ldapweb: migrate from mirko to standalone

Change-Id: I169598232b39b99bfd2d4ff3799b44083ba77e84
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1623
Reviewed-by: q3k <q3k@hackerspace.pl>
This commit is contained in:
radex 2023-09-22 23:46:05 +02:00 committed by q3k
parent a7c36ed9f3
commit b8d4a8a902
4 changed files with 156 additions and 126 deletions

View file

@ -416,6 +416,7 @@ local rook = import "lib/rook.libsonnet";
{ namespace: "covid-formity", dns: "covid.hackerspace.pl" },
{ namespace: "covid-formity", dns: "www.covid.hackerspace.pl" },
{ namespace: "inventory", dns: "inventory.hackerspace.pl" },
{ namespace: "ldapweb", dns: "profile.hackerspace.pl" },
{ namespace: "devtools-prod", dns: "hackdoc.hackerspace.pl" },
{ namespace: "devtools-prod", dns: "cs.hackerspace.pl" },
{ namespace: "engelsystem-prod", dns: "engelsystem.hackerspace.pl" },

View file

@ -2,7 +2,6 @@ local mirko = import "../../kube/mirko.libsonnet";
local kube = import "../../kube/kube.libsonnet";
local smsgw = import "smsgw.libsonnet";
local ldapweb = import "ldapweb.libsonnet";
local teleimg = import "teleimg.libsonnet";
local frab = import "frab.libsonnet";
local pretalx = import "pretalx.libsonnet";
@ -17,7 +16,6 @@ local capacifier = import "capacifier.libsonnet";
cfg+: {
smsgw: smsgw.cfg,
ldapweb: ldapweb.cfg,
teleimg: teleimg.cfg,
frab: frab.cfg,
pretalx: pretalx.cfg,
@ -28,7 +26,6 @@ local capacifier = import "capacifier.libsonnet";
components: {
smsgw: smsgw.component(cfg.smsgw, env),
ldapweb: ldapweb.component(cfg.ldapweb, env),
teleimg: teleimg.teleimg(cfg.teleimg, env),
lelegram: teleimg.lelegram(cfg.teleimg, env),
frab: frab.component(cfg.frab, env),
@ -49,9 +46,6 @@ local capacifier = import "capacifier.libsonnet";
},
webhookFQDN: "smsgw-webhook-prod.hswaw.net",
},
ldapweb+: {
webFQDN: "profile.hackerspace.pl",
},
teleimg+: {
webFQDN: "teleimg.hswaw.net",
secret+: {

View file

@ -1,120 +0,0 @@
local mirko = import "../../kube/mirko.libsonnet";
local kube = import "../../kube/kube.libsonnet";
{
cfg:: {
# Manually built from code.hackerspace.pl/informatic/ldap-web-public.
image: "registry.k0.hswaw.net/radex/ldap-web:1695415920",
webFQDN: error "webFQDN must be set!",
},
component(cfg, env): mirko.Component(env, "ldapweb") {
local ldapweb = self,
cfg+: {
image: cfg.image,
volumes+: {
config: kube.ConfigMapVolume(ldapweb.configmap),
},
container: ldapweb.Container("main") {
# Starts by default on port 8000.
volumeMounts_+: {
config: { mountPath: "/app/webapp/config.py", subPath: "config.py", },
},
},
ports+: {
publicHTTP: {
web: {
port: 8000,
dns: cfg.webFQDN,
},
},
},
},
configmap: kube.ConfigMap(ldapweb.makeName("config")) {
metadata+: ldapweb.metadata,
data: {
"config.py": |||
import flask_wtf
import wtforms
import secrets
secret_key = secrets.token_hex(32)
ldap_url = 'ldap://ldap.hackerspace.pl'
dn_format = "uid=%s,ou=people,dc=hackerspace,dc=pl"
ldapweb_admin_group = 'cn=zarzad,ou=Group,dc=hackerspace,dc=pl'
ldap_base = 'dc=hackerspace,dc=pl'
ldap_people = 'ou=People,dc=hackerspace,dc=pl'
admin_groups = {
'Fatty': 'cn=fatty,ou=Group,dc=hackerspace,dc=pl',
'Starving': 'cn=starving,ou=Group,dc=hackerspace,dc=pl',
'Potato': 'cn=potato,ou=Group,dc=hackerspace,dc=pl',
}
admin_dn = 'cn=ldapweb,ou=Services,dc=hackerspace,dc=pl'
admin_pw = 'unused'
hackerspace_name = 'Warsaw Hackerspace'
readable_names = {
'commonname': u'Common Name',
'givenname': u'Given Name',
'gecos': u'GECOS (public name)',
'surname': u'Surname',
'loginshell': u'Shell',
'telephonenumber': 'Phone Number',
'mobiletelephonenumber': 'Mobile Number',
'sshpublickey': 'SSH Public Key',
'mifareidhash': 'MIFARE ID Hash',
}
full_name = {
'cn': 'commonname',
'gecos': 'gecos',
'sn': 'surname',
'mobile': 'mobiletelephonenumber',
'l': 'locality',
}
can_add = set([
'telephonenumber',
'mobiletelephonenumber',
'sshpublickey',
'mifareidhash',
])
can_delete = can_add
can_modify = can_add | set([
'givenname', 'surname', 'commonname', 'gecos',
])
can = { 'add':can_add, 'mod':can_modify, 'del':can_delete }
admin_required = set()
perm_errors = {
'add': 'You cannot add this attribute!',
'mod': 'You cannot change this attribute!',
'del': 'You cannot delete this attribute!',
}
std_templates = {
'add': 'ops/add.html',
'mod': 'ops/mod.html',
'del': 'ops/del.html',
}
default_field = (wtforms.fields.StringField, {})
fields = { 'telephonenumber': (wtforms.fields.StringField, {'validators': [wtforms.validators.Regexp(r'[+0-9 ]+')]})}
kadmin_passwd = True
kadmin_principal_map = "{}@HACKERSPACE.PL"
TOKEN_LENGTH = 32
|||,
},
},
},
}

155
hswaw/ldapweb/prod.jsonnet Normal file
View file

@ -0,0 +1,155 @@
local kube = import "../../kube/kube.libsonnet";
{
local top = self,
local cfg = self.cfg,
cfg:: {
name: 'ldapweb',
namespace: 'ldapweb',
domain: 'profile.hackerspace.pl',
image: 'registry.k0.hswaw.net/radex/ldap-web:1695415920',
},
ns: kube.Namespace(cfg.namespace),
deployment: top.ns.Contain(kube.Deployment(cfg.name)) {
spec+: {
replicas: 1,
template+: {
spec+: {
volumes_: {
config: kube.ConfigMapVolume(top.configmap),
},
containers_: {
default: kube.Container("default") {
image: cfg.image,
resources: {
requests: { cpu: "25m", memory: "64Mi" },
limits: { cpu: "500m", memory: "128Mi" },
},
ports_: {
http: { containerPort: 8000 },
},
volumeMounts_: {
config: { mountPath: '/app/webapp/config.py', subPath: 'config.py' },
}
},
},
},
},
},
},
service: top.ns.Contain(kube.Service(cfg.name)) {
target_pod:: top.deployment.spec.template,
},
ingress: top.ns.Contain(kube.Ingress(cfg.name)) {
metadata+: {
annotations+: {
"kubernetes.io/tls-acme": "true",
"cert-manager.io/cluster-issuer": "letsencrypt-prod",
"nginx.ingress.kubernetes.io/proxy-body-size": "0",
},
},
spec+: {
tls: [ { hosts: [ cfg.domain ], secretName: cfg.name + "-tls" } ],
rules: [
{
host: cfg.domain,
http: {
paths: [
{ path: "/", backend: top.service.name_port },
],
},
},
],
},
},
configmap: top.ns.Contain(kube.ConfigMap(cfg.name + "-config")) {
data: {
"config.py": |||
import flask_wtf
import wtforms
import secrets
secret_key = secrets.token_hex(32)
ldap_url = 'ldap://ldap.hackerspace.pl'
dn_format = "uid=%s,ou=people,dc=hackerspace,dc=pl"
ldapweb_admin_group = 'cn=zarzad,ou=Group,dc=hackerspace,dc=pl'
ldap_base = 'dc=hackerspace,dc=pl'
ldap_people = 'ou=People,dc=hackerspace,dc=pl'
admin_groups = {
'Fatty': 'cn=fatty,ou=Group,dc=hackerspace,dc=pl',
'Starving': 'cn=starving,ou=Group,dc=hackerspace,dc=pl',
'Potato': 'cn=potato,ou=Group,dc=hackerspace,dc=pl',
}
admin_dn = 'cn=ldapweb,ou=Services,dc=hackerspace,dc=pl'
admin_pw = 'unused'
hackerspace_name = 'Warsaw Hackerspace'
readable_names = {
'commonname': u'Common Name',
'givenname': u'Given Name',
'gecos': u'GECOS (public name)',
'surname': u'Surname',
'loginshell': u'Shell',
'telephonenumber': 'Phone Number',
'mobiletelephonenumber': 'Mobile Number',
'sshpublickey': 'SSH Public Key',
'mifareidhash': 'MIFARE ID Hash',
}
full_name = {
'cn': 'commonname',
'gecos': 'gecos',
'sn': 'surname',
'mobile': 'mobiletelephonenumber',
'l': 'locality',
}
can_add = set([
'telephonenumber',
'mobiletelephonenumber',
'sshpublickey',
'mifareidhash',
])
can_delete = can_add
can_modify = can_add | set([
'givenname', 'surname', 'commonname', 'gecos',
])
can = { 'add':can_add, 'mod':can_modify, 'del':can_delete }
admin_required = set()
perm_errors = {
'add': 'You cannot add this attribute!',
'mod': 'You cannot change this attribute!',
'del': 'You cannot delete this attribute!',
}
std_templates = {
'add': 'ops/add.html',
'mod': 'ops/mod.html',
'del': 'ops/del.html',
}
default_field = (wtforms.fields.StringField, {})
fields = { 'telephonenumber': (wtforms.fields.StringField, {'validators': [wtforms.validators.Regexp(r'[+0-9 ]+')]})}
kadmin_passwd = True
kadmin_principal_map = "{}@HACKERSPACE.PL"
TOKEN_LENGTH = 32
|||,
},
},
}