Blame - devtools/issues/redmine.libsonnet - hscloud

blob: 208009300d779f73a94a2a490cb3754a6ec89d58 [file] [log] [blame]

Piotr Dobrowolski	0572fff	2021-02-06 22:23:53 +0100	[diff] [blame]	1	local kube = import "../../kube/kube.libsonnet";
				2	local postgres = import "../../kube/postgres.libsonnet";
				3
				4	{
				5	local app = self,
				6	local cfg = app.cfg,
				7
				8	cfg:: {
				9	namespace: "redmine",
				10	image: "registry.k0.hswaw.net/informatic/redmine@sha256:b04d1fd04549424e505722c9feb0b6741a057cb8f0fab68ad3730ecb167417df",
				11	domain: error "domain must be set",
				12	storageClassName: "waw-hdd-redundant-3",
				13	database: {
				14	host: "postgres",
				15	name: "redmine",
				16	username: "redmine",
				17	password: { secretKeyRef: { name: "redmine", key: "postgres_password" } },
				18	port: 5432,
				19	},
				20
Serge Bazanski	877cf0a	2021-02-08 00:34:34 +0100	[diff] [blame]	21	b: {
				22	domains: [],
				23	image: "registry.k0.hswaw.net/q3k/b:315532800-6cc2f867951e123909b23955cd7bcbcc3ec24f8a",
				24	},
				25
Piotr Dobrowolski	0572fff	2021-02-06 22:23:53 +0100	[diff] [blame]	26	storage: {
				27	endpoint: error "storage.endpoint must be set",
				28	region: error "storage.region must be set",
				29	bucket: error "storage.bucket must be set",
				30	accessKey: error "storage.accessKey must be set",
				31	secretKey: error "storage.secretKey must be set",
				32	},
				33
				34	oidc: {
				35	server: error "oidc.server must be set",
				36	clientID: error "oidc.clientID must be set",
				37	clientSecret: error "oidc.clientSecret must be set",
				38	},
Piotr Dobrowolski	054c5b4	2021-02-09 10:05:59 +0100	[diff] [blame]	39
				40	# Mailing configuration object passed to smtp_settings
				41	mailing: {
				42	address: error "mailing.address must be set",
				43	port: 465,
				44	ssl: true,
				45	domain: error "mailing.domain must be set",
				46	authentication: ":login",
				47	user_name: error "mailing.user_name must be set",
				48	password: error "mailing.password must be set",
				49	},
Piotr Dobrowolski	0572fff	2021-02-06 22:23:53 +0100	[diff] [blame]	50	},
				51
Piotr Dobrowolski	054c5b4	2021-02-09 10:05:59 +0100	[diff] [blame]	52	# Generates YAML file while preserving specified ruby-style symbols.
				53	# (ie. removes surrounding quotes)
				54	rubyYaml(obj, symbols):: std.foldr(function (symbol, str) std.strReplace(str, '"%s"' % symbol, symbol), symbols, std.manifestYamlDoc(obj)),
				55
Piotr Dobrowolski	0572fff	2021-02-06 22:23:53 +0100	[diff] [blame]	56	ns: kube.Namespace(app.cfg.namespace),
				57
				58	postgres: postgres {
				59	cfg+: {
				60	namespace: cfg.namespace,
				61	appName: "redmine",
				62	database: cfg.database.name,
				63	username: cfg.database.username,
				64	password: cfg.database.password,
				65	storageClassName: cfg.storageClassName,
				66	},
				67	},
				68
				69	deployment: app.ns.Contain(kube.Deployment("redmine")) {
				70	spec+: {
				71	replicas: 1,
				72	template+: {
				73	spec+: {
				74	securityContext: {
				75	runAsUser: 999,
				76	runAsGroup: 999,
				77	fsGroup: 999,
				78	},
				79	containers_: {
				80	web: kube.Container("redmine") {
				81	image: cfg.image,
Piotr Dobrowolski	054c5b4	2021-02-09 10:05:59 +0100	[diff] [blame]	82	args: ['sh', '-c', \|\|\|
				83	set -e
				84	echo "${X_EXTRA_CONFIGURATION}" > config/configuration.yml
				85	exec /docker-entrypoint.sh rails server -b 0.0.0.0
				86	\|\|\|],
Piotr Dobrowolski	0572fff	2021-02-06 22:23:53 +0100	[diff] [blame]	87	ports_: {
				88	http: { containerPort: 3000 },
				89	},
				90	env_: {
				91	REDMINE_DB_POSTGRES: cfg.database.host,
				92	REDMINE_DB_PORT: cfg.database.port,
				93	REDMINE_DB_USERNAME: cfg.database.username,
				94	REDMINE_DB_PASSWORD: cfg.database.password,
				95	REDMINE_DB_DATABASE: cfg.database.name,
				96
				97	REDMINE_SECRET_KEY_BASE: { secretKeyRef: { name: "redmine", key: "secret_key" } },
				98
				99	REDMINE_OIDC_SERVER: cfg.oidc.server,
				100	REDMINE_OIDC_CLIENT_ID: cfg.oidc.clientID,
				101	REDMINE_OIDC_CLIENT_SECRET: cfg.oidc.clientSecret,
				102	REDMINE_OIDC_ADMIN_GROUP: "issues-admin",
				103
				104	REDMINE_S3_ENDPOINT: cfg.storage.endpoint,
				105	REDMINE_S3_BUCKET: cfg.storage.bucket,
				106	REDMINE_S3_ACCESS_KEY_ID: cfg.storage.accessKey,
				107	REDMINE_S3_SECRET_ACCESS_KEY: cfg.storage.secretKey,
				108	REDMINE_S3_REGION: cfg.storage.region,
Piotr Dobrowolski	054c5b4	2021-02-09 10:05:59 +0100	[diff] [blame]	109
				110	REDMINE_MAILING_PASSWORD: cfg.mailing.password,
				111	X_EXTRA_CONFIGURATION: app.rubyYaml({
				112	production: {
				113	email_delivery: {
				114	delivery_method: ":smtp",
				115	smtp_settings: cfg.mailing {
				116	password: "$(REDMINE_MAILING_PASSWORD)",
				117	},
				118	}
				119	},
				120	}, [":smtp", ":login"]),
Piotr Dobrowolski	0572fff	2021-02-06 22:23:53 +0100	[diff] [blame]	121	},
				122	},
				123	},
				124	},
				125	},
				126	},
				127	},
				128
				129	svc: app.ns.Contain(kube.Service("redmine")) {
				130	target_pod:: app.deployment.spec.template,
				131	},
				132
				133	ingress: app.ns.Contain(kube.Ingress("redmine")) {
				134	metadata+: {
				135	annotations+: {
				136	"kubernetes.io/tls-acme": "true",
				137	"certmanager.k8s.io/cluster-issuer": "letsencrypt-prod",
				138	"nginx.ingress.kubernetes.io/proxy-body-size": "0",
				139	},
				140	},
				141	spec+: {
				142	tls: [
				143	{
				144	hosts: [cfg.domain],
				145	secretName: "redmine-tls",
				146	},
				147	],
				148	rules: [
				149	{
				150	host: cfg.domain,
				151	http: {
				152	paths: [
				153	{ path: "/", backend: app.svc.name_port },
				154	]
				155	},
				156	}
				157	],
				158	},
				159	},
Serge Bazanski	877cf0a	2021-02-08 00:34:34 +0100	[diff] [blame]	160
				161	b: (if std.length(cfg.b.domains) > 0 then {
				162	deployment: app.ns.Contain(kube.Deployment("b")) {
				163	spec+: {
				164	replicas: 3,
				165	template+: {
				166	spec+: {
				167	containers_: {
				168	default: kube.Container("default") {
				169	image: "registry.k0.hswaw.net/q3k/b:315532800-6cc2f867951e123909b23955cd7bcbcc3ec24f8a",
				170	ports_: {
				171	http: { containerPort: 8000 },
				172	},
				173	command: [
				174	"/devtools/issues/b",
				175	],
				176	},
				177	},
				178	},
				179	},
				180	},
				181	},
				182	svc: app.ns.Contain(kube.Service("b")) {
				183	target_pod:: app.b.deployment.spec.template,
				184	},
				185	ingress: app.ns.Contain(kube.Ingress("b")) {
				186	metadata+: {
				187	annotations+: {
				188	"kubernetes.io/tls-acme": "true",
				189	"certmanager.k8s.io/cluster-issuer": "letsencrypt-prod",
				190	"nginx.ingress.kubernetes.io/proxy-body-size": "0",
				191	},
				192	},
				193	spec+: {
				194	tls: [
				195	{
				196	hosts: cfg.b.domains,
				197	secretName: "b-tls",
				198	},
				199	],
				200	rules: [
				201	{
				202	host: domain,
				203	http: {
				204	paths: [
				205	{ path: "/", backend: app.b.svc.name_port },
				206	]
				207	},
				208	}
				209	for domain in cfg.b.domains
				210	],
				211	},
				212	}
				213	} else {}),
				214
Piotr Dobrowolski	0572fff	2021-02-06 22:23:53 +0100	[diff] [blame]	215	}