Gitiles
Code Review Sign In
gerrit.hackerspace.pl / hscloud / ff6fc9f6096b5233be53f082079952d8d5a93719 / . / app / inventory / prod.jsonnet
blob: 5825ab40066eaee1a8dfbe77f348f9da491c44d0 [file] [log] [blame]
Dariusz Niemczyk18aec0c2024-01-14 21:49:54 +0100[diff] [blame]1local kube = import '../../kube/hscloud.libsonnet';
radex33fbaed2023-11-16 22:27:02 +0100[diff] [blame]2local postgres = import '../../kube/postgres.libsonnet';
Dariusz Niemczyk62b83e02023-08-13 20:14:15 +0200[diff] [blame]3
4{
5 local top = self,
6 local cfg = top.cfg,
7
8 cfg:: {
9 name: 'inventory',
10 namespace: 'inventory',
11 domain: 'inventory.hackerspace.pl',
12
Dariusz Niemczyk18aec0c2024-01-14 21:49:54 +0100[diff] [blame]13 image: 'registry.k0.hswaw.net/palid/inventory-19.01.2024-2',
Dariusz Niemczyk62b83e02023-08-13 20:14:15 +0200[diff] [blame]14 oauthClientId: '82fffb65-0bbd-4d18-becd-0ce0b31373cf',
15 storageClassName: 'waw-hdd-redundant-3',
16
17 mediaPath: '/var/www/media',
18 },
19
radex1439fde2023-11-24 12:22:22 +0100[diff] [blame]20 secretRefs:: {
Dariusz Niemczyk18aec0c2024-01-14 21:49:54 +0100[diff] [blame]21 // Uses basic auth
22 labelApi: { secretKeyRef: { name: cfg.name, key: 'label_api' } },
Dariusz Niemczyk62b83e02023-08-13 20:14:15 +0200[diff] [blame]23 postgres: { secretKeyRef: { name: cfg.name, key: 'postgres_password' } },
24 oauth: { secretKeyRef: { name: cfg.name, key: 'oauth_secret' } },
Dariusz Niemczyk18aec0c2024-01-14 21:49:54 +0100[diff] [blame]25 s3Secret: { secretKeyRef: { name: cfg.name, key: 's3_secret_key' } },
26 s3Access: { secretKeyRef: { name: cfg.name, key: 's3_access_key' } },
Dariusz Niemczyk62b83e02023-08-13 20:14:15 +0200[diff] [blame]27 },
28
radex99ed6a72023-11-24 11:42:55 +0100[diff] [blame]29 local ns = kube.Namespace(cfg.namespace),
30
31 deployment: ns.Contain(kube.Deployment(cfg.name)) {
Dariusz Niemczyk62b83e02023-08-13 20:14:15 +0200[diff] [blame]32 spec+: {
33 template+: {
34 spec+: {
35 volumes_: {
radex4ffc64d2023-11-24 13:28:57 +0100[diff] [blame]36 media: top.media.volume,
Dariusz Niemczyk62b83e02023-08-13 20:14:15 +0200[diff] [blame]37 },
38 containers_: {
39 default: kube.Container('default') {
40 image: cfg.image,
41 ports_: {
42 web: { containerPort: 8000 },
43 },
44 env_: {
45 SPEJSTORE_ENV: 'prod',
radex37991742023-11-24 12:37:37 +0100[diff] [blame]46 SPEJSTORE_DB_NAME: top.postgres.cfg.database,
47 SPEJSTORE_DB_USER: top.postgres.cfg.username,
48 SPEJSTORE_DB_PASSWORD: top.postgres.cfg.password,
49 SPEJSTORE_DB_HOST: top.postgres.svc.host,
50 SPEJSTORE_DB_PORT: top.postgres.svc.port,
Dariusz Niemczyk62b83e02023-08-13 20:14:15 +0200[diff] [blame]51 SPEJSTORE_ALLOWED_HOSTS: cfg.domain,
52 SPEJSTORE_CLIENT_ID: cfg.oauthClientId,
radex1439fde2023-11-24 12:22:22 +0100[diff] [blame]53 SPEJSTORE_SECRET: top.secretRefs.oauth,
Dariusz Niemczyk62b83e02023-08-13 20:14:15 +0200[diff] [blame]54 SPEJSTORE_MEDIA_ROOT: cfg.mediaPath,
55 SPEJSTORE_REQUIRE_AUTH: 'true',
56 SPEJSTORE_LAN_ALLOWED_ADDRESS_SPACE: '185.236.240.5',
Dariusz Niemczyk18aec0c2024-01-14 21:49:54 +0100[diff] [blame]57 SPEJSTORE_HOST: 'https://' + cfg.domain,
58 SPEJSTORE_LABEL_API: top.secretRefs.labelApi,
59 SPEJSTORE_FILE_STORAGE_TYPE: 's3',
60 SPEJSTORE_S3_ACCESS_KEY: top.secretRefs.s3Access,
61 SPEJSTORE_S3_SECRET_KEY: top.secretRefs.s3Secret,
62 SPEJSTORE_S3_BUCKET_NAME: 'inventory',
63 SPEJSTORE_S3_ENDPOINT_URL: 'https://object.ceph-eu.hswaw.net',
64 SPEJSTORE_S3_DOMAIN_NAME: 'object.ceph-eu.hswaw.net',
65 SPEJSTORE_S3_STATIC_LOCATION: 'static',
66 SPEJSTORE_S3_MEDIA_LOCATION: 'media',
Dariusz Niemczyk62b83e02023-08-13 20:14:15 +0200[diff] [blame]67 },
68 volumeMounts_: {
69 media: { mountPath: cfg.mediaPath },
70 },
71 },
72 },
73 },
74 },
75 },
76 },
77
radex99ed6a72023-11-24 11:42:55 +0100[diff] [blame]78 media: ns.Contain(kube.PersistentVolumeClaim(cfg.name)) {
radex36964dc2023-11-24 11:19:46 +0100[diff] [blame]79 storage:: '20Gi',
80 storageClass:: cfg.storageClassName,
Dariusz Niemczyk62b83e02023-08-13 20:14:15 +0200[diff] [blame]81 },
82
radex0e128492023-11-24 12:47:27 +0100[diff] [blame]83 postgres: ns.Contain(postgres) {
Dariusz Niemczyk62b83e02023-08-13 20:14:15 +0200[diff] [blame]84 cfg+: {
Dariusz Niemczyk62b83e02023-08-13 20:14:15 +0200[diff] [blame]85 appName: cfg.name,
86 storageClassName: cfg.storageClassName,
87 version: '15.4',
88
radex37991742023-11-24 12:37:37 +0100[diff] [blame]89 database: 'inventory',
90 username: 'inventory',
radex1439fde2023-11-24 12:22:22 +0100[diff] [blame]91 password: top.secretRefs.postgres,
radex33fbaed2023-11-16 22:27:02 +0100[diff] [blame]92 versionedNames: true,
Dariusz Niemczyk62b83e02023-08-13 20:14:15 +0200[diff] [blame]93 },
Dariusz Niemczyk62b83e02023-08-13 20:14:15 +0200[diff] [blame]94 },
95
radex99ed6a72023-11-24 11:42:55 +0100[diff] [blame]96 service: ns.Contain(kube.Service(cfg.name)) {
radex8b8f3872023-11-24 11:09:46 +0100[diff] [blame]97 target:: top.deployment,
Dariusz Niemczyk62b83e02023-08-13 20:14:15 +0200[diff] [blame]98 },
99
radex99ed6a72023-11-24 11:42:55 +0100[diff] [blame]100 ingress: ns.Contain(kube.SimpleIngress(cfg.name)) {
Radek Pietruszewskif5844312023-10-27 22:41:18 +0200[diff] [blame]101 hosts:: [cfg.domain],
radexd45584a2023-11-24 12:51:57 +0100[diff] [blame]102 target:: top.service,
Dariusz Niemczyk62b83e02023-08-13 20:14:15 +0200[diff] [blame]103 },
104}