diff --git a/cluster/kube/k0.libsonnet b/cluster/kube/k0.libsonnet index d90947eb..8c91fa4a 100644 --- a/cluster/kube/k0.libsonnet +++ b/cluster/kube/k0.libsonnet @@ -341,6 +341,8 @@ local rook = import "lib/rook.libsonnet"; { namespace: "gitea-prod", dns: "gitea.hackerspace.pl" }, { namespace: "hswaw-prod", dns: "*.hackerspace.pl" }, { namespace: "hswaw-prod", dns: "*.hswaw.net" }, + { namespace: "site", dns: "hackerspace.pl" }, + { namespace: "site", dns: "www.hackerspace.pl" }, { namespace: "internet", dns: "internet.hackerspace.pl" }, { namespace: "matrix", dns: "matrix.hackerspace.pl" }, { namespace: "onlyoffice-prod", dns: "office.hackerspace.pl" }, diff --git a/hswaw/kube/hswaw.jsonnet b/hswaw/kube/hswaw.jsonnet index 43f8a069..76d318e6 100644 --- a/hswaw/kube/hswaw.jsonnet +++ b/hswaw/kube/hswaw.jsonnet @@ -6,7 +6,6 @@ local teleimg = import "teleimg.libsonnet"; local frab = import "frab.libsonnet"; local pretalx = import "pretalx.libsonnet"; local cebulacamp = import "cebulacamp.libsonnet"; -local site = import "site.libsonnet"; local capacifier = import "capacifier.libsonnet"; { @@ -20,7 +19,6 @@ local capacifier = import "capacifier.libsonnet"; frab: frab.cfg, pretalx: pretalx.cfg, cebulacamp: cebulacamp.cfg, - site: site.cfg, capacifier: capacifier.cfg, }, @@ -33,7 +31,6 @@ local capacifier = import "capacifier.libsonnet"; cronjob: null, }, cebulacamp: cebulacamp.component(cfg.cebulacamp, env), - site: site.component(cfg.site, env), capacifier: capacifier.component(cfg.capacifier, env), }, }, @@ -71,9 +68,6 @@ local capacifier = import "capacifier.libsonnet"; cebulacamp+: { webFQDN: "cebula.camp", }, - site+: { - webFQDN: "new.hackerspace.pl", - }, capacifier+: { ldapBindPassword: std.split(importstr "secrets/plain/prod-capacifier-password", "\n")[0], }, diff --git a/hswaw/kube/site.libsonnet b/hswaw/kube/site.libsonnet deleted file mode 100644 index d63c8343..00000000 --- a/hswaw/kube/site.libsonnet +++ /dev/null @@ -1,26 +0,0 @@ -local mirko = import "../../kube/mirko.libsonnet"; -local kube = import "../../kube/kube.libsonnet"; - -{ - cfg:: { - image: "registry.k0.hswaw.net/q3k/hswaw-site@sha256:ba8b5ca2aab81edd7a1f5bcc1e75253d7573e199463e7e56aaf18ad4380d681b", - webFQDN: error "webFQDN must be set", - }, - - component(cfg, env):: mirko.Component(env, "site") { - local site = self, - cfg+: { - image: cfg.image, - container: site.GoContainer("main", "/hswaw/site/site") { - }, - ports+: { - publicHTTP: { - web: { - port: 8080, - dns: cfg.webFQDN, - } - }, - }, - }, - }, -} diff --git a/hswaw/site/prod.jsonnet b/hswaw/site/prod.jsonnet new file mode 100644 index 00000000..29e974dc --- /dev/null +++ b/hswaw/site/prod.jsonnet @@ -0,0 +1,73 @@ +local kube = import "../../kube/kube.libsonnet"; + +{ + local top = self, + local cfg = self.cfg, + + cfg:: { + name: 'site', + namespace: 'site', + domains: [ + 'hackerspace.pl', + 'www.hackerspace.pl', + ], + image: 'registry.k0.hswaw.net/q3k/hswaw-site@sha256:ba8b5ca2aab81edd7a1f5bcc1e75253d7573e199463e7e56aaf18ad4380d681b', + }, + + ns: kube.Namespace(cfg.namespace), + + deployment: top.ns.Contain(kube.Deployment(cfg.name)) { + spec+: { + replicas: 3, + template+: { + spec+: { + containers_: { + default: kube.Container("default") { + image: cfg.image, + command: [ + "/hswaw/site/site", + "-hspki_disable", + "-logtostderr", + ], + resources: { + requests: { cpu: "25m", memory: "64Mi" }, + limits: { cpu: "500m", memory: "128Mi" }, + }, + ports_: { + http: { containerPort: 8080 }, + }, + }, + }, + }, + }, + }, + }, + + service: top.ns.Contain(kube.Service(cfg.name)) { + target_pod:: top.deployment.spec.template, + }, + + ingress: top.ns.Contain(kube.Ingress(cfg.name)) { + metadata+: { + annotations+: { + "kubernetes.io/tls-acme": "true", + "cert-manager.io/cluster-issuer": "letsencrypt-prod", + "nginx.ingress.kubernetes.io/proxy-body-size": "0", + }, + }, + spec+: { + tls: [ { hosts: cfg.domains, secretName: cfg.name + "-tls" } ], + rules: [ + { + host: domain, + http: { + paths: [ + { path: "/", backend: top.service.name_port }, + ], + }, + } + for domain in cfg.domains + ], + }, + }, +}