| local kube = import '../../kube/hscloud.libsonnet'; |
| |
| { |
| local top = self, |
| local cfg = top.cfg, |
| |
| cfg:: { |
| name: 'walne', |
| namespace: 'walne', |
| domain: 'walne.hackerspace.pl', |
| image: 'registry.k0.hswaw.net/radex/walne:1698228636', |
| oauthClientId: '992f3daf-a30e-4409-baad-e7b0e4bc2a2e', |
| }, |
| |
| // kubectl -n walne create secret generic walne --from-literal=ldap_password=xxx --from-literal=oauth_secret=xxx --from-literal=next_auth_secret=$(pwgen 32 1) |
| secrets:: { |
| ldap: { secretKeyRef: { name: cfg.name, key: 'ldap_password' },}, |
| ouath: { secretKeyRef: { name: cfg.name, key: 'oauth_secret' } }, |
| nextAuth: { secretKeyRef: { name: cfg.name, key: 'next_auth_secret' } }, |
| }, |
| |
| local ns = kube.Namespace(cfg.namespace), |
| |
| deployment: ns.Contain(kube.Deployment(cfg.name)) { |
| spec+: { |
| template+: { |
| spec+: { |
| containers_: { |
| default: kube.Container('default') { |
| image: cfg.image, |
| ports_: { |
| web: { containerPort: 3000 }, |
| }, |
| env_: { |
| LDAP_USER_DN: 'cn=walone-generator,ou=services,dc=hackerspace,dc=pl', |
| LDAP_USER_PW: top.secrets.ldap, |
| ALLOWED_LDAP_GROUPS: 'zarzad,rewizja,staff,walne-users', |
| HSWAW_AUTH_CLIENT_ID: cfg.oauthClientId, |
| HSWAW_AUTH_CLIENT_SECRET: top.secrets.ouath, |
| AUTH_SECRET: top.secrets.nextAuth, |
| REDIRECT_PROXY_URL: 'https://' + cfg.domain + '/auth', |
| }, |
| }, |
| }, |
| }, |
| }, |
| }, |
| }, |
| |
| service: ns.Contain(kube.Service(cfg.name)) { |
| target:: top.deployment, |
| }, |
| |
| ingress: ns.Contain(kube.SimpleIngress(cfg.name)) { |
| hosts:: [cfg.domain], |
| target_service:: top.service, |
| }, |
| } |