radex | 3ca8454 | 2023-10-08 23:52:08 +0200 | [diff] [blame] | 1 | local kube = import "../../kube/kube.libsonnet"; |
| 2 | |
| 3 | { |
| 4 | local top = self, |
| 5 | local cfg = self.cfg, |
| 6 | |
| 7 | cfg:: { |
| 8 | name: 'capacifier', |
| 9 | namespace: 'capacifier', |
| 10 | domain: 'capacifier.hackerspace.pl', |
Serge Bazanski | 4768e2f | 2023-10-28 17:31:13 +0000 | [diff] [blame] | 11 | image: 'registry.k0.hswaw.net/q3k/capacifier@sha256:fd94b29bf711267235c96e5102ac4024e83e5851869a5e8814b83e76490c00af', |
radex | 3ca8454 | 2023-10-08 23:52:08 +0200 | [diff] [blame] | 12 | }, |
| 13 | |
| 14 | ns: kube.Namespace(cfg.namespace), |
| 15 | |
| 16 | deployment: top.ns.Contain(kube.Deployment(cfg.name)) { |
| 17 | spec+: { |
| 18 | replicas: 3, |
| 19 | template+: { |
| 20 | spec+: { |
| 21 | containers_: { |
| 22 | default: kube.Container("default") { |
| 23 | image: cfg.image, |
| 24 | env_: { |
| 25 | LDAP_DN: "cn=capacifier,ou=Services,dc=hackerspace,dc=pl", |
| 26 | LDAP_PW: { secretKeyRef: { name: cfg.name, key: 'ldap_pw' } }, |
| 27 | }, |
| 28 | command: [ |
| 29 | "/hswaw/capacifier/capacifier", |
radex | 3ca8454 | 2023-10-08 23:52:08 +0200 | [diff] [blame] | 30 | "-logtostderr", |
| 31 | "-api_listen", "0.0.0.0:8080", |
| 32 | "-ldap_bind_dn", "$(LDAP_DN)", |
| 33 | "-ldap_bind_pw", "$(LDAP_PW)", |
| 34 | ], |
| 35 | resources: { |
| 36 | requests: { cpu: "25m", memory: "64Mi" }, |
| 37 | limits: { cpu: "500m", memory: "128Mi" }, |
| 38 | }, |
| 39 | ports_: { |
| 40 | http: { containerPort: 8080 }, |
| 41 | }, |
| 42 | }, |
| 43 | }, |
| 44 | }, |
| 45 | }, |
| 46 | }, |
| 47 | }, |
| 48 | |
| 49 | service: top.ns.Contain(kube.Service(cfg.name)) { |
| 50 | target_pod:: top.deployment.spec.template, |
| 51 | }, |
| 52 | |
| 53 | ingress: top.ns.Contain(kube.Ingress(cfg.name)) { |
| 54 | metadata+: { |
| 55 | annotations+: { |
| 56 | "kubernetes.io/tls-acme": "true", |
| 57 | "cert-manager.io/cluster-issuer": "letsencrypt-prod", |
| 58 | "nginx.ingress.kubernetes.io/proxy-body-size": "0", |
| 59 | }, |
| 60 | }, |
| 61 | spec+: { |
| 62 | tls: [ { hosts: [ cfg.domain ], secretName: cfg.name + "-tls" } ], |
| 63 | rules: [ |
| 64 | { |
| 65 | host: cfg.domain, |
| 66 | http: { |
| 67 | paths: [ |
| 68 | { path: "/", backend: top.service.name_port }, |
| 69 | ], |
| 70 | }, |
| 71 | }, |
| 72 | ], |
| 73 | }, |
| 74 | }, |
| 75 | } |