Gitiles
Code Review Sign In
gerrit.hackerspace.pl / hscloud / f5844311ebcbc539fe919a2020d1237857b852f0 / . / app / inventory / prod.jsonnet
blob: 7519d9a0ad51f2134fe297e294f9e81c444795f9 [file] [log] [blame]
Radek Pietruszewskif5844312023-10-27 22:41:18 +0200[diff] [blame^]1local kube = import "../../kube/hscloud.libsonnet";
Dariusz Niemczyk62b83e02023-08-13 20:14:15 +0200[diff] [blame]2local postgres = import '../../kube/postgres_v.libsonnet';
3
4{
5 local top = self,
6 local cfg = top.cfg,
7
8 cfg:: {
9 name: 'inventory',
10 namespace: 'inventory',
11 domain: 'inventory.hackerspace.pl',
12
13 image: 'registry.k0.hswaw.net/palid/spejstore:1694280421',
14 db: {
15 name: 'inventory',
16 username: 'inventory',
17 },
18 oauthClientId: '82fffb65-0bbd-4d18-becd-0ce0b31373cf',
19 storageClassName: 'waw-hdd-redundant-3',
20
21 mediaPath: '/var/www/media',
22 },
23
24 secrets:: {
25 postgres: { secretKeyRef: { name: cfg.name, key: 'postgres_password' } },
26 oauth: { secretKeyRef: { name: cfg.name, key: 'oauth_secret' } },
27 },
28
29 ns: kube.Namespace(cfg.namespace),
30 deployment: top.ns.Contain(kube.Deployment(cfg.name)) {
31 spec+: {
32 template+: {
33 spec+: {
34 volumes_: {
35 media: kube.PersistentVolumeClaimVolume(top.media),
36 },
37 containers_: {
38 default: kube.Container('default') {
39 image: cfg.image,
40 ports_: {
41 web: { containerPort: 8000 },
42 },
43 env_: {
44 SPEJSTORE_ENV: 'prod',
45 SPEJSTORE_DB_NAME: cfg.db.name,
46 SPEJSTORE_DB_USER: cfg.db.username,
47 SPEJSTORE_DB_PASSWORD: top.secrets.postgres,
48 SPEJSTORE_DB_HOST: top.psql.svc.host,
49 SPEJSTORE_DB_PORT: top.psql.svc.port,
50 SPEJSTORE_ALLOWED_HOSTS: cfg.domain,
51 SPEJSTORE_CLIENT_ID: cfg.oauthClientId,
52 SPEJSTORE_SECRET: top.secrets.oauth,
53 SPEJSTORE_MEDIA_ROOT: cfg.mediaPath,
54 SPEJSTORE_REQUIRE_AUTH: 'true',
55 SPEJSTORE_LAN_ALLOWED_ADDRESS_SPACE: '185.236.240.5',
56 },
57 volumeMounts_: {
58 media: { mountPath: cfg.mediaPath },
59 },
60 },
61 },
62 },
63 },
64 },
65 },
66
67 media: top.ns.Contain(kube.PersistentVolumeClaim(cfg.name)) {
68 spec+: {
69 storageClassName: cfg.storageClassName,
70 accessModes: ['ReadWriteOnce'],
71 resources: {
72 requests: {
73 storage: '20Gi',
74 },
75 },
76 },
77 },
78
79 psql: postgres {
80 cfg+: {
81 namespace: cfg.namespace,
82 appName: cfg.name,
83 storageClassName: cfg.storageClassName,
84 version: '15.4',
85
86 database: cfg.db.name,
87 username: cfg.db.username,
88 password: top.secrets.postgres,
89 },
90 bouncer: {},
91 },
92
93 service: top.ns.Contain(kube.Service(cfg.name)) {
94 target_pod:: top.deployment.spec.template,
95 },
96
Radek Pietruszewskif5844312023-10-27 22:41:18 +0200[diff] [blame^]97 ingress: top.ns.Contain(kube.SimpleIngress(cfg.name)) {
98 hosts:: [cfg.domain],
99 target_service:: top.service,
Dariusz Niemczyk62b83e02023-08-13 20:14:15 +0200[diff] [blame]100 },
101}