| Sergiusz Bazanski | 74818e1 | 2020-02-18 22:56:21 +0100 | [diff] [blame] | 1 | local mirko = import "../../kube/mirko.libsonnet"; |
| 2 | local kube = import "../../kube/kube.libsonnet"; |
| 3 | local postgres = import "../../kube/postgres.libsonnet"; |
| 4 | local redis = import "../../kube/redis.libsonnet"; |
| 5 | |
| 6 | // Copy over the secret from the ceph cluster namespace to the environment |
| 7 | // namespace. Eg. |
| 8 | // cluster=ceph-waw3 |
| 9 | // pool=waw-hdd-redundant-3-object |
| 10 | // namespace=hswaw-prod |
| 11 | // kubectl get -n $cluster secret rook-ceph-object-user-$pool-$namespace-pretalx-s3 -o json > hswaw/kube/secrets/plain/prod-pretalx-s3.json |
| 12 | |
| 13 | { |
| 14 | local cfg = self.cfg, |
| 15 | cfg:: { |
| 16 | // q3k's fork for S3 support (q3k/s3) |
| 17 | image: "registry.k0.hswaw.net/q3k/pretalx-docker:20200217-1581977177", |
| 18 | storageClassName: error "storageClassName must be set!", |
| 19 | webFQDN: error "webFQDN must be set!", |
| 20 | |
| 21 | smtpPassword: error "smtpPassword must be set!", |
| 22 | |
| 23 | s3: { |
| 24 | cluster: "ceph-waw3", |
| 25 | pool: "waw-hdd-redundant-3-object", |
| 26 | credsSecret: error "credsSecret msut be set", |
| 27 | }, |
| 28 | |
| 29 | smtp: { |
| 30 | server: "mail.hackerspace.pl", |
| 31 | from: "pretalx@hackerspace.pl", |
| 32 | username: "pretalx", |
| 33 | }, |
| 34 | }, |
| 35 | |
| 36 | component(cfg, env): mirko.Component(env, "pretalx") { |
| 37 | local pretalx = self, |
| 38 | cfg+: { |
| 39 | image: cfg.image, |
| 40 | volumes+: { |
| radex | 4ffc64d | 2023-11-24 13:28:57 +0100 | [diff] [blame] | 41 | data: pretalx.volumeData.volume, |
| Sergiusz Bazanski | 74818e1 | 2020-02-18 22:56:21 +0100 | [diff] [blame] | 42 | config: kube.SecretVolume(pretalx.config), |
| 43 | }, |
| 44 | |
| 45 | pgpass:: { secretKeyRef: { name: pretalx.makeName("-postgres"), key: "postgres_password", } }, |
| 46 | |
| 47 | containers:: { |
| 48 | default: pretalx.Container("main") { |
| 49 | volumeMounts_+: { |
| 50 | data: { mountPath: "/data", }, |
| 51 | config: { mountPath: "/etc/pretalx" }, |
| 52 | }, |
| 53 | workingDir: "/pretalx/src", |
| 54 | command: [ |
| 55 | "gunicorn", "pretalx.wsgi", |
| 56 | "--name", "pretalx", |
| 57 | "--workers", "4", |
| 58 | "--max-requests", "1200", |
| 59 | "--max-requests-jitter", "50", |
| 60 | "--log-level", "info", |
| 61 | "--bind", "0.0.0.0:8080", |
| 62 | ], |
| 63 | env_: { |
| 64 | PRETALX_DB_PASS: pretalx.cfg.pgpass, |
| 65 | HOME: "/pretalx", |
| 66 | PRETALX_DATA_DIR: "/data", |
| 67 | }, |
| 68 | resources: { |
| 69 | // thicc Python |
| 70 | requests: { |
| 71 | cpu: "100m", |
| 72 | memory: "512Mi", |
| 73 | }, |
| 74 | limits: { |
| 75 | cpu: "1", |
| 76 | memory: "2Gi", |
| 77 | }, |
| 78 | }, |
| 79 | }, |
| 80 | worker: pretalx.Container("worker") { |
| 81 | volumeMounts_+: { |
| 82 | data: { mountPath: "/data", }, |
| 83 | config: { mountPath: "/etc/pretalx" }, |
| 84 | }, |
| 85 | workingDir: "/pretalx/src", |
| 86 | command: [ |
| 87 | "celery", "-A", "pretalx.celery_app", "worker", |
| 88 | "-l", "info", |
| 89 | ], |
| 90 | env_: { |
| 91 | PRETALX_DB_PASS: pretalx.cfg.pgpass, |
| 92 | HOME: "/pretalx", |
| 93 | PRETALX_DATA_DIR: "/data", |
| 94 | }, |
| 95 | resources: { |
| 96 | // thicc Python |
| 97 | requests: { |
| 98 | cpu: "100m", |
| 99 | memory: "512Mi", |
| 100 | }, |
| 101 | limits: { |
| 102 | cpu: "1", |
| 103 | memory: "2Gi", |
| 104 | }, |
| 105 | }, |
| 106 | }, |
| 107 | }, |
| 108 | securityContext: { |
| 109 | runAsUser: 999, |
| 110 | }, |
| 111 | ports+: { |
| 112 | publicHTTP: { |
| 113 | web: { |
| 114 | port: 8080, |
| 115 | dns: cfg.webFQDN, |
| 116 | }, |
| 117 | }, |
| 118 | }, |
| 119 | }, |
| 120 | |
| 121 | secret: kube.Secret(pretalx.makeName("secret")) { |
| 122 | metadata+: pretalx.metadata, |
| 123 | data: { |
| 124 | smtpPassword: cfg.smtpPassword, |
| 125 | }, |
| 126 | }, |
| 127 | |
| 128 | cronjob: kube.CronJob(pretalx.makeName("runperiodic")) { |
| 129 | metadata+: pretalx.metadata, |
| 130 | spec+: { |
| 131 | schedule: "*/5 * * * *", |
| 132 | jobTemplate+: { |
| 133 | spec+: { |
| 134 | selector:: null, |
| 135 | template+: { |
| 136 | spec+: { |
| 137 | containers_: { |
| 138 | runperiodic: kube.Container("runperiodic") { |
| 139 | image: cfg.image, |
| 140 | workingDir: "/pretalx/src", |
| 141 | volumeMounts_+: { |
| 142 | config: { mountPath: "/etc/pretalx" }, |
| 143 | }, |
| 144 | env_: { |
| 145 | PRETALX_DB_PASS: pretalx.cfg.pgpass, |
| 146 | HOME: "/pretalx", |
| 147 | PRETALX_DATA_DIR: "/data", |
| 148 | }, |
| 149 | command: [ |
| 150 | "python3", "-m", "pretalx", |
| 151 | "runperiodic", |
| 152 | ], |
| 153 | }, |
| 154 | }, |
| 155 | securityContext: { |
| 156 | runAsUser: 999, |
| 157 | }, |
| 158 | volumes_+: { |
| 159 | config: kube.SecretVolume(pretalx.config), |
| 160 | }, |
| 161 | }, |
| 162 | }, |
| 163 | }, |
| 164 | }, |
| 165 | }, |
| 166 | }, |
| 167 | |
| 168 | config: kube.Secret(pretalx.makeName("-config")) { |
| 169 | metadata+: pretalx.metadata, |
| 170 | data: { |
| 171 | "pretalx.cfg": std.base64(std.manifestIni({ |
| 172 | sections: { |
| 173 | filesystem: { |
| 174 | data: "/data", media: "/data/media", logs: "/data/logs", |
| 175 | }, |
| 176 | site: { |
| 177 | debug: false, |
| 178 | url: "https://%s" % cfg.webFQDN, |
| 179 | }, |
| 180 | s3media: { |
| 181 | bucket: "pretalx-prod", |
| 182 | access_key_id: std.base64Decode(cfg.s3.credsSecret.data.AccessKey), |
| 183 | secret_access_key: std.base64Decode(cfg.s3.credsSecret.data.SecretKey), |
| 184 | endpoint: "https://object.ceph-waw3.hswaw.net", |
| 185 | }, |
| 186 | database: { |
| 187 | backend: "postgresql", |
| 188 | name: "pretalx", |
| 189 | user: "pretalx", |
| 190 | // password: ... // provided by environment variable from secret |
| radex | 5a12c40 | 2023-11-16 22:44:58 +0100 | [diff] [blame] | 191 | host: pretalx.postgres.bouncer.host, |
| Sergiusz Bazanski | 74818e1 | 2020-02-18 22:56:21 +0100 | [diff] [blame] | 192 | //port: 5432 |
| 193 | }, |
| 194 | mail: { |
| 195 | from: cfg.smtp.from, |
| 196 | host: cfg.smtp.server, |
| 197 | port: 587, |
| 198 | user: cfg.smtp.username, |
| 199 | password: cfg.smtpPassword, |
| 200 | tls: "True", |
| 201 | }, |
| 202 | celery: { |
| 203 | backend: "redis://%s/1" % [pretalx.redis.svc.host], |
| 204 | broker: "redis://%s/2" % [pretalx.redis.svc.host], |
| 205 | }, |
| 206 | }, |
| 207 | })), |
| 208 | }, |
| 209 | }, |
| 210 | |
| 211 | postgres: postgres { |
| 212 | cfg+: { |
| 213 | namespace: pretalx.metadata.namespace, |
| 214 | appName: pretalx.makeName("-pretalx"), |
| radex | ad91bd2 | 2023-11-16 22:55:45 +0100 | [diff] [blame] | 215 | version: "10.4", |
| Sergiusz Bazanski | 74818e1 | 2020-02-18 22:56:21 +0100 | [diff] [blame] | 216 | storageClassName: cfg.storageClassName, |
| 217 | prefix: pretalx.makeName("-postgres") + "-", |
| 218 | database: "pretalx", |
| 219 | username: "pretalx", |
| 220 | password: pretalx.cfg.pgpass, |
| radex | 5a12c40 | 2023-11-16 22:44:58 +0100 | [diff] [blame] | 221 | bouncer: { |
| 222 | enable: true, |
| 223 | }, |
| Sergiusz Bazanski | 74818e1 | 2020-02-18 22:56:21 +0100 | [diff] [blame] | 224 | }, |
| 225 | }, |
| 226 | |
| 227 | redis: redis { |
| 228 | cfg+: { |
| 229 | namespace: pretalx.metadata.namespace, |
| 230 | appName: pretalx.makeName("-pretalx"), |
| 231 | storageClassName: cfg.storageClassName, |
| 232 | prefix: pretalx.makeName("-redis") + "-", |
| 233 | }, |
| 234 | }, |
| 235 | |
| 236 | volumeData: kube.PersistentVolumeClaim(pretalx.makeName("-data")) { |
| 237 | metadata+: pretalx.metadata, |
| radex | 36964dc | 2023-11-24 11:19:46 +0100 | [diff] [blame] | 238 | storage:: "5Gi", |
| 239 | storageClass:: cfg.storageClassName, |
| Sergiusz Bazanski | 74818e1 | 2020-02-18 22:56:21 +0100 | [diff] [blame] | 240 | }, |
| 241 | |
| 242 | s3: kube.CephObjectStoreUser(pretalx.makeNameGlobal("-s3")) { |
| 243 | metadata+: { |
| 244 | namespace: cfg.s3.cluster, |
| 245 | }, |
| 246 | spec: { |
| 247 | store: cfg.s3.pool, |
| 248 | displayName: pretalx.makeNameGlobal("-s3"), |
| 249 | }, |
| 250 | }, |
| 251 | }, |
| 252 | } |