| // Production deployment of oodviewer.q3k.me. |
| // |
| // See README.md for more information. |
| |
| local kube = import "../../kube/kube.libsonnet"; |
| |
| { |
| local top = self, |
| local cfg = self.cfg, |
| ns: kube.Namespace("oodviewer-prod"), |
| |
| cfg:: { |
| dbUser: "ood", |
| dbPass: std.split(importstr "secrets/plain/postgres-pass", "\n")[0], |
| dbHost: "hackerspace.pl", |
| dbName: "ood", |
| postgresConnectionString: "postgres://%s:%s@%s/%s?sslmode=disable" % [cfg.dbUser, cfg.dbPass, cfg.dbHost, cfg.dbName], |
| |
| image: "registry.k0.hswaw.net/q3k/oodviewer:315532800-5cd20075113e74d0a69f501c74db766cba597662", |
| domain: "oodviewer.q3k.me", |
| }, |
| |
| secret: top.ns.Contain(kube.Secret("oodviewer")) { |
| data_: { |
| "postgres": cfg.postgresConnectionString, |
| }, |
| }, |
| |
| deploy: top.ns.Contain(kube.Deployment("oodviewer")) { |
| spec+: { |
| replicas: 3, |
| template+: { |
| spec+: { |
| containers_: { |
| default: kube.Container("default") { |
| image: cfg.image, |
| command: [ |
| "/hswaw/oodviewer", |
| "-listen", "0.0.0.0:8080", |
| "-postgres", "$(POSTGRES)", |
| ], |
| env_: { |
| POSTGRES: kube.SecretKeyRef(top.secret, "postgres"), |
| }, |
| resources: { |
| requests: { cpu: "0.01", memory: "64M" }, |
| limits: { cpu: "1", memory: "256M" }, |
| }, |
| ports_: { |
| http: { containerPort: 8080 }, |
| }, |
| }, |
| }, |
| }, |
| }, |
| }, |
| }, |
| |
| service: top.ns.Contain(kube.Service("oodviewer")) { |
| target_pod:: top.deploy.spec.template, |
| }, |
| |
| ingress: top.ns.Contain(kube.Ingress("oodviewer")) { |
| metadata+: { |
| annotations+: { |
| "kubernetes.io/tls-acme": "true", |
| "certmanager.k8s.io/cluster-issuer": "letsencrypt-prod", |
| "nginx.ingress.kubernetes.io/proxy-body-size": "0", |
| }, |
| }, |
| spec+: { |
| tls: [ { hosts: [ cfg.domain ], secretName: "oodviewer-tls" } ], |
| rules: [ |
| { |
| host: cfg.domain, |
| http: { |
| paths: [ |
| { path: "/", backend: top.service.name_port }, |
| ], |
| }, |
| }, |
| ], |
| }, |
| } |
| } |