hswaw/labelmaker/jspaint.libsonnet - hscloud - Gitiles

 local kube = import "../../kube/hscloud.libsonnet";

 {
     local top = self,
     local cfg = self.cfg,

     cfg:: {
         name: 'jspaint',
         namespace: 'labelmaker',
         domain: 'pixel.label.hackerspace.pl',
         images: {
             app: 'registry.k0.hswaw.net/radex/jspaint:20240202221310',
             proxy: "quay.io/oauth2-proxy/oauth2-proxy:v7.2.1",
         },
     },

     secretRefs:: {
         cookie_secret: { secretKeyRef: { name: "jspaint-proxy", key: "cookie_secret" } },
         oidc_secret: { secretKeyRef: { name: "jspaint-proxy", key: "oidc_secret" } },
     },

     local ns = kube.Namespace(cfg.namespace),

     deployment: ns.Contain(kube.Deployment(cfg.name)) {
         spec+: {
             replicas: 1,
             template+: {
                 spec+: {
                     containers_: {
                         default: kube.Container("default") {
                             image: cfg.images.proxy,
                             ports_: {
                                 http: { containerPort: 8001 },
                             },
                             env_: {
                                 OAUTH2_PROXY_UPSTREAMS: "http://127.0.0.1:8080",
                                 OAUTH2_PROXY_HTTP_ADDRESS: "0.0.0.0:8001",

                                 OAUTH2_PROXY_COOKIE_SECRET: top.secretRefs.cookie_secret,

                                 OAUTH2_PROXY_PROVIDER: "oidc",
                                 OAUTH2_PROXY_OIDC_ISSUER_URL: "https://sso.hackerspace.pl",
                                 OAUTH2_PROXY_SKIP_PROVIDER_BUTTON: "true",

                                 OAUTH2_PROXY_CLIENT_ID: "42ab4167-fb20-4f8a-86e2-7d1c0bd59dea",
                                 OAUTH2_PROXY_CLIENT_SECRET: top.secretRefs.oidc_secret,

                                 OAUTH2_PROXY_EMAIL_DOMAINS: "*",

                                 OAUTH2_PROXY_REVERSE_PROXY: true,
                                 OAUTH2_PROXY_TRUSTED_IPS: "185.236.240.5", // customs.hackerspace.pl
                             },
                         },

                         app: kube.Container("app") {
                             image: cfg.images.app,
                             ports_: {
                                 http: { containerPort: 8080 },
                             },
                             volumeMounts: [
                                 {
                                     name: 'config',
                                     subPath: 'default.conf',
                                     mountPath: '/etc/nginx/conf.d/default.conf'
                                 },
                             ],
                         },
                     },
                     volumes_: {
                         config: top.config.volume,
                     },
                 },
             },
         },
     },

     config: ns.Contain(kube.ConfigMap(cfg.name + '-config')) {
         data: {
             'default.conf': importstr 'nginx.default.conf',
         },
     },

     service: ns.Contain(kube.Service(cfg.name)) {
         target:: top.deployment,
     },

     ingress: ns.Contain(kube.SimpleIngress(cfg.name)) {
         hosts:: [cfg.domain],
         target:: top.service,
     },
 }
	local kube = import "../../kube/hscloud.libsonnet";

	{
	local top = self,
	local cfg = self.cfg,

	cfg:: {
	name: 'jspaint',
	namespace: 'labelmaker',
	domain: 'pixel.label.hackerspace.pl',
	images: {
	app: 'registry.k0.hswaw.net/radex/jspaint:20240202221310',
	proxy: "quay.io/oauth2-proxy/oauth2-proxy:v7.2.1",
	},
	},

	secretRefs:: {
	cookie_secret: { secretKeyRef: { name: "jspaint-proxy", key: "cookie_secret" } },
	oidc_secret: { secretKeyRef: { name: "jspaint-proxy", key: "oidc_secret" } },
	},

	local ns = kube.Namespace(cfg.namespace),

	deployment: ns.Contain(kube.Deployment(cfg.name)) {
	spec+: {
	replicas: 1,
	template+: {
	spec+: {
	containers_: {
	default: kube.Container("default") {
	image: cfg.images.proxy,
	ports_: {
	http: { containerPort: 8001 },
	},
	env_: {
	OAUTH2_PROXY_UPSTREAMS: "http://127.0.0.1:8080",
	OAUTH2_PROXY_HTTP_ADDRESS: "0.0.0.0:8001",

	OAUTH2_PROXY_COOKIE_SECRET: top.secretRefs.cookie_secret,

	OAUTH2_PROXY_PROVIDER: "oidc",
	OAUTH2_PROXY_OIDC_ISSUER_URL: "https://sso.hackerspace.pl",
	OAUTH2_PROXY_SKIP_PROVIDER_BUTTON: "true",

	OAUTH2_PROXY_CLIENT_ID: "42ab4167-fb20-4f8a-86e2-7d1c0bd59dea",
	OAUTH2_PROXY_CLIENT_SECRET: top.secretRefs.oidc_secret,

	OAUTH2_PROXY_EMAIL_DOMAINS: "*",

	OAUTH2_PROXY_REVERSE_PROXY: true,
	OAUTH2_PROXY_TRUSTED_IPS: "185.236.240.5", // customs.hackerspace.pl
	},
	},

	app: kube.Container("app") {
	image: cfg.images.app,
	ports_: {
	http: { containerPort: 8080 },
	},
	volumeMounts: [
	{
	name: 'config',
	subPath: 'default.conf',
	mountPath: '/etc/nginx/conf.d/default.conf'
	},
	],
	},
	},
	volumes_: {
	config: top.config.volume,
	},
	},
	},
	},
	},

	config: ns.Contain(kube.ConfigMap(cfg.name + '-config')) {
	data: {
	'default.conf': importstr 'nginx.default.conf',
	},
	},

	service: ns.Contain(kube.Service(cfg.name)) {
	target:: top.deployment,
	},

	ingress: ns.Contain(kube.SimpleIngress(cfg.name)) {
	hosts:: [cfg.domain],
	target:: top.service,
	},
	}