Gitiles
Code Review Sign In
gerrit.hackerspace.pl / hscloud / master / . / hswaw / labelmaker / jspaint.libsonnet
blob: 7b48e26b42b338a065187d8a78a350a011cd04c0 [file] [log] [blame]
local kube = import "../../kube/hscloud.libsonnet";
{
local top = self,
local cfg = self.cfg,
cfg:: {
name: 'jspaint',
namespace: 'labelmaker',
domain: 'pixel.label.hackerspace.pl',
images: {
app: 'registry.k0.hswaw.net/radex/jspaint:20240202221310',
proxy: "quay.io/oauth2-proxy/oauth2-proxy:v7.2.1",
},
},
secretRefs:: {
cookie_secret: { secretKeyRef: { name: "jspaint-proxy", key: "cookie_secret" } },
oidc_secret: { secretKeyRef: { name: "jspaint-proxy", key: "oidc_secret" } },
},
local ns = kube.Namespace(cfg.namespace),
deployment: ns.Contain(kube.Deployment(cfg.name)) {
spec+: {
replicas: 1,
template+: {
spec+: {
containers_: {
default: kube.Container("default") {
image: cfg.images.proxy,
ports_: {
http: { containerPort: 8001 },
},
env_: {
OAUTH2_PROXY_UPSTREAMS: "http://127.0.0.1:8080",
OAUTH2_PROXY_HTTP_ADDRESS: "0.0.0.0:8001",
OAUTH2_PROXY_COOKIE_SECRET: top.secretRefs.cookie_secret,
OAUTH2_PROXY_PROVIDER: "oidc",
OAUTH2_PROXY_OIDC_ISSUER_URL: "https://sso.hackerspace.pl",
OAUTH2_PROXY_SKIP_PROVIDER_BUTTON: "true",
OAUTH2_PROXY_CLIENT_ID: "42ab4167-fb20-4f8a-86e2-7d1c0bd59dea",
OAUTH2_PROXY_CLIENT_SECRET: top.secretRefs.oidc_secret,
OAUTH2_PROXY_EMAIL_DOMAINS: "*",
OAUTH2_PROXY_REVERSE_PROXY: true,
OAUTH2_PROXY_TRUSTED_IPS: "185.236.240.5", // customs.hackerspace.pl
},
},
app: kube.Container("app") {
image: cfg.images.app,
ports_: {
http: { containerPort: 8080 },
},
volumeMounts: [
{
name: 'config',
subPath: 'default.conf',
mountPath: '/etc/nginx/conf.d/default.conf'
},
],
},
},
volumes_: {
config: top.config.volume,
},
},
},
},
},
config: ns.Contain(kube.ConfigMap(cfg.name + '-config')) {
data: {
'default.conf': importstr 'nginx.default.conf',
},
},
service: ns.Contain(kube.Service(cfg.name)) {
target:: top.deployment,
},
ingress: ns.Contain(kube.SimpleIngress(cfg.name)) {
hosts:: [cfg.domain],
target:: top.service,
},
}