// Production deployment of oodviewer.q3k.me. // // See README.md for more information. local kube = import "../../kube/kube.libsonnet"; { local top = self, local cfg = self.cfg, ns: kube.Namespace("oodviewer-prod"), cfg:: { dbUser: "ood", dbPass: std.split(importstr "secrets/plain/postgres-pass", "\n")[0], dbHost: "hackerspace.pl", dbName: "ood", postgresConnectionString: "postgres://%s:%s@%s/%s?sslmode=disable" % [cfg.dbUser, cfg.dbPass, cfg.dbHost, cfg.dbName], image: "registry.k0.hswaw.net/q3k/oodviewer:315532800-5cd20075113e74d0a69f501c74db766cba597662", domain: "oodviewer.q3k.me", }, secret: top.ns.Contain(kube.Secret("oodviewer")) { data_: { "postgres": cfg.postgresConnectionString, }, }, deploy: top.ns.Contain(kube.Deployment("oodviewer")) { spec+: { replicas: 3, template+: { spec+: { containers_: { default: kube.Container("default") { image: cfg.image, command: [ "/hswaw/oodviewer", "-listen", "0.0.0.0:8080", "-postgres", "$(POSTGRES)", ], env_: { POSTGRES: kube.SecretKeyRef(top.secret, "postgres"), }, resources: { requests: { cpu: "0.01", memory: "64M" }, limits: { cpu: "1", memory: "256M" }, }, ports_: { http: { containerPort: 8080 }, }, }, }, }, }, }, }, service: top.ns.Contain(kube.Service("oodviewer")) { target_pod:: top.deploy.spec.template, }, ingress: top.ns.Contain(kube.Ingress("oodviewer")) { metadata+: { annotations+: { "kubernetes.io/tls-acme": "true", "certmanager.k8s.io/cluster-issuer": "letsencrypt-prod", "nginx.ingress.kubernetes.io/proxy-body-size": "0", }, }, spec+: { tls: [ { hosts: [ cfg.domain ], secretName: "oodviewer-tls" } ], rules: [ { host: cfg.domain, http: { paths: [ { path: "/", backend: top.service.name_port }, ], }, }, ], }, } }