app: +inventory (spejstore)
Co-authored-by: Radek Pietruszewski <radexpl@gmail.com>
Change-Id: If334f59ae8fe13c6e9362c080b22d53ced49f3ea
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1572
Reviewed-by: q3k <q3k@hackerspace.pl>
diff --git a/app/inventory/prod.jsonnet b/app/inventory/prod.jsonnet
new file mode 100644
index 0000000..f7d4510
--- /dev/null
+++ b/app/inventory/prod.jsonnet
@@ -0,0 +1,119 @@
+local kube = import '../../kube/kube.libsonnet';
+local postgres = import '../../kube/postgres_v.libsonnet';
+
+{
+ local top = self,
+ local cfg = top.cfg,
+
+ cfg:: {
+ name: 'inventory',
+ namespace: 'inventory',
+ domain: 'inventory.hackerspace.pl',
+
+ image: 'registry.k0.hswaw.net/palid/spejstore:1694280421',
+ db: {
+ name: 'inventory',
+ username: 'inventory',
+ },
+ oauthClientId: '82fffb65-0bbd-4d18-becd-0ce0b31373cf',
+ storageClassName: 'waw-hdd-redundant-3',
+
+ mediaPath: '/var/www/media',
+ },
+
+ secrets:: {
+ postgres: { secretKeyRef: { name: cfg.name, key: 'postgres_password' } },
+ oauth: { secretKeyRef: { name: cfg.name, key: 'oauth_secret' } },
+ },
+
+ ns: kube.Namespace(cfg.namespace),
+ deployment: top.ns.Contain(kube.Deployment(cfg.name)) {
+ spec+: {
+ template+: {
+ spec+: {
+ volumes_: {
+ media: kube.PersistentVolumeClaimVolume(top.media),
+ },
+ containers_: {
+ default: kube.Container('default') {
+ image: cfg.image,
+ ports_: {
+ web: { containerPort: 8000 },
+ },
+ env_: {
+ SPEJSTORE_ENV: 'prod',
+ SPEJSTORE_DB_NAME: cfg.db.name,
+ SPEJSTORE_DB_USER: cfg.db.username,
+ SPEJSTORE_DB_PASSWORD: top.secrets.postgres,
+ SPEJSTORE_DB_HOST: top.psql.svc.host,
+ SPEJSTORE_DB_PORT: top.psql.svc.port,
+ SPEJSTORE_ALLOWED_HOSTS: cfg.domain,
+ SPEJSTORE_CLIENT_ID: cfg.oauthClientId,
+ SPEJSTORE_SECRET: top.secrets.oauth,
+ SPEJSTORE_MEDIA_ROOT: cfg.mediaPath,
+ SPEJSTORE_REQUIRE_AUTH: 'true',
+ SPEJSTORE_LAN_ALLOWED_ADDRESS_SPACE: '185.236.240.5',
+ },
+ volumeMounts_: {
+ media: { mountPath: cfg.mediaPath },
+ },
+ },
+ },
+ },
+ },
+ },
+ },
+
+ media: top.ns.Contain(kube.PersistentVolumeClaim(cfg.name)) {
+ spec+: {
+ storageClassName: cfg.storageClassName,
+ accessModes: ['ReadWriteOnce'],
+ resources: {
+ requests: {
+ storage: '20Gi',
+ },
+ },
+ },
+ },
+
+ psql: postgres {
+ cfg+: {
+ namespace: cfg.namespace,
+ appName: cfg.name,
+ storageClassName: cfg.storageClassName,
+ version: '15.4',
+
+ database: cfg.db.name,
+ username: cfg.db.username,
+ password: top.secrets.postgres,
+ },
+ bouncer: {},
+ },
+
+ service: top.ns.Contain(kube.Service(cfg.name)) {
+ target_pod:: top.deployment.spec.template,
+ },
+
+ ingress: top.ns.Contain(kube.Ingress(cfg.name)) {
+ metadata+: {
+ annotations+: {
+ 'kubernetes.io/tls-acme': 'true',
+ 'cert-manager.io/cluster-issuer': 'letsencrypt-prod',
+ 'nginx.ingress.kubernetes.io/proxy-body-size': '0',
+ },
+ },
+ spec+: {
+ tls: [{ hosts: [cfg.domain], secretName: cfg.name + '-tls' }],
+ rules: [
+ {
+ host: cfg.domain,
+ http: {
+ paths: [
+ { path: '/', backend: top.service.name_port },
+ ],
+ },
+ },
+ ],
+ },
+ },
+}