ldapweb: migrate from mirko to standalone
Change-Id: I169598232b39b99bfd2d4ff3799b44083ba77e84
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1623
Reviewed-by: q3k <q3k@hackerspace.pl>
diff --git a/hswaw/kube/hswaw.jsonnet b/hswaw/kube/hswaw.jsonnet
index 08aa5c9..838247f 100644
--- a/hswaw/kube/hswaw.jsonnet
+++ b/hswaw/kube/hswaw.jsonnet
@@ -2,7 +2,6 @@
local kube = import "../../kube/kube.libsonnet";
local smsgw = import "smsgw.libsonnet";
-local ldapweb = import "ldapweb.libsonnet";
local teleimg = import "teleimg.libsonnet";
local frab = import "frab.libsonnet";
local pretalx = import "pretalx.libsonnet";
@@ -17,7 +16,6 @@
cfg+: {
smsgw: smsgw.cfg,
- ldapweb: ldapweb.cfg,
teleimg: teleimg.cfg,
frab: frab.cfg,
pretalx: pretalx.cfg,
@@ -28,7 +26,6 @@
components: {
smsgw: smsgw.component(cfg.smsgw, env),
- ldapweb: ldapweb.component(cfg.ldapweb, env),
teleimg: teleimg.teleimg(cfg.teleimg, env),
lelegram: teleimg.lelegram(cfg.teleimg, env),
frab: frab.component(cfg.frab, env),
@@ -49,9 +46,6 @@
},
webhookFQDN: "smsgw-webhook-prod.hswaw.net",
},
- ldapweb+: {
- webFQDN: "profile.hackerspace.pl",
- },
teleimg+: {
webFQDN: "teleimg.hswaw.net",
secret+: {
diff --git a/hswaw/kube/ldapweb.libsonnet b/hswaw/kube/ldapweb.libsonnet
deleted file mode 100644
index 2cc9432..0000000
--- a/hswaw/kube/ldapweb.libsonnet
+++ /dev/null
@@ -1,120 +0,0 @@
-local mirko = import "../../kube/mirko.libsonnet";
-local kube = import "../../kube/kube.libsonnet";
-
-{
- cfg:: {
- # Manually built from code.hackerspace.pl/informatic/ldap-web-public.
- image: "registry.k0.hswaw.net/radex/ldap-web:1695415920",
- webFQDN: error "webFQDN must be set!",
- },
-
- component(cfg, env): mirko.Component(env, "ldapweb") {
- local ldapweb = self,
- cfg+: {
- image: cfg.image,
- volumes+: {
- config: kube.ConfigMapVolume(ldapweb.configmap),
- },
- container: ldapweb.Container("main") {
- # Starts by default on port 8000.
- volumeMounts_+: {
- config: { mountPath: "/app/webapp/config.py", subPath: "config.py", },
- },
- },
- ports+: {
- publicHTTP: {
- web: {
- port: 8000,
- dns: cfg.webFQDN,
- },
- },
- },
- },
-
- configmap: kube.ConfigMap(ldapweb.makeName("config")) {
- metadata+: ldapweb.metadata,
- data: {
- "config.py": |||
- import flask_wtf
- import wtforms
- import secrets
-
- secret_key = secrets.token_hex(32)
-
- ldap_url = 'ldap://ldap.hackerspace.pl'
- dn_format = "uid=%s,ou=people,dc=hackerspace,dc=pl"
-
- ldapweb_admin_group = 'cn=zarzad,ou=Group,dc=hackerspace,dc=pl'
-
- ldap_base = 'dc=hackerspace,dc=pl'
- ldap_people = 'ou=People,dc=hackerspace,dc=pl'
- admin_groups = {
- 'Fatty': 'cn=fatty,ou=Group,dc=hackerspace,dc=pl',
- 'Starving': 'cn=starving,ou=Group,dc=hackerspace,dc=pl',
- 'Potato': 'cn=potato,ou=Group,dc=hackerspace,dc=pl',
- }
-
- admin_dn = 'cn=ldapweb,ou=Services,dc=hackerspace,dc=pl'
- admin_pw = 'unused'
-
- hackerspace_name = 'Warsaw Hackerspace'
-
- readable_names = {
- 'commonname': u'Common Name',
- 'givenname': u'Given Name',
- 'gecos': u'GECOS (public name)',
- 'surname': u'Surname',
- 'loginshell': u'Shell',
- 'telephonenumber': 'Phone Number',
- 'mobiletelephonenumber': 'Mobile Number',
- 'sshpublickey': 'SSH Public Key',
- 'mifareidhash': 'MIFARE ID Hash',
- }
-
- full_name = {
- 'cn': 'commonname',
- 'gecos': 'gecos',
- 'sn': 'surname',
- 'mobile': 'mobiletelephonenumber',
- 'l': 'locality',
- }
-
- can_add = set([
- 'telephonenumber',
- 'mobiletelephonenumber',
- 'sshpublickey',
- 'mifareidhash',
- ])
- can_delete = can_add
- can_modify = can_add | set([
- 'givenname', 'surname', 'commonname', 'gecos',
- ])
- can = { 'add':can_add, 'mod':can_modify, 'del':can_delete }
- admin_required = set()
-
-
- perm_errors = {
- 'add': 'You cannot add this attribute!',
- 'mod': 'You cannot change this attribute!',
- 'del': 'You cannot delete this attribute!',
- }
- std_templates = {
- 'add': 'ops/add.html',
- 'mod': 'ops/mod.html',
- 'del': 'ops/del.html',
- }
-
-
-
- default_field = (wtforms.fields.StringField, {})
- fields = { 'telephonenumber': (wtforms.fields.StringField, {'validators': [wtforms.validators.Regexp(r'[+0-9 ]+')]})}
-
- kadmin_passwd = True
- kadmin_principal_map = "{}@HACKERSPACE.PL"
-
- TOKEN_LENGTH = 32
- |||,
- },
- },
- },
-}
diff --git a/hswaw/ldapweb/prod.jsonnet b/hswaw/ldapweb/prod.jsonnet
new file mode 100644
index 0000000..00f3cca
--- /dev/null
+++ b/hswaw/ldapweb/prod.jsonnet
@@ -0,0 +1,155 @@
+local kube = import "../../kube/kube.libsonnet";
+
+{
+ local top = self,
+ local cfg = self.cfg,
+
+ cfg:: {
+ name: 'ldapweb',
+ namespace: 'ldapweb',
+ domain: 'profile.hackerspace.pl',
+ image: 'registry.k0.hswaw.net/radex/ldap-web:1695415920',
+ },
+
+ ns: kube.Namespace(cfg.namespace),
+
+ deployment: top.ns.Contain(kube.Deployment(cfg.name)) {
+ spec+: {
+ replicas: 1,
+ template+: {
+ spec+: {
+ volumes_: {
+ config: kube.ConfigMapVolume(top.configmap),
+ },
+ containers_: {
+ default: kube.Container("default") {
+ image: cfg.image,
+ resources: {
+ requests: { cpu: "25m", memory: "64Mi" },
+ limits: { cpu: "500m", memory: "128Mi" },
+ },
+ ports_: {
+ http: { containerPort: 8000 },
+ },
+ volumeMounts_: {
+ config: { mountPath: '/app/webapp/config.py', subPath: 'config.py' },
+ }
+ },
+ },
+ },
+ },
+ },
+ },
+
+ service: top.ns.Contain(kube.Service(cfg.name)) {
+ target_pod:: top.deployment.spec.template,
+ },
+
+ ingress: top.ns.Contain(kube.Ingress(cfg.name)) {
+ metadata+: {
+ annotations+: {
+ "kubernetes.io/tls-acme": "true",
+ "cert-manager.io/cluster-issuer": "letsencrypt-prod",
+ "nginx.ingress.kubernetes.io/proxy-body-size": "0",
+ },
+ },
+ spec+: {
+ tls: [ { hosts: [ cfg.domain ], secretName: cfg.name + "-tls" } ],
+ rules: [
+ {
+ host: cfg.domain,
+ http: {
+ paths: [
+ { path: "/", backend: top.service.name_port },
+ ],
+ },
+ },
+ ],
+ },
+ },
+
+ configmap: top.ns.Contain(kube.ConfigMap(cfg.name + "-config")) {
+ data: {
+ "config.py": |||
+ import flask_wtf
+ import wtforms
+ import secrets
+
+ secret_key = secrets.token_hex(32)
+
+ ldap_url = 'ldap://ldap.hackerspace.pl'
+ dn_format = "uid=%s,ou=people,dc=hackerspace,dc=pl"
+
+ ldapweb_admin_group = 'cn=zarzad,ou=Group,dc=hackerspace,dc=pl'
+
+ ldap_base = 'dc=hackerspace,dc=pl'
+ ldap_people = 'ou=People,dc=hackerspace,dc=pl'
+ admin_groups = {
+ 'Fatty': 'cn=fatty,ou=Group,dc=hackerspace,dc=pl',
+ 'Starving': 'cn=starving,ou=Group,dc=hackerspace,dc=pl',
+ 'Potato': 'cn=potato,ou=Group,dc=hackerspace,dc=pl',
+ }
+
+ admin_dn = 'cn=ldapweb,ou=Services,dc=hackerspace,dc=pl'
+ admin_pw = 'unused'
+
+ hackerspace_name = 'Warsaw Hackerspace'
+
+ readable_names = {
+ 'commonname': u'Common Name',
+ 'givenname': u'Given Name',
+ 'gecos': u'GECOS (public name)',
+ 'surname': u'Surname',
+ 'loginshell': u'Shell',
+ 'telephonenumber': 'Phone Number',
+ 'mobiletelephonenumber': 'Mobile Number',
+ 'sshpublickey': 'SSH Public Key',
+ 'mifareidhash': 'MIFARE ID Hash',
+ }
+
+ full_name = {
+ 'cn': 'commonname',
+ 'gecos': 'gecos',
+ 'sn': 'surname',
+ 'mobile': 'mobiletelephonenumber',
+ 'l': 'locality',
+ }
+
+ can_add = set([
+ 'telephonenumber',
+ 'mobiletelephonenumber',
+ 'sshpublickey',
+ 'mifareidhash',
+ ])
+ can_delete = can_add
+ can_modify = can_add | set([
+ 'givenname', 'surname', 'commonname', 'gecos',
+ ])
+ can = { 'add':can_add, 'mod':can_modify, 'del':can_delete }
+ admin_required = set()
+
+
+ perm_errors = {
+ 'add': 'You cannot add this attribute!',
+ 'mod': 'You cannot change this attribute!',
+ 'del': 'You cannot delete this attribute!',
+ }
+ std_templates = {
+ 'add': 'ops/add.html',
+ 'mod': 'ops/mod.html',
+ 'del': 'ops/del.html',
+ }
+
+
+
+ default_field = (wtforms.fields.StringField, {})
+ fields = { 'telephonenumber': (wtforms.fields.StringField, {'validators': [wtforms.validators.Regexp(r'[+0-9 ]+')]})}
+
+ kadmin_passwd = True
+ kadmin_principal_map = "{}@HACKERSPACE.PL"
+
+ TOKEN_LENGTH = 32
+ |||,
+ },
+ },
+}