Gitiles
Code Review Sign In
gerrit.hackerspace.pl / hscloud / 99ed6a7abb57ee302a1f2f96c0173f7d0b318d5d / . / app / walne / prod.jsonnet
blob: 70dae12d0a4a463b7509ab0522b2aa23a802760c [file] [log] [blame]
radex3fdda9c2023-10-23 22:25:35 +0200[diff] [blame]1local kube = import '../../kube/hscloud.libsonnet';
2
3{
4 local top = self,
5 local cfg = top.cfg,
6
7 cfg:: {
8 name: 'walne',
9 namespace: 'walne',
10 domain: 'walne.hackerspace.pl',
11 image: 'registry.k0.hswaw.net/radex/walne:1698228636',
12 oauthClientId: '992f3daf-a30e-4409-baad-e7b0e4bc2a2e',
13 },
14
15 // kubectl -n walne create secret generic walne --from-literal=ldap_password=xxx --from-literal=oauth_secret=xxx --from-literal=next_auth_secret=$(pwgen 32 1)
16 secrets:: {
17 ldap: { secretKeyRef: { name: cfg.name, key: 'ldap_password' },},
18 ouath: { secretKeyRef: { name: cfg.name, key: 'oauth_secret' } },
19 nextAuth: { secretKeyRef: { name: cfg.name, key: 'next_auth_secret' } },
20 },
21
radex99ed6a72023-11-24 11:42:55 +0100[diff] [blame^]22 local ns = kube.Namespace(cfg.namespace),
23
24 deployment: ns.Contain(kube.Deployment(cfg.name)) {
radex3fdda9c2023-10-23 22:25:35 +0200[diff] [blame]25 spec+: {
26 template+: {
27 spec+: {
28 containers_: {
29 default: kube.Container('default') {
30 image: cfg.image,
31 ports_: {
32 web: { containerPort: 3000 },
33 },
34 env_: {
35 LDAP_USER_DN: 'cn=walone-generator,ou=services,dc=hackerspace,dc=pl',
36 LDAP_USER_PW: top.secrets.ldap,
37 ALLOWED_LDAP_GROUPS: 'zarzad,rewizja,staff,walne-users',
38 HSWAW_AUTH_CLIENT_ID: cfg.oauthClientId,
39 HSWAW_AUTH_CLIENT_SECRET: top.secrets.ouath,
40 AUTH_SECRET: top.secrets.nextAuth,
41 REDIRECT_PROXY_URL: 'https://' + cfg.domain + '/auth',
42 },
43 },
44 },
45 },
46 },
47 },
48 },
49
radex99ed6a72023-11-24 11:42:55 +0100[diff] [blame^]50 service: ns.Contain(kube.Service(cfg.name)) {
radex8b8f3872023-11-24 11:09:46 +0100[diff] [blame]51 target:: top.deployment,
radex3fdda9c2023-10-23 22:25:35 +0200[diff] [blame]52 },
53
radex99ed6a72023-11-24 11:42:55 +0100[diff] [blame^]54 ingress: ns.Contain(kube.SimpleIngress(cfg.name)) {
radex3fdda9c2023-10-23 22:25:35 +0200[diff] [blame]55 hosts:: [cfg.domain],
56 target_service:: top.service,
57 },
58}