Gitiles
Code Review Sign In
gerrit.hackerspace.pl / hscloud / 7e3447f3ff5518c10f4c3a6b987889e13a33ef3d / . / app / covid-formity / prod.jsonnet
blob: 25235b946fcef55d3badbcde8141a7998562a1e1 [file] [log] [blame]
Piotr Dobrowolski973076c2020-03-26 21:19:01 +0100[diff] [blame]1# covid19.hackerspace.pl, a covid-formity instance.
2# This needs a secret provisioned, create with:
3# kubectl -n covid-formity create secret generic covid-formity --from-literal=postgres_password=$(pwgen 24 1) --from-literal=secret_key=$(pwgen 24 1) --from-literal=oauth2_secret=...
4
5local kube = import "../../kube/kube.libsonnet";
Piotr Dobrowolskie60250c2020-05-17 10:06:49 +0200[diff] [blame]6local redis = import "../../kube/redis.libsonnet";
Piotr Dobrowolski973076c2020-03-26 21:19:01 +0100[diff] [blame]7local postgres = import "../../kube/postgres.libsonnet";
8
9{
10 local app = self,
11 local cfg = app.cfg,
12 cfg:: {
13 namespace: "covid-formity",
Piotr Dobrowolskie60250c2020-05-17 10:06:49 +0200[diff] [blame]14 image: "registry.k0.hswaw.net/informatic/covid-formity@sha256:53c5fb0dbc4a6660ab47e39869a516f1e3f833dee5a03867386771bd9ffaf7b8",
Piotr Dobrowolski973076c2020-03-26 21:19:01 +0100[diff] [blame]15 domain: "covid19.hackerspace.pl",
Piotr Dobrowolski1be143c2020-03-27 13:18:32 +0100[diff] [blame]16 altDomains: ["covid.hackerspace.pl", "www.covid.hackerspace.pl"],
Piotr Dobrowolski973076c2020-03-26 21:19:01 +0100[diff] [blame]17 },
18
19 metadata(component):: {
20 namespace: app.cfg.namespace,
21 labels: {
22 "app.kubernetes.io/name": "covid-formity",
23 "app.kubernetes.io/managed-by": "kubecfg",
24 "app.kubernetes.io/component": component,
25 },
26 },
27
28 namespace: kube.Namespace(app.cfg.namespace),
29
30 postgres: postgres {
31 cfg+: {
32 namespace: cfg.namespace,
33 appName: "covid-formity",
34 database: "covid-formity",
35 username: "covid-formity",
36 password: { secretKeyRef: { name: "covid-formity", key: "postgres_password" } },
37 },
38 },
39
Piotr Dobrowolskie60250c2020-05-17 10:06:49 +0200[diff] [blame]40 redis: redis {
41 cfg+: {
42 namespace: cfg.namespace,
43 appName: "covid-formity",
44 storageClassName: app.postgres.cfg.storageClassName,
45 },
46 },
47
Piotr Dobrowolski973076c2020-03-26 21:19:01 +0100[diff] [blame]48 deployment: kube.Deployment("covid-formity") {
49 metadata+: app.metadata("covid-formity"),
50 spec+: {
51 replicas: 1,
52 template+: {
53 spec+: {
54 containers_: {
55 web: kube.Container("covid-formity") {
56 image: cfg.image,
57 ports_: {
58 http: { containerPort: 5000 },
59 },
60 env_: {
61 DATABASE_HOSTNAME: "postgres",
62 DATABASE_USERNAME: app.postgres.cfg.username,
63 DATABASE_PASSWORD: app.postgres.cfg.password,
64 DATABASE_NAME: app.postgres.cfg.appName,
65 SPACEAUTH_CONSUMER_KEY: "covid-formity",
66 SPACEAUTH_CONSUMER_SECRET: { secretKeyRef: { name: "covid-formity", key: "oauth2_secret" } },
67 SECRET_KEY: { secretKeyRef: { name: "covid-formity", key: "secret_key" } },
Piotr Dobrowolskie60250c2020-05-17 10:06:49 +0200[diff] [blame]68 SHIPPING_KURJERZY_EMAIL: "qrde@hackerspace.pl",
69 SHIPPING_KURJERZY_PASSWORD: { secretKeyRef: { name: "covid-formity-shipping", key: "kurjerzy_password" } },
Piotr Dobrowolski973076c2020-03-26 21:19:01 +0100[diff] [blame]70 },
71 },
72 },
73 },
74 },
75 },
76 },
77
78 svc: kube.Service("covid-formity") {
79 metadata+: app.metadata("covid-formity"),
80 target_pod:: app.deployment.spec.template,
81 spec+: {
82 ports: [
83 { name: "http", port: 5000, targetPort: 5000, protocol: "TCP" },
84 ],
85 type: "ClusterIP",
86 },
87 },
88
89 ingress: kube.Ingress("covid-formity") {
90 metadata+: app.metadata("covid-formity") {
91 annotations+: {
92 "kubernetes.io/tls-acme": "true",
93 "certmanager.k8s.io/cluster-issuer": "letsencrypt-prod",
94 "nginx.ingress.kubernetes.io/proxy-body-size": "0",
Piotr Dobrowolski1be143c2020-03-27 13:18:32 +0100[diff] [blame]95 "nginx.ingress.kubernetes.io/configuration-snippet": "
96 location /qr1 { rewrite ^/qr1(.*)$ https://covid.hackerspace.pl$1 redirect; }
97 location /video { return 302 https://youtu.be/eC19w2NFO0E; }
98 location /manual { return 302 https://wiki.hackerspace.pl/_media/projects:covid-19:przylbica-instrukcja-v1.0.pdf; }
99 ",
Piotr Dobrowolski973076c2020-03-26 21:19:01 +0100[diff] [blame]100 },
101 },
102 spec+: {
103 tls: [
104 {
105 hosts: [cfg.domain] + cfg.altDomains,
106 secretName: "covid-formity-tls",
107 },
108 ],
109 rules: [
110 {
111 host: dom,
112 http: {
113 paths: [
114 { path: "/", backend: app.svc.name_port },
115 ]
116 },
117 }
118 for dom in [cfg.domain] + cfg.altDomains
119 ],
120 },
121 },
122}