Gitiles
Code Review Sign In
gerrit.hackerspace.pl / hscloud / 291f55416443ff09e07810c06240e5f9fcb9175b / . / hswaw / oodviewer / prod.jsonnet
blob: e78580857778df7b5e4b868b1b791e31b229120c [file] [log] [blame]
Serge Bazanski5e695e82021-03-07 14:29:40 +0000[diff] [blame]1// Production deployment of oodviewer.q3k.me.
2//
3// See README.md for more information.
4
5local kube = import "../../kube/kube.libsonnet";
6
7{
8 local top = self,
9 local cfg = self.cfg,
10 ns: kube.Namespace("oodviewer-prod"),
11
12 cfg:: {
13 dbUser: "ood",
14 dbPass: std.split(importstr "secrets/plain/postgres-pass", "\n")[0],
15 dbHost: "hackerspace.pl",
16 dbName: "ood",
17 postgresConnectionString: "postgres://%s:%s@%s/%s?sslmode=disable" % [cfg.dbUser, cfg.dbPass, cfg.dbHost, cfg.dbName],
18
Serge Bazanski25c53fc2021-03-16 21:28:48 +0100[diff] [blame]19 image: "registry.k0.hswaw.net/q3k/oodviewer:315532800-5cd20075113e74d0a69f501c74db766cba597662",
Serge Bazanski5e695e82021-03-07 14:29:40 +0000[diff] [blame]20 domain: "oodviewer.q3k.me",
21 },
22
23 secret: top.ns.Contain(kube.Secret("oodviewer")) {
24 data_: {
25 "postgres": cfg.postgresConnectionString,
26 },
27 },
28
29 deploy: top.ns.Contain(kube.Deployment("oodviewer")) {
30 spec+: {
31 replicas: 3,
32 template+: {
33 spec+: {
34 containers_: {
35 default: kube.Container("default") {
36 image: cfg.image,
37 command: [
38 "/hswaw/oodviewer",
39 "-listen", "0.0.0.0:8080",
40 "-postgres", "$(POSTGRES)",
41 ],
42 env_: {
43 POSTGRES: kube.SecretKeyRef(top.secret, "postgres"),
44 },
45 resources: {
46 requests: { cpu: "0.01", memory: "64M" },
47 limits: { cpu: "1", memory: "256M" },
48 },
49 ports_: {
50 http: { containerPort: 8080 },
51 },
52 },
53 },
54 },
55 },
56 },
57 },
58
59 service: top.ns.Contain(kube.Service("oodviewer")) {
60 target_pod:: top.deploy.spec.template,
61 },
62
63 ingress: top.ns.Contain(kube.Ingress("oodviewer")) {
64 metadata+: {
65 annotations+: {
66 "kubernetes.io/tls-acme": "true",
Piotr Dobrowolski7e841062023-04-23 11:36:15 +0200[diff] [blame]67 "cert-manager.io/cluster-issuer": "letsencrypt-prod",
Serge Bazanski5e695e82021-03-07 14:29:40 +0000[diff] [blame]68 "nginx.ingress.kubernetes.io/proxy-body-size": "0",
69 },
70 },
71 spec+: {
72 tls: [ { hosts: [ cfg.domain ], secretName: "oodviewer-tls" } ],
73 rules: [
74 {
75 host: cfg.domain,
76 http: {
77 paths: [
78 { path: "/", backend: top.service.name_port },
79 ],
80 },
81 },
82 ],
83 },
84 }
85}