Gitiles
Code Review Sign In
gerrit.hackerspace.pl / hscloud / 973076c0fbddacddf275242c2d6d174da6e4c617 / . / app / covid-formity / prod.jsonnet
blob: a6ca8ab953a478e001659ab1410d876503b739d6 [file] [log] [blame]
Piotr Dobrowolski973076c2020-03-26 21:19:01 +0100[diff] [blame^]1# covid19.hackerspace.pl, a covid-formity instance.
2# This needs a secret provisioned, create with:
3# kubectl -n covid-formity create secret generic covid-formity --from-literal=postgres_password=$(pwgen 24 1) --from-literal=secret_key=$(pwgen 24 1) --from-literal=oauth2_secret=...
4
5local kube = import "../../kube/kube.libsonnet";
6local postgres = import "../../kube/postgres.libsonnet";
7
8{
9 local app = self,
10 local cfg = app.cfg,
11 cfg:: {
12 namespace: "covid-formity",
13 image: "registry.k0.hswaw.net/informatic/covid-formity@sha256:8295f5b6d71266fb758c103210f12380f15903ba2467ead0e48ae0df16b6d608",
14 domain: "covid19.hackerspace.pl",
15 altDomains: ["covid.hackerspace.pl"],
16 },
17
18 metadata(component):: {
19 namespace: app.cfg.namespace,
20 labels: {
21 "app.kubernetes.io/name": "covid-formity",
22 "app.kubernetes.io/managed-by": "kubecfg",
23 "app.kubernetes.io/component": component,
24 },
25 },
26
27 namespace: kube.Namespace(app.cfg.namespace),
28
29 postgres: postgres {
30 cfg+: {
31 namespace: cfg.namespace,
32 appName: "covid-formity",
33 database: "covid-formity",
34 username: "covid-formity",
35 password: { secretKeyRef: { name: "covid-formity", key: "postgres_password" } },
36 },
37 },
38
39 deployment: kube.Deployment("covid-formity") {
40 metadata+: app.metadata("covid-formity"),
41 spec+: {
42 replicas: 1,
43 template+: {
44 spec+: {
45 containers_: {
46 web: kube.Container("covid-formity") {
47 image: cfg.image,
48 ports_: {
49 http: { containerPort: 5000 },
50 },
51 env_: {
52 DATABASE_HOSTNAME: "postgres",
53 DATABASE_USERNAME: app.postgres.cfg.username,
54 DATABASE_PASSWORD: app.postgres.cfg.password,
55 DATABASE_NAME: app.postgres.cfg.appName,
56 SPACEAUTH_CONSUMER_KEY: "covid-formity",
57 SPACEAUTH_CONSUMER_SECRET: { secretKeyRef: { name: "covid-formity", key: "oauth2_secret" } },
58 SECRET_KEY: { secretKeyRef: { name: "covid-formity", key: "secret_key" } },
59 },
60 },
61 },
62 },
63 },
64 },
65 },
66
67 svc: kube.Service("covid-formity") {
68 metadata+: app.metadata("covid-formity"),
69 target_pod:: app.deployment.spec.template,
70 spec+: {
71 ports: [
72 { name: "http", port: 5000, targetPort: 5000, protocol: "TCP" },
73 ],
74 type: "ClusterIP",
75 },
76 },
77
78 ingress: kube.Ingress("covid-formity") {
79 metadata+: app.metadata("covid-formity") {
80 annotations+: {
81 "kubernetes.io/tls-acme": "true",
82 "certmanager.k8s.io/cluster-issuer": "letsencrypt-prod",
83 "nginx.ingress.kubernetes.io/proxy-body-size": "0",
84 },
85 },
86 spec+: {
87 tls: [
88 {
89 hosts: [cfg.domain] + cfg.altDomains,
90 secretName: "covid-formity-tls",
91 },
92 ],
93 rules: [
94 {
95 host: dom,
96 http: {
97 paths: [
98 { path: "/", backend: app.svc.name_port },
99 ]
100 },
101 }
102 for dom in [cfg.domain] + cfg.altDomains
103 ],
104 },
105 },
106}