Gitiles
Code Review Sign In
gerrit.hackerspace.pl / hscloud / d45584aa6d15eb6390efdda9539296644aa6142e / . / app / matrix / lib / cas.libsonnet
blob: 8c7ed40cc84a145528eb49d3709b10fbe8662d25 [file] [log] [blame]
Piotr Dobrowolskib67ae482021-01-31 10:35:38 +0100[diff] [blame]1local kube = import "../../../kube/kube.libsonnet";
2
3{
radexc995c212023-11-24 12:01:49 +0100[diff] [blame]4 local top = self,
5 local cfg = top.cfg,
Piotr Dobrowolskib67ae482021-01-31 10:35:38 +0100[diff] [blame]6 cfg:: {
7 image: error "cfg.image must be set",
8
9 # webDomain is the domain name at which matrix instance/cas proxy is served
10 webDomain: error "cfg.webDomain must be set",
11
12 oauth2: error "cfg.oauth2 must be set",
13 },
14
15 ns:: error "ns needs to be a kube.Namespace object",
radexc995c212023-11-24 12:01:49 +0100[diff] [blame]16 local ns = top.ns,
Piotr Dobrowolskib67ae482021-01-31 10:35:38 +0100[diff] [blame]17
radex99ed6a72023-11-24 11:42:55 +0100[diff] [blame]18 deployment: ns.Contain(kube.Deployment("oauth2-cas-proxy")) {
Piotr Dobrowolskib67ae482021-01-31 10:35:38 +0100[diff] [blame]19 spec+: {
20 replicas: 1,
21 template+: {
22 spec+: {
23 containers_: {
24 proxy: kube.Container("oauth2-cas-proxy") {
25 image: cfg.image,
26 ports_: {
27 http: { containerPort: 5000 },
28 },
29 env_: {
30 BASE_URL: "https://%s" % [cfg.webDomain],
31 SERVICE_URL: "https://%s" % [cfg.webDomain],
32 OAUTH2_CLIENT: cfg.oauth2.clientID,
33 OAUTH2_SECRET: cfg.oauth2.clientSecret,
34 OAUTH2_SCOPE: cfg.oauth2.scope,
35 OAUTH2_AUTHORIZE: cfg.oauth2.authorizeURL,
36 OAUTH2_TOKEN: cfg.oauth2.tokenURL,
37 OAUTH2_USERINFO: cfg.oauth2.userinfoURL,
38 },
39 },
40 },
41 },
42 },
43 },
44 },
45
radex99ed6a72023-11-24 11:42:55 +0100[diff] [blame]46 svc: ns.Contain(kube.Service("oauth2-cas-proxy")) {
radexc995c212023-11-24 12:01:49 +0100[diff] [blame]47 target:: top.deployment,
Piotr Dobrowolskib67ae482021-01-31 10:35:38 +0100[diff] [blame]48 },
49}