| local kube = import "../../kube/hscloud.libsonnet"; |
| local hspki = import "../../kube/hspki.libsonnet"; |
| |
| { |
| local top = self, |
| local cfg = self.cfg, |
| |
| cfg:: { |
| name: 'teleimg', |
| namespace: 'teleimg', |
| domain: 'teleimg.hswaw.net', |
| image: 'registry.k0.hswaw.net/q3k/teleimg:1578259776-a07688fe74efe1e190d58092a9f50d4275a15e3d', |
| }, |
| |
| // kubectl -n teleimg create secret generic teleimg --from-literal=telegram_token=xxxx |
| // original: std.base64(std.split(importstr "secrets/plain/prod-telegram-token", "\n")[0]) |
| secretRefs:: { |
| telegram_token: { secretKeyRef: { name: cfg.name, key: 'telegram_token' } }, |
| }, |
| |
| local ns = kube.Namespace(cfg.namespace), |
| |
| deployment: ns.Contain(kube.Deployment(cfg.name)) { |
| spec+: { |
| replicas: 1, |
| template+: { |
| spec+: top.pki.PodSpec { |
| containers_: { |
| default: top.pki.GoContainer("default") { |
| image: cfg.image, |
| executable_: "/teleimg/teleimg", |
| command+: [ |
| "-public_listen", "0.0.0.0:8080", |
| "-telegram_token", "$(TELEGRAM_TOKEN)", |
| ], |
| env_: { |
| TELEGRAM_TOKEN: top.secretRefs.telegram_token, |
| }, |
| resources: { |
| requests: { cpu: "25m", memory: "64Mi" }, |
| limits: { cpu: "500m", memory: "128Mi" }, |
| }, |
| ports_: { |
| http: { containerPort: 8080 }, |
| }, |
| }, |
| }, |
| }, |
| }, |
| }, |
| }, |
| |
| service: ns.Contain(kube.Service(cfg.name)) { |
| target:: top.deployment, |
| }, |
| |
| ingress: ns.Contain(kube.SimpleIngress(cfg.name)) { |
| hosts:: [cfg.domain], |
| target:: top.service, |
| }, |
| |
| pki: ns.Contain(hspki) { |
| cfg+: { |
| name: cfg.name, |
| namespace: cfg.namespace, |
| } |
| }, |
| } |