blob: 2388529612d59fa218435891a9a576f5d9ec5757 [file] [log] [blame]
Sergiusz Bazanski74818e12020-02-18 22:56:21 +01001local mirko = import "../../kube/mirko.libsonnet";
2local kube = import "../../kube/kube.libsonnet";
3local postgres = import "../../kube/postgres.libsonnet";
4local redis = import "../../kube/redis.libsonnet";
5
6// Copy over the secret from the ceph cluster namespace to the environment
7// namespace. Eg.
8// cluster=ceph-waw3
9// pool=waw-hdd-redundant-3-object
10// namespace=hswaw-prod
11// kubectl get -n $cluster secret rook-ceph-object-user-$pool-$namespace-pretalx-s3 -o json > hswaw/kube/secrets/plain/prod-pretalx-s3.json
12
13{
14 local cfg = self.cfg,
15 cfg:: {
16 // q3k's fork for S3 support (q3k/s3)
17 image: "registry.k0.hswaw.net/q3k/pretalx-docker:20200217-1581977177",
18 storageClassName: error "storageClassName must be set!",
19 webFQDN: error "webFQDN must be set!",
20
21 smtpPassword: error "smtpPassword must be set!",
22
23 s3: {
24 cluster: "ceph-waw3",
25 pool: "waw-hdd-redundant-3-object",
26 credsSecret: error "credsSecret msut be set",
27 },
28
29 smtp: {
30 server: "mail.hackerspace.pl",
31 from: "pretalx@hackerspace.pl",
32 username: "pretalx",
33 },
34 },
35
36 component(cfg, env): mirko.Component(env, "pretalx") {
37 local pretalx = self,
38 cfg+: {
39 image: cfg.image,
40 volumes+: {
41 data: kube.PersistentVolumeClaimVolume(pretalx.volumeData),
42 config: kube.SecretVolume(pretalx.config),
43 },
44
45 pgpass:: { secretKeyRef: { name: pretalx.makeName("-postgres"), key: "postgres_password", } },
46
47 containers:: {
48 default: pretalx.Container("main") {
49 volumeMounts_+: {
50 data: { mountPath: "/data", },
51 config: { mountPath: "/etc/pretalx" },
52 },
53 workingDir: "/pretalx/src",
54 command: [
55 "gunicorn", "pretalx.wsgi",
56 "--name", "pretalx",
57 "--workers", "4",
58 "--max-requests", "1200",
59 "--max-requests-jitter", "50",
60 "--log-level", "info",
61 "--bind", "0.0.0.0:8080",
62 ],
63 env_: {
64 PRETALX_DB_PASS: pretalx.cfg.pgpass,
65 HOME: "/pretalx",
66 PRETALX_DATA_DIR: "/data",
67 },
68 resources: {
69 // thicc Python
70 requests: {
71 cpu: "100m",
72 memory: "512Mi",
73 },
74 limits: {
75 cpu: "1",
76 memory: "2Gi",
77 },
78 },
79 },
80 worker: pretalx.Container("worker") {
81 volumeMounts_+: {
82 data: { mountPath: "/data", },
83 config: { mountPath: "/etc/pretalx" },
84 },
85 workingDir: "/pretalx/src",
86 command: [
87 "celery", "-A", "pretalx.celery_app", "worker",
88 "-l", "info",
89 ],
90 env_: {
91 PRETALX_DB_PASS: pretalx.cfg.pgpass,
92 HOME: "/pretalx",
93 PRETALX_DATA_DIR: "/data",
94 },
95 resources: {
96 // thicc Python
97 requests: {
98 cpu: "100m",
99 memory: "512Mi",
100 },
101 limits: {
102 cpu: "1",
103 memory: "2Gi",
104 },
105 },
106 },
107 },
108 securityContext: {
109 runAsUser: 999,
110 },
111 ports+: {
112 publicHTTP: {
113 web: {
114 port: 8080,
115 dns: cfg.webFQDN,
116 },
117 },
118 },
119 },
120
121 secret: kube.Secret(pretalx.makeName("secret")) {
122 metadata+: pretalx.metadata,
123 data: {
124 smtpPassword: cfg.smtpPassword,
125 },
126 },
127
128 cronjob: kube.CronJob(pretalx.makeName("runperiodic")) {
129 metadata+: pretalx.metadata,
130 spec+: {
131 schedule: "*/5 * * * *",
132 jobTemplate+: {
133 spec+: {
134 selector:: null,
135 template+: {
136 spec+: {
137 containers_: {
138 runperiodic: kube.Container("runperiodic") {
139 image: cfg.image,
140 workingDir: "/pretalx/src",
141 volumeMounts_+: {
142 config: { mountPath: "/etc/pretalx" },
143 },
144 env_: {
145 PRETALX_DB_PASS: pretalx.cfg.pgpass,
146 HOME: "/pretalx",
147 PRETALX_DATA_DIR: "/data",
148 },
149 command: [
150 "python3", "-m", "pretalx",
151 "runperiodic",
152 ],
153 },
154 },
155 securityContext: {
156 runAsUser: 999,
157 },
158 volumes_+: {
159 config: kube.SecretVolume(pretalx.config),
160 },
161 },
162 },
163 },
164 },
165 },
166 },
167
168 config: kube.Secret(pretalx.makeName("-config")) {
169 metadata+: pretalx.metadata,
170 data: {
171 "pretalx.cfg": std.base64(std.manifestIni({
172 sections: {
173 filesystem: {
174 data: "/data", media: "/data/media", logs: "/data/logs",
175 },
176 site: {
177 debug: false,
178 url: "https://%s" % cfg.webFQDN,
179 },
180 s3media: {
181 bucket: "pretalx-prod",
182 access_key_id: std.base64Decode(cfg.s3.credsSecret.data.AccessKey),
183 secret_access_key: std.base64Decode(cfg.s3.credsSecret.data.SecretKey),
184 endpoint: "https://object.ceph-waw3.hswaw.net",
185 },
186 database: {
187 backend: "postgresql",
188 name: "pretalx",
189 user: "pretalx",
190 // password: ... // provided by environment variable from secret
191 host: pretalx.postgres.bouncer.svc.host,
192 //port: 5432
193 },
194 mail: {
195 from: cfg.smtp.from,
196 host: cfg.smtp.server,
197 port: 587,
198 user: cfg.smtp.username,
199 password: cfg.smtpPassword,
200 tls: "True",
201 },
202 celery: {
203 backend: "redis://%s/1" % [pretalx.redis.svc.host],
204 broker: "redis://%s/2" % [pretalx.redis.svc.host],
205 },
206 },
207 })),
208 },
209 },
210
211 postgres: postgres {
212 cfg+: {
213 namespace: pretalx.metadata.namespace,
214 appName: pretalx.makeName("-pretalx"),
215 storageClassName: cfg.storageClassName,
216 prefix: pretalx.makeName("-postgres") + "-",
217 database: "pretalx",
218 username: "pretalx",
219 password: pretalx.cfg.pgpass,
220 },
221 },
222
223 redis: redis {
224 cfg+: {
225 namespace: pretalx.metadata.namespace,
226 appName: pretalx.makeName("-pretalx"),
227 storageClassName: cfg.storageClassName,
228 prefix: pretalx.makeName("-redis") + "-",
229 },
230 },
231
232 volumeData: kube.PersistentVolumeClaim(pretalx.makeName("-data")) {
233 metadata+: pretalx.metadata,
234 spec+: {
235 storageClassName: cfg.storageClassName,
236 accessModes: ["ReadWriteOnce"],
237 resources: {
238 requests: {
239 storage: "5Gi",
240 },
241 },
242 },
243 },
244
245 s3: kube.CephObjectStoreUser(pretalx.makeNameGlobal("-s3")) {
246 metadata+: {
247 namespace: cfg.s3.cluster,
248 },
249 spec: {
250 store: cfg.s3.pool,
251 displayName: pretalx.makeNameGlobal("-s3"),
252 },
253 },
254 },
255}