local kube = import "../../kube/kube.libsonnet"; { local top = self, local cfg = self.cfg, cfg:: { name: 'ldapweb', namespace: 'ldapweb', domain: 'profile.hackerspace.pl', image: 'registry.k0.hswaw.net/radex/ldap-web:1695486391', }, ns: kube.Namespace(cfg.namespace), deployment: top.ns.Contain(kube.Deployment(cfg.name)) { spec+: { replicas: 1, template+: { spec+: { containers_: { default: kube.Container("default") { image: cfg.image, resources: { requests: { cpu: "25m", memory: "64Mi" }, limits: { cpu: "500m", memory: "128Mi" }, }, ports_: { http: { containerPort: 8000 }, }, env_: { LDAPWEB_ADMIN_GROUPS: 'ldap-admin,staff,zarzad', LDAPWEB_ACTIVE_GROUPS: 'fatty,starving,potato', } }, }, }, }, }, }, service: top.ns.Contain(kube.Service(cfg.name)) { target_pod:: top.deployment.spec.template, }, ingress: top.ns.Contain(kube.Ingress(cfg.name)) { metadata+: { annotations+: { "kubernetes.io/tls-acme": "true", "cert-manager.io/cluster-issuer": "letsencrypt-prod", "nginx.ingress.kubernetes.io/proxy-body-size": "0", }, }, spec+: { tls: [ { hosts: [ cfg.domain ], secretName: cfg.name + "-tls" } ], rules: [ { host: cfg.domain, http: { paths: [ { path: "/", backend: top.service.name_port }, ], }, }, ], }, }, }