Gitiles
Code Review Sign In
gerrit.hackerspace.pl / hscloud / 55cc9ab1779df9c9cbd7b86825ae44b54f3768aa / . / app / covid-formity / prod.jsonnet
blob: 18fb845f62b5bc8fa3740a2d4cfaae2ed6f8c23c [file] [log] [blame]
Piotr Dobrowolski973076c2020-03-26 21:19:01 +0100[diff] [blame]1# covid19.hackerspace.pl, a covid-formity instance.
2# This needs a secret provisioned, create with:
3# kubectl -n covid-formity create secret generic covid-formity --from-literal=postgres_password=$(pwgen 24 1) --from-literal=secret_key=$(pwgen 24 1) --from-literal=oauth2_secret=...
4
5local kube = import "../../kube/kube.libsonnet";
Piotr Dobrowolskie60250c2020-05-17 10:06:49 +0200[diff] [blame]6local redis = import "../../kube/redis.libsonnet";
Piotr Dobrowolski973076c2020-03-26 21:19:01 +0100[diff] [blame]7local postgres = import "../../kube/postgres.libsonnet";
8
9{
10 local app = self,
11 local cfg = app.cfg,
12 cfg:: {
13 namespace: "covid-formity",
Piotr Dobrowolskie60250c2020-05-17 10:06:49 +0200[diff] [blame]14 image: "registry.k0.hswaw.net/informatic/covid-formity@sha256:53c5fb0dbc4a6660ab47e39869a516f1e3f833dee5a03867386771bd9ffaf7b8",
Piotr Dobrowolski973076c2020-03-26 21:19:01 +0100[diff] [blame]15 domain: "covid19.hackerspace.pl",
Piotr Dobrowolski1be143c2020-03-27 13:18:32 +0100[diff] [blame]16 altDomains: ["covid.hackerspace.pl", "www.covid.hackerspace.pl"],
Piotr Dobrowolski973076c2020-03-26 21:19:01 +0100[diff] [blame]17 },
18
19 metadata(component):: {
20 namespace: app.cfg.namespace,
21 labels: {
22 "app.kubernetes.io/name": "covid-formity",
23 "app.kubernetes.io/managed-by": "kubecfg",
24 "app.kubernetes.io/component": component,
25 },
26 },
27
28 namespace: kube.Namespace(app.cfg.namespace),
29
30 postgres: postgres {
31 cfg+: {
32 namespace: cfg.namespace,
33 appName: "covid-formity",
34 database: "covid-formity",
35 username: "covid-formity",
36 password: { secretKeyRef: { name: "covid-formity", key: "postgres_password" } },
37 },
38 },
39
Piotr Dobrowolskie60250c2020-05-17 10:06:49 +0200[diff] [blame]40 redis: redis {
41 cfg+: {
42 namespace: cfg.namespace,
43 appName: "covid-formity",
Piotr Dobrowolskicf47f082020-10-10 19:44:31 +0200[diff] [blame]44 password: { secretKeyRef: { name: "covid-formity", key: "redis_password" } },
Piotr Dobrowolskie60250c2020-05-17 10:06:49 +0200[diff] [blame]45 storageClassName: app.postgres.cfg.storageClassName,
46 },
47 },
48
Piotr Dobrowolski973076c2020-03-26 21:19:01 +0100[diff] [blame]49 deployment: kube.Deployment("covid-formity") {
50 metadata+: app.metadata("covid-formity"),
51 spec+: {
52 replicas: 1,
53 template+: {
54 spec+: {
55 containers_: {
56 web: kube.Container("covid-formity") {
57 image: cfg.image,
58 ports_: {
59 http: { containerPort: 5000 },
60 },
61 env_: {
62 DATABASE_HOSTNAME: "postgres",
63 DATABASE_USERNAME: app.postgres.cfg.username,
64 DATABASE_PASSWORD: app.postgres.cfg.password,
Piotr Dobrowolskicf47f082020-10-10 19:44:31 +0200[diff] [blame]65 CACHE_REDIS_PASSWORD: app.redis.cfg.password,
66 CACHE_REDIS_URL: "redis://default:$(CACHE_REDIS_PASSWORD)@redis",
Piotr Dobrowolski973076c2020-03-26 21:19:01 +0100[diff] [blame]67 DATABASE_NAME: app.postgres.cfg.appName,
68 SPACEAUTH_CONSUMER_KEY: "covid-formity",
69 SPACEAUTH_CONSUMER_SECRET: { secretKeyRef: { name: "covid-formity", key: "oauth2_secret" } },
70 SECRET_KEY: { secretKeyRef: { name: "covid-formity", key: "secret_key" } },
Piotr Dobrowolskie60250c2020-05-17 10:06:49 +0200[diff] [blame]71 SHIPPING_KURJERZY_EMAIL: "qrde@hackerspace.pl",
72 SHIPPING_KURJERZY_PASSWORD: { secretKeyRef: { name: "covid-formity-shipping", key: "kurjerzy_password" } },
Piotr Dobrowolski973076c2020-03-26 21:19:01 +0100[diff] [blame]73 },
74 },
75 },
76 },
77 },
78 },
79 },
80
81 svc: kube.Service("covid-formity") {
82 metadata+: app.metadata("covid-formity"),
83 target_pod:: app.deployment.spec.template,
84 spec+: {
85 ports: [
86 { name: "http", port: 5000, targetPort: 5000, protocol: "TCP" },
87 ],
88 type: "ClusterIP",
89 },
90 },
91
92 ingress: kube.Ingress("covid-formity") {
93 metadata+: app.metadata("covid-formity") {
94 annotations+: {
95 "kubernetes.io/tls-acme": "true",
96 "certmanager.k8s.io/cluster-issuer": "letsencrypt-prod",
97 "nginx.ingress.kubernetes.io/proxy-body-size": "0",
Piotr Dobrowolski1be143c2020-03-27 13:18:32 +0100[diff] [blame]98 "nginx.ingress.kubernetes.io/configuration-snippet": "
99 location /qr1 { rewrite ^/qr1(.*)$ https://covid.hackerspace.pl$1 redirect; }
100 location /video { return 302 https://youtu.be/eC19w2NFO0E; }
101 location /manual { return 302 https://wiki.hackerspace.pl/_media/projects:covid-19:przylbica-instrukcja-v1.0.pdf; }
102 ",
Piotr Dobrowolski973076c2020-03-26 21:19:01 +0100[diff] [blame]103 },
104 },
105 spec+: {
106 tls: [
107 {
108 hosts: [cfg.domain] + cfg.altDomains,
109 secretName: "covid-formity-tls",
110 },
111 ],
112 rules: [
113 {
114 host: dom,
115 http: {
116 paths: [
117 { path: "/", backend: app.svc.name_port },
118 ]
119 },
120 }
121 for dom in [cfg.domain] + cfg.altDomains
122 ],
123 },
124 },
125}