app/inventory/prod.jsonnet

local kube = import "../../kube/hscloud.libsonnet";
local postgres = import '../../kube/postgres.libsonnet';

{
  local top = self,
  local cfg = top.cfg,

  cfg:: {
    name: 'inventory',
    namespace: 'inventory',
    domain: 'inventory.hackerspace.pl',

    image: 'registry.k0.hswaw.net/palid/spejstore:1694280421',
    oauthClientId: '82fffb65-0bbd-4d18-becd-0ce0b31373cf',
    storageClassName: 'waw-hdd-redundant-3',

    mediaPath: '/var/www/media',
  },

  secretRefs:: {
    postgres: { secretKeyRef: { name: cfg.name, key: 'postgres_password' } },
    oauth: { secretKeyRef: { name: cfg.name, key: 'oauth_secret' } },
  },

  local ns = kube.Namespace(cfg.namespace),

  deployment: ns.Contain(kube.Deployment(cfg.name)) {
    spec+: {
      template+: {
        spec+: {
          volumes_: {
            media: top.media.volume,
          },
          containers_: {
            default: kube.Container('default') {
              image: cfg.image,
              ports_: {
                web: { containerPort: 8000 },
              },
              env_: {
                SPEJSTORE_ENV: 'prod',
                SPEJSTORE_DB_NAME: top.postgres.cfg.database,
                SPEJSTORE_DB_USER: top.postgres.cfg.username,
                SPEJSTORE_DB_PASSWORD: top.postgres.cfg.password,
                SPEJSTORE_DB_HOST: top.postgres.svc.host,
                SPEJSTORE_DB_PORT: top.postgres.svc.port,
                SPEJSTORE_ALLOWED_HOSTS: cfg.domain,
                SPEJSTORE_CLIENT_ID: cfg.oauthClientId,
                SPEJSTORE_SECRET: top.secretRefs.oauth,
                SPEJSTORE_MEDIA_ROOT: cfg.mediaPath,
                SPEJSTORE_REQUIRE_AUTH: 'true',
                SPEJSTORE_LAN_ALLOWED_ADDRESS_SPACE: '185.236.240.5',
              },
              volumeMounts_: {
                media: { mountPath: cfg.mediaPath },
              },
            },
          },
        },
      },
    },
  },

  media: ns.Contain(kube.PersistentVolumeClaim(cfg.name)) {
    storage:: '20Gi',
    storageClass:: cfg.storageClassName,
  },

  postgres: ns.Contain(postgres) {
    cfg+: {
      appName: cfg.name,
      storageClassName: cfg.storageClassName,
      version: '15.4',

      database: 'inventory',
      username: 'inventory',
      password: top.secretRefs.postgres,
      versionedNames: true,
    },
  },

  service: ns.Contain(kube.Service(cfg.name)) {
    target:: top.deployment,
  },

  ingress: ns.Contain(kube.SimpleIngress(cfg.name)) {
    hosts:: [cfg.domain],
    target:: top.service,
  },
}