blob: 2388529612d59fa218435891a9a576f5d9ec5757 [file] [log] [blame]
local mirko = import "../../kube/mirko.libsonnet";
local kube = import "../../kube/kube.libsonnet";
local postgres = import "../../kube/postgres.libsonnet";
local redis = import "../../kube/redis.libsonnet";
// Copy over the secret from the ceph cluster namespace to the environment
// namespace. Eg.
// cluster=ceph-waw3
// pool=waw-hdd-redundant-3-object
// namespace=hswaw-prod
// kubectl get -n $cluster secret rook-ceph-object-user-$pool-$namespace-pretalx-s3 -o json > hswaw/kube/secrets/plain/prod-pretalx-s3.json
{
local cfg = self.cfg,
cfg:: {
// q3k's fork for S3 support (q3k/s3)
image: "registry.k0.hswaw.net/q3k/pretalx-docker:20200217-1581977177",
storageClassName: error "storageClassName must be set!",
webFQDN: error "webFQDN must be set!",
smtpPassword: error "smtpPassword must be set!",
s3: {
cluster: "ceph-waw3",
pool: "waw-hdd-redundant-3-object",
credsSecret: error "credsSecret msut be set",
},
smtp: {
server: "mail.hackerspace.pl",
from: "pretalx@hackerspace.pl",
username: "pretalx",
},
},
component(cfg, env): mirko.Component(env, "pretalx") {
local pretalx = self,
cfg+: {
image: cfg.image,
volumes+: {
data: kube.PersistentVolumeClaimVolume(pretalx.volumeData),
config: kube.SecretVolume(pretalx.config),
},
pgpass:: { secretKeyRef: { name: pretalx.makeName("-postgres"), key: "postgres_password", } },
containers:: {
default: pretalx.Container("main") {
volumeMounts_+: {
data: { mountPath: "/data", },
config: { mountPath: "/etc/pretalx" },
},
workingDir: "/pretalx/src",
command: [
"gunicorn", "pretalx.wsgi",
"--name", "pretalx",
"--workers", "4",
"--max-requests", "1200",
"--max-requests-jitter", "50",
"--log-level", "info",
"--bind", "0.0.0.0:8080",
],
env_: {
PRETALX_DB_PASS: pretalx.cfg.pgpass,
HOME: "/pretalx",
PRETALX_DATA_DIR: "/data",
},
resources: {
// thicc Python
requests: {
cpu: "100m",
memory: "512Mi",
},
limits: {
cpu: "1",
memory: "2Gi",
},
},
},
worker: pretalx.Container("worker") {
volumeMounts_+: {
data: { mountPath: "/data", },
config: { mountPath: "/etc/pretalx" },
},
workingDir: "/pretalx/src",
command: [
"celery", "-A", "pretalx.celery_app", "worker",
"-l", "info",
],
env_: {
PRETALX_DB_PASS: pretalx.cfg.pgpass,
HOME: "/pretalx",
PRETALX_DATA_DIR: "/data",
},
resources: {
// thicc Python
requests: {
cpu: "100m",
memory: "512Mi",
},
limits: {
cpu: "1",
memory: "2Gi",
},
},
},
},
securityContext: {
runAsUser: 999,
},
ports+: {
publicHTTP: {
web: {
port: 8080,
dns: cfg.webFQDN,
},
},
},
},
secret: kube.Secret(pretalx.makeName("secret")) {
metadata+: pretalx.metadata,
data: {
smtpPassword: cfg.smtpPassword,
},
},
cronjob: kube.CronJob(pretalx.makeName("runperiodic")) {
metadata+: pretalx.metadata,
spec+: {
schedule: "*/5 * * * *",
jobTemplate+: {
spec+: {
selector:: null,
template+: {
spec+: {
containers_: {
runperiodic: kube.Container("runperiodic") {
image: cfg.image,
workingDir: "/pretalx/src",
volumeMounts_+: {
config: { mountPath: "/etc/pretalx" },
},
env_: {
PRETALX_DB_PASS: pretalx.cfg.pgpass,
HOME: "/pretalx",
PRETALX_DATA_DIR: "/data",
},
command: [
"python3", "-m", "pretalx",
"runperiodic",
],
},
},
securityContext: {
runAsUser: 999,
},
volumes_+: {
config: kube.SecretVolume(pretalx.config),
},
},
},
},
},
},
},
config: kube.Secret(pretalx.makeName("-config")) {
metadata+: pretalx.metadata,
data: {
"pretalx.cfg": std.base64(std.manifestIni({
sections: {
filesystem: {
data: "/data", media: "/data/media", logs: "/data/logs",
},
site: {
debug: false,
url: "https://%s" % cfg.webFQDN,
},
s3media: {
bucket: "pretalx-prod",
access_key_id: std.base64Decode(cfg.s3.credsSecret.data.AccessKey),
secret_access_key: std.base64Decode(cfg.s3.credsSecret.data.SecretKey),
endpoint: "https://object.ceph-waw3.hswaw.net",
},
database: {
backend: "postgresql",
name: "pretalx",
user: "pretalx",
// password: ... // provided by environment variable from secret
host: pretalx.postgres.bouncer.svc.host,
//port: 5432
},
mail: {
from: cfg.smtp.from,
host: cfg.smtp.server,
port: 587,
user: cfg.smtp.username,
password: cfg.smtpPassword,
tls: "True",
},
celery: {
backend: "redis://%s/1" % [pretalx.redis.svc.host],
broker: "redis://%s/2" % [pretalx.redis.svc.host],
},
},
})),
},
},
postgres: postgres {
cfg+: {
namespace: pretalx.metadata.namespace,
appName: pretalx.makeName("-pretalx"),
storageClassName: cfg.storageClassName,
prefix: pretalx.makeName("-postgres") + "-",
database: "pretalx",
username: "pretalx",
password: pretalx.cfg.pgpass,
},
},
redis: redis {
cfg+: {
namespace: pretalx.metadata.namespace,
appName: pretalx.makeName("-pretalx"),
storageClassName: cfg.storageClassName,
prefix: pretalx.makeName("-redis") + "-",
},
},
volumeData: kube.PersistentVolumeClaim(pretalx.makeName("-data")) {
metadata+: pretalx.metadata,
spec+: {
storageClassName: cfg.storageClassName,
accessModes: ["ReadWriteOnce"],
resources: {
requests: {
storage: "5Gi",
},
},
},
},
s3: kube.CephObjectStoreUser(pretalx.makeNameGlobal("-s3")) {
metadata+: {
namespace: cfg.s3.cluster,
},
spec: {
store: cfg.s3.pool,
displayName: pretalx.makeNameGlobal("-s3"),
},
},
},
}