Gitiles
Code Review Sign In
gerrit.hackerspace.pl / hscloud / 3fdda9c9a34bf7a78641c2f9e5792ea68b045890 / . / app / walne / prod.jsonnet
blob: da98b7020373eecec261e421f97f1bb553d0b104 [file] [log] [blame]
radex3fdda9c2023-10-23 22:25:35 +0200[diff] [blame^]1local kube = import '../../kube/hscloud.libsonnet';
2
3{
4 local top = self,
5 local cfg = top.cfg,
6
7 cfg:: {
8 name: 'walne',
9 namespace: 'walne',
10 domain: 'walne.hackerspace.pl',
11 image: 'registry.k0.hswaw.net/radex/walne:1698228636',
12 oauthClientId: '992f3daf-a30e-4409-baad-e7b0e4bc2a2e',
13 },
14
15 // kubectl -n walne create secret generic walne --from-literal=ldap_password=xxx --from-literal=oauth_secret=xxx --from-literal=next_auth_secret=$(pwgen 32 1)
16 secrets:: {
17 ldap: { secretKeyRef: { name: cfg.name, key: 'ldap_password' },},
18 ouath: { secretKeyRef: { name: cfg.name, key: 'oauth_secret' } },
19 nextAuth: { secretKeyRef: { name: cfg.name, key: 'next_auth_secret' } },
20 },
21
22 ns: kube.Namespace(cfg.namespace),
23 deployment: top.ns.Contain(kube.Deployment(cfg.name)) {
24 spec+: {
25 template+: {
26 spec+: {
27 containers_: {
28 default: kube.Container('default') {
29 image: cfg.image,
30 ports_: {
31 web: { containerPort: 3000 },
32 },
33 env_: {
34 LDAP_USER_DN: 'cn=walone-generator,ou=services,dc=hackerspace,dc=pl',
35 LDAP_USER_PW: top.secrets.ldap,
36 ALLOWED_LDAP_GROUPS: 'zarzad,rewizja,staff,walne-users',
37 HSWAW_AUTH_CLIENT_ID: cfg.oauthClientId,
38 HSWAW_AUTH_CLIENT_SECRET: top.secrets.ouath,
39 AUTH_SECRET: top.secrets.nextAuth,
40 REDIRECT_PROXY_URL: 'https://' + cfg.domain + '/auth',
41 },
42 },
43 },
44 },
45 },
46 },
47 },
48
49 service: top.ns.Contain(kube.Service(cfg.name)) {
50 target_pod:: top.deployment.spec.template,
51 },
52
53 ingress: top.ns.Contain(kube.SimpleIngress(cfg.name)) {
54 hosts:: [cfg.domain],
55 target_service:: top.service,
56 },
57}