hswaw/capacifier/prod.jsonnet

local kube = import "../../kube/kube.libsonnet";

{
    local top = self,
    local cfg = self.cfg,

    cfg:: {
        name: 'capacifier',
        namespace: 'capacifier',
        domain: 'capacifier.hackerspace.pl',
        image: 'registry.k0.hswaw.net/q3k/capacifier:1680390588',
    },

    ns: kube.Namespace(cfg.namespace),

    deployment: top.ns.Contain(kube.Deployment(cfg.name)) {
        spec+: {
            replicas: 3,
            template+: {
                spec+: {
                    containers_: {
                        default: kube.Container("default") {
                            image: cfg.image,
                            env_: {
                                LDAP_DN: "cn=capacifier,ou=Services,dc=hackerspace,dc=pl",
                                LDAP_PW: { secretKeyRef: { name: cfg.name, key: 'ldap_pw' } },
                            },
                            command: [
                                "/hswaw/capacifier/capacifier",
                                "-hspki_disable",
                                "-logtostderr",
                                "-api_listen", "0.0.0.0:8080",
                                "-ldap_bind_dn", "$(LDAP_DN)",
                                "-ldap_bind_pw", "$(LDAP_PW)",
                            ],
                            resources: {
                                requests: { cpu: "25m", memory: "64Mi" },
                                limits: { cpu: "500m", memory: "128Mi" },
                            },
                            ports_: {
                                http: { containerPort: 8080 },
                            },
                        },
                    },
                },
            },
        },
    },

    service: top.ns.Contain(kube.Service(cfg.name)) {
        target_pod:: top.deployment.spec.template,
    },

    ingress: top.ns.Contain(kube.Ingress(cfg.name)) {
        metadata+: {
            annotations+: {
                "kubernetes.io/tls-acme": "true",
                "cert-manager.io/cluster-issuer": "letsencrypt-prod",
                "nginx.ingress.kubernetes.io/proxy-body-size": "0",
            },
        },
        spec+: {
            tls: [ { hosts: [ cfg.domain ], secretName: cfg.name + "-tls" } ],
            rules: [
                {
                    host: cfg.domain,
                    http: {
                        paths:  [
                            { path: "/", backend: top.service.name_port },
                        ],
                    },
                },
            ],
        },
    },
}