blob: 18fb845f62b5bc8fa3740a2d4cfaae2ed6f8c23c [file] [log] [blame]
# covid19.hackerspace.pl, a covid-formity instance.
# This needs a secret provisioned, create with:
# kubectl -n covid-formity create secret generic covid-formity --from-literal=postgres_password=$(pwgen 24 1) --from-literal=secret_key=$(pwgen 24 1) --from-literal=oauth2_secret=...
local kube = import "../../kube/kube.libsonnet";
local redis = import "../../kube/redis.libsonnet";
local postgres = import "../../kube/postgres.libsonnet";
{
local app = self,
local cfg = app.cfg,
cfg:: {
namespace: "covid-formity",
image: "registry.k0.hswaw.net/informatic/covid-formity@sha256:53c5fb0dbc4a6660ab47e39869a516f1e3f833dee5a03867386771bd9ffaf7b8",
domain: "covid19.hackerspace.pl",
altDomains: ["covid.hackerspace.pl", "www.covid.hackerspace.pl"],
},
metadata(component):: {
namespace: app.cfg.namespace,
labels: {
"app.kubernetes.io/name": "covid-formity",
"app.kubernetes.io/managed-by": "kubecfg",
"app.kubernetes.io/component": component,
},
},
namespace: kube.Namespace(app.cfg.namespace),
postgres: postgres {
cfg+: {
namespace: cfg.namespace,
appName: "covid-formity",
database: "covid-formity",
username: "covid-formity",
password: { secretKeyRef: { name: "covid-formity", key: "postgres_password" } },
},
},
redis: redis {
cfg+: {
namespace: cfg.namespace,
appName: "covid-formity",
password: { secretKeyRef: { name: "covid-formity", key: "redis_password" } },
storageClassName: app.postgres.cfg.storageClassName,
},
},
deployment: kube.Deployment("covid-formity") {
metadata+: app.metadata("covid-formity"),
spec+: {
replicas: 1,
template+: {
spec+: {
containers_: {
web: kube.Container("covid-formity") {
image: cfg.image,
ports_: {
http: { containerPort: 5000 },
},
env_: {
DATABASE_HOSTNAME: "postgres",
DATABASE_USERNAME: app.postgres.cfg.username,
DATABASE_PASSWORD: app.postgres.cfg.password,
CACHE_REDIS_PASSWORD: app.redis.cfg.password,
CACHE_REDIS_URL: "redis://default:$(CACHE_REDIS_PASSWORD)@redis",
DATABASE_NAME: app.postgres.cfg.appName,
SPACEAUTH_CONSUMER_KEY: "covid-formity",
SPACEAUTH_CONSUMER_SECRET: { secretKeyRef: { name: "covid-formity", key: "oauth2_secret" } },
SECRET_KEY: { secretKeyRef: { name: "covid-formity", key: "secret_key" } },
SHIPPING_KURJERZY_EMAIL: "qrde@hackerspace.pl",
SHIPPING_KURJERZY_PASSWORD: { secretKeyRef: { name: "covid-formity-shipping", key: "kurjerzy_password" } },
},
},
},
},
},
},
},
svc: kube.Service("covid-formity") {
metadata+: app.metadata("covid-formity"),
target_pod:: app.deployment.spec.template,
spec+: {
ports: [
{ name: "http", port: 5000, targetPort: 5000, protocol: "TCP" },
],
type: "ClusterIP",
},
},
ingress: kube.Ingress("covid-formity") {
metadata+: app.metadata("covid-formity") {
annotations+: {
"kubernetes.io/tls-acme": "true",
"certmanager.k8s.io/cluster-issuer": "letsencrypt-prod",
"nginx.ingress.kubernetes.io/proxy-body-size": "0",
"nginx.ingress.kubernetes.io/configuration-snippet": "
location /qr1 { rewrite ^/qr1(.*)$ https://covid.hackerspace.pl$1 redirect; }
location /video { return 302 https://youtu.be/eC19w2NFO0E; }
location /manual { return 302 https://wiki.hackerspace.pl/_media/projects:covid-19:przylbica-instrukcja-v1.0.pdf; }
",
},
},
spec+: {
tls: [
{
hosts: [cfg.domain] + cfg.altDomains,
secretName: "covid-formity-tls",
},
],
rules: [
{
host: dom,
http: {
paths: [
{ path: "/", backend: app.svc.name_port },
]
},
}
for dom in [cfg.domain] + cfg.altDomains
],
},
},
}