Gitiles
Code Review Sign In
gerrit.hackerspace.pl / hscloud / 0572fff9a475341933fdd6707c7664b788fd5323 / . / devtools / issues / redmine.libsonnet
blob: 420e488c40a9dca1c59a5d618c5f57dad91a501c [file] [log] [blame]
Piotr Dobrowolski0572fff2021-02-06 22:23:53 +0100[diff] [blame^]1local kube = import "../../kube/kube.libsonnet";
2local postgres = import "../../kube/postgres.libsonnet";
3
4{
5 local app = self,
6 local cfg = app.cfg,
7
8 cfg:: {
9 namespace: "redmine",
10 image: "registry.k0.hswaw.net/informatic/redmine@sha256:b04d1fd04549424e505722c9feb0b6741a057cb8f0fab68ad3730ecb167417df",
11 domain: error "domain must be set",
12 storageClassName: "waw-hdd-redundant-3",
13 database: {
14 host: "postgres",
15 name: "redmine",
16 username: "redmine",
17 password: { secretKeyRef: { name: "redmine", key: "postgres_password" } },
18 port: 5432,
19 },
20
21 storage: {
22 endpoint: error "storage.endpoint must be set",
23 region: error "storage.region must be set",
24 bucket: error "storage.bucket must be set",
25 accessKey: error "storage.accessKey must be set",
26 secretKey: error "storage.secretKey must be set",
27 },
28
29 oidc: {
30 server: error "oidc.server must be set",
31 clientID: error "oidc.clientID must be set",
32 clientSecret: error "oidc.clientSecret must be set",
33 },
34 },
35
36 ns: kube.Namespace(app.cfg.namespace),
37
38 postgres: postgres {
39 cfg+: {
40 namespace: cfg.namespace,
41 appName: "redmine",
42 database: cfg.database.name,
43 username: cfg.database.username,
44 password: cfg.database.password,
45 storageClassName: cfg.storageClassName,
46 },
47 },
48
49 deployment: app.ns.Contain(kube.Deployment("redmine")) {
50 spec+: {
51 replicas: 1,
52 template+: {
53 spec+: {
54 securityContext: {
55 runAsUser: 999,
56 runAsGroup: 999,
57 fsGroup: 999,
58 },
59 containers_: {
60 web: kube.Container("redmine") {
61 image: cfg.image,
62 ports_: {
63 http: { containerPort: 3000 },
64 },
65 env_: {
66 REDMINE_DB_POSTGRES: cfg.database.host,
67 REDMINE_DB_PORT: cfg.database.port,
68 REDMINE_DB_USERNAME: cfg.database.username,
69 REDMINE_DB_PASSWORD: cfg.database.password,
70 REDMINE_DB_DATABASE: cfg.database.name,
71
72 REDMINE_SECRET_KEY_BASE: { secretKeyRef: { name: "redmine", key: "secret_key" } },
73
74 REDMINE_OIDC_SERVER: cfg.oidc.server,
75 REDMINE_OIDC_CLIENT_ID: cfg.oidc.clientID,
76 REDMINE_OIDC_CLIENT_SECRET: cfg.oidc.clientSecret,
77 REDMINE_OIDC_ADMIN_GROUP: "issues-admin",
78
79 REDMINE_S3_ENDPOINT: cfg.storage.endpoint,
80 REDMINE_S3_BUCKET: cfg.storage.bucket,
81 REDMINE_S3_ACCESS_KEY_ID: cfg.storage.accessKey,
82 REDMINE_S3_SECRET_ACCESS_KEY: cfg.storage.secretKey,
83 REDMINE_S3_REGION: cfg.storage.region,
84 },
85 },
86 },
87 },
88 },
89 },
90 },
91
92 svc: app.ns.Contain(kube.Service("redmine")) {
93 target_pod:: app.deployment.spec.template,
94 },
95
96 ingress: app.ns.Contain(kube.Ingress("redmine")) {
97 metadata+: {
98 annotations+: {
99 "kubernetes.io/tls-acme": "true",
100 "certmanager.k8s.io/cluster-issuer": "letsencrypt-prod",
101 "nginx.ingress.kubernetes.io/proxy-body-size": "0",
102 },
103 },
104 spec+: {
105 tls: [
106 {
107 hosts: [cfg.domain],
108 secretName: "redmine-tls",
109 },
110 ],
111 rules: [
112 {
113 host: cfg.domain,
114 http: {
115 paths: [
116 { path: "/", backend: app.svc.name_port },
117 ]
118 },
119 }
120 ],
121 },
122 },
123}