| radex | a364934 | 2023-09-23 09:34:58 +0200 | [diff] [blame^] | 1 | local kube = import "../../kube/kube.libsonnet"; |
| 2 | |
| 3 | { |
| 4 | local top = self, |
| 5 | local cfg = self.cfg, |
| 6 | |
| 7 | cfg:: { |
| 8 | name: 'site', |
| 9 | namespace: 'site', |
| 10 | domains: [ |
| 11 | 'hackerspace.pl', |
| 12 | 'www.hackerspace.pl', |
| 13 | ], |
| 14 | image: 'registry.k0.hswaw.net/q3k/hswaw-site@sha256:ba8b5ca2aab81edd7a1f5bcc1e75253d7573e199463e7e56aaf18ad4380d681b', |
| 15 | }, |
| 16 | |
| 17 | ns: kube.Namespace(cfg.namespace), |
| 18 | |
| 19 | deployment: top.ns.Contain(kube.Deployment(cfg.name)) { |
| 20 | spec+: { |
| 21 | replicas: 3, |
| 22 | template+: { |
| 23 | spec+: { |
| 24 | containers_: { |
| 25 | default: kube.Container("default") { |
| 26 | image: cfg.image, |
| 27 | command: [ |
| 28 | "/hswaw/site/site", |
| 29 | "-hspki_disable", |
| 30 | "-logtostderr", |
| 31 | ], |
| 32 | resources: { |
| 33 | requests: { cpu: "25m", memory: "64Mi" }, |
| 34 | limits: { cpu: "500m", memory: "128Mi" }, |
| 35 | }, |
| 36 | ports_: { |
| 37 | http: { containerPort: 8080 }, |
| 38 | }, |
| 39 | }, |
| 40 | }, |
| 41 | }, |
| 42 | }, |
| 43 | }, |
| 44 | }, |
| 45 | |
| 46 | service: top.ns.Contain(kube.Service(cfg.name)) { |
| 47 | target_pod:: top.deployment.spec.template, |
| 48 | }, |
| 49 | |
| 50 | ingress: top.ns.Contain(kube.Ingress(cfg.name)) { |
| 51 | metadata+: { |
| 52 | annotations+: { |
| 53 | "kubernetes.io/tls-acme": "true", |
| 54 | "cert-manager.io/cluster-issuer": "letsencrypt-prod", |
| 55 | "nginx.ingress.kubernetes.io/proxy-body-size": "0", |
| 56 | }, |
| 57 | }, |
| 58 | spec+: { |
| 59 | tls: [ { hosts: cfg.domains, secretName: cfg.name + "-tls" } ], |
| 60 | rules: [ |
| 61 | { |
| 62 | host: domain, |
| 63 | http: { |
| 64 | paths: [ |
| 65 | { path: "/", backend: top.service.name_port }, |
| 66 | ], |
| 67 | }, |
| 68 | } |
| 69 | for domain in cfg.domains |
| 70 | ], |
| 71 | }, |
| 72 | }, |
| 73 | } |