hswaw/site: migrate away from mirko
Change-Id: I34163bbb62ba792d359a5f5e72de1024c0109eab
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1631
Reviewed-by: q3k <q3k@hackerspace.pl>
diff --git a/hswaw/site/prod.jsonnet b/hswaw/site/prod.jsonnet
new file mode 100644
index 0000000..29e974d
--- /dev/null
+++ b/hswaw/site/prod.jsonnet
@@ -0,0 +1,73 @@
+local kube = import "../../kube/kube.libsonnet";
+
+{
+ local top = self,
+ local cfg = self.cfg,
+
+ cfg:: {
+ name: 'site',
+ namespace: 'site',
+ domains: [
+ 'hackerspace.pl',
+ 'www.hackerspace.pl',
+ ],
+ image: 'registry.k0.hswaw.net/q3k/hswaw-site@sha256:ba8b5ca2aab81edd7a1f5bcc1e75253d7573e199463e7e56aaf18ad4380d681b',
+ },
+
+ ns: kube.Namespace(cfg.namespace),
+
+ deployment: top.ns.Contain(kube.Deployment(cfg.name)) {
+ spec+: {
+ replicas: 3,
+ template+: {
+ spec+: {
+ containers_: {
+ default: kube.Container("default") {
+ image: cfg.image,
+ command: [
+ "/hswaw/site/site",
+ "-hspki_disable",
+ "-logtostderr",
+ ],
+ resources: {
+ requests: { cpu: "25m", memory: "64Mi" },
+ limits: { cpu: "500m", memory: "128Mi" },
+ },
+ ports_: {
+ http: { containerPort: 8080 },
+ },
+ },
+ },
+ },
+ },
+ },
+ },
+
+ service: top.ns.Contain(kube.Service(cfg.name)) {
+ target_pod:: top.deployment.spec.template,
+ },
+
+ ingress: top.ns.Contain(kube.Ingress(cfg.name)) {
+ metadata+: {
+ annotations+: {
+ "kubernetes.io/tls-acme": "true",
+ "cert-manager.io/cluster-issuer": "letsencrypt-prod",
+ "nginx.ingress.kubernetes.io/proxy-body-size": "0",
+ },
+ },
+ spec+: {
+ tls: [ { hosts: cfg.domains, secretName: cfg.name + "-tls" } ],
+ rules: [
+ {
+ host: domain,
+ http: {
+ paths: [
+ { path: "/", backend: top.service.name_port },
+ ],
+ },
+ }
+ for domain in cfg.domains
+ ],
+ },
+ },
+}