local kube = import "../../kube/kube.libsonnet"; { local top = self, local cfg = self.cfg, cfg:: { name: 'ldapweb', namespace: 'ldapweb', domain: 'profile.hackerspace.pl', image: 'registry.k0.hswaw.net/radex/ldap-web:1695415920', }, ns: kube.Namespace(cfg.namespace), deployment: top.ns.Contain(kube.Deployment(cfg.name)) { spec+: { replicas: 1, template+: { spec+: { volumes_: { config: kube.ConfigMapVolume(top.configmap), }, containers_: { default: kube.Container("default") { image: cfg.image, resources: { requests: { cpu: "25m", memory: "64Mi" }, limits: { cpu: "500m", memory: "128Mi" }, }, ports_: { http: { containerPort: 8000 }, }, volumeMounts_: { config: { mountPath: '/app/webapp/config.py', subPath: 'config.py' }, } }, }, }, }, }, }, service: top.ns.Contain(kube.Service(cfg.name)) { target_pod:: top.deployment.spec.template, }, ingress: top.ns.Contain(kube.Ingress(cfg.name)) { metadata+: { annotations+: { "kubernetes.io/tls-acme": "true", "cert-manager.io/cluster-issuer": "letsencrypt-prod", "nginx.ingress.kubernetes.io/proxy-body-size": "0", }, }, spec+: { tls: [ { hosts: [ cfg.domain ], secretName: cfg.name + "-tls" } ], rules: [ { host: cfg.domain, http: { paths: [ { path: "/", backend: top.service.name_port }, ], }, }, ], }, }, configmap: top.ns.Contain(kube.ConfigMap(cfg.name + "-config")) { data: { "config.py": ||| import flask_wtf import wtforms import secrets secret_key = secrets.token_hex(32) ldap_url = 'ldap://ldap.hackerspace.pl' dn_format = "uid=%s,ou=people,dc=hackerspace,dc=pl" ldapweb_admin_group = 'cn=zarzad,ou=Group,dc=hackerspace,dc=pl' ldap_base = 'dc=hackerspace,dc=pl' ldap_people = 'ou=People,dc=hackerspace,dc=pl' admin_groups = { 'Fatty': 'cn=fatty,ou=Group,dc=hackerspace,dc=pl', 'Starving': 'cn=starving,ou=Group,dc=hackerspace,dc=pl', 'Potato': 'cn=potato,ou=Group,dc=hackerspace,dc=pl', } admin_dn = 'cn=ldapweb,ou=Services,dc=hackerspace,dc=pl' admin_pw = 'unused' hackerspace_name = 'Warsaw Hackerspace' readable_names = { 'commonname': u'Common Name', 'givenname': u'Given Name', 'gecos': u'GECOS (public name)', 'surname': u'Surname', 'loginshell': u'Shell', 'telephonenumber': 'Phone Number', 'mobiletelephonenumber': 'Mobile Number', 'sshpublickey': 'SSH Public Key', 'mifareidhash': 'MIFARE ID Hash', } full_name = { 'cn': 'commonname', 'gecos': 'gecos', 'sn': 'surname', 'mobile': 'mobiletelephonenumber', 'l': 'locality', } can_add = set([ 'telephonenumber', 'mobiletelephonenumber', 'sshpublickey', 'mifareidhash', ]) can_delete = can_add can_modify = can_add | set([ 'givenname', 'surname', 'commonname', 'gecos', ]) can = { 'add':can_add, 'mod':can_modify, 'del':can_delete } admin_required = set() perm_errors = { 'add': 'You cannot add this attribute!', 'mod': 'You cannot change this attribute!', 'del': 'You cannot delete this attribute!', } std_templates = { 'add': 'ops/add.html', 'mod': 'ops/mod.html', 'del': 'ops/del.html', } default_field = (wtforms.fields.StringField, {}) fields = { 'telephonenumber': (wtforms.fields.StringField, {'validators': [wtforms.validators.Regexp(r'[+0-9 ]+')]})} kadmin_passwd = True kadmin_principal_map = "{}@HACKERSPACE.PL" TOKEN_LENGTH = 32 |||, }, }, admins: top.ns.Contain(kube.RoleBinding("admins")) { roleRef: { apiGroup: "rbac.authorization.k8s.io", kind: "ClusterRole", name: "system:admin-namespace", }, subjects: [ kube.User("radex@hackerspace.pl"), ], }, }