Radek Pietruszewski | f584431 | 2023-10-27 22:41:18 +0200 | [diff] [blame] | 1 | local kube = import "../../../kube/hscloud.libsonnet"; |
Sergiusz Bazanski | a7e26cc | 2019-06-21 20:38:35 +0200 | [diff] [blame] | 2 | |
| 3 | { |
radex | c995c21 | 2023-11-24 12:01:49 +0100 | [diff] [blame] | 4 | local top = self, |
| 5 | local cfg = top.cfg, |
Sergiusz Bazanski | a7e26cc | 2019-06-21 20:38:35 +0200 | [diff] [blame] | 6 | |
| 7 | cfg:: { |
| 8 | namespace: error "namespace must be set", |
| 9 | appName: "gerrit", |
| 10 | prefix: "", # if set, should be 'foo-' |
| 11 | domain: error "domain must be set", |
| 12 | identity: error "identity (UUID) must be set", |
| 13 | |
| 14 | // The secret must contain a key named 'secure.config' containing (at least): |
| 15 | // [auth] |
| 16 | // registerEmailPrivateKey = <random> |
| 17 | // [plugin "gerrit-oauth-provider-warsawhackerspace-oauth"] |
| 18 | // client-id = foo |
| 19 | // client-secret = bar |
| 20 | // [sendemail] |
| 21 | // smtpPass = foo |
| 22 | // [receiveemail] |
| 23 | // password = bar |
| 24 | secureSecret: error "secure secret name must be set", |
| 25 | |
| 26 | storageClass: error "storage class must be set", |
| 27 | storageSize: { |
| 28 | git: "50Gi", // Main storage for repositories and NoteDB. |
| 29 | index: "10Gi", // Secondary Lucene index |
| 30 | cache: "10Gi", // H2 cache databases |
| 31 | db: "1Gi", // NoteDB is used, so database is basically empty (H2 accountPatchReviewDatabase) |
| 32 | etc: "1Gi", // Random site stuff. |
| 33 | }, |
| 34 | |
| 35 | email: { |
| 36 | server: "mail.hackerspace.pl", |
| 37 | username: "gerrit", |
| 38 | address: "gerrit@hackerspace.pl", |
| 39 | }, |
| 40 | |
Serge Bazanski | 7f5f209 | 2023-10-08 14:01:04 +0000 | [diff] [blame] | 41 | tag: "3.7.5-r7", |
Serge Bazanski | ee2f8a3 | 2020-12-17 23:06:10 +0100 | [diff] [blame] | 42 | image: "registry.k0.hswaw.net/q3k/gerrit:" + cfg.tag, |
Sergiusz Bazanski | a7e26cc | 2019-06-21 20:38:35 +0200 | [diff] [blame] | 43 | resources: { |
| 44 | requests: { |
| 45 | cpu: "100m", |
| 46 | memory: "500Mi", |
| 47 | }, |
| 48 | limits: { |
| 49 | cpu: "1", |
| 50 | memory: "2Gi", |
| 51 | }, |
| 52 | }, |
| 53 | }, |
| 54 | |
radex | 1439fde | 2023-11-24 12:22:22 +0100 | [diff] [blame] | 55 | secretRefs:: { |
| 56 | FORGEJO_TOKEN: { secretKeyRef: { name: top.keys.metadata.name, key: "FORGEJO_TOKEN" } }, |
| 57 | }, |
| 58 | |
Sergiusz Bazanski | a7e26cc | 2019-06-21 20:38:35 +0200 | [diff] [blame] | 59 | name(suffix):: cfg.prefix + suffix, |
| 60 | |
| 61 | metadata(component):: { |
| 62 | namespace: cfg.namespace, |
| 63 | labels: { |
| 64 | "app.kubernetes.io/name": cfg.appName, |
| 65 | "app.kubernetes.io/managed-by": "kubecfg", |
| 66 | "app.kubernetes.io/component": "component", |
| 67 | }, |
| 68 | }, |
| 69 | |
radex | c995c21 | 2023-11-24 12:01:49 +0100 | [diff] [blame] | 70 | configmap: kube.ConfigMap(top.name("gerrit")) { |
| 71 | metadata+: top.metadata("configmap"), |
Sergiusz Bazanski | a7e26cc | 2019-06-21 20:38:35 +0200 | [diff] [blame] | 72 | data: { |
| 73 | "gerrit.config": ||| |
| 74 | [gerrit] |
| 75 | basePath = git |
| 76 | canonicalWebUrl = https://%(domain)s/ |
| 77 | serverId = %(identity)s |
Serge Bazanski | c9f48fe | 2021-02-08 00:44:56 +0100 | [diff] [blame] | 78 | reportBugUrl = https://b.hackerspace.pl/new |
Serge Bazanski | c68343c | 2023-10-08 12:58:05 +0000 | [diff] [blame] | 79 | primaryWeblinkName = Forgejo |
Serge Bazanski | c9f48fe | 2021-02-08 00:44:56 +0100 | [diff] [blame] | 80 | |
| 81 | [commentlink "b"] |
| 82 | match = [Bb]/(\\d+) |
| 83 | link = https://b.hackerspace.pl/$1 |
Sergiusz Bazanski | a7e26cc | 2019-06-21 20:38:35 +0200 | [diff] [blame] | 84 | |
Serge Bazanski | c68343c | 2023-10-08 12:58:05 +0000 | [diff] [blame] | 85 | [gitweb] |
| 86 | url = https://git.hackerspace.pl/ |
| 87 | type = custom |
| 88 | revision = hswaw/${project}/commit/${commit} |
| 89 | project = hswaw/${project} |
| 90 | branch = hswaw/${project}/src/branch/${branch} |
| 91 | tag = hswaw/${project}/releases/tag/${tag} |
| 92 | roottree = hswaw/${project}/src/commit/${commit} |
| 93 | file = hswaw/${project}/src/commit/${hash}/${file} |
| 94 | filehistory = hswaw/${project}/commits/branch/${branch}/${file} |
| 95 | linkname = Forgejo |
| 96 | |
Sergiusz Bazanski | 9b5359d | 2019-07-20 17:20:53 +0200 | [diff] [blame] | 97 | [sshd] |
| 98 | advertisedAddress = %(domain)s |
| 99 | |
Sergiusz Bazanski | a7e26cc | 2019-06-21 20:38:35 +0200 | [diff] [blame] | 100 | [container] |
| 101 | javaOptions = -Djava.security.edg=file:/dev/./urandom |
| 102 | |
| 103 | [auth] |
| 104 | type = OAUTH |
| 105 | gitBasicAuthPolicy = HTTP |
| 106 | |
| 107 | [httpd] |
| 108 | listenUrl = proxy-http://*:8080 |
| 109 | |
| 110 | [sshd] |
| 111 | advertisedAddress = %(domain)s |
| 112 | |
| 113 | [user] |
| 114 | email = %(emailAddress)s |
| 115 | |
| 116 | [sendemail] |
| 117 | enable = true |
| 118 | from = MIXED |
| 119 | smtpServer = %(emailServer)s |
| 120 | smtpServerPort = 465 |
| 121 | smtpEncryption = ssl |
| 122 | smtpUser = %(emailUser)s |
| 123 | |
| 124 | [receiveemail] |
| 125 | protocol = IMAP |
| 126 | host = %(emailServer)s |
| 127 | username = %(emailUser)s |
| 128 | encryption = TLS |
| 129 | enableImapIdle = true |
| 130 | |
Serge Bazanski | 28b5260 | 2023-10-27 20:58:45 +0200 | [diff] [blame] | 131 | [plugin "avatars-gravatar"] |
| 132 | gravatarUrl = https://profile.hackerspace.pl/avatar/ |
| 133 | changeAvatarUrl = https://profile.hackerspace.pl/vcard |
| 134 | |
Sergiusz Bazanski | a7e26cc | 2019-06-21 20:38:35 +0200 | [diff] [blame] | 135 | ||| % { |
| 136 | domain: cfg.domain, |
| 137 | identity: cfg.identity, |
| 138 | emailAddress: cfg.email.address, |
| 139 | emailServer: cfg.email.server, |
| 140 | emailUser: cfg.email.username, |
| 141 | }, |
| 142 | }, |
| 143 | }, |
| 144 | |
| 145 | volumes: { |
radex | c995c21 | 2023-11-24 12:01:49 +0100 | [diff] [blame] | 146 | [name]: kube.PersistentVolumeClaim(top.name(name)) { |
| 147 | metadata+: top.metadata("storage"), |
radex | 36964dc | 2023-11-24 11:19:46 +0100 | [diff] [blame] | 148 | storage:: cfg.storageSize[name], |
| 149 | storageClass:: cfg.storageClassName, |
Sergiusz Bazanski | a7e26cc | 2019-06-21 20:38:35 +0200 | [diff] [blame] | 150 | } |
| 151 | for name in ["etc", "git", "index", "cache", "db"] |
| 152 | }, |
| 153 | |
| 154 | local volumeMounts = { |
| 155 | [name]: { mountPath: "/var/gerrit/%s" % name } |
| 156 | for name in ["etc", "git", "index", "cache", "db"] |
| 157 | } { |
| 158 | // ConfigMap gets mounted here |
| 159 | config: { mountPath: "/var/gerrit-config" }, |
| 160 | // SecureSecret gets mounted here |
| 161 | secure: { mountPath: "/var/gerrit-secure" }, |
| 162 | }, |
radex | c995c21 | 2023-11-24 12:01:49 +0100 | [diff] [blame] | 163 | keys: kube.Secret(top.name("keys")) { |
| 164 | metadata+: top.metadata("deployment"), |
Serge Bazanski | 7f5f209 | 2023-10-08 14:01:04 +0000 | [diff] [blame] | 165 | //data_: { |
| 166 | // FORGEJO_TOKEN: "fill me when deploying, TODO(q3k): god damn secrets", |
| 167 | //}, |
| 168 | }, |
radex | c995c21 | 2023-11-24 12:01:49 +0100 | [diff] [blame] | 169 | deployment: kube.Deployment(top.name("gerrit")) { |
| 170 | metadata+: top.metadata("deployment"), |
Sergiusz Bazanski | a7e26cc | 2019-06-21 20:38:35 +0200 | [diff] [blame] | 171 | spec+: { |
| 172 | replicas: 1, |
| 173 | template+: { |
| 174 | spec+: { |
| 175 | securityContext: { |
| 176 | fsGroup: 1000, # gerrit uid |
| 177 | }, |
| 178 | volumes_: { |
radex | 4ffc64d | 2023-11-24 13:28:57 +0100 | [diff] [blame] | 179 | config: top.configmap.volume, |
Sergiusz Bazanski | a7e26cc | 2019-06-21 20:38:35 +0200 | [diff] [blame] | 180 | secure: { secret: { secretName: cfg.secureSecret} }, |
| 181 | } { |
radex | c995c21 | 2023-11-24 12:01:49 +0100 | [diff] [blame] | 182 | [name]: kube.PersistentVolumeClaimVolume(top.volumes[name]) |
Sergiusz Bazanski | a7e26cc | 2019-06-21 20:38:35 +0200 | [diff] [blame] | 183 | for name in ["etc", "git", "index", "cache", "db"] |
| 184 | }, |
| 185 | containers_: { |
radex | c995c21 | 2023-11-24 12:01:49 +0100 | [diff] [blame] | 186 | gerrit: kube.Container(top.name("gerrit")) { |
Sergiusz Bazanski | a7e26cc | 2019-06-21 20:38:35 +0200 | [diff] [blame] | 187 | image: cfg.image, |
| 188 | ports_: { |
| 189 | http: { containerPort: 8080 }, |
| 190 | ssh: { containerPort: 29418 }, |
| 191 | }, |
Serge Bazanski | 7f5f209 | 2023-10-08 14:01:04 +0000 | [diff] [blame] | 192 | env_: { |
radex | 1439fde | 2023-11-24 12:22:22 +0100 | [diff] [blame] | 193 | FORGEJO_TOKEN: top.secretRefs.FORGEJO_TOKEN, |
Serge Bazanski | 7f5f209 | 2023-10-08 14:01:04 +0000 | [diff] [blame] | 194 | }, |
Sergiusz Bazanski | a7e26cc | 2019-06-21 20:38:35 +0200 | [diff] [blame] | 195 | resources: cfg.resources, |
| 196 | volumeMounts_: volumeMounts, |
Piotr Dobrowolski | 69957c3 | 2023-09-17 21:43:51 +0200 | [diff] [blame] | 197 | |
| 198 | livenessProbe: { |
| 199 | httpGet: { |
| 200 | path: "/", |
| 201 | port: 8080, |
| 202 | }, |
| 203 | initialDelaySeconds: 60, |
| 204 | periodSeconds: 10, |
| 205 | }, |
Sergiusz Bazanski | a7e26cc | 2019-06-21 20:38:35 +0200 | [diff] [blame] | 206 | }, |
| 207 | }, |
| 208 | }, |
| 209 | }, |
| 210 | }, |
| 211 | }, |
| 212 | |
radex | c995c21 | 2023-11-24 12:01:49 +0100 | [diff] [blame] | 213 | svc: kube.Service(top.name("gerrit")) { |
| 214 | metadata+: top.metadata("service"), |
| 215 | target:: top.deployment, |
Sergiusz Bazanski | a7e26cc | 2019-06-21 20:38:35 +0200 | [diff] [blame] | 216 | spec+: { |
| 217 | ports: [ |
| 218 | { name: "http", port: 80, targetPort: 8080, protocol: "TCP" }, |
| 219 | { name: "ssh", port: 22, targetPort: 29418, protocol: "TCP" }, |
| 220 | ], |
| 221 | type: "ClusterIP", |
| 222 | }, |
| 223 | }, |
| 224 | |
radex | c995c21 | 2023-11-24 12:01:49 +0100 | [diff] [blame] | 225 | ingress: kube.SimpleIngress(top.name("gerrit")) { |
Radek Pietruszewski | f584431 | 2023-10-27 22:41:18 +0200 | [diff] [blame] | 226 | hosts:: [cfg.domain], |
radex | d45584a | 2023-11-24 12:51:57 +0100 | [diff] [blame] | 227 | target:: top.svc, |
radex | c995c21 | 2023-11-24 12:01:49 +0100 | [diff] [blame] | 228 | metadata+: top.metadata("ingress"), |
Sergiusz Bazanski | a7e26cc | 2019-06-21 20:38:35 +0200 | [diff] [blame] | 229 | }, |
| 230 | } |