forked from hswaw/hscloud
hswaw/capacifier: migrate deployment away from mirko
Change-Id: Ic15945ae0489cfc3026f4cb11123b8e6b575d471 Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1688 Reviewed-by: q3k <q3k@hackerspace.pl>
This commit is contained in:
parent
a364934d33
commit
3ca8454555
5 changed files with 78 additions and 48 deletions
|
@ -330,6 +330,7 @@ local rook = import "lib/rook.libsonnet";
|
||||||
{ namespace: "covid-formity", dns: "covid.hackerspace.pl" },
|
{ namespace: "covid-formity", dns: "covid.hackerspace.pl" },
|
||||||
{ namespace: "covid-formity", dns: "www.covid.hackerspace.pl" },
|
{ namespace: "covid-formity", dns: "www.covid.hackerspace.pl" },
|
||||||
{ namespace: "inventory", dns: "inventory.hackerspace.pl" },
|
{ namespace: "inventory", dns: "inventory.hackerspace.pl" },
|
||||||
|
{ namespace: "capacifier", dns: "capacifier.hackerspace.pl" },
|
||||||
{ namespace: "ldapweb", dns: "profile.hackerspace.pl" },
|
{ namespace: "ldapweb", dns: "profile.hackerspace.pl" },
|
||||||
{ namespace: "devtools-prod", dns: "hackdoc.hackerspace.pl" },
|
{ namespace: "devtools-prod", dns: "hackdoc.hackerspace.pl" },
|
||||||
{ namespace: "devtools-prod", dns: "cs.hackerspace.pl" },
|
{ namespace: "devtools-prod", dns: "cs.hackerspace.pl" },
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
capacifier
|
capacifier
|
||||||
===
|
===
|
||||||
|
|
||||||
rewrite-in-go of code.haclerspace.pl/tomek/capacifier.
|
rewrite-in-go of code.hackerspace.pl/tomek/capacifier.
|
||||||
|
|
||||||
This is one of the oldest API services at the Warsaw hackerspace, and exists
|
This is one of the oldest API services at the Warsaw hackerspace, and exists
|
||||||
solely to provide a generic 'is X a member of Y' functionality. It's generally
|
solely to provide a generic 'is X a member of Y' functionality. It's generally
|
||||||
|
|
76
hswaw/capacifier/prod.jsonnet
Normal file
76
hswaw/capacifier/prod.jsonnet
Normal file
|
@ -0,0 +1,76 @@
|
||||||
|
local kube = import "../../kube/kube.libsonnet";
|
||||||
|
|
||||||
|
{
|
||||||
|
local top = self,
|
||||||
|
local cfg = self.cfg,
|
||||||
|
|
||||||
|
cfg:: {
|
||||||
|
name: 'capacifier',
|
||||||
|
namespace: 'capacifier',
|
||||||
|
domain: 'capacifier.hackerspace.pl',
|
||||||
|
image: 'registry.k0.hswaw.net/q3k/capacifier:1680390588',
|
||||||
|
},
|
||||||
|
|
||||||
|
ns: kube.Namespace(cfg.namespace),
|
||||||
|
|
||||||
|
deployment: top.ns.Contain(kube.Deployment(cfg.name)) {
|
||||||
|
spec+: {
|
||||||
|
replicas: 3,
|
||||||
|
template+: {
|
||||||
|
spec+: {
|
||||||
|
containers_: {
|
||||||
|
default: kube.Container("default") {
|
||||||
|
image: cfg.image,
|
||||||
|
env_: {
|
||||||
|
LDAP_DN: "cn=capacifier,ou=Services,dc=hackerspace,dc=pl",
|
||||||
|
LDAP_PW: { secretKeyRef: { name: cfg.name, key: 'ldap_pw' } },
|
||||||
|
},
|
||||||
|
command: [
|
||||||
|
"/hswaw/capacifier/capacifier",
|
||||||
|
"-hspki_disable",
|
||||||
|
"-logtostderr",
|
||||||
|
"-api_listen", "0.0.0.0:8080",
|
||||||
|
"-ldap_bind_dn", "$(LDAP_DN)",
|
||||||
|
"-ldap_bind_pw", "$(LDAP_PW)",
|
||||||
|
],
|
||||||
|
resources: {
|
||||||
|
requests: { cpu: "25m", memory: "64Mi" },
|
||||||
|
limits: { cpu: "500m", memory: "128Mi" },
|
||||||
|
},
|
||||||
|
ports_: {
|
||||||
|
http: { containerPort: 8080 },
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
|
||||||
|
service: top.ns.Contain(kube.Service(cfg.name)) {
|
||||||
|
target_pod:: top.deployment.spec.template,
|
||||||
|
},
|
||||||
|
|
||||||
|
ingress: top.ns.Contain(kube.Ingress(cfg.name)) {
|
||||||
|
metadata+: {
|
||||||
|
annotations+: {
|
||||||
|
"kubernetes.io/tls-acme": "true",
|
||||||
|
"cert-manager.io/cluster-issuer": "letsencrypt-prod",
|
||||||
|
"nginx.ingress.kubernetes.io/proxy-body-size": "0",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
spec+: {
|
||||||
|
tls: [ { hosts: [ cfg.domain ], secretName: cfg.name + "-tls" } ],
|
||||||
|
rules: [
|
||||||
|
{
|
||||||
|
host: cfg.domain,
|
||||||
|
http: {
|
||||||
|
paths: [
|
||||||
|
{ path: "/", backend: top.service.name_port },
|
||||||
|
],
|
||||||
|
},
|
||||||
|
},
|
||||||
|
],
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}
|
|
@ -1,41 +0,0 @@
|
||||||
local mirko = import "../../kube/mirko.libsonnet";
|
|
||||||
local kube = import "../../kube/kube.libsonnet";
|
|
||||||
|
|
||||||
{
|
|
||||||
cfg:: {
|
|
||||||
ldapBindPassword: error "ldapBindPassword must be set!",
|
|
||||||
image: "registry.k0.hswaw.net/q3k/capacifier:1680390588",
|
|
||||||
fqdn: "capacifier.hackerspace.pl",
|
|
||||||
},
|
|
||||||
|
|
||||||
component(cfg, env):: mirko.Component(env, "capacifier") {
|
|
||||||
local capacifier = self,
|
|
||||||
cfg+: {
|
|
||||||
image: cfg.image,
|
|
||||||
container: capacifier.GoContainer("main", "/hswaw/capacifier/capacifier") {
|
|
||||||
env_: {
|
|
||||||
BIND_PW: kube.SecretKeyRef(capacifier.secret, "bindPW"),
|
|
||||||
},
|
|
||||||
command+: [
|
|
||||||
"-api_listen", "0.0.0.0:5000",
|
|
||||||
"-ldap_bind_pw", "$(BIND_PW)",
|
|
||||||
],
|
|
||||||
},
|
|
||||||
ports+: {
|
|
||||||
publicHTTP: {
|
|
||||||
api: {
|
|
||||||
port: 5000,
|
|
||||||
dns: cfg.fqdn,
|
|
||||||
}
|
|
||||||
},
|
|
||||||
},
|
|
||||||
},
|
|
||||||
|
|
||||||
secret: kube.Secret("capacifier") {
|
|
||||||
metadata+: capacifier.metadata,
|
|
||||||
data_: {
|
|
||||||
bindPW: cfg.ldapBindPassword,
|
|
||||||
},
|
|
||||||
},
|
|
||||||
},
|
|
||||||
}
|
|
|
@ -6,7 +6,6 @@ local teleimg = import "teleimg.libsonnet";
|
||||||
local frab = import "frab.libsonnet";
|
local frab = import "frab.libsonnet";
|
||||||
local pretalx = import "pretalx.libsonnet";
|
local pretalx = import "pretalx.libsonnet";
|
||||||
local cebulacamp = import "cebulacamp.libsonnet";
|
local cebulacamp = import "cebulacamp.libsonnet";
|
||||||
local capacifier = import "capacifier.libsonnet";
|
|
||||||
|
|
||||||
{
|
{
|
||||||
hswaw(name):: mirko.Environment(name) {
|
hswaw(name):: mirko.Environment(name) {
|
||||||
|
@ -19,7 +18,6 @@ local capacifier = import "capacifier.libsonnet";
|
||||||
frab: frab.cfg,
|
frab: frab.cfg,
|
||||||
pretalx: pretalx.cfg,
|
pretalx: pretalx.cfg,
|
||||||
cebulacamp: cebulacamp.cfg,
|
cebulacamp: cebulacamp.cfg,
|
||||||
capacifier: capacifier.cfg,
|
|
||||||
},
|
},
|
||||||
|
|
||||||
components: {
|
components: {
|
||||||
|
@ -31,7 +29,6 @@ local capacifier = import "capacifier.libsonnet";
|
||||||
cronjob: null,
|
cronjob: null,
|
||||||
},
|
},
|
||||||
cebulacamp: cebulacamp.component(cfg.cebulacamp, env),
|
cebulacamp: cebulacamp.component(cfg.cebulacamp, env),
|
||||||
capacifier: capacifier.component(cfg.capacifier, env),
|
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
|
||||||
|
@ -68,9 +65,6 @@ local capacifier = import "capacifier.libsonnet";
|
||||||
cebulacamp+: {
|
cebulacamp+: {
|
||||||
webFQDN: "cebula.camp",
|
webFQDN: "cebula.camp",
|
||||||
},
|
},
|
||||||
capacifier+: {
|
|
||||||
ldapBindPassword: std.split(importstr "secrets/plain/prod-capacifier-password", "\n")[0],
|
|
||||||
},
|
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue