commit 5e695e8f9b7496e6b6cb958fde6f2687af17d37b
author Serge Bazanski <q3k@hackerspace.pl> Sun Mar 07 14:29:40 2021 +0000
committer Serge Bazanski <q3k@hackerspace.pl> Sun Mar 07 16:57:02 2021 +0100
tree 7c5bbcf9af49dac0e1e408da5775b6101a4eef31
parent be3adb9e0955b82fcd4f0b008cc9444318fdb28f

hswaw/oodviewer: init

This brings oodviewer into k0.

oodviewer started as a py2/flask script running on q3k's personal infra,
which is now being turned down.

This is a rewrite of that script into similarly mediocre Go, conforming
to the exact same mediocre JSON API and spartan HTML interface.

This also deploys it into k0 in the oodviewer-prod namespace. It's
already running, but the 'oodviewer.q3k.me' TTL has to expire before it
begins handling traffic.

Change-Id: Ieef1b0f8f0c60e6fa5dbe7701e0a07a4257f99ce

hswaw/oodviewer/prod.jsonnet

diff --git a/hswaw/oodviewer/prod.jsonnet b/hswaw/oodviewer/prod.jsonnet
new file mode 100644
index 0000000..e06b368
--- /dev/null
+++ b/hswaw/oodviewer/prod.jsonnet
@@ -0,0 +1,85 @@
+// Production deployment of oodviewer.q3k.me.
+//
+// See README.md for more information.
+
+local kube = import "../../kube/kube.libsonnet";
+
+{
+    local top = self,
+    local cfg = self.cfg,
+    ns: kube.Namespace("oodviewer-prod"),
+
+    cfg:: {
+        dbUser: "ood",
+        dbPass: std.split(importstr "secrets/plain/postgres-pass", "\n")[0],
+        dbHost: "hackerspace.pl",
+        dbName: "ood",
+        postgresConnectionString: "postgres://%s:%s@%s/%s?sslmode=disable" % [cfg.dbUser, cfg.dbPass, cfg.dbHost, cfg.dbName],
+
+        image: "registry.k0.hswaw.net/q3k/oodviewer:315532800-937278cfb82e41dd2d2010cbd184834b3392116b",
+        domain: "oodviewer.q3k.me",
+    },
+
+    secret: top.ns.Contain(kube.Secret("oodviewer")) {
+        data_: {
+            "postgres": cfg.postgresConnectionString,
+        },
+    },
+
+    deploy: top.ns.Contain(kube.Deployment("oodviewer")) {
+        spec+: {
+            replicas: 3,
+            template+: {
+                spec+: {
+                    containers_: {
+                        default: kube.Container("default") {
+                            image: cfg.image,
+                            command: [
+                                "/hswaw/oodviewer",
+                                "-listen", "0.0.0.0:8080",
+                                "-postgres", "$(POSTGRES)",
+                            ],
+                            env_: {
+                                POSTGRES: kube.SecretKeyRef(top.secret, "postgres"),
+                            },
+                            resources: {
+                                requests: { cpu: "0.01", memory: "64M" },
+                                limits: { cpu: "1", memory: "256M" },
+                            },
+                            ports_: {
+                                http: { containerPort: 8080 },
+                            },
+                        },
+                    },
+                },
+            },
+        },
+    },
+
+    service: top.ns.Contain(kube.Service("oodviewer")) {
+        target_pod:: top.deploy.spec.template,
+    },
+
+    ingress: top.ns.Contain(kube.Ingress("oodviewer")) {
+        metadata+: {
+            annotations+: {
+                "kubernetes.io/tls-acme": "true",
+                "certmanager.k8s.io/cluster-issuer": "letsencrypt-prod",
+                "nginx.ingress.kubernetes.io/proxy-body-size": "0",
+            },
+        },
+        spec+: {
+            tls: [ { hosts: [ cfg.domain ], secretName: "oodviewer-tls" } ],
+            rules: [
+                {
+                    host: cfg.domain,
+                    http: {
+                        paths:  [
+                            { path: "/", backend: top.service.name_port },
+                        ],
+                    },
+                },
+            ],
+        },
+    }
+}