Gitiles
Code Review Sign In
gerrit.hackerspace.pl / hscloud / 4768e2ff32461027bb6e48087769bd3765df87c2 / . / hswaw / capacifier / prod.jsonnet
blob: 1f4af02b86c1f44a667d765d4b79622c7c732473 [file] [log] [blame]
local kube = import "../../kube/kube.libsonnet";
{
local top = self,
local cfg = self.cfg,
cfg:: {
name: 'capacifier',
namespace: 'capacifier',
domain: 'capacifier.hackerspace.pl',
image: 'registry.k0.hswaw.net/q3k/capacifier@sha256:fd94b29bf711267235c96e5102ac4024e83e5851869a5e8814b83e76490c00af',
},
ns: kube.Namespace(cfg.namespace),
deployment: top.ns.Contain(kube.Deployment(cfg.name)) {
spec+: {
replicas: 3,
template+: {
spec+: {
containers_: {
default: kube.Container("default") {
image: cfg.image,
env_: {
LDAP_DN: "cn=capacifier,ou=Services,dc=hackerspace,dc=pl",
LDAP_PW: { secretKeyRef: { name: cfg.name, key: 'ldap_pw' } },
},
command: [
"/hswaw/capacifier/capacifier",
"-logtostderr",
"-api_listen", "0.0.0.0:8080",
"-ldap_bind_dn", "$(LDAP_DN)",
"-ldap_bind_pw", "$(LDAP_PW)",
],
resources: {
requests: { cpu: "25m", memory: "64Mi" },
limits: { cpu: "500m", memory: "128Mi" },
},
ports_: {
http: { containerPort: 8080 },
},
},
},
},
},
},
},
service: top.ns.Contain(kube.Service(cfg.name)) {
target_pod:: top.deployment.spec.template,
},
ingress: top.ns.Contain(kube.Ingress(cfg.name)) {
metadata+: {
annotations+: {
"kubernetes.io/tls-acme": "true",
"cert-manager.io/cluster-issuer": "letsencrypt-prod",
"nginx.ingress.kubernetes.io/proxy-body-size": "0",
},
},
spec+: {
tls: [ { hosts: [ cfg.domain ], secretName: cfg.name + "-tls" } ],
rules: [
{
host: cfg.domain,
http: {
paths: [
{ path: "/", backend: top.service.name_port },
],
},
},
],
},
},
}