Gitiles
Code Review Sign In
gerrit.hackerspace.pl / hscloud / 7a4c27d28cfa9c90473ec3092e122887400c40e6 / . / app / onlyoffice / prod.jsonnet
blob: 3d492b0a391461575dab8ec595db9f96172a527a [file] [log] [blame]
Serge Bazanski06b61d42020-09-15 18:21:35 +0000[diff] [blame]1// ONLYOFFICE document server.
2// JWT secret needs to be generated as follows per environment:
3// kubectl -n onlyoffice-prod create secret generic documentserver-jwt --from-literal=jwt=$(pwgen 32 1)
4
Radek Pietruszewskif5844312023-10-27 22:41:18 +0200[diff] [blame]5local kube = import "../../kube/hscloud.libsonnet";
Serge Bazanski06b61d42020-09-15 18:21:35 +0000[diff] [blame]6
7{
8 onlyoffice:: {
radexc995c212023-11-24 12:01:49 +0100[diff] [blame]9 local top = self,
10 local cfg = top.cfg,
Serge Bazanski06b61d42020-09-15 18:21:35 +0000[diff] [blame]11 cfg:: {
12 namespace: error "cfg.namespace must be set",
Piotr Dobrowolski49787062022-02-09 21:30:16 +0100[diff] [blame]13 image: "onlyoffice/documentserver:7.0.0.132",
Serge Bazanski06b61d42020-09-15 18:21:35 +0000[diff] [blame]14 storageClassName: "waw-hdd-redundant-3",
15 domain: error "cfg.domain must be set",
16 },
17
radex1439fde2023-11-24 12:22:22 +0100[diff] [blame]18 secretRefs:: {
19 jwt: { secretKeyRef: { name: "documentserver-jwt", key: "jwt", } },
20 },
21
radex99ed6a72023-11-24 11:42:55 +0100[diff] [blame]22 local ns = kube.Namespace(cfg.namespace),
Serge Bazanski06b61d42020-09-15 18:21:35 +0000[diff] [blame]23
radex99ed6a72023-11-24 11:42:55 +0100[diff] [blame]24 pvc: ns.Contain(kube.PersistentVolumeClaim("documentserver")) {
radex36964dc2023-11-24 11:19:46 +0100[diff] [blame]25 storage:: "10Gi",
26 storageClass:: cfg.storageClassName,
Serge Bazanski06b61d42020-09-15 18:21:35 +0000[diff] [blame]27 },
28
radex99ed6a72023-11-24 11:42:55 +0100[diff] [blame]29 deploy: ns.Contain(kube.Deployment("documentserver")) {
Serge Bazanski06b61d42020-09-15 18:21:35 +0000[diff] [blame]30 spec+: {
31 template+: {
32 spec+: {
33 containers_: {
34 documentserver: kube.Container("default") {
35 image: cfg.image,
36 resources: {
37 requests: { memory: "4G", cpu: "100m" },
38 limits: { memory: "8G", cpu: "2" },
39 },
40 env_: {
41 JWT_ENABLED: "true",
radex1439fde2023-11-24 12:22:22 +0100[diff] [blame]42 JWT_SECRET: top.secretRefs.jwt,
Serge Bazanski06b61d42020-09-15 18:21:35 +0000[diff] [blame]43 },
44 ports_: {
45 http: { containerPort: 80 },
46 },
47 local make(sp, p) = { name: "data", mountPath: p, subPath: sp },
48 volumeMounts: [
49 // Per upstream Dockerfile:
Radek Pietruszewskif5844312023-10-27 22:41:18 +0200[diff] [blame]50 // VOLUME /var/log/$COMPANY_NAME /var/lib/$COMPANY_NAME
Serge Bazanski06b61d42020-09-15 18:21:35 +0000[diff] [blame]51 // /var/www/$COMPANY_NAME/Data /var/lib/postgresql
52 // /var/lib/rabbitmq /var/lib/redis
53 // /usr/share/fonts/truetype/custom
54 make("log", "/var/log/onlyoffice"),
55 make("www-data", "/var/www/onlyoffice/Data"),
56 make("postgres", "/var/lib/postgresql"),
57 make("rabbit", "/var/lib/rabbitmq"),
58 make("redis", "/var/lib/redis"),
59 make("fonts", "/usr/share/fonts/truetype/custom"),
60 ],
61 },
62 },
63 volumes_: {
radexc995c212023-11-24 12:01:49 +0100[diff] [blame]64 data: kube.PersistentVolumeClaimVolume(top.pvc),
Serge Bazanski06b61d42020-09-15 18:21:35 +0000[diff] [blame]65 },
66 },
67 },
68 },
69 },
70
radex99ed6a72023-11-24 11:42:55 +0100[diff] [blame]71 svc: ns.Contain(kube.Service("documentserver")) {
radexc995c212023-11-24 12:01:49 +0100[diff] [blame]72 target:: top.deploy,
Serge Bazanski06b61d42020-09-15 18:21:35 +0000[diff] [blame]73 },
Radek Pietruszewskif5844312023-10-27 22:41:18 +0200[diff] [blame]74
radex99ed6a72023-11-24 11:42:55 +0100[diff] [blame]75 ingress: ns.Contain(kube.SimpleIngress("office")) {
Radek Pietruszewskif5844312023-10-27 22:41:18 +0200[diff] [blame]76 hosts:: [cfg.domain],
radexd45584a2023-11-24 12:51:57 +0100[diff] [blame]77 target:: top.svc,
Serge Bazanski06b61d42020-09-15 18:21:35 +0000[diff] [blame]78 },
Serge Bazanski06b61d42020-09-15 18:21:35 +0000[diff] [blame]79 },
80
81 prod: self.onlyoffice {
82 cfg+: {
83 namespace: "onlyoffice-prod",
84 domain: "office.hackerspace.pl",
85 },
86 },
87}