| local kube = import "../../kube/kube.libsonnet"; |
| |
| { |
| local top = self, |
| local cfg = self.cfg, |
| |
| cfg:: { |
| name: 'ldapweb', |
| namespace: 'ldapweb', |
| domain: 'profile.hackerspace.pl', |
| image: 'registry.k0.hswaw.net/radex/ldap-web:1695415920', |
| }, |
| |
| ns: kube.Namespace(cfg.namespace), |
| |
| deployment: top.ns.Contain(kube.Deployment(cfg.name)) { |
| spec+: { |
| replicas: 1, |
| template+: { |
| spec+: { |
| volumes_: { |
| config: kube.ConfigMapVolume(top.configmap), |
| }, |
| containers_: { |
| default: kube.Container("default") { |
| image: cfg.image, |
| resources: { |
| requests: { cpu: "25m", memory: "64Mi" }, |
| limits: { cpu: "500m", memory: "128Mi" }, |
| }, |
| ports_: { |
| http: { containerPort: 8000 }, |
| }, |
| volumeMounts_: { |
| config: { mountPath: '/app/webapp/config.py', subPath: 'config.py' }, |
| } |
| }, |
| }, |
| }, |
| }, |
| }, |
| }, |
| |
| service: top.ns.Contain(kube.Service(cfg.name)) { |
| target_pod:: top.deployment.spec.template, |
| }, |
| |
| ingress: top.ns.Contain(kube.Ingress(cfg.name)) { |
| metadata+: { |
| annotations+: { |
| "kubernetes.io/tls-acme": "true", |
| "cert-manager.io/cluster-issuer": "letsencrypt-prod", |
| "nginx.ingress.kubernetes.io/proxy-body-size": "0", |
| }, |
| }, |
| spec+: { |
| tls: [ { hosts: [ cfg.domain ], secretName: cfg.name + "-tls" } ], |
| rules: [ |
| { |
| host: cfg.domain, |
| http: { |
| paths: [ |
| { path: "/", backend: top.service.name_port }, |
| ], |
| }, |
| }, |
| ], |
| }, |
| }, |
| |
| configmap: top.ns.Contain(kube.ConfigMap(cfg.name + "-config")) { |
| data: { |
| "config.py": ||| |
| import flask_wtf |
| import wtforms |
| import secrets |
| |
| secret_key = secrets.token_hex(32) |
| |
| ldap_url = 'ldap://ldap.hackerspace.pl' |
| dn_format = "uid=%s,ou=people,dc=hackerspace,dc=pl" |
| |
| ldapweb_admin_group = 'cn=zarzad,ou=Group,dc=hackerspace,dc=pl' |
| |
| ldap_base = 'dc=hackerspace,dc=pl' |
| ldap_people = 'ou=People,dc=hackerspace,dc=pl' |
| admin_groups = { |
| 'Fatty': 'cn=fatty,ou=Group,dc=hackerspace,dc=pl', |
| 'Starving': 'cn=starving,ou=Group,dc=hackerspace,dc=pl', |
| 'Potato': 'cn=potato,ou=Group,dc=hackerspace,dc=pl', |
| } |
| |
| admin_dn = 'cn=ldapweb,ou=Services,dc=hackerspace,dc=pl' |
| admin_pw = 'unused' |
| |
| hackerspace_name = 'Warsaw Hackerspace' |
| |
| readable_names = { |
| 'commonname': u'Common Name', |
| 'givenname': u'Given Name', |
| 'gecos': u'GECOS (public name)', |
| 'surname': u'Surname', |
| 'loginshell': u'Shell', |
| 'telephonenumber': 'Phone Number', |
| 'mobiletelephonenumber': 'Mobile Number', |
| 'sshpublickey': 'SSH Public Key', |
| 'mifareidhash': 'MIFARE ID Hash', |
| } |
| |
| full_name = { |
| 'cn': 'commonname', |
| 'gecos': 'gecos', |
| 'sn': 'surname', |
| 'mobile': 'mobiletelephonenumber', |
| 'l': 'locality', |
| } |
| |
| can_add = set([ |
| 'telephonenumber', |
| 'mobiletelephonenumber', |
| 'sshpublickey', |
| 'mifareidhash', |
| ]) |
| can_delete = can_add |
| can_modify = can_add | set([ |
| 'givenname', 'surname', 'commonname', 'gecos', |
| ]) |
| can = { 'add':can_add, 'mod':can_modify, 'del':can_delete } |
| admin_required = set() |
| |
| |
| perm_errors = { |
| 'add': 'You cannot add this attribute!', |
| 'mod': 'You cannot change this attribute!', |
| 'del': 'You cannot delete this attribute!', |
| } |
| std_templates = { |
| 'add': 'ops/add.html', |
| 'mod': 'ops/mod.html', |
| 'del': 'ops/del.html', |
| } |
| |
| |
| |
| default_field = (wtforms.fields.StringField, {}) |
| fields = { 'telephonenumber': (wtforms.fields.StringField, {'validators': [wtforms.validators.Regexp(r'[+0-9 ]+')]})} |
| |
| kadmin_passwd = True |
| kadmin_principal_map = "{}@HACKERSPACE.PL" |
| |
| TOKEN_LENGTH = 32 |
| |||, |
| }, |
| }, |
| |
| admins: top.ns.Contain(kube.RoleBinding("admins")) { |
| roleRef: { |
| apiGroup: "rbac.authorization.k8s.io", |
| kind: "ClusterRole", |
| name: "system:admin-namespace", |
| }, |
| subjects: [ |
| kube.User("radex@hackerspace.pl"), |
| ], |
| }, |
| |
| } |