| Dariusz Niemczyk | 62b83e0 | 2023-08-13 20:14:15 +0200 | [diff] [blame^] | 1 | local kube = import '../../kube/kube.libsonnet'; |
| 2 | local postgres = import '../../kube/postgres_v.libsonnet'; |
| 3 | |
| 4 | { |
| 5 | local top = self, |
| 6 | local cfg = top.cfg, |
| 7 | |
| 8 | cfg:: { |
| 9 | name: 'inventory', |
| 10 | namespace: 'inventory', |
| 11 | domain: 'inventory.hackerspace.pl', |
| 12 | |
| 13 | image: 'registry.k0.hswaw.net/palid/spejstore:1694280421', |
| 14 | db: { |
| 15 | name: 'inventory', |
| 16 | username: 'inventory', |
| 17 | }, |
| 18 | oauthClientId: '82fffb65-0bbd-4d18-becd-0ce0b31373cf', |
| 19 | storageClassName: 'waw-hdd-redundant-3', |
| 20 | |
| 21 | mediaPath: '/var/www/media', |
| 22 | }, |
| 23 | |
| 24 | secrets:: { |
| 25 | postgres: { secretKeyRef: { name: cfg.name, key: 'postgres_password' } }, |
| 26 | oauth: { secretKeyRef: { name: cfg.name, key: 'oauth_secret' } }, |
| 27 | }, |
| 28 | |
| 29 | ns: kube.Namespace(cfg.namespace), |
| 30 | deployment: top.ns.Contain(kube.Deployment(cfg.name)) { |
| 31 | spec+: { |
| 32 | template+: { |
| 33 | spec+: { |
| 34 | volumes_: { |
| 35 | media: kube.PersistentVolumeClaimVolume(top.media), |
| 36 | }, |
| 37 | containers_: { |
| 38 | default: kube.Container('default') { |
| 39 | image: cfg.image, |
| 40 | ports_: { |
| 41 | web: { containerPort: 8000 }, |
| 42 | }, |
| 43 | env_: { |
| 44 | SPEJSTORE_ENV: 'prod', |
| 45 | SPEJSTORE_DB_NAME: cfg.db.name, |
| 46 | SPEJSTORE_DB_USER: cfg.db.username, |
| 47 | SPEJSTORE_DB_PASSWORD: top.secrets.postgres, |
| 48 | SPEJSTORE_DB_HOST: top.psql.svc.host, |
| 49 | SPEJSTORE_DB_PORT: top.psql.svc.port, |
| 50 | SPEJSTORE_ALLOWED_HOSTS: cfg.domain, |
| 51 | SPEJSTORE_CLIENT_ID: cfg.oauthClientId, |
| 52 | SPEJSTORE_SECRET: top.secrets.oauth, |
| 53 | SPEJSTORE_MEDIA_ROOT: cfg.mediaPath, |
| 54 | SPEJSTORE_REQUIRE_AUTH: 'true', |
| 55 | SPEJSTORE_LAN_ALLOWED_ADDRESS_SPACE: '185.236.240.5', |
| 56 | }, |
| 57 | volumeMounts_: { |
| 58 | media: { mountPath: cfg.mediaPath }, |
| 59 | }, |
| 60 | }, |
| 61 | }, |
| 62 | }, |
| 63 | }, |
| 64 | }, |
| 65 | }, |
| 66 | |
| 67 | media: top.ns.Contain(kube.PersistentVolumeClaim(cfg.name)) { |
| 68 | spec+: { |
| 69 | storageClassName: cfg.storageClassName, |
| 70 | accessModes: ['ReadWriteOnce'], |
| 71 | resources: { |
| 72 | requests: { |
| 73 | storage: '20Gi', |
| 74 | }, |
| 75 | }, |
| 76 | }, |
| 77 | }, |
| 78 | |
| 79 | psql: postgres { |
| 80 | cfg+: { |
| 81 | namespace: cfg.namespace, |
| 82 | appName: cfg.name, |
| 83 | storageClassName: cfg.storageClassName, |
| 84 | version: '15.4', |
| 85 | |
| 86 | database: cfg.db.name, |
| 87 | username: cfg.db.username, |
| 88 | password: top.secrets.postgres, |
| 89 | }, |
| 90 | bouncer: {}, |
| 91 | }, |
| 92 | |
| 93 | service: top.ns.Contain(kube.Service(cfg.name)) { |
| 94 | target_pod:: top.deployment.spec.template, |
| 95 | }, |
| 96 | |
| 97 | ingress: top.ns.Contain(kube.Ingress(cfg.name)) { |
| 98 | metadata+: { |
| 99 | annotations+: { |
| 100 | 'kubernetes.io/tls-acme': 'true', |
| 101 | 'cert-manager.io/cluster-issuer': 'letsencrypt-prod', |
| 102 | 'nginx.ingress.kubernetes.io/proxy-body-size': '0', |
| 103 | }, |
| 104 | }, |
| 105 | spec+: { |
| 106 | tls: [{ hosts: [cfg.domain], secretName: cfg.name + '-tls' }], |
| 107 | rules: [ |
| 108 | { |
| 109 | host: cfg.domain, |
| 110 | http: { |
| 111 | paths: [ |
| 112 | { path: '/', backend: top.service.name_port }, |
| 113 | ], |
| 114 | }, |
| 115 | }, |
| 116 | ], |
| 117 | }, |
| 118 | }, |
| 119 | } |