From 3fdda9c9a34bf7a78641c2f9e5792ea68b045890 Mon Sep 17 00:00:00 2001 From: radex Date: Mon, 23 Oct 2023 22:25:35 +0200 Subject: [PATCH] hswaw/walne: initial deployment Co-authored-by: Palid Change-Id: I7c5ef8a1d310821937c49598c4bd983f80a8fbcb Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1741 Reviewed-by: q3k --- app/walne/README.md | 3 +++ app/walne/prod.jsonnet | 57 +++++++++++++++++++++++++++++++++++++++ cluster/kube/k0.libsonnet | 5 ++++ 3 files changed, 65 insertions(+) create mode 100644 app/walne/README.md create mode 100644 app/walne/prod.jsonnet diff --git a/app/walne/README.md b/app/walne/README.md new file mode 100644 index 00000000..dd917e61 --- /dev/null +++ b/app/walne/README.md @@ -0,0 +1,3 @@ +# Walne (General Assembly Paperwork Generatorâ„¢) + +Source: https://code.hackerspace.pl/hswaw/walne diff --git a/app/walne/prod.jsonnet b/app/walne/prod.jsonnet new file mode 100644 index 00000000..da98b702 --- /dev/null +++ b/app/walne/prod.jsonnet @@ -0,0 +1,57 @@ +local kube = import '../../kube/hscloud.libsonnet'; + +{ + local top = self, + local cfg = top.cfg, + + cfg:: { + name: 'walne', + namespace: 'walne', + domain: 'walne.hackerspace.pl', + image: 'registry.k0.hswaw.net/radex/walne:1698228636', + oauthClientId: '992f3daf-a30e-4409-baad-e7b0e4bc2a2e', + }, + + // kubectl -n walne create secret generic walne --from-literal=ldap_password=xxx --from-literal=oauth_secret=xxx --from-literal=next_auth_secret=$(pwgen 32 1) + secrets:: { + ldap: { secretKeyRef: { name: cfg.name, key: 'ldap_password' },}, + ouath: { secretKeyRef: { name: cfg.name, key: 'oauth_secret' } }, + nextAuth: { secretKeyRef: { name: cfg.name, key: 'next_auth_secret' } }, + }, + + ns: kube.Namespace(cfg.namespace), + deployment: top.ns.Contain(kube.Deployment(cfg.name)) { + spec+: { + template+: { + spec+: { + containers_: { + default: kube.Container('default') { + image: cfg.image, + ports_: { + web: { containerPort: 3000 }, + }, + env_: { + LDAP_USER_DN: 'cn=walone-generator,ou=services,dc=hackerspace,dc=pl', + LDAP_USER_PW: top.secrets.ldap, + ALLOWED_LDAP_GROUPS: 'zarzad,rewizja,staff,walne-users', + HSWAW_AUTH_CLIENT_ID: cfg.oauthClientId, + HSWAW_AUTH_CLIENT_SECRET: top.secrets.ouath, + AUTH_SECRET: top.secrets.nextAuth, + REDIRECT_PROXY_URL: 'https://' + cfg.domain + '/auth', + }, + }, + }, + }, + }, + }, + }, + + service: top.ns.Contain(kube.Service(cfg.name)) { + target_pod:: top.deployment.spec.template, + }, + + ingress: top.ns.Contain(kube.SimpleIngress(cfg.name)) { + hosts:: [cfg.domain], + target_service:: top.service, + }, +} diff --git a/cluster/kube/k0.libsonnet b/cluster/kube/k0.libsonnet index e6079e3a..ed18f600 100644 --- a/cluster/kube/k0.libsonnet +++ b/cluster/kube/k0.libsonnet @@ -330,6 +330,7 @@ local admins = import "lib/admins.libsonnet"; { namespace: "inventory", dns: "inventory.hackerspace.pl" }, { namespace: "capacifier", dns: "capacifier.hackerspace.pl" }, { namespace: "ldapweb", dns: "profile.hackerspace.pl" }, + { namespace: "walne", dns: "walne.hackerspace.pl" }, { namespace: "devtools-prod", dns: "hackdoc.hackerspace.pl" }, { namespace: "devtools-prod", dns: "cs.hackerspace.pl" }, { namespace: "codehosting-prod", dns: "git.hackerspace.pl" }, @@ -393,6 +394,10 @@ local admins = import "lib/admins.libsonnet"; "radex", "palid", ], + "walne": [ + "radex", + "palid", + ], "site": [ "ar", "radex",