Dariusz Niemczyk | 18aec0c | 2024-01-14 21:49:54 +0100 | [diff] [blame] | 1 | local kube = import '../../kube/hscloud.libsonnet'; |
radex | 33fbaed | 2023-11-16 22:27:02 +0100 | [diff] [blame] | 2 | local postgres = import '../../kube/postgres.libsonnet'; |
Dariusz Niemczyk | 62b83e0 | 2023-08-13 20:14:15 +0200 | [diff] [blame] | 3 | |
| 4 | { |
| 5 | local top = self, |
| 6 | local cfg = top.cfg, |
| 7 | |
| 8 | cfg:: { |
| 9 | name: 'inventory', |
| 10 | namespace: 'inventory', |
| 11 | domain: 'inventory.hackerspace.pl', |
| 12 | |
Dariusz Niemczyk | 18aec0c | 2024-01-14 21:49:54 +0100 | [diff] [blame] | 13 | image: 'registry.k0.hswaw.net/palid/inventory-19.01.2024-2', |
Dariusz Niemczyk | 62b83e0 | 2023-08-13 20:14:15 +0200 | [diff] [blame] | 14 | oauthClientId: '82fffb65-0bbd-4d18-becd-0ce0b31373cf', |
| 15 | storageClassName: 'waw-hdd-redundant-3', |
| 16 | |
| 17 | mediaPath: '/var/www/media', |
| 18 | }, |
| 19 | |
radex | 1439fde | 2023-11-24 12:22:22 +0100 | [diff] [blame] | 20 | secretRefs:: { |
Dariusz Niemczyk | 18aec0c | 2024-01-14 21:49:54 +0100 | [diff] [blame] | 21 | // Uses basic auth |
| 22 | labelApi: { secretKeyRef: { name: cfg.name, key: 'label_api' } }, |
Dariusz Niemczyk | 62b83e0 | 2023-08-13 20:14:15 +0200 | [diff] [blame] | 23 | postgres: { secretKeyRef: { name: cfg.name, key: 'postgres_password' } }, |
| 24 | oauth: { secretKeyRef: { name: cfg.name, key: 'oauth_secret' } }, |
Dariusz Niemczyk | 18aec0c | 2024-01-14 21:49:54 +0100 | [diff] [blame] | 25 | s3Secret: { secretKeyRef: { name: cfg.name, key: 's3_secret_key' } }, |
| 26 | s3Access: { secretKeyRef: { name: cfg.name, key: 's3_access_key' } }, |
Dariusz Niemczyk | 62b83e0 | 2023-08-13 20:14:15 +0200 | [diff] [blame] | 27 | }, |
| 28 | |
radex | 99ed6a7 | 2023-11-24 11:42:55 +0100 | [diff] [blame] | 29 | local ns = kube.Namespace(cfg.namespace), |
| 30 | |
| 31 | deployment: ns.Contain(kube.Deployment(cfg.name)) { |
Dariusz Niemczyk | 62b83e0 | 2023-08-13 20:14:15 +0200 | [diff] [blame] | 32 | spec+: { |
| 33 | template+: { |
| 34 | spec+: { |
| 35 | volumes_: { |
radex | 4ffc64d | 2023-11-24 13:28:57 +0100 | [diff] [blame] | 36 | media: top.media.volume, |
Dariusz Niemczyk | 62b83e0 | 2023-08-13 20:14:15 +0200 | [diff] [blame] | 37 | }, |
| 38 | containers_: { |
| 39 | default: kube.Container('default') { |
| 40 | image: cfg.image, |
| 41 | ports_: { |
| 42 | web: { containerPort: 8000 }, |
| 43 | }, |
| 44 | env_: { |
| 45 | SPEJSTORE_ENV: 'prod', |
radex | 3799174 | 2023-11-24 12:37:37 +0100 | [diff] [blame] | 46 | SPEJSTORE_DB_NAME: top.postgres.cfg.database, |
| 47 | SPEJSTORE_DB_USER: top.postgres.cfg.username, |
| 48 | SPEJSTORE_DB_PASSWORD: top.postgres.cfg.password, |
| 49 | SPEJSTORE_DB_HOST: top.postgres.svc.host, |
| 50 | SPEJSTORE_DB_PORT: top.postgres.svc.port, |
Dariusz Niemczyk | 62b83e0 | 2023-08-13 20:14:15 +0200 | [diff] [blame] | 51 | SPEJSTORE_ALLOWED_HOSTS: cfg.domain, |
| 52 | SPEJSTORE_CLIENT_ID: cfg.oauthClientId, |
radex | 1439fde | 2023-11-24 12:22:22 +0100 | [diff] [blame] | 53 | SPEJSTORE_SECRET: top.secretRefs.oauth, |
Dariusz Niemczyk | 62b83e0 | 2023-08-13 20:14:15 +0200 | [diff] [blame] | 54 | SPEJSTORE_MEDIA_ROOT: cfg.mediaPath, |
| 55 | SPEJSTORE_REQUIRE_AUTH: 'true', |
| 56 | SPEJSTORE_LAN_ALLOWED_ADDRESS_SPACE: '185.236.240.5', |
Dariusz Niemczyk | 18aec0c | 2024-01-14 21:49:54 +0100 | [diff] [blame] | 57 | SPEJSTORE_HOST: 'https://' + cfg.domain, |
| 58 | SPEJSTORE_LABEL_API: top.secretRefs.labelApi, |
| 59 | SPEJSTORE_FILE_STORAGE_TYPE: 's3', |
| 60 | SPEJSTORE_S3_ACCESS_KEY: top.secretRefs.s3Access, |
| 61 | SPEJSTORE_S3_SECRET_KEY: top.secretRefs.s3Secret, |
| 62 | SPEJSTORE_S3_BUCKET_NAME: 'inventory', |
| 63 | SPEJSTORE_S3_ENDPOINT_URL: 'https://object.ceph-eu.hswaw.net', |
| 64 | SPEJSTORE_S3_DOMAIN_NAME: 'object.ceph-eu.hswaw.net', |
| 65 | SPEJSTORE_S3_STATIC_LOCATION: 'static', |
| 66 | SPEJSTORE_S3_MEDIA_LOCATION: 'media', |
Dariusz Niemczyk | 62b83e0 | 2023-08-13 20:14:15 +0200 | [diff] [blame] | 67 | }, |
| 68 | volumeMounts_: { |
| 69 | media: { mountPath: cfg.mediaPath }, |
| 70 | }, |
| 71 | }, |
| 72 | }, |
| 73 | }, |
| 74 | }, |
| 75 | }, |
| 76 | }, |
| 77 | |
radex | 99ed6a7 | 2023-11-24 11:42:55 +0100 | [diff] [blame] | 78 | media: ns.Contain(kube.PersistentVolumeClaim(cfg.name)) { |
radex | 36964dc | 2023-11-24 11:19:46 +0100 | [diff] [blame] | 79 | storage:: '20Gi', |
| 80 | storageClass:: cfg.storageClassName, |
Dariusz Niemczyk | 62b83e0 | 2023-08-13 20:14:15 +0200 | [diff] [blame] | 81 | }, |
| 82 | |
radex | 0e12849 | 2023-11-24 12:47:27 +0100 | [diff] [blame] | 83 | postgres: ns.Contain(postgres) { |
Dariusz Niemczyk | 62b83e0 | 2023-08-13 20:14:15 +0200 | [diff] [blame] | 84 | cfg+: { |
Dariusz Niemczyk | 62b83e0 | 2023-08-13 20:14:15 +0200 | [diff] [blame] | 85 | appName: cfg.name, |
| 86 | storageClassName: cfg.storageClassName, |
| 87 | version: '15.4', |
| 88 | |
radex | 3799174 | 2023-11-24 12:37:37 +0100 | [diff] [blame] | 89 | database: 'inventory', |
| 90 | username: 'inventory', |
radex | 1439fde | 2023-11-24 12:22:22 +0100 | [diff] [blame] | 91 | password: top.secretRefs.postgres, |
radex | 33fbaed | 2023-11-16 22:27:02 +0100 | [diff] [blame] | 92 | versionedNames: true, |
Dariusz Niemczyk | 62b83e0 | 2023-08-13 20:14:15 +0200 | [diff] [blame] | 93 | }, |
Dariusz Niemczyk | 62b83e0 | 2023-08-13 20:14:15 +0200 | [diff] [blame] | 94 | }, |
| 95 | |
radex | 99ed6a7 | 2023-11-24 11:42:55 +0100 | [diff] [blame] | 96 | service: ns.Contain(kube.Service(cfg.name)) { |
radex | 8b8f387 | 2023-11-24 11:09:46 +0100 | [diff] [blame] | 97 | target:: top.deployment, |
Dariusz Niemczyk | 62b83e0 | 2023-08-13 20:14:15 +0200 | [diff] [blame] | 98 | }, |
| 99 | |
radex | 99ed6a7 | 2023-11-24 11:42:55 +0100 | [diff] [blame] | 100 | ingress: ns.Contain(kube.SimpleIngress(cfg.name)) { |
Radek Pietruszewski | f584431 | 2023-10-27 22:41:18 +0200 | [diff] [blame] | 101 | hosts:: [cfg.domain], |
radex | d45584a | 2023-11-24 12:51:57 +0100 | [diff] [blame] | 102 | target:: top.service, |
Dariusz Niemczyk | 62b83e0 | 2023-08-13 20:14:15 +0200 | [diff] [blame] | 103 | }, |
| 104 | } |