app/matrix: split matrix-ng into submodules, use kube.Namespace.Contain
matrix-ng split into multiple submodules causes some changes in keys
that might've been used for homeserver/riot configuration customization.
Migration to kube.Namespace.Contain has also caused change in Deployment
selectors (immutable fields), thus needing manual removal of these
first.
This is, as always, documented in lib/matrix-ng.libsonnet header.
Change-Id: I39a745ee27e3c55ec748818b9cf9b4e8ba1d2df5
diff --git a/app/matrix/lib/cas.libsonnet b/app/matrix/lib/cas.libsonnet
new file mode 100644
index 0000000..1a33aaa
--- /dev/null
+++ b/app/matrix/lib/cas.libsonnet
@@ -0,0 +1,48 @@
+local kube = import "../../../kube/kube.libsonnet";
+
+{
+ local app = self,
+ local cfg = app.cfg,
+ cfg:: {
+ image: error "cfg.image must be set",
+
+ # webDomain is the domain name at which matrix instance/cas proxy is served
+ webDomain: error "cfg.webDomain must be set",
+
+ oauth2: error "cfg.oauth2 must be set",
+ },
+
+ ns:: error "ns needs to be a kube.Namespace object",
+
+ deployment: app.ns.Contain(kube.Deployment("oauth2-cas-proxy")) {
+ spec+: {
+ replicas: 1,
+ template+: {
+ spec+: {
+ containers_: {
+ proxy: kube.Container("oauth2-cas-proxy") {
+ image: cfg.image,
+ ports_: {
+ http: { containerPort: 5000 },
+ },
+ env_: {
+ BASE_URL: "https://%s" % [cfg.webDomain],
+ SERVICE_URL: "https://%s" % [cfg.webDomain],
+ OAUTH2_CLIENT: cfg.oauth2.clientID,
+ OAUTH2_SECRET: cfg.oauth2.clientSecret,
+ OAUTH2_SCOPE: cfg.oauth2.scope,
+ OAUTH2_AUTHORIZE: cfg.oauth2.authorizeURL,
+ OAUTH2_TOKEN: cfg.oauth2.tokenURL,
+ OAUTH2_USERINFO: cfg.oauth2.userinfoURL,
+ },
+ },
+ },
+ },
+ },
+ },
+ },
+
+ svc: app.ns.Contain(kube.Service("oauth2-cas-proxy")) {
+ target_pod:: app.deployment.spec.template,
+ },
+}