ target_pod:: top.deployment.spec.template,
+ },
+
+ ingress: top.ns.Contain(kube.SimpleIngress(cfg.name)) {
+ hosts:: [cfg.domain],
+ target_service:: top.service,
+ },
+}