app/onlyoffice/prod.jsonnet - hscloud - Gitiles

 // ONLYOFFICE document server.
 // JWT secret needs to be generated as follows per environment:
 //     kubectl -n onlyoffice-prod create secret generic documentserver-jwt --from-literal=jwt=$(pwgen 32 1)

 local kube = import "../../kube/hscloud.libsonnet";

 {
     onlyoffice:: {
         local top = self,
         local cfg = top.cfg,
         cfg:: {
             namespace: error "cfg.namespace must be set",
             image: "onlyoffice/documentserver:7.0.0.132",
             storageClassName: "waw-hdd-redundant-3",
             domain: error "cfg.domain must be set",
         },

         secretRefs:: {
             jwt: { secretKeyRef: { name: "documentserver-jwt", key: "jwt", } },
         },

         local ns = kube.Namespace(cfg.namespace),

         pvc: ns.Contain(kube.PersistentVolumeClaim("documentserver")) {
             storage:: "10Gi",
             storageClass:: cfg.storageClassName,
         },

         deploy: ns.Contain(kube.Deployment("documentserver")) {
             spec+: {
                 template+: {
                     spec+: {
                         containers_: {
                             documentserver: kube.Container("default") {
                                 image: cfg.image,
                                 resources: {
                                     requests: { memory: "4G", cpu: "100m" },
                                     limits: { memory: "8G", cpu: "2" },
                                 },
                                 env_: {
                                     JWT_ENABLED: "true",
                                     JWT_SECRET: top.secretRefs.jwt,
                                 },
                                 ports_: {
                                     http: { containerPort: 80 },
                                 },
                                 local make(sp, p) = { name: "data", mountPath: p, subPath: sp },
                                 volumeMounts: [
                                     // Per upstream Dockerfile:
                                     // VOLUME /var/log/$COMPANY_NAME /var/lib/$COMPANY_NAME
                                     //        /var/www/$COMPANY_NAME/Data /var/lib/postgresql
                                     //        /var/lib/rabbitmq /var/lib/redis
                                     //        /usr/share/fonts/truetype/custom
                                     make("log", "/var/log/onlyoffice"),
                                     make("www-data", "/var/www/onlyoffice/Data"),
                                     make("postgres", "/var/lib/postgresql"),
                                     make("rabbit", "/var/lib/rabbitmq"),
                                     make("redis", "/var/lib/redis"),
                                     make("fonts", "/usr/share/fonts/truetype/custom"),
                                 ],
                             },
                         },
                         volumes_: {
                             data: top.pvc.volume,
                         },
                     },
                 },
             },
         },

         svc: ns.Contain(kube.Service("documentserver")) {
             target:: top.deploy,
         },

         ingress: ns.Contain(kube.SimpleIngress("office")) {
             hosts:: [cfg.domain],
             target:: top.svc,
         },
     },

     prod: self.onlyoffice {
         cfg+: {
             namespace: "onlyoffice-prod",
             domain: "office.hackerspace.pl",
         },
     },
 }
	// ONLYOFFICE document server.
	// JWT secret needs to be generated as follows per environment:
	// kubectl -n onlyoffice-prod create secret generic documentserver-jwt --from-literal=jwt=$(pwgen 32 1)

	local kube = import "../../kube/hscloud.libsonnet";

	{
	onlyoffice:: {
	local top = self,
	local cfg = top.cfg,
	cfg:: {
	namespace: error "cfg.namespace must be set",
	image: "onlyoffice/documentserver:7.0.0.132",
	storageClassName: "waw-hdd-redundant-3",
	domain: error "cfg.domain must be set",
	},

	secretRefs:: {
	jwt: { secretKeyRef: { name: "documentserver-jwt", key: "jwt", } },
	},

	local ns = kube.Namespace(cfg.namespace),

	pvc: ns.Contain(kube.PersistentVolumeClaim("documentserver")) {
	storage:: "10Gi",
	storageClass:: cfg.storageClassName,
	},

	deploy: ns.Contain(kube.Deployment("documentserver")) {
	spec+: {
	template+: {
	spec+: {
	containers_: {
	documentserver: kube.Container("default") {
	image: cfg.image,
	resources: {
	requests: { memory: "4G", cpu: "100m" },
	limits: { memory: "8G", cpu: "2" },
	},
	env_: {
	JWT_ENABLED: "true",
	JWT_SECRET: top.secretRefs.jwt,
	},
	ports_: {
	http: { containerPort: 80 },
	},
	local make(sp, p) = { name: "data", mountPath: p, subPath: sp },
	volumeMounts: [
	// Per upstream Dockerfile:
	// VOLUME /var/log/$COMPANY_NAME /var/lib/$COMPANY_NAME
	// /var/www/$COMPANY_NAME/Data /var/lib/postgresql
	// /var/lib/rabbitmq /var/lib/redis
	// /usr/share/fonts/truetype/custom
	make("log", "/var/log/onlyoffice"),
	make("www-data", "/var/www/onlyoffice/Data"),
	make("postgres", "/var/lib/postgresql"),
	make("rabbit", "/var/lib/rabbitmq"),
	make("redis", "/var/lib/redis"),
	make("fonts", "/usr/share/fonts/truetype/custom"),
	],
	},
	},
	volumes_: {
	data: top.pvc.volume,
	},
	},
	},
	},
	},

	svc: ns.Contain(kube.Service("documentserver")) {
	target:: top.deploy,
	},

	ingress: ns.Contain(kube.SimpleIngress("office")) {
	hosts:: [cfg.domain],
	target:: top.svc,
	},
	},

	prod: self.onlyoffice {
	cfg+: {
	namespace: "onlyoffice-prod",
	domain: "office.hackerspace.pl",
	},
	},
	}