| local kube = import "../../kube/hscloud.libsonnet"; |
| local postgres = import "../../kube/postgres.libsonnet"; |
| |
| { |
| local app = self, |
| local cfg = app.cfg, |
| |
| cfg:: { |
| namespace: "redmine", |
| image: "registry.k0.hswaw.net/informatic/redmine@sha256:b04d1fd04549424e505722c9feb0b6741a057cb8f0fab68ad3730ecb167417df", |
| domain: error "domain must be set", |
| storageClassName: "waw-hdd-redundant-3", |
| database: { |
| host: "postgres", |
| name: "redmine", |
| username: "redmine", |
| password: { secretKeyRef: { name: "redmine", key: "postgres_password" } }, |
| port: 5432, |
| }, |
| |
| b: { |
| domains: [], |
| image: "registry.k0.hswaw.net/q3k/b:315532800-6cc2f867951e123909b23955cd7bcbcc3ec24f8a", |
| }, |
| |
| storage: { |
| endpoint: error "storage.endpoint must be set", |
| region: error "storage.region must be set", |
| bucket: error "storage.bucket must be set", |
| accessKey: error "storage.accessKey must be set", |
| secretKey: error "storage.secretKey must be set", |
| }, |
| |
| oidc: { |
| server: error "oidc.server must be set", |
| clientID: error "oidc.clientID must be set", |
| clientSecret: error "oidc.clientSecret must be set", |
| }, |
| |
| # Mailing configuration object passed to smtp_settings |
| mailing: { |
| address: error "mailing.address must be set", |
| port: 465, |
| ssl: true, |
| domain: error "mailing.domain must be set", |
| authentication: ":login", |
| user_name: error "mailing.user_name must be set", |
| password: error "mailing.password must be set", |
| }, |
| }, |
| |
| # Generates YAML file while preserving specified ruby-style symbols. |
| # (ie. removes surrounding quotes) |
| rubyYaml(obj, symbols):: std.foldr(function (symbol, str) std.strReplace(str, '"%s"' % symbol, symbol), symbols, std.manifestYamlDoc(obj)), |
| |
| ns: kube.Namespace(app.cfg.namespace), |
| |
| postgres: postgres { |
| cfg+: { |
| namespace: cfg.namespace, |
| appName: "redmine", |
| database: cfg.database.name, |
| username: cfg.database.username, |
| password: cfg.database.password, |
| storageClassName: cfg.storageClassName, |
| }, |
| }, |
| |
| deployment: app.ns.Contain(kube.Deployment("redmine")) { |
| spec+: { |
| replicas: 1, |
| template+: { |
| spec+: { |
| securityContext: { |
| runAsUser: 999, |
| runAsGroup: 999, |
| fsGroup: 999, |
| }, |
| containers_: { |
| web: kube.Container("redmine") { |
| image: cfg.image, |
| args: ['sh', '-c', ||| |
| set -e |
| echo "${X_EXTRA_CONFIGURATION}" > config/configuration.yml |
| exec /docker-entrypoint.sh rails server -b 0.0.0.0 |
| |||], |
| ports_: { |
| http: { containerPort: 3000 }, |
| }, |
| env_: { |
| REDMINE_DB_POSTGRES: cfg.database.host, |
| REDMINE_DB_PORT: cfg.database.port, |
| REDMINE_DB_USERNAME: cfg.database.username, |
| REDMINE_DB_PASSWORD: cfg.database.password, |
| REDMINE_DB_DATABASE: cfg.database.name, |
| |
| REDMINE_SECRET_KEY_BASE: { secretKeyRef: { name: "redmine", key: "secret_key" } }, |
| |
| REDMINE_OIDC_SERVER: cfg.oidc.server, |
| REDMINE_OIDC_CLIENT_ID: cfg.oidc.clientID, |
| REDMINE_OIDC_CLIENT_SECRET: cfg.oidc.clientSecret, |
| REDMINE_OIDC_ADMIN_GROUP: "issues-admin", |
| |
| REDMINE_S3_ENDPOINT: cfg.storage.endpoint, |
| REDMINE_S3_BUCKET: cfg.storage.bucket, |
| REDMINE_S3_ACCESS_KEY_ID: cfg.storage.accessKey, |
| REDMINE_S3_SECRET_ACCESS_KEY: cfg.storage.secretKey, |
| REDMINE_S3_REGION: cfg.storage.region, |
| |
| REDMINE_MAILING_PASSWORD: cfg.mailing.password, |
| X_EXTRA_CONFIGURATION: app.rubyYaml({ |
| production: { |
| email_delivery: { |
| delivery_method: ":smtp", |
| smtp_settings: cfg.mailing { |
| password: "$(REDMINE_MAILING_PASSWORD)", |
| }, |
| } |
| }, |
| }, [":smtp", ":login"]), |
| }, |
| }, |
| }, |
| }, |
| }, |
| }, |
| }, |
| |
| svc: app.ns.Contain(kube.Service("redmine")) { |
| target_pod:: app.deployment.spec.template, |
| }, |
| |
| ingress: app.ns.Contain(kube.SimpleIngress("redmine")) { |
| hosts:: [cfg.domain], |
| target_service:: app.svc, |
| }, |
| |
| b: (if std.length(cfg.b.domains) > 0 then { |
| deployment: app.ns.Contain(kube.Deployment("b")) { |
| spec+: { |
| replicas: 3, |
| template+: { |
| spec+: { |
| containers_: { |
| default: kube.Container("default") { |
| image: "registry.k0.hswaw.net/q3k/b:315532800-6cc2f867951e123909b23955cd7bcbcc3ec24f8a", |
| ports_: { |
| http: { containerPort: 8000 }, |
| }, |
| command: [ |
| "/devtools/issues/b", |
| ], |
| }, |
| }, |
| }, |
| }, |
| }, |
| }, |
| svc: app.ns.Contain(kube.Service("b")) { |
| target_pod:: app.b.deployment.spec.template, |
| }, |
| ingress: app.ns.Contain(kube.SimpleIngress("b")) { |
| hosts:: cfg.b.domains, |
| target_service:: app.b.svc, |
| }, |
| } else {}), |
| |
| } |