hswaw/kube/frab.libsonnet

local mirko = import "../../kube/mirko.libsonnet";
local kube = import "../../kube/kube.libsonnet";
local postgres = import "../../kube/postgres.libsonnet";

{
    local cfg = self.cfg,
    cfg:: {
        # Manually built from code.hackerspace.pl/q3k/ldap-web-public.
        image: "frab/frab@sha256:30051f5153c4f02a8a1bee4b306bd696e2b018f2b13d16bd9c681fc1d633de3e",
        storageClassName: error "storageClassName must be set!",
        webFQDN: error "webFQDN must be set!",

        secret: {
            secretKeyBase: error "secretKeyBase must be set!",
            smtpPassword: error "smtpPassword must be set!",
        },

        smtp: {
            server: "mail.hackerspace.pl",
            from: "frab@hackerspace.pl",
            username: "frab",
        },
    },

    component(cfg, env): mirko.Component(env, "frab") {
        local frab = self,
        cfg+: {
            image: cfg.image,
            volumes+: {
                public: kube.PersistentVolumeClaimVolume(frab.volumePublic),
            },

            pgpass:: { secretKeyRef: { name: frab.makeName("-postgres"), key: "postgres_password", } },

            container: frab.Container("main") {
                volumeMounts_+: {
                    public: { mountPath: "/home/frab/app/public", },
                },
                // order matters (for POSTGRES_PASS substitution), we don't use env_
                env: [
                    { name: "TZ", value: "Europe/Warsaw" },
                    { name: "POSTGRES_PASS", valueFrom: frab.cfg.pgpass },
                    { name: "DATABASE_URL", value:  "postgresql://frab:$(POSTGRES_PASS)@%s/frab" % [frab.postgres.svc.host] },
                    { name: "SECRET_KEY_BASE", valueFrom: kube.SecretKeyRef(frab.secret, "secretKeyBase") },
                    { name: "FROM_EMAIL", value: cfg.smtp.from },
                    { name: "SMTP_ADDRESS", value: cfg.smtp.server },
                    { name: "SMTP_USERNAME", value: cfg.smtp.username },
                    { name: "SMTP_PASSWORD", valueFrom: kube.SecretKeyRef(frab.secret, "smtpPassword") },
                    { name: "SMTP_PORT", value: "587" },
                    { name: "SMTP_NOTLS", value: "false" },
                ],
                resources: {
                    // thicc RoR
                    requests: {
                        cpu: "100m",
                        memory: "512Mi",
                    },
                    limits: {
                        cpu: "1",
                        memory: "1Gi",
                    },
                },
            },
            ports+: {
                publicHTTP: {
                    web: {
                        port: 3000,
                        dns: cfg.webFQDN,
                    },
                },
            },
        },

        secret: kube.Secret(frab.makeName("-secret")) {
            metadata+: frab.metadata,
            data: cfg.secret,
        },

        postgres: postgres {
            cfg+: {
                namespace: frab.metadata.namespace,
                appName: "frab",
                storageClassName: cfg.storageClassName,
                prefix: frab.makeName("-postgres") + "-",
                database: "frab",
                username: "frab",
                password: frab.cfg.pgpass,
            },
        },

        volumePublic: kube.PersistentVolumeClaim(frab.makeName("-public")) {
            metadata+: frab.metadata,
            spec+: {
                storageClassName: cfg.storageClassName,
                accessModes: ["ReadWriteOnce"],
                resources: {
                    requests: {
                        storage: "5Gi",
                    },
                },
            },
        },
    },
}