kube: clean up (various)
Change-Id: Idc11cf70fa7fd0360f63438270748ef1d9bad989
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1810
Reviewed-by: q3k <q3k@hackerspace.pl>
diff --git a/app/onlyoffice/prod.jsonnet b/app/onlyoffice/prod.jsonnet
index d1ea875..3d492b0 100644
--- a/app/onlyoffice/prod.jsonnet
+++ b/app/onlyoffice/prod.jsonnet
@@ -3,7 +3,6 @@
// kubectl -n onlyoffice-prod create secret generic documentserver-jwt --from-literal=jwt=$(pwgen 32 1)
local kube = import "../../kube/hscloud.libsonnet";
-local policies = import "../../kube/policies.libsonnet";
{
onlyoffice:: {
@@ -77,11 +76,6 @@
hosts:: [cfg.domain],
target:: top.svc,
},
-
- // Needed because the documentserver runs its own supervisor, and:
- // - rabbitmq wants to mkdir in /run, which starts out with the wrong permissions
- // - nginx wants to bind to port 80
- insecure: policies.AllowNamespaceInsecure(cfg.namespace),
},
prod: self.onlyoffice {
diff --git a/bgpwtf/cccampix/kube/ix.libsonnet b/bgpwtf/cccampix/kube/ix.libsonnet
index fdc6e25..4e2d610 100644
--- a/bgpwtf/cccampix/kube/ix.libsonnet
+++ b/bgpwtf/cccampix/kube/ix.libsonnet
@@ -116,11 +116,6 @@
svc: kube.Service(ix.name("octorpki")) {
metadata+: ix.metadata("octorpki"),
target:: ix.octorpki.deployment,
- spec+: {
- ports: [
- { name: "client", port: 8080, targetPort: 8080, protocol: "TCP" },
- ],
- },
},
},
diff --git a/cluster/kube/k0.libsonnet b/cluster/kube/k0.libsonnet
index 131419c..ed24565 100644
--- a/cluster/kube/k0.libsonnet
+++ b/cluster/kube/k0.libsonnet
@@ -318,6 +318,10 @@
policies.AllowNamespaceInsecure("implr-vpn"),
// For SourceGraph's tini container mess.
policies.AllowNamespaceMostlySecure("sourcegraph"),
+ // Needed because the documentserver runs its own supervisor, and:
+ // - rabbitmq wants to mkdir in /run, which starts out with the wrong permissions
+ // - nginx wants to bind to port 80
+ policies.AllowNamespaceInsecure("onlyoffice-prod"),
],
# Admission controller that permits non-privileged users to manage
diff --git a/games/factorio/kube/proxy.libsonnet b/games/factorio/kube/proxy.libsonnet
index 75c834d..6fbebda 100644
--- a/games/factorio/kube/proxy.libsonnet
+++ b/games/factorio/kube/proxy.libsonnet
@@ -3,23 +3,19 @@
{
local top = self,
local cfg = top.cfg,
+ local ns = kube.Namespace(cfg.namespace),
cfg:: {
image:: "registry.k0.hswaw.net/games/factorio/modproxy:1589157915-eafe7be328477e8a6590c4210466ef12901f1b9a",
namespace: error "namespace must be set",
},
- pvc: kube.PersistentVolumeClaim("proxy-cas") {
- metadata+: {
- namespace: cfg.namespace,
- },
+ pvc: ns.Contain(kube.PersistentVolumeClaim("proxy-cas")) {
storage:: "32Gi",
storageClass:: "waw-hdd-redundant-3",
},
- deploy: kube.Deployment("proxy") {
- metadata+: {
- namespace: "factorio",
- },
+
+ deploy: ns.Contain(kube.Deployment("proxy")) {
spec+: {
template+: {
spec+: {
@@ -47,15 +43,8 @@
},
},
},
- svc: kube.Service("proxy") {
- metadata+: {
- namespace: "factorio",
- },
+
+ svc: ns.Contain(kube.Service("proxy")) {
target:: top.deploy,
- spec+: {
- ports: [
- { name: "client", port: 4200, targetPort: 4200, protocol: "TCP" },
- ],
- },
},
}
diff --git a/hswaw/paperless/paperless.libsonnet b/hswaw/paperless/paperless.libsonnet
index 884bec8..c2bc108 100644
--- a/hswaw/paperless/paperless.libsonnet
+++ b/hswaw/paperless/paperless.libsonnet
@@ -15,6 +15,7 @@
local cfg = self.cfg,
cfg:: {
+ name: "paperless",
namespace: "paperless",
domain: "paperless.hackerspace.pl",
@@ -71,7 +72,7 @@
storageClass:: cfg.storageClassName,
},
- deploy: ns.Contain(kube.Deployment("paperless")) {
+ deploy: ns.Contain(kube.Deployment(cfg.name)) {
spec+: {
replicas: 1,
template+: {
@@ -169,11 +170,11 @@
},
},
- service: ns.Contain(kube.Service("paperless")) {
+ service: ns.Contain(kube.Service(cfg.name)) {
target:: top.deploy,
},
- ingress: ns.Contain(kube.SimpleIngress("paperless")) {
+ ingress: ns.Contain(kube.SimpleIngress(cfg.name)) {
hosts:: [cfg.domain],
target:: top.service,
},
diff --git a/ops/monitoring/lib/global.libsonnet b/ops/monitoring/lib/global.libsonnet
index 8477ad4..3b64290 100644
--- a/ops/monitoring/lib/global.libsonnet
+++ b/ops/monitoring/lib/global.libsonnet
@@ -87,6 +87,7 @@
spec+: {
template+: {
spec+: {
+ default_container: "vmauth",
containers_: {
default: kube.Container("default") {
image: cfg.images.victoria,
@@ -119,12 +120,6 @@
serviceAPI: ns.Contain(kube.Service("victoria-api")) {
target:: victoria.deploy,
- spec+: {
- ports: [
- { name: "api", port: 8427, targetPort: 8427, protocol: "TCP" },
- ],
- type: "ClusterIP",
- },
},
ingressAPI: ns.Contain(kube.SimpleIngress("victoria-api")) {
@@ -241,11 +236,6 @@
service: ns.Contain(kube.Service("grafana-public")) {
target:: grafana.deploy,
- spec+: {
- ports: [
- { name: "public", port: 3000, targetPort: 3000, protocol: "TCP" },
- ],
- },
},
ingress: ns.Contain(kube.SimpleIngress("grafana-public")) {
diff --git a/ops/sso/kube/sso.libsonnet b/ops/sso/kube/sso.libsonnet
index 24d5d68..cfed91e 100644
--- a/ops/sso/kube/sso.libsonnet
+++ b/ops/sso/kube/sso.libsonnet
@@ -7,6 +7,7 @@
local cfg = top.cfg,
cfg:: {
+ name: 'sso',
namespace: "sso",
image: "registry.k0.hswaw.net/informatic/sso-v2@sha256:1118effa697489028c3cd5a6786d3f94f16dbbe2810b1bf1b0f65ea15bac1914",
domain: error "domain must be set",
@@ -26,7 +27,7 @@
local ns = kube.Namespace(top.cfg.namespace),
- deployment: ns.Contain(kube.Deployment("sso")) {
+ deployment: ns.Contain(kube.Deployment(cfg.name)) {
spec+: {
replicas: 1,
template+: {
@@ -99,17 +100,11 @@
},
},
- svc: ns.Contain(kube.Service("sso")) {
+ svc: ns.Contain(kube.Service(cfg.name)) {
target:: top.deployment,
- spec+: {
- ports: [
- { name: "http", port: 5000, targetPort: 5000, protocol: "TCP" },
- ],
- type: "ClusterIP",
- },
},
- ingress: ns.Contain(kube.SimpleIngress("sso")) {
+ ingress: ns.Contain(kube.SimpleIngress(cfg.name)) {
hosts:: [cfg.domain],
target:: top.svc,
},