app/covid-formity: covid19 hackerspace relief form
Change-Id: I952ca040e85e6305d5241816c3afa8ae69031d5f
diff --git a/app/covid-formity/prod.jsonnet b/app/covid-formity/prod.jsonnet
new file mode 100644
index 0000000..a6ca8ab
--- /dev/null
+++ b/app/covid-formity/prod.jsonnet
@@ -0,0 +1,106 @@
+# covid19.hackerspace.pl, a covid-formity instance.
+# This needs a secret provisioned, create with:
+# kubectl -n covid-formity create secret generic covid-formity --from-literal=postgres_password=$(pwgen 24 1) --from-literal=secret_key=$(pwgen 24 1) --from-literal=oauth2_secret=...
+
+local kube = import "../../kube/kube.libsonnet";
+local postgres = import "../../kube/postgres.libsonnet";
+
+{
+ local app = self,
+ local cfg = app.cfg,
+ cfg:: {
+ namespace: "covid-formity",
+ image: "registry.k0.hswaw.net/informatic/covid-formity@sha256:8295f5b6d71266fb758c103210f12380f15903ba2467ead0e48ae0df16b6d608",
+ domain: "covid19.hackerspace.pl",
+ altDomains: ["covid.hackerspace.pl"],
+ },
+
+ metadata(component):: {
+ namespace: app.cfg.namespace,
+ labels: {
+ "app.kubernetes.io/name": "covid-formity",
+ "app.kubernetes.io/managed-by": "kubecfg",
+ "app.kubernetes.io/component": component,
+ },
+ },
+
+ namespace: kube.Namespace(app.cfg.namespace),
+
+ postgres: postgres {
+ cfg+: {
+ namespace: cfg.namespace,
+ appName: "covid-formity",
+ database: "covid-formity",
+ username: "covid-formity",
+ password: { secretKeyRef: { name: "covid-formity", key: "postgres_password" } },
+ },
+ },
+
+ deployment: kube.Deployment("covid-formity") {
+ metadata+: app.metadata("covid-formity"),
+ spec+: {
+ replicas: 1,
+ template+: {
+ spec+: {
+ containers_: {
+ web: kube.Container("covid-formity") {
+ image: cfg.image,
+ ports_: {
+ http: { containerPort: 5000 },
+ },
+ env_: {
+ DATABASE_HOSTNAME: "postgres",
+ DATABASE_USERNAME: app.postgres.cfg.username,
+ DATABASE_PASSWORD: app.postgres.cfg.password,
+ DATABASE_NAME: app.postgres.cfg.appName,
+ SPACEAUTH_CONSUMER_KEY: "covid-formity",
+ SPACEAUTH_CONSUMER_SECRET: { secretKeyRef: { name: "covid-formity", key: "oauth2_secret" } },
+ SECRET_KEY: { secretKeyRef: { name: "covid-formity", key: "secret_key" } },
+ },
+ },
+ },
+ },
+ },
+ },
+ },
+
+ svc: kube.Service("covid-formity") {
+ metadata+: app.metadata("covid-formity"),
+ target_pod:: app.deployment.spec.template,
+ spec+: {
+ ports: [
+ { name: "http", port: 5000, targetPort: 5000, protocol: "TCP" },
+ ],
+ type: "ClusterIP",
+ },
+ },
+
+ ingress: kube.Ingress("covid-formity") {
+ metadata+: app.metadata("covid-formity") {
+ annotations+: {
+ "kubernetes.io/tls-acme": "true",
+ "certmanager.k8s.io/cluster-issuer": "letsencrypt-prod",
+ "nginx.ingress.kubernetes.io/proxy-body-size": "0",
+ },
+ },
+ spec+: {
+ tls: [
+ {
+ hosts: [cfg.domain] + cfg.altDomains,
+ secretName: "covid-formity-tls",
+ },
+ ],
+ rules: [
+ {
+ host: dom,
+ http: {
+ paths: [
+ { path: "/", backend: app.svc.name_port },
+ ]
+ },
+ }
+ for dom in [cfg.domain] + cfg.altDomains
+ ],
+ },
+ },
+}