*/kube: Add kube.SimpleIngress
Change-Id: Iddcac629b9938f228dd93b32e58bb14606d5c6e5
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1745
Reviewed-by: q3k <q3k@hackerspace.pl>
diff --git a/app/covid-formity/prod.jsonnet b/app/covid-formity/prod.jsonnet
index 44f83ef..2ba5adc 100644
--- a/app/covid-formity/prod.jsonnet
+++ b/app/covid-formity/prod.jsonnet
@@ -2,7 +2,7 @@
# This needs a secret provisioned, create with:
# kubectl -n covid-formity create secret generic covid-formity --from-literal=postgres_password=$(pwgen 24 1) --from-literal=secret_key=$(pwgen 24 1) --from-literal=oauth2_secret=...
-local kube = import "../../kube/kube.libsonnet";
+local kube = import "../../kube/hscloud.libsonnet";
local redis = import "../../kube/redis.libsonnet";
local postgres = import "../../kube/postgres.libsonnet";
@@ -89,37 +89,17 @@
},
},
- ingress: kube.Ingress("covid-formity") {
+ ingress: kube.SimpleIngress("covid-formity") {
+ hosts:: [cfg.domain] + cfg.altDomains,
+ target_service:: app.svc,
metadata+: app.metadata("covid-formity") {
annotations+: {
- "kubernetes.io/tls-acme": "true",
- "cert-manager.io/cluster-issuer": "letsencrypt-prod",
- "nginx.ingress.kubernetes.io/proxy-body-size": "0",
"nginx.ingress.kubernetes.io/configuration-snippet": "
location /qr1 { rewrite ^/qr1(.*)$ https://covid.hackerspace.pl$1 redirect; }
location /video { return 302 https://youtu.be/eC19w2NFO0E; }
location /manual { return 302 https://wiki.hackerspace.pl/_media/projects:covid-19:przylbica-instrukcja-v1.0.pdf; }
",
- },
- },
- spec+: {
- tls: [
- {
- hosts: [cfg.domain] + cfg.altDomains,
- secretName: "covid-formity-tls",
- },
- ],
- rules: [
- {
- host: dom,
- http: {
- paths: [
- { path: "/", backend: app.svc.name_port },
- ]
- },
- }
- for dom in [cfg.domain] + cfg.altDomains
- ],
- },
+ }
+ }
},
}
diff --git a/app/inventory/prod.jsonnet b/app/inventory/prod.jsonnet
index f7d4510..7519d9a 100644
--- a/app/inventory/prod.jsonnet
+++ b/app/inventory/prod.jsonnet
@@ -1,4 +1,4 @@
-local kube = import '../../kube/kube.libsonnet';
+local kube = import "../../kube/hscloud.libsonnet";
local postgres = import '../../kube/postgres_v.libsonnet';
{
@@ -94,26 +94,8 @@
target_pod:: top.deployment.spec.template,
},
- ingress: top.ns.Contain(kube.Ingress(cfg.name)) {
- metadata+: {
- annotations+: {
- 'kubernetes.io/tls-acme': 'true',
- 'cert-manager.io/cluster-issuer': 'letsencrypt-prod',
- 'nginx.ingress.kubernetes.io/proxy-body-size': '0',
- },
- },
- spec+: {
- tls: [{ hosts: [cfg.domain], secretName: cfg.name + '-tls' }],
- rules: [
- {
- host: cfg.domain,
- http: {
- paths: [
- { path: '/', backend: top.service.name_port },
- ],
- },
- },
- ],
- },
+ ingress: top.ns.Contain(kube.SimpleIngress(cfg.name)) {
+ hosts:: [cfg.domain],
+ target_service:: top.service,
},
}
diff --git a/app/mailman-web/kube/mailman.libsonnet b/app/mailman-web/kube/mailman.libsonnet
index c71de4e..f3748a9 100644
--- a/app/mailman-web/kube/mailman.libsonnet
+++ b/app/mailman-web/kube/mailman.libsonnet
@@ -1,4 +1,4 @@
-local kube = import "../../../kube/kube.libsonnet";
+local kube = import "../../../kube/hscloud.libsonnet";
{
local app = self,
@@ -171,33 +171,9 @@
},
- #ingress: ns.Contain(kube.Ingress("mailman")) {
- # metadata+: {
- # annotations+: {
- # "kubernetes.io/tls-acme": "true",
- # "certmanager.k8s.io/cluster-issuer": "letsencrypt-prod",
- # "nginx.ingress.kubernetes.io/proxy-body-size": "0",
- # },
- # },
- # spec+: {
- # tls: [
- # {
- # hosts: [cfg.webDomain],
- # secretName: "mailman-ingress-tls",
- # },
- # ],
- # rules: [
- # {
- # host: cfg.webDomain,
- # http: {
- # paths: [
- # { path: "/", backend: app.svcWeb.name_port },
- # //{ path: "/static/", backend: app.svcStatic.name_port },
- # ],
- # },
- # },
- # ],
- # },
+ #ingress: ns.Contain(kube.SimpleIngress("mailman")) {
+ # hosts:: [cfg.webDomain],
+ # target_service:: app.svcWeb,
#},
config: ns.Contain(kube.Secret("config")) {
diff --git a/app/matrix/lib/matrix.libsonnet b/app/matrix/lib/matrix.libsonnet
index 1990358..2b95345 100644
--- a/app/matrix/lib/matrix.libsonnet
+++ b/app/matrix/lib/matrix.libsonnet
@@ -28,7 +28,7 @@
# For appservice-telegram instances, you can use this oneliner magic:
# kubectl -n matrix create secret generic appservice-telegram-prod-registration --from-file=registration.yaml=<(kubectl -n matrix logs job/appservice-telegram-prod-bootstrap | grep -A 100 SNIPSNIP | grep -v SNIPSNIP)
-local kube = import "../../../kube/kube.libsonnet";
+local kube = import "../../../kube/hscloud.libsonnet";
local postgres = import "../../../kube/postgres.libsonnet";
{
@@ -393,37 +393,16 @@
// until it spits you a registration YAML and you feed that to a secret.
appservices: {},
- ingress: kube.Ingress("matrix") {
- metadata+: app.metadata("matrix") {
- annotations+: {
- "kubernetes.io/tls-acme": "true",
- "cert-manager.io/cluster-issuer": "letsencrypt-prod",
- "nginx.ingress.kubernetes.io/proxy-body-size": "0",
- },
- },
- spec+: {
- tls: [
- {
- hosts: [cfg.webDomain],
- secretName: "synapse-tls",
- },
- ],
- rules: [
- {
- host: cfg.webDomain,
- http: {
- paths: [
- { path: "/", backend: app.riotSvc.name_port },
- { path: "/_matrix", backend: app.synapseSvc.name_port },
- ] + (if cfg.cas.enable then [
- { path: "/_cas", backend: app.casSvc.name_port },
- ] else []) + (if cfg.wellKnown then [
- { path: "/.well-known/matrix", backend: app.wellKnown.svc.name_port },
- ] else [])
- },
- }
- ],
- },
+ ingress: kube.SimpleIngress("matrix") {
+ hosts:: [cfg.webDomain],
+ target_service:: app.riotSvc,
+ metadata+: app.metadata("matrix"),
+ extra_paths:: [
+ { path: "/_matrix", backend: app.synapseSvc.name_port },
+ ] + (if cfg.cas.enable then [
+ { path: "/_cas", backend: app.casSvc.name_port },
+ ] else []) + (if cfg.wellKnown then [
+ { path: "/.well-known/matrix", backend: app.wellKnown.svc.name_port },
+ ] else [])
},
-
}
diff --git a/app/onlyoffice/prod.jsonnet b/app/onlyoffice/prod.jsonnet
index ea9958d..28fcb23 100644
--- a/app/onlyoffice/prod.jsonnet
+++ b/app/onlyoffice/prod.jsonnet
@@ -2,7 +2,7 @@
// JWT secret needs to be generated as follows per environment:
// kubectl -n onlyoffice-prod create secret generic documentserver-jwt --from-literal=jwt=$(pwgen 32 1)
-local kube = import "../../kube/kube.libsonnet";
+local kube = import "../../kube/hscloud.libsonnet";
local policies = import "../../kube/policies.libsonnet";
{
@@ -51,7 +51,7 @@
local make(sp, p) = { name: "data", mountPath: p, subPath: sp },
volumeMounts: [
// Per upstream Dockerfile:
- // VOLUME /var/log/$COMPANY_NAME /var/lib/$COMPANY_NAME
+ // VOLUME /var/log/$COMPANY_NAME /var/lib/$COMPANY_NAME
// /var/www/$COMPANY_NAME/Data /var/lib/postgresql
// /var/lib/rabbitmq /var/lib/redis
// /usr/share/fonts/truetype/custom
@@ -75,27 +75,10 @@
svc: oo.ns.Contain(kube.Service("documentserver")) {
target_pod:: oo.deploy.spec.template,
},
-
- ingress: oo.ns.Contain(kube.Ingress("office")) {
- metadata+: {
- annotations+: {
- "kubernetes.io/tls-acme": "true",
- "cert-manager.io/cluster-issuer": "letsencrypt-prod",
- },
- },
- spec+: {
- tls: [{ hosts: [cfg.domain], secretName: "office-tls" }],
- rules: [
- {
- host: cfg.domain,
- http: {
- paths: [
- { path: "/", backend: oo.svc.name_port, },
- ],
- },
- },
- ],
- },
+
+ ingress: oo.ns.Contain(kube.SimpleIngress("office")) {
+ hosts:: [cfg.domain],
+ target_service:: oo.svc,
},
// Needed because the documentserver runs its own supervisor, and: