cheshire/hscloud
1
0
Fork 0
forked from hswaw/hscloud
Code Pull requests Activity

hswaw/capacifier: migrate deployment away from mirko

Browse source 
Change-Id: Ic15945ae0489cfc3026f4cb11123b8e6b575d471
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1688
Reviewed-by: q3k <q3k@hackerspace.pl>
This commit is contained in:
radex 2023-10-08 23:52:08 +02:00
parent a364934d33
commit 3ca8454555
5 changed files with 78 additions and 48 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
cluster/kube/k0.libsonnet
View file

@ -330,6 +330,7 @@ local rook = import "lib/rook.libsonnet";
{ namespace: "covid-formity", dns: "covid.hackerspace.pl" }, { namespace: "covid-formity", dns: "covid.hackerspace.pl" },
{ namespace: "covid-formity", dns: "www.covid.hackerspace.pl" }, { namespace: "covid-formity", dns: "www.covid.hackerspace.pl" },
{ namespace: "inventory", dns: "inventory.hackerspace.pl" }, { namespace: "inventory", dns: "inventory.hackerspace.pl" },
{ namespace: "capacifier", dns: "capacifier.hackerspace.pl" },
{ namespace: "ldapweb", dns: "profile.hackerspace.pl" }, { namespace: "ldapweb", dns: "profile.hackerspace.pl" },
{ namespace: "devtools-prod", dns: "hackdoc.hackerspace.pl" }, { namespace: "devtools-prod", dns: "hackdoc.hackerspace.pl" },
{ namespace: "devtools-prod", dns: "cs.hackerspace.pl" }, { namespace: "devtools-prod", dns: "cs.hackerspace.pl" },

2
hswaw/capacifier/README.md
View file

@ -1,7 +1,7 @@
capacifier capacifier
=== ===
rewrite-in-go of code.haclerspace.pl/tomek/capacifier. rewrite-in-go of code.hackerspace.pl/tomek/capacifier.
This is one of the oldest API services at the Warsaw hackerspace, and exists This is one of the oldest API services at the Warsaw hackerspace, and exists
solely to provide a generic 'is X a member of Y' functionality. It's generally solely to provide a generic 'is X a member of Y' functionality. It's generally

76
hswaw/capacifier/prod.jsonnet Normal file
View file

@ -0,0 +1,76 @@
local kube = import "../../kube/kube.libsonnet";
{
local top = self,
local cfg = self.cfg,
cfg:: {
name: 'capacifier',
namespace: 'capacifier',
domain: 'capacifier.hackerspace.pl',
image: 'registry.k0.hswaw.net/q3k/capacifier:1680390588',
},
ns: kube.Namespace(cfg.namespace),
deployment: top.ns.Contain(kube.Deployment(cfg.name)) {
spec+: {
replicas: 3,
template+: {
spec+: {
containers_: {
default: kube.Container("default") {
image: cfg.image,
env_: {
LDAP_DN: "cn=capacifier,ou=Services,dc=hackerspace,dc=pl",
LDAP_PW: { secretKeyRef: { name: cfg.name, key: 'ldap_pw' } },
},
command: [
"/hswaw/capacifier/capacifier",
"-hspki_disable",
"-logtostderr",
"-api_listen", "0.0.0.0:8080",
"-ldap_bind_dn", "$(LDAP_DN)",
"-ldap_bind_pw", "$(LDAP_PW)",
],
resources: {
requests: { cpu: "25m", memory: "64Mi" },
limits: { cpu: "500m", memory: "128Mi" },
},
ports_: {
http: { containerPort: 8080 },
},
},
},
},
},
},
},
service: top.ns.Contain(kube.Service(cfg.name)) {
target_pod:: top.deployment.spec.template,
},
ingress: top.ns.Contain(kube.Ingress(cfg.name)) {
metadata+: {
annotations+: {
"kubernetes.io/tls-acme": "true",
"cert-manager.io/cluster-issuer": "letsencrypt-prod",
"nginx.ingress.kubernetes.io/proxy-body-size": "0",
},
},
spec+: {
tls: [ { hosts: [ cfg.domain ], secretName: cfg.name + "-tls" } ],
rules: [
{
host: cfg.domain,
http: {
paths: [
{ path: "/", backend: top.service.name_port },
],
},
},
],
},
},
}

41
hswaw/kube/capacifier.libsonnet
View file

@ -1,41 +0,0 @@
local mirko = import "../../kube/mirko.libsonnet";
local kube = import "../../kube/kube.libsonnet";
{
cfg:: {
ldapBindPassword: error "ldapBindPassword must be set!",
image: "registry.k0.hswaw.net/q3k/capacifier:1680390588",
fqdn: "capacifier.hackerspace.pl",
},
component(cfg, env):: mirko.Component(env, "capacifier") {
local capacifier = self,
cfg+: {
image: cfg.image,
container: capacifier.GoContainer("main", "/hswaw/capacifier/capacifier") {
env_: {
BIND_PW: kube.SecretKeyRef(capacifier.secret, "bindPW"),
},
command+: [
"-api_listen", "0.0.0.0:5000",
"-ldap_bind_pw", "$(BIND_PW)",
],
},
ports+: {
publicHTTP: {
api: {
port: 5000,
dns: cfg.fqdn,
}
},
},
},
secret: kube.Secret("capacifier") {
metadata+: capacifier.metadata,
data_: {
bindPW: cfg.ldapBindPassword,
},
},
},
}

6
hswaw/kube/hswaw.jsonnet
View file

@ -6,7 +6,6 @@ local teleimg = import "teleimg.libsonnet";
local frab = import "frab.libsonnet"; local frab = import "frab.libsonnet";
local pretalx = import "pretalx.libsonnet"; local pretalx = import "pretalx.libsonnet";
local cebulacamp = import "cebulacamp.libsonnet"; local cebulacamp = import "cebulacamp.libsonnet";
local capacifier = import "capacifier.libsonnet";
{ {
hswaw(name):: mirko.Environment(name) { hswaw(name):: mirko.Environment(name) {
@ -19,7 +18,6 @@ local capacifier = import "capacifier.libsonnet";
frab: frab.cfg, frab: frab.cfg,
pretalx: pretalx.cfg, pretalx: pretalx.cfg,
cebulacamp: cebulacamp.cfg, cebulacamp: cebulacamp.cfg,
capacifier: capacifier.cfg,
}, },
components: { components: {
@ -31,7 +29,6 @@ local capacifier = import "capacifier.libsonnet";
cronjob: null, cronjob: null,
}, },
cebulacamp: cebulacamp.component(cfg.cebulacamp, env), cebulacamp: cebulacamp.component(cfg.cebulacamp, env),
capacifier: capacifier.component(cfg.capacifier, env),
}, },
}, },
@ -68,9 +65,6 @@ local capacifier = import "capacifier.libsonnet";
cebulacamp+: { cebulacamp+: {
webFQDN: "cebula.camp", webFQDN: "cebula.camp",
}, },
capacifier+: {
ldapBindPassword: std.split(importstr "secrets/plain/prod-capacifier-password", "\n")[0],
},
}, },
}, },