# covid19.hackerspace.pl, a covid-formity instance. # This needs a secret provisioned, create with: # kubectl -n covid-formity create secret generic covid-formity --from-literal=postgres_password=$(pwgen 24 1) --from-literal=secret_key=$(pwgen 24 1) --from-literal=oauth2_secret=... local kube = import "../../kube/kube.libsonnet"; local redis = import "../../kube/redis.libsonnet"; local postgres = import "../../kube/postgres.libsonnet"; { local app = self, local cfg = app.cfg, cfg:: { namespace: "covid-formity", image: "registry.k0.hswaw.net/informatic/covid-formity@sha256:53c5fb0dbc4a6660ab47e39869a516f1e3f833dee5a03867386771bd9ffaf7b8", domain: "covid19.hackerspace.pl", altDomains: ["covid.hackerspace.pl", "www.covid.hackerspace.pl"], }, metadata(component):: { namespace: app.cfg.namespace, labels: { "app.kubernetes.io/name": "covid-formity", "app.kubernetes.io/managed-by": "kubecfg", "app.kubernetes.io/component": component, }, }, namespace: kube.Namespace(app.cfg.namespace), postgres: postgres { cfg+: { namespace: cfg.namespace, appName: "covid-formity", database: "covid-formity", username: "covid-formity", password: { secretKeyRef: { name: "covid-formity", key: "postgres_password" } }, }, }, redis: redis { cfg+: { namespace: cfg.namespace, appName: "covid-formity", password: { secretKeyRef: { name: "covid-formity", key: "redis_password" } }, storageClassName: app.postgres.cfg.storageClassName, }, }, deployment: kube.Deployment("covid-formity") { metadata+: app.metadata("covid-formity"), spec+: { replicas: 1, template+: { spec+: { containers_: { web: kube.Container("covid-formity") { image: cfg.image, ports_: { http: { containerPort: 5000 }, }, env_: { DATABASE_HOSTNAME: "postgres", DATABASE_USERNAME: app.postgres.cfg.username, DATABASE_PASSWORD: app.postgres.cfg.password, CACHE_REDIS_PASSWORD: app.redis.cfg.password, CACHE_REDIS_URL: "redis://default:$(CACHE_REDIS_PASSWORD)@redis", DATABASE_NAME: app.postgres.cfg.appName, SPACEAUTH_CONSUMER_KEY: "covid-formity", SPACEAUTH_CONSUMER_SECRET: { secretKeyRef: { name: "covid-formity", key: "oauth2_secret" } }, SECRET_KEY: { secretKeyRef: { name: "covid-formity", key: "secret_key" } }, SHIPPING_KURJERZY_EMAIL: "qrde@hackerspace.pl", SHIPPING_KURJERZY_PASSWORD: { secretKeyRef: { name: "covid-formity-shipping", key: "kurjerzy_password" } }, }, }, }, }, }, }, }, svc: kube.Service("covid-formity") { metadata+: app.metadata("covid-formity"), target_pod:: app.deployment.spec.template, spec+: { ports: [ { name: "http", port: 5000, targetPort: 5000, protocol: "TCP" }, ], type: "ClusterIP", }, }, ingress: kube.Ingress("covid-formity") { metadata+: app.metadata("covid-formity") { annotations+: { "kubernetes.io/tls-acme": "true", "certmanager.k8s.io/cluster-issuer": "letsencrypt-prod", "nginx.ingress.kubernetes.io/proxy-body-size": "0", "nginx.ingress.kubernetes.io/configuration-snippet": " location /qr1 { rewrite ^/qr1(.*)$ https://covid.hackerspace.pl$1 redirect; } location /video { return 302 https://youtu.be/eC19w2NFO0E; } location /manual { return 302 https://wiki.hackerspace.pl/_media/projects:covid-19:przylbica-instrukcja-v1.0.pdf; } ", }, }, spec+: { tls: [ { hosts: [cfg.domain] + cfg.altDomains, secretName: "covid-formity-tls", }, ], rules: [ { host: dom, http: { paths: [ { path: "/", backend: app.svc.name_port }, ] }, } for dom in [cfg.domain] + cfg.altDomains ], }, }, }