radex | 3fdda9c | 2023-10-23 22:25:35 +0200 | [diff] [blame] | 1 | local kube = import '../../kube/hscloud.libsonnet'; |
| 2 | |
| 3 | { |
| 4 | local top = self, |
| 5 | local cfg = top.cfg, |
| 6 | |
| 7 | cfg:: { |
| 8 | name: 'walne', |
| 9 | namespace: 'walne', |
| 10 | domain: 'walne.hackerspace.pl', |
| 11 | image: 'registry.k0.hswaw.net/radex/walne:1698228636', |
| 12 | oauthClientId: '992f3daf-a30e-4409-baad-e7b0e4bc2a2e', |
| 13 | }, |
| 14 | |
| 15 | // kubectl -n walne create secret generic walne --from-literal=ldap_password=xxx --from-literal=oauth_secret=xxx --from-literal=next_auth_secret=$(pwgen 32 1) |
| 16 | secrets:: { |
| 17 | ldap: { secretKeyRef: { name: cfg.name, key: 'ldap_password' },}, |
| 18 | ouath: { secretKeyRef: { name: cfg.name, key: 'oauth_secret' } }, |
| 19 | nextAuth: { secretKeyRef: { name: cfg.name, key: 'next_auth_secret' } }, |
| 20 | }, |
| 21 | |
| 22 | ns: kube.Namespace(cfg.namespace), |
| 23 | deployment: top.ns.Contain(kube.Deployment(cfg.name)) { |
| 24 | spec+: { |
| 25 | template+: { |
| 26 | spec+: { |
| 27 | containers_: { |
| 28 | default: kube.Container('default') { |
| 29 | image: cfg.image, |
| 30 | ports_: { |
| 31 | web: { containerPort: 3000 }, |
| 32 | }, |
| 33 | env_: { |
| 34 | LDAP_USER_DN: 'cn=walone-generator,ou=services,dc=hackerspace,dc=pl', |
| 35 | LDAP_USER_PW: top.secrets.ldap, |
| 36 | ALLOWED_LDAP_GROUPS: 'zarzad,rewizja,staff,walne-users', |
| 37 | HSWAW_AUTH_CLIENT_ID: cfg.oauthClientId, |
| 38 | HSWAW_AUTH_CLIENT_SECRET: top.secrets.ouath, |
| 39 | AUTH_SECRET: top.secrets.nextAuth, |
| 40 | REDIRECT_PROXY_URL: 'https://' + cfg.domain + '/auth', |
| 41 | }, |
| 42 | }, |
| 43 | }, |
| 44 | }, |
| 45 | }, |
| 46 | }, |
| 47 | }, |
| 48 | |
| 49 | service: top.ns.Contain(kube.Service(cfg.name)) { |
| 50 | target_pod:: top.deployment.spec.template, |
| 51 | }, |
| 52 | |
| 53 | ingress: top.ns.Contain(kube.SimpleIngress(cfg.name)) { |
| 54 | hosts:: [cfg.domain], |
| 55 | target_service:: top.service, |
| 56 | }, |
| 57 | } |