Gitiles
Code Review Sign In
gerrit.hackerspace.pl / hscloud / 63ce423ebbd7afd4575fb02677e5e81c681b037d / . / hswaw / site / prod.jsonnet
blob: 4d299a2b4eeaa60dc485b80973451e11c100bfe0 [file] [log] [blame]
radexa3649342023-09-23 09:34:58 +0200[diff] [blame]1local kube = import "../../kube/kube.libsonnet";
2
3{
4 local top = self,
5 local cfg = self.cfg,
6
7 cfg:: {
8 name: 'site',
9 namespace: 'site',
10 domains: [
Serge Bazanski63ce4232023-10-09 23:41:15 +0000[diff] [blame^]11 'new.hackerspace.pl',
radexa3649342023-09-23 09:34:58 +0200[diff] [blame]12 ],
13 image: 'registry.k0.hswaw.net/q3k/hswaw-site@sha256:ba8b5ca2aab81edd7a1f5bcc1e75253d7573e199463e7e56aaf18ad4380d681b',
14 },
15
16 ns: kube.Namespace(cfg.namespace),
17
18 deployment: top.ns.Contain(kube.Deployment(cfg.name)) {
19 spec+: {
20 replicas: 3,
21 template+: {
22 spec+: {
23 containers_: {
24 default: kube.Container("default") {
25 image: cfg.image,
26 command: [
27 "/hswaw/site/site",
28 "-hspki_disable",
29 "-logtostderr",
30 ],
31 resources: {
32 requests: { cpu: "25m", memory: "64Mi" },
33 limits: { cpu: "500m", memory: "128Mi" },
34 },
35 ports_: {
36 http: { containerPort: 8080 },
37 },
38 },
39 },
40 },
41 },
42 },
43 },
44
45 service: top.ns.Contain(kube.Service(cfg.name)) {
46 target_pod:: top.deployment.spec.template,
47 },
48
49 ingress: top.ns.Contain(kube.Ingress(cfg.name)) {
50 metadata+: {
51 annotations+: {
52 "kubernetes.io/tls-acme": "true",
53 "cert-manager.io/cluster-issuer": "letsencrypt-prod",
54 "nginx.ingress.kubernetes.io/proxy-body-size": "0",
55 },
56 },
57 spec+: {
58 tls: [ { hosts: cfg.domains, secretName: cfg.name + "-tls" } ],
59 rules: [
60 {
61 host: domain,
62 http: {
63 paths: [
64 { path: "/", backend: top.service.name_port },
65 ],
66 },
67 }
68 for domain in cfg.domains
69 ],
70 },
71 },
72}