cheshire
/
hscloud
forked from hswaw/hscloud
1
0
Fork 0
Code Pull Requests Activity

hswaw/site: migrate away from mirko 

Change-Id: I34163bbb62ba792d359a5f5e72de1024c0109eab
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1631
Reviewed-by: q3k <q3k@hackerspace.pl>
master
radex 2023-09-23 09:34:58 +02:00
parent 8dcca254ce
commit a364934d33
4 changed files with 75 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
cluster/kube/k0.libsonnet
View File

@ -341,6 +341,8 @@ local rook = import "lib/rook.libsonnet";
{ namespace: "gitea-prod", dns: "gitea.hackerspace.pl" },
{ namespace: "hswaw-prod", dns: "*.hackerspace.pl" },
{ namespace: "hswaw-prod", dns: "*.hswaw.net" },
{ namespace: "site", dns: "hackerspace.pl" },
{ namespace: "site", dns: "www.hackerspace.pl" },
{ namespace: "internet", dns: "internet.hackerspace.pl" },
{ namespace: "matrix", dns: "matrix.hackerspace.pl" },
{ namespace: "onlyoffice-prod", dns: "office.hackerspace.pl" },

6
hswaw/kube/hswaw.jsonnet
View File

@ -6,7 +6,6 @@ local teleimg = import "teleimg.libsonnet";
local frab = import "frab.libsonnet";
local pretalx = import "pretalx.libsonnet";
local cebulacamp = import "cebulacamp.libsonnet";
local site = import "site.libsonnet";
local capacifier = import "capacifier.libsonnet";
{
@ -20,7 +19,6 @@ local capacifier = import "capacifier.libsonnet";
frab: frab.cfg,
pretalx: pretalx.cfg,
cebulacamp: cebulacamp.cfg,
site: site.cfg,
capacifier: capacifier.cfg,
},
@ -33,7 +31,6 @@ local capacifier = import "capacifier.libsonnet";
cronjob: null,
},
cebulacamp: cebulacamp.component(cfg.cebulacamp, env),
site: site.component(cfg.site, env),
capacifier: capacifier.component(cfg.capacifier, env),
},
},
@ -71,9 +68,6 @@ local capacifier = import "capacifier.libsonnet";
cebulacamp+: {
webFQDN: "cebula.camp",
},
site+: {
webFQDN: "new.hackerspace.pl",
},
capacifier+: {
ldapBindPassword: std.split(importstr "secrets/plain/prod-capacifier-password", "\n")[0],
},

26
hswaw/kube/site.libsonnet
View File

@ -1,26 +0,0 @@
local mirko = import "../../kube/mirko.libsonnet";
local kube = import "../../kube/kube.libsonnet";
{
cfg:: {
image: "registry.k0.hswaw.net/q3k/hswaw-site@sha256:ba8b5ca2aab81edd7a1f5bcc1e75253d7573e199463e7e56aaf18ad4380d681b",
webFQDN: error "webFQDN must be set",
},
component(cfg, env):: mirko.Component(env, "site") {
local site = self,
cfg+: {
image: cfg.image,
container: site.GoContainer("main", "/hswaw/site/site") {
},
ports+: {
publicHTTP: {
web: {
port: 8080,
dns: cfg.webFQDN,
}
},
},
},
},
}

73
hswaw/site/prod.jsonnet Normal file
View File

@ -0,0 +1,73 @@
local kube = import "../../kube/kube.libsonnet";
{
local top = self,
local cfg = self.cfg,
cfg:: {
name: 'site',
namespace: 'site',
domains: [
'hackerspace.pl',
'www.hackerspace.pl',
],
image: 'registry.k0.hswaw.net/q3k/hswaw-site@sha256:ba8b5ca2aab81edd7a1f5bcc1e75253d7573e199463e7e56aaf18ad4380d681b',
},
ns: kube.Namespace(cfg.namespace),
deployment: top.ns.Contain(kube.Deployment(cfg.name)) {
spec+: {
replicas: 3,
template+: {
spec+: {
containers_: {
default: kube.Container("default") {
image: cfg.image,
command: [
"/hswaw/site/site",
"-hspki_disable",
"-logtostderr",
],
resources: {
requests: { cpu: "25m", memory: "64Mi" },
limits: { cpu: "500m", memory: "128Mi" },
},
ports_: {
http: { containerPort: 8080 },
},
},
},
},
},
},
},
service: top.ns.Contain(kube.Service(cfg.name)) {
target_pod:: top.deployment.spec.template,
},
ingress: top.ns.Contain(kube.Ingress(cfg.name)) {
metadata+: {
annotations+: {
"kubernetes.io/tls-acme": "true",
"cert-manager.io/cluster-issuer": "letsencrypt-prod",
"nginx.ingress.kubernetes.io/proxy-body-size": "0",
},
},
spec+: {
tls: [ { hosts: cfg.domains, secretName: cfg.name + "-tls" } ],
rules: [
{
host: domain,
http: {
paths: [
{ path: "/", backend: top.service.name_port },
],
},
}
for domain in cfg.domains
],
},
},
}