hswaw/ldapweb/prod.jsonnet - hscloud - Gitiles

 local kube = import "../../kube/kube.libsonnet";

 {
     local top = self,
     local cfg = self.cfg,

     cfg:: {
         name: 'ldapweb',
         namespace: 'ldapweb',
         domain: 'profile.hackerspace.pl',
         image: 'registry.k0.hswaw.net/radex/ldap-web:1697292240',
     },

     secrets:: {
         admin_password: { secretKeyRef: { name: cfg.name, key: 'admin_password' } },
     },

     ns: kube.Namespace(cfg.namespace),

     deployment: top.ns.Contain(kube.Deployment(cfg.name)) {
         spec+: {
             replicas: 1,
             template+: {
                 spec+: {
                     containers_: {
                         default: kube.Container("default") {
                             image: cfg.image,
                             resources: {
                                 requests: { cpu: "25m", memory: "256Mi" },
                                 limits: { cpu: "500m", memory: "512Mi" },
                             },
                             ports_: {
                                 http: { containerPort: 8000 },
                             },
                             env_: {
                                 LDAPWEB_ADMIN_GROUPS: 'ldap-admin,staff,zarzad',
                                 LDAPWEB_ACTIVE_GROUPS: 'fatty,starving,potato',
                                 LDAPWEB_ADMIN_DN: 'cn=ldapweb,ou=services,dc=hackerspace,dc=pl',
                                 LDAPWEB_ADMIN_PASSWORD: top.secrets.admin_password,
                                 LDAPWEB_AVATAR_CACHE_TIMEOUT: '1800',
                             }
                         },
                     },
                 },
             },
         },
     },

     service: top.ns.Contain(kube.Service(cfg.name)) {
         target_pod:: top.deployment.spec.template,
     },

     ingress: top.ns.Contain(kube.Ingress(cfg.name)) {
         metadata+: {
             annotations+: {
                 "kubernetes.io/tls-acme": "true",
                 "cert-manager.io/cluster-issuer": "letsencrypt-prod",
                 "nginx.ingress.kubernetes.io/proxy-body-size": "0",
             },
         },
         spec+: {
             tls: [ { hosts: [ cfg.domain ], secretName: cfg.name + "-tls" } ],
             rules: [
                 {
                     host: cfg.domain,
                     http: {
                         paths:  [
                             { path: "/", backend: top.service.name_port },
                         ],
                     },
                 },
             ],
         },
     },
 }
	local kube = import "../../kube/kube.libsonnet";

	{
	local top = self,
	local cfg = self.cfg,

	cfg:: {
	name: 'ldapweb',
	namespace: 'ldapweb',
	domain: 'profile.hackerspace.pl',
	image: 'registry.k0.hswaw.net/radex/ldap-web:1697292240',
	},

	secrets:: {
	admin_password: { secretKeyRef: { name: cfg.name, key: 'admin_password' } },
	},

	ns: kube.Namespace(cfg.namespace),

	deployment: top.ns.Contain(kube.Deployment(cfg.name)) {
	spec+: {
	replicas: 1,
	template+: {
	spec+: {
	containers_: {
	default: kube.Container("default") {
	image: cfg.image,
	resources: {
	requests: { cpu: "25m", memory: "256Mi" },
	limits: { cpu: "500m", memory: "512Mi" },
	},
	ports_: {
	http: { containerPort: 8000 },
	},
	env_: {
	LDAPWEB_ADMIN_GROUPS: 'ldap-admin,staff,zarzad',
	LDAPWEB_ACTIVE_GROUPS: 'fatty,starving,potato',
	LDAPWEB_ADMIN_DN: 'cn=ldapweb,ou=services,dc=hackerspace,dc=pl',
	LDAPWEB_ADMIN_PASSWORD: top.secrets.admin_password,
	LDAPWEB_AVATAR_CACHE_TIMEOUT: '1800',
	}
	},
	},
	},
	},
	},
	},

	service: top.ns.Contain(kube.Service(cfg.name)) {
	target_pod:: top.deployment.spec.template,
	},

	ingress: top.ns.Contain(kube.Ingress(cfg.name)) {
	metadata+: {
	annotations+: {
	"kubernetes.io/tls-acme": "true",
	"cert-manager.io/cluster-issuer": "letsencrypt-prod",
	"nginx.ingress.kubernetes.io/proxy-body-size": "0",
	},
	},
	spec+: {
	tls: [ { hosts: [ cfg.domain ], secretName: cfg.name + "-tls" } ],
	rules: [
	{
	host: cfg.domain,
	http: {
	paths: [
	{ path: "/", backend: top.service.name_port },
	],
	},
	},
	],
	},
	},
	}