forked from hswaw/hscloud
77 lines
2.5 KiB
Plaintext
77 lines
2.5 KiB
Plaintext
|
local kube = import "../../kube/kube.libsonnet";
|
||
|
|
||
|
{
|
||
|
local top = self,
|
||
|
local cfg = self.cfg,
|
||
|
|
||
|
cfg:: {
|
||
|
name: 'capacifier',
|
||
|
namespace: 'capacifier',
|
||
|
domain: 'capacifier.hackerspace.pl',
|
||
|
image: 'registry.k0.hswaw.net/q3k/capacifier:1680390588',
|
||
|
},
|
||
|
|
||
|
ns: kube.Namespace(cfg.namespace),
|
||
|
|
||
|
deployment: top.ns.Contain(kube.Deployment(cfg.name)) {
|
||
|
spec+: {
|
||
|
replicas: 3,
|
||
|
template+: {
|
||
|
spec+: {
|
||
|
containers_: {
|
||
|
default: kube.Container("default") {
|
||
|
image: cfg.image,
|
||
|
env_: {
|
||
|
LDAP_DN: "cn=capacifier,ou=Services,dc=hackerspace,dc=pl",
|
||
|
LDAP_PW: { secretKeyRef: { name: cfg.name, key: 'ldap_pw' } },
|
||
|
},
|
||
|
command: [
|
||
|
"/hswaw/capacifier/capacifier",
|
||
|
"-hspki_disable",
|
||
|
"-logtostderr",
|
||
|
"-api_listen", "0.0.0.0:8080",
|
||
|
"-ldap_bind_dn", "$(LDAP_DN)",
|
||
|
"-ldap_bind_pw", "$(LDAP_PW)",
|
||
|
],
|
||
|
resources: {
|
||
|
requests: { cpu: "25m", memory: "64Mi" },
|
||
|
limits: { cpu: "500m", memory: "128Mi" },
|
||
|
},
|
||
|
ports_: {
|
||
|
http: { containerPort: 8080 },
|
||
|
},
|
||
|
},
|
||
|
},
|
||
|
},
|
||
|
},
|
||
|
},
|
||
|
},
|
||
|
|
||
|
service: top.ns.Contain(kube.Service(cfg.name)) {
|
||
|
target_pod:: top.deployment.spec.template,
|
||
|
},
|
||
|
|
||
|
ingress: top.ns.Contain(kube.Ingress(cfg.name)) {
|
||
|
metadata+: {
|
||
|
annotations+: {
|
||
|
"kubernetes.io/tls-acme": "true",
|
||
|
"cert-manager.io/cluster-issuer": "letsencrypt-prod",
|
||
|
"nginx.ingress.kubernetes.io/proxy-body-size": "0",
|
||
|
},
|
||
|
},
|
||
|
spec+: {
|
||
|
tls: [ { hosts: [ cfg.domain ], secretName: cfg.name + "-tls" } ],
|
||
|
rules: [
|
||
|
{
|
||
|
host: cfg.domain,
|
||
|
http: {
|
||
|
paths: [
|
||
|
{ path: "/", backend: top.service.name_port },
|
||
|
],
|
||
|
},
|
||
|
},
|
||
|
],
|
||
|
},
|
||
|
},
|
||
|
}
|