cheshire
/
hscloud
forked from hswaw/hscloud
1
0
Fork 0
Code Pull Requests Activity

*/kube: Add kube.SimpleIngress 

Change-Id: Iddcac629b9938f228dd93b32e58bb14606d5c6e5
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1745
Reviewed-by: q3k <q3k@hackerspace.pl>
master
radex 2023-10-27 22:41:18 +02:00 committed by radex
parent 56df80cf24
commit f5844311eb
26 changed files with 171 additions and 695 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
app/covid-formity/prod.jsonnet
View File

@ -2,7 +2,7 @@
# This needs a secret provisioned, create with:
# kubectl -n covid-formity create secret generic covid-formity --from-literal=postgres_password=$(pwgen 24 1) --from-literal=secret_key=$(pwgen 24 1) --from-literal=oauth2_secret=...
local kube = import "../../kube/kube.libsonnet";
local kube = import "../../kube/hscloud.libsonnet";
local redis = import "../../kube/redis.libsonnet";
local postgres = import "../../kube/postgres.libsonnet";
@ -89,37 +89,17 @@ local postgres = import "../../kube/postgres.libsonnet";
},
},
ingress: kube.Ingress("covid-formity") {
ingress: kube.SimpleIngress("covid-formity") {
hosts:: [cfg.domain] + cfg.altDomains,
target_service:: app.svc,
metadata+: app.metadata("covid-formity") {
annotations+: {
"kubernetes.io/tls-acme": "true",
"cert-manager.io/cluster-issuer": "letsencrypt-prod",
"nginx.ingress.kubernetes.io/proxy-body-size": "0",
"nginx.ingress.kubernetes.io/configuration-snippet": "
location /qr1 { rewrite ^/qr1(.*)$ https://covid.hackerspace.pl$1 redirect; }
location /video { return 302 https://youtu.be/eC19w2NFO0E; }
location /manual { return 302 https://wiki.hackerspace.pl/_media/projects:covid-19:przylbica-instrukcja-v1.0.pdf; }
",
},
},
spec+: {
tls: [
{
hosts: [cfg.domain] + cfg.altDomains,
secretName: "covid-formity-tls",
},
],
rules: [
{
host: dom,
http: {
paths: [
{ path: "/", backend: app.svc.name_port },
]
},
}
for dom in [cfg.domain] + cfg.altDomains
],
},
}
}
},
}

26
app/inventory/prod.jsonnet
View File

@ -1,4 +1,4 @@
local kube = import '../../kube/kube.libsonnet';
local kube = import "../../kube/hscloud.libsonnet";
local postgres = import '../../kube/postgres_v.libsonnet';
{
@ -94,26 +94,8 @@ local postgres = import '../../kube/postgres_v.libsonnet';
target_pod:: top.deployment.spec.template,
},
ingress: top.ns.Contain(kube.Ingress(cfg.name)) {
metadata+: {
annotations+: {
'kubernetes.io/tls-acme': 'true',
'cert-manager.io/cluster-issuer': 'letsencrypt-prod',
'nginx.ingress.kubernetes.io/proxy-body-size': '0',
},
},
spec+: {
tls: [{ hosts: [cfg.domain], secretName: cfg.name + '-tls' }],
rules: [
{
host: cfg.domain,
http: {
paths: [
{ path: '/', backend: top.service.name_port },
],
},
},
],
},
ingress: top.ns.Contain(kube.SimpleIngress(cfg.name)) {
hosts:: [cfg.domain],
target_service:: top.service,
},
}

32
app/mailman-web/kube/mailman.libsonnet
View File

@ -1,4 +1,4 @@
local kube = import "../../../kube/kube.libsonnet";
local kube = import "../../../kube/hscloud.libsonnet";
{
local app = self,
@ -171,33 +171,9 @@ local kube = import "../../../kube/kube.libsonnet";
},
#ingress: ns.Contain(kube.Ingress("mailman")) {
# metadata+: {
# annotations+: {
# "kubernetes.io/tls-acme": "true",
# "certmanager.k8s.io/cluster-issuer": "letsencrypt-prod",
# "nginx.ingress.kubernetes.io/proxy-body-size": "0",
# },
# },
# spec+: {
# tls: [
# {
# hosts: [cfg.webDomain],
# secretName: "mailman-ingress-tls",
# },
# ],
# rules: [
# {
# host: cfg.webDomain,
# http: {
# paths: [
# { path: "/", backend: app.svcWeb.name_port },
# //{ path: "/static/", backend: app.svcStatic.name_port },
# ],
# },
# },
# ],
# },
#ingress: ns.Contain(kube.SimpleIngress("mailman")) {
# hosts:: [cfg.webDomain],
# target_service:: app.svcWeb,
#},
config: ns.Contain(kube.Secret("config")) {

45
app/matrix/lib/matrix.libsonnet
View File

@ -28,7 +28,7 @@
# For appservice-telegram instances, you can use this oneliner magic:
# kubectl -n matrix create secret generic appservice-telegram-prod-registration --from-file=registration.yaml=<(kubectl -n matrix logs job/appservice-telegram-prod-bootstrap | grep -A 100 SNIPSNIP | grep -v SNIPSNIP)
local kube = import "../../../kube/kube.libsonnet";
local kube = import "../../../kube/hscloud.libsonnet";
local postgres = import "../../../kube/postgres.libsonnet";
{
@ -393,37 +393,16 @@ local postgres = import "../../../kube/postgres.libsonnet";
// until it spits you a registration YAML and you feed that to a secret.
appservices: {},
ingress: kube.Ingress("matrix") {
metadata+: app.metadata("matrix") {
annotations+: {
"kubernetes.io/tls-acme": "true",
"cert-manager.io/cluster-issuer": "letsencrypt-prod",
"nginx.ingress.kubernetes.io/proxy-body-size": "0",
},
},
spec+: {
tls: [
{
hosts: [cfg.webDomain],
secretName: "synapse-tls",
},
],
rules: [
{
host: cfg.webDomain,
http: {
paths: [
{ path: "/", backend: app.riotSvc.name_port },
{ path: "/_matrix", backend: app.synapseSvc.name_port },
] + (if cfg.cas.enable then [
{ path: "/_cas", backend: app.casSvc.name_port },
] else []) + (if cfg.wellKnown then [
{ path: "/.well-known/matrix", backend: app.wellKnown.svc.name_port },
] else [])
},
}
],
},
ingress: kube.SimpleIngress("matrix") {
hosts:: [cfg.webDomain],
target_service:: app.riotSvc,
metadata+: app.metadata("matrix"),
extra_paths:: [
{ path: "/_matrix", backend: app.synapseSvc.name_port },
] + (if cfg.cas.enable then [
{ path: "/_cas", backend: app.casSvc.name_port },
] else []) + (if cfg.wellKnown then [
{ path: "/.well-known/matrix", backend: app.wellKnown.svc.name_port },
] else [])
},
}

29
app/onlyoffice/prod.jsonnet
View File

@ -2,7 +2,7 @@
// JWT secret needs to be generated as follows per environment:
// kubectl -n onlyoffice-prod create secret generic documentserver-jwt --from-literal=jwt=$(pwgen 32 1)
local kube = import "../../kube/kube.libsonnet";
local kube = import "../../kube/hscloud.libsonnet";
local policies = import "../../kube/policies.libsonnet";
{
@ -51,7 +51,7 @@ local policies = import "../../kube/policies.libsonnet";
local make(sp, p) = { name: "data", mountPath: p, subPath: sp },
volumeMounts: [
// Per upstream Dockerfile:
// VOLUME /var/log/$COMPANY_NAME /var/lib/$COMPANY_NAME
// VOLUME /var/log/$COMPANY_NAME /var/lib/$COMPANY_NAME
// /var/www/$COMPANY_NAME/Data /var/lib/postgresql
// /var/lib/rabbitmq /var/lib/redis
// /usr/share/fonts/truetype/custom
@ -75,27 +75,10 @@ local policies = import "../../kube/policies.libsonnet";
svc: oo.ns.Contain(kube.Service("documentserver")) {
target_pod:: oo.deploy.spec.template,
},
ingress: oo.ns.Contain(kube.Ingress("office")) {
metadata+: {
annotations+: {
"kubernetes.io/tls-acme": "true",
"cert-manager.io/cluster-issuer": "letsencrypt-prod",
},
},
spec+: {
tls: [{ hosts: [cfg.domain], secretName: "office-tls" }],
rules: [
{
host: cfg.domain,
http: {
paths: [
{ path: "/", backend: oo.svc.name_port, },
],
},
},
],
},
ingress: oo.ns.Contain(kube.SimpleIngress("office")) {
hosts:: [cfg.domain],
target_service:: oo.svc,
},
// Needed because the documentserver runs its own supervisor, and:

81
bgpwtf/cccampix/kube/ix.libsonnet
View File

@ -1,4 +1,4 @@
local kube = import "../../../kube/kube.libsonnet";
local kube = import "../../../kube/hscloud.libsonnet";
{
IX: {
@ -425,81 +425,28 @@ local kube = import "../../../kube/kube.libsonnet";
},
},
ingress: kube.Ingress("ingress") {
metadata+: ix.metadata("public") {
annotations+: {
"kubernetes.io/tls-acme": "true",
"cert-manager.io/cluster-issuer": "letsencrypt-prod",
"nginx.ingress.kubernetes.io/proxy-body-size": "0",
},
},
spec+: {
tls: [
{ hosts: [cfg.frontend.domain], secretName: "public-tls"}
],
rules: [
{
host: cfg.frontend.domain,
http: {
paths: [
{ path: "/", backend: ix.frontend.svc.name_port },
],
},
},
],
},
ingress: kube.SimpleIngress("ingress") {
hosts:: [cfg.frontend.domain],
target_service:: ix.frontend.svc,
metadata+: ix.metadata("public"),
},
aliceIngress: kube.Ingress("alice") {
aliceIngress: kube.SimpleIngress("alice") {
hosts:: [cfg.alice.domain],
target_service:: ix.alice.svc,
metadata+: ix.metadata("alice"),
},
grpcIngress: kube.SimpleIngress("grpc") {
hosts:: [cfg.verifier.domain],
target_service:: ix.verifier.svc,
metadata+: ix.metadata("alice") {
annotations+: {
"kubernetes.io/tls-acme": "true",
"cert-manager.io/cluster-issuer": "letsencrypt-prod",
"nginx.ingress.kubernetes.io/proxy-body-size": "0",
},
},
spec+: {
tls: [
{ hosts: [cfg.alice.domain], secretName: "alice-tls"}
],
rules: [
{
host: cfg.alice.domain,
http: {
paths: [
{ path: "/", backend: ix.alice.svc.name_port },
],
},
},
],
},
},
grpcIngress: kube.Ingress("grpc") {
metadata+: ix.metadata("grpc") {
annotations+: {
"kubernetes.io/tls-acme": "true",
"cert-manager.io/cluster-issuer": "letsencrypt-prod",
"kubernetes.io/ingress.class": "nginx",
"nginx.ingress.kubernetes.io/ssl-redirect": "true",
"nginx.ingress.kubernetes.io/backend-protocol": "GRPC",
},
},
spec+: {
tls: [
{ hosts: [cfg.verifier.domain], secretName: "grpc-tls"}
],
rules: [
{
host: cfg.verifier.domain,
http: {
paths: [
{ path: "/", backend: ix.verifier.svc.name_port },
],
},
},
],
},
},
},
}

28
bgpwtf/internet/kube/prod.jsonnet
View File

@ -1,4 +1,4 @@
local kube = import '../../../kube/kube.libsonnet';
local kube = import '../../../kube/hscloud.libsonnet';
{
local internet = self,
@ -59,27 +59,9 @@ local kube = import '../../../kube/kube.libsonnet';
target_pod:: internet.deployment.spec.template,
},
ingress: kube.Ingress("frontend") {
metadata+: internet.metadata("frontend") {
annotations+: {
"kubernetes.io/tls-acme": "true",
"cert-manager.io/cluster-issuer": "letsencrypt-prod",
},
},
spec+: {
tls: [
{ hosts: [cfg.domain], secretName: "frontend-tls"}
],
rules: [
{
host: cfg.domain,
http: {
paths: [
{ path: "/", backend: internet.svc.name_port },
],
},
},
],
},
ingress: kube.SimpleIngress("frontend") {
hosts:: [cfg.domain],
target_service:: internet.svc,
metadata+: internet.metadata("frontend"),
},
}

29
bgpwtf/speedtest/kube/prod.jsonnet
View File

@ -1,4 +1,4 @@
local kube = import '../../../kube/kube.libsonnet';
local kube = import '../../../kube/hscloud.libsonnet';
{
local speedtest = self,
@ -58,28 +58,9 @@ local kube = import '../../../kube/kube.libsonnet';
target_pod:: speedtest.deployment.spec.template,
},
ingress: kube.Ingress("public") {
metadata+: speedtest.metadata("public") {
annotations+: {
"kubernetes.io/tls-acme": "true",
"cert-manager.io/cluster-issuer": "letsencrypt-prod",
"nginx.ingress.kubernetes.io/proxy-body-size": "0",
},
},
spec+: {
tls: [
{ hosts: [cfg.domain], secretName: "public-tls"}
],
rules: [
{
host: cfg.domain,
http: {
paths: [
{ path: "/", backend: speedtest.svc.name_port },
],
},
},
],
},
ingress: kube.SimpleIngress("public") {
hosts:: [cfg.domain],
target_service:: speedtest.svc,
metadata+: speedtest.metadata("public"),
},
}

30
cluster/kube/lib/rook.libsonnet
View File

@ -1,6 +1,6 @@
# Deploy Rook/Ceph Operator
local kube = import "../../../kube/kube.libsonnet";
local kube = import "../../../kube/hscloud.libsonnet";
local policies = import "../../../kube/policies.libsonnet";
local oa = kube.OpenAPI;
@ -753,31 +753,9 @@ local oa = kube.OpenAPI;
},
},
dashboardIngress: kube.Ingress(cluster.name("dashboard")) {
metadata+: cluster.metadata {
annotations+: {
"kubernetes.io/tls-acme": "true",
"cert-manager.io/cluster-issuer": "letsencrypt-prod",
},
},
spec+: {
tls: [
{
hosts: ["%s.hswaw.net" % name],
secretName: cluster.name("dashboard"),
},
],
rules: [
{
host: "%s.hswaw.net" % name,
http: {
paths: [
{ path: "/", backend: cluster.dashboardService.name_port },
]
},
}
],
},
dashboardIngress: kube.SimpleIngress(cluster.name("dashboard")) {
hosts:: ["%s.hswaw.net" % name],
target_service:: cluster.dashboardService,
},
# Benji is a backup tool, external to rook, that we use for backing up

29
devtools/gerrit/kube/gerrit.libsonnet
View File

@ -1,4 +1,4 @@
local kube = import "../../../kube/kube.libsonnet";
local kube = import "../../../kube/hscloud.libsonnet";
{
local gerrit = self,
@ -225,28 +225,9 @@ local kube = import "../../../kube/kube.libsonnet";
},
},
ingress: kube.Ingress(gerrit.name("gerrit")) {
metadata+: gerrit.metadata("ingress") {
annotations+: {
"kubernetes.io/tls-acme": "true",
"cert-manager.io/cluster-issuer": "letsencrypt-prod",
"nginx.ingress.kubernetes.io/proxy-body-size": "0",
},
},
spec+: {
tls: [
{ hosts: [cfg.domain], secretName: gerrit.name("acme") },
],
rules: [
{
host: cfg.domain,
http: {
paths: [
{ path: "/", backend: gerrit.svc.name_port },
],
},
}
],
},
ingress: kube.SimpleIngress(gerrit.name("gerrit")) {
hosts:: [cfg.domain],
target_service:: gerrit.svc,
metadata+: gerrit.metadata("ingress"),
},
}

63
devtools/issues/redmine.libsonnet
View File

@ -1,4 +1,4 @@
local kube = import "../../kube/kube.libsonnet";
local kube = import "../../kube/hscloud.libsonnet";
local postgres = import "../../kube/postgres.libsonnet";
{
@ -130,32 +130,9 @@ local postgres = import "../../kube/postgres.libsonnet";
target_pod:: app.deployment.spec.template,
},
ingress: app.ns.Contain(kube.Ingress("redmine")) {
metadata+: {
annotations+: {
"kubernetes.io/tls-acme": "true",
"cert-manager.io/cluster-issuer": "letsencrypt-prod",
"nginx.ingress.kubernetes.io/proxy-body-size": "0",
},
},
spec+: {
tls: [
{
hosts: [cfg.domain],
secretName: "redmine-tls",
},
],
rules: [
{
host: cfg.domain,
http: {
paths: [
{ path: "/", backend: app.svc.name_port },
]
},
}
],
},
ingress: app.ns.Contain(kube.SimpleIngress("redmine")) {
hosts:: [cfg.domain],
target_service:: app.svc,
},
b: (if std.length(cfg.b.domains) > 0 then {
@ -182,34 +159,10 @@ local postgres = import "../../kube/postgres.libsonnet";
svc: app.ns.Contain(kube.Service("b")) {
target_pod:: app.b.deployment.spec.template,
},
ingress: app.ns.Contain(kube.Ingress("b")) {
metadata+: {
annotations+: {
"kubernetes.io/tls-acme": "true",
"cert-manager.io/cluster-issuer": "letsencrypt-prod",
"nginx.ingress.kubernetes.io/proxy-body-size": "0",
},
},
spec+: {
tls: [
{
hosts: cfg.b.domains,
secretName: "b-tls",
},
],
rules: [
{
host: domain,
http: {
paths: [
{ path: "/", backend: app.b.svc.name_port },
]
},
}
for domain in cfg.b.domains
],
},
}
ingress: app.ns.Contain(kube.SimpleIngress("b")) {
hosts:: cfg.b.domains,
target_service:: app.b.svc,
},
} else {}),
}

26
hswaw/capacifier/prod.jsonnet
View File

@ -1,4 +1,4 @@
local kube = import "../../kube/kube.libsonnet";
local kube = import "../../kube/hscloud.libsonnet";
{
local top = self,
@ -50,26 +50,8 @@ local kube = import "../../kube/kube.libsonnet";
target_pod:: top.deployment.spec.template,
},
ingress: top.ns.Contain(kube.Ingress(cfg.name)) {
metadata+: {
annotations+: {
"kubernetes.io/tls-acme": "true",
"cert-manager.io/cluster-issuer": "letsencrypt-prod",
"nginx.ingress.kubernetes.io/proxy-body-size": "0",
},
},
spec+: {
tls: [ { hosts: [ cfg.domain ], secretName: cfg.name + "-tls" } ],
rules: [
{
host: cfg.domain,
http: {
paths: [
{ path: "/", backend: top.service.name_port },
],
},
},
],
},
ingress: top.ns.Contain(kube.SimpleIngress(cfg.name)) {
hosts:: [cfg.domain],
target_service:: top.service,
},
}

26
hswaw/ldapweb/prod.jsonnet
View File

@ -1,4 +1,4 @@
local kube = import "../../kube/kube.libsonnet";
local kube = import "../../kube/hscloud.libsonnet";
{
local top = self,
@ -50,26 +50,8 @@ local kube = import "../../kube/kube.libsonnet";
target_pod:: top.deployment.spec.template,
},
ingress: top.ns.Contain(kube.Ingress(cfg.name)) {
metadata+: {
annotations+: {
"kubernetes.io/tls-acme": "true",
"cert-manager.io/cluster-issuer": "letsencrypt-prod",
"nginx.ingress.kubernetes.io/proxy-body-size": "0",
},
},
spec+: {
tls: [ { hosts: [ cfg.domain ], secretName: cfg.name + "-tls" } ],
rules: [
{
host: cfg.domain,
http: {
paths: [
{ path: "/", backend: top.service.name_port },
],
},
},
],
},
ingress: top.ns.Contain(kube.SimpleIngress(cfg.name)) {
hosts:: [cfg.domain],
target_service:: top.service,
},
}

28
hswaw/oodviewer/prod.jsonnet
View File

@ -2,7 +2,7 @@
//
// See README.md for more information.
local kube = import "../../kube/kube.libsonnet";
local kube = import "../../kube/hscloud.libsonnet";
{
local top = self,
@ -60,26 +60,8 @@ local kube = import "../../kube/kube.libsonnet";
target_pod:: top.deploy.spec.template,
},
ingress: top.ns.Contain(kube.Ingress("oodviewer")) {
metadata+: {
annotations+: {
"kubernetes.io/tls-acme": "true",
"cert-manager.io/cluster-issuer": "letsencrypt-prod",
"nginx.ingress.kubernetes.io/proxy-body-size": "0",
},
},
spec+: {
tls: [ { hosts: [ cfg.domain ], secretName: "oodviewer-tls" } ],
rules: [
{
host: cfg.domain,
http: {
paths: [
{ path: "/", backend: top.service.name_port },
],
},
},
],
},
}
ingress: top.ns.Contain(kube.SimpleIngress("oodviewer")) {
hosts:: [cfg.domain],
target_service:: top.service,
},
}

28
hswaw/paperless/paperless.libsonnet
View File

@ -6,7 +6,7 @@
# first user as such:
# kubectl -n paperless exec -it deploy/paperless -c paperless -- python ./manage.py shell -c "from django.contrib.auth.models import User; u = User.objects.get_by_natural_key('informatic'); u.is_superuser = True; u.is_staff = True; u.save()"
local kube = import "../../kube/kube.libsonnet";
local kube = import "../../kube/hscloud.libsonnet";
local postgres = import "../../kube/postgres.libsonnet";
local redis = import "../../kube/redis.libsonnet";
@ -171,26 +171,8 @@ local redis = import "../../kube/redis.libsonnet";
target_pod:: app.deploy.spec.template,
},
ingress: app.ns.Contain(kube.Ingress("paperless")) {
metadata+: {
annotations+: {
"kubernetes.io/tls-acme": "true",
"cert-manager.io/cluster-issuer": "letsencrypt-prod",
"nginx.ingress.kubernetes.io/proxy-body-size": "0",
},
},
spec+: {
tls: [ { hosts: [ cfg.domain ], secretName: "paperless-tls" } ],
rules: [
{
host: cfg.domain,
http: {
paths: [
{ path: "/", backend: app.service.name_port },
],
},
},
],
},
}
ingress: app.ns.Contain(kube.SimpleIngress("paperless")) {
hosts:: [cfg.domain],
target_service:: app.service,
},
}

27
hswaw/site/prod.jsonnet
View File

@ -1,4 +1,4 @@
local kube = import "../../kube/kube.libsonnet";
local kube = import "../../kube/hscloud.libsonnet";
{
local top = self,
@ -45,27 +45,8 @@ local kube = import "../../kube/kube.libsonnet";
target_pod:: top.deployment.spec.template,
},
ingress: top.ns.Contain(kube.Ingress(cfg.name)) {
metadata+: {
annotations+: {
"kubernetes.io/tls-acme": "true",
"cert-manager.io/cluster-issuer": "letsencrypt-prod",
"nginx.ingress.kubernetes.io/proxy-body-size": "0",
},
},
spec+: {
tls: [ { hosts: cfg.domains, secretName: cfg.name + "-tls" } ],
rules: [
{
host: domain,
http: {
paths: [
{ path: "/", backend: top.service.name_port },
],
},
}
for domain in cfg.domains
],
},
ingress: top.ns.Contain(kube.SimpleIngress(cfg.name)) {
hosts:: cfg.domains,
target_service:: top.service,
},
}

34
kube/hscloud.libsonnet Normal file
View File

@ -0,0 +1,34 @@
// HSWAW / hscloud / k0-specific extensions to kube.libsonnet
local kube = import "kube.libsonnet";
kube {
// Basic Ingress config pointing `hosts` to `target_service`, with HTTPS set up
SimpleIngress(name): kube.Ingress(name) {
local ingress = self,
hosts:: error "hosts must be defined",
target_service:: error "target_service must be defined",
extra_paths:: [],
metadata+: {
annotations+: {
'kubernetes.io/tls-acme': 'true',
'cert-manager.io/cluster-issuer': 'letsencrypt-prod',
'nginx.ingress.kubernetes.io/proxy-body-size': '0',
},
},
spec+: {
tls: [{ hosts: ingress.hosts, secretName: name + '-tls' }],
rules: [
{
host: host,
http: {
paths: [
{ path: '/', backend: ingress.target_service.name_port },
] + ingress.extra_paths,
},
}
for host in ingress.hosts
],
},
},
}

48
ops/monitoring/lib/global.libsonnet
View File

@ -1,4 +1,4 @@
local kube = import "../../../kube/kube.libsonnet";
local kube = import "../../../kube/hscloud.libsonnet";
{
// Global sets up a global tier instance of the hscloud monitoring infrastructure.
@ -134,26 +134,9 @@ local kube = import "../../../kube/kube.libsonnet";
},
},
ingressAPI: ns.Contain(kube.Ingress("victoria-api")) {
metadata+: {
annotations+: {
"kubernetes.io/tls-acme": "true",
"cert-manager.io/cluster-issuer": "letsencrypt-prod",
},
},
spec+: {
tls: [
{ hosts: [cfg.hosts.globalAPI], secretName: "ingress-tls" },
],
rules: [
{
host: cfg.hosts.globalAPI,
http: {
paths: [ { path: "/", backend: { serviceName: victoria.serviceAPI.metadata.name, servicePort: 8427 } }, ],
},
}
],
},
ingressAPI: ns.Contain(kube.SimpleIngress("victoria-api")) {
hosts:: [cfg.hosts.globalAPI],
target_service:: victoria.serviceAPI,
},
},
@ -279,26 +262,9 @@ local kube = import "../../../kube/kube.libsonnet";
},
},
ingress: ns.Contain(kube.Ingress("grafana-public")) {
metadata+: {
annotations+: {
"kubernetes.io/tls-acme": "true",
"cert-manager.io/cluster-issuer": "letsencrypt-prod",
},
},
spec+: {
tls: [
{ hosts: [cfg.hosts.globalDashboard], secretName: "ingress-grafana-tls" },
],
rules: [
{
host: cfg.hosts.globalDashboard,
http: {
paths: [ { path: "/", backend: { serviceName: grafana.service.metadata.name, servicePort: 3000 } }, ],
},
}
],
},
ingress: ns.Contain(kube.SimpleIngress("grafana-public")) {
hosts:: [cfg.hosts.globalDashboard],
target_service:: grafana.service,
},
},
}

31
ops/sso/kube/sso.libsonnet
View File

@ -1,6 +1,6 @@
# kubectl create secret generic sso --from-literal=secret_key=$(pwgen 24 1) --from-literal=ldap_bind_password=...
local kube = import "../../../kube/kube.libsonnet";
local kube = import "../../../kube/hscloud.libsonnet";
{
local app = self,
@ -104,31 +104,8 @@ local kube = import "../../../kube/kube.libsonnet";
},
},
ingress: app.ns.Contain(kube.Ingress("sso")) {
metadata+: {
annotations+: {
"kubernetes.io/tls-acme": "true",
"cert-manager.io/cluster-issuer": "letsencrypt-prod",
"nginx.ingress.kubernetes.io/proxy-body-size": "0",
},
},
spec+: {
tls: [
{
hosts: [cfg.domain],
secretName: "sso-tls",
},
],
rules: [
{
host: cfg.domain,
http: {
paths: [
{ path: "/", backend: app.svc.name_port },
]
},
}
],
},
ingress: app.ns.Contain(kube.SimpleIngress("sso")) {
hosts:: [cfg.domain],
target_service:: app.svc,
},
}

25
personal/q3k/annoyatron/prod.jsonnet
View File

@ -1,4 +1,4 @@
local kube = import '../../../kube/kube.libsonnet';
local kube = import '../../../kube/hscloud.libsonnet';
{
local annoyatron = self,
local cfg = self.cfg,
@ -46,28 +46,11 @@ local kube = import '../../../kube/kube.libsonnet';
],
},
},
ingress: kube.Ingress("annoyatron") {
ingress: kube.SimpleIngress("annoyatron") {
metadata+: {
namespace: "q3k",
annotations+: {
"kubernetes.io/tls-acme": "true",
"cert-manager.io/cluster-issuer": "letsencrypt-prod",
},
},
spec+: {
tls: [
{ hosts: [cfg.domain], secretName: "annoyatron-tls" },
],
rules: [
{
host: cfg.domain,
http: {
paths: [
{ path: "/", backend: annoyatron.svc.name_port },
],
},
}
],
},
hosts:: [cfg.domain],
target_service:: annoyatron.svc,
},
}

29
personal/q3k/ppsa.jsonnet
View File

@ -1,4 +1,4 @@
local kube = import "../../kube/kube.libsonnet";
local kube = import "../../kube/hscloud.libsonnet";
{
local top = self,
@ -33,29 +33,8 @@ local kube = import "../../kube/kube.libsonnet";
svc: top.ns.Contain(kube.Service("ppsa-jsonapi")) {
target_pod:: top.deploy.spec.template,
},
ingress: top.ns.Contain(kube.Ingress("ppsa-jsonapi")) {
metadata+: {
annotations+: {
"kubernetes.io/tls-acme": "true",
"cert-manager.io/cluster-issuer": "letsencrypt-prod",
"nginx.ingress.kubernetes.io/proxy-body-size": "0",
},
},
spec+: {
tls: [
{ hosts: [ "ppsa.app.q3k.org"], secretName: "ppsa-jsonapi-tls", },
],
rules: [
{
host: "ppsa.app.q3k.org",
http: {
paths: [
{ path: "/", backend: top.svc.name_port },
],
},
},
],
},
ingress: top.ns.Contain(kube.SimpleIngress("ppsa-jsonapi")) {
hosts:: ["ppsa.app.q3k.org"],
target_service:: top.svc,
},
}

26
personal/q3k/rc3.jsonnet
View File

@ -1,4 +1,4 @@
local kube = import "../../kube/kube.libsonnet";
local kube = import "../../kube/hscloud.libsonnet";
{
local rc3 = self,
@ -32,29 +32,11 @@ local kube = import "../../kube/kube.libsonnet";
},
target_pod:: rc3.deploy.spec.template,
},
ingress: kube.Ingress("rc3-data") {
ingress: kube.SimpleIngress("rc3-data") {
metadata+: {
namespace: "personal-q3k",
annotations+: {
"kubernetes.io/tls-acme": "true",
"cert-manager.io/cluster-issuer": "letsencrypt-prod",
"nginx.ingress.kubernetes.io/proxy-body-size": "0",
},
},
spec+: {
tls: [
{ hosts: [ "rc3-data.q3k.org"], secretName: "rc3-data-tls", },
],
rules: [
{
host: "rc3-data.q3k.org",
http: {
paths: [
{ path: "/", backend: rc3.svc.name_port },
],
},
},
],
},
hosts:: ["rc3-data.q3k.org"],
target_service:: rc3.svc,
},
}

30
personal/q3k/wow/lib.libsonnet
View File

@ -1,4 +1,4 @@
local kube = import "../../../kube/kube.libsonnet";
local kube = import "../../../kube/hscloud.libsonnet";
{
local wow = self,
@ -272,30 +272,8 @@ local kube = import "../../../kube/kube.libsonnet";
],
},
},
panelIngress: ns.Contain(kube.Ingress(cfg.prefix + "panel")) {
metadata+: {
annotations+: {
"kubernetes.io/tls-acme": "true",
"cert-manager.io/cluster-issuer": "letsencrypt-prod",
},
},
spec+: {
tls: [
{
hosts: [cfg.panel.domain],
secretName: cfg.prefix + "panel-tls",
},
],
rules: [
{
host: cfg.panel.domain,
http: {
paths: [
{ path: "/", backend: wow.panelSvc.name_port },
],
},
}
],
},
panelIngress: ns.Contain(kube.SimpleIngress(cfg.prefix + "panel")) {
hosts:: [cfg.panel.domain],
target_service:: wow.panelSvc,
},
}

28
personal/radex/demo-next/prod.jsonnet
View File

@ -1,4 +1,4 @@
local kube = import "../../../kube/kube.libsonnet";
local kube = import "../../../kube/hscloud.libsonnet";
{
local top = self,
@ -58,26 +58,8 @@ local kube = import "../../../kube/kube.libsonnet";
target_pod:: top.deployment.spec.template,
},
ingress: top.ns.Contain(kube.Ingress(cfg.name)) {
metadata+: {
annotations+: {
"kubernetes.io/tls-acme": "true",
"cert-manager.io/cluster-issuer": "letsencrypt-prod",
"nginx.ingress.kubernetes.io/proxy-body-size": "0",
},
},
spec+: {
tls: [ { hosts: [ cfg.domain ], secretName: cfg.name + "-tls" } ],
rules: [
{
host: cfg.domain,
http: {
paths: [
{ path: "/", backend: top.service.name_port },
],
},
},
],
},
}
ingress: top.ns.Contain(kube.SimpleIngress(cfg.name)) {
hosts:: [cfg.domain],
target_service:: top.service,
},
}

28
personal/radex/demo/prod.jsonnet
View File

@ -1,4 +1,4 @@
local kube = import "../../../kube/kube.libsonnet";
local kube = import "../../../kube/hscloud.libsonnet";
{
local top = self,
@ -38,26 +38,8 @@ local kube = import "../../../kube/kube.libsonnet";
target_pod:: top.deployment.spec.template,
},
ingress: top.ns.Contain(kube.Ingress(cfg.name)) {
metadata+: {
annotations+: {
"kubernetes.io/tls-acme": "true",
"cert-manager.io/cluster-issuer": "letsencrypt-prod",
"nginx.ingress.kubernetes.io/proxy-body-size": "0",
},
},
spec+: {
tls: [ { hosts: [ cfg.domain ], secretName: cfg.name + "-tls" } ],
rules: [
{
host: cfg.domain,
http: {
paths: [
{ path: "/", backend: top.service.name_port },
],
},
},
],
},
}
ingress: top.ns.Contain(kube.SimpleIngress(cfg.name)) {
hosts:: [cfg.domain],
target_service:: top.service,
},
}

28
personal/vuko/shells/prod.jsonnet
View File

@ -1,5 +1,5 @@
# this is libjsonnet library for kubernetes related things
local kube = import '../../../kube/kube.libsonnet';
local kube = import '../../../kube/hscloud.libsonnet';
{
local shells = self,
@ -137,27 +137,9 @@ local kube = import '../../../kube/kube.libsonnet';
# ingress creates VirtualHost on ingress.k0.hswaw.net forwaring http(s)
# requests to your domain to specified Pod/container
ingress: kube.Ingress("frontend") {
metadata+: shells.metadata("frontend") {
annotations+: {
"kubernetes.io/tls-acme": "true",
"cert-manager.io/cluster-issuer": "letsencrypt-prod",
},
},
spec+: {
tls: [
{ hosts: [cfg.domain], secretName: "shells-frontend-tls"}
],
rules: [
{
host: cfg.domain,
http: {
paths: [
{ path: "/", backend: shells.svc.name_port },
],
},
},
],
},
ingress: kube.SimpleIngress("frontend") {
hosts:: [cfg.domain],
target_service:: shells.svc,
metadata+: shells.metadata("frontend"),
},
}