forked from hswaw/hscloud
Radek Pietruszewski
f5844311eb
Change-Id: Iddcac629b9938f228dd93b32e58bb14606d5c6e5 Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1745 Reviewed-by: q3k <q3k@hackerspace.pl>
168 lines
6.5 KiB
Text
168 lines
6.5 KiB
Text
local kube = import "../../kube/hscloud.libsonnet";
|
|
local postgres = import "../../kube/postgres.libsonnet";
|
|
|
|
{
|
|
local app = self,
|
|
local cfg = app.cfg,
|
|
|
|
cfg:: {
|
|
namespace: "redmine",
|
|
image: "registry.k0.hswaw.net/informatic/redmine@sha256:b04d1fd04549424e505722c9feb0b6741a057cb8f0fab68ad3730ecb167417df",
|
|
domain: error "domain must be set",
|
|
storageClassName: "waw-hdd-redundant-3",
|
|
database: {
|
|
host: "postgres",
|
|
name: "redmine",
|
|
username: "redmine",
|
|
password: { secretKeyRef: { name: "redmine", key: "postgres_password" } },
|
|
port: 5432,
|
|
},
|
|
|
|
b: {
|
|
domains: [],
|
|
image: "registry.k0.hswaw.net/q3k/b:315532800-6cc2f867951e123909b23955cd7bcbcc3ec24f8a",
|
|
},
|
|
|
|
storage: {
|
|
endpoint: error "storage.endpoint must be set",
|
|
region: error "storage.region must be set",
|
|
bucket: error "storage.bucket must be set",
|
|
accessKey: error "storage.accessKey must be set",
|
|
secretKey: error "storage.secretKey must be set",
|
|
},
|
|
|
|
oidc: {
|
|
server: error "oidc.server must be set",
|
|
clientID: error "oidc.clientID must be set",
|
|
clientSecret: error "oidc.clientSecret must be set",
|
|
},
|
|
|
|
# Mailing configuration object passed to smtp_settings
|
|
mailing: {
|
|
address: error "mailing.address must be set",
|
|
port: 465,
|
|
ssl: true,
|
|
domain: error "mailing.domain must be set",
|
|
authentication: ":login",
|
|
user_name: error "mailing.user_name must be set",
|
|
password: error "mailing.password must be set",
|
|
},
|
|
},
|
|
|
|
# Generates YAML file while preserving specified ruby-style symbols.
|
|
# (ie. removes surrounding quotes)
|
|
rubyYaml(obj, symbols):: std.foldr(function (symbol, str) std.strReplace(str, '"%s"' % symbol, symbol), symbols, std.manifestYamlDoc(obj)),
|
|
|
|
ns: kube.Namespace(app.cfg.namespace),
|
|
|
|
postgres: postgres {
|
|
cfg+: {
|
|
namespace: cfg.namespace,
|
|
appName: "redmine",
|
|
database: cfg.database.name,
|
|
username: cfg.database.username,
|
|
password: cfg.database.password,
|
|
storageClassName: cfg.storageClassName,
|
|
},
|
|
},
|
|
|
|
deployment: app.ns.Contain(kube.Deployment("redmine")) {
|
|
spec+: {
|
|
replicas: 1,
|
|
template+: {
|
|
spec+: {
|
|
securityContext: {
|
|
runAsUser: 999,
|
|
runAsGroup: 999,
|
|
fsGroup: 999,
|
|
},
|
|
containers_: {
|
|
web: kube.Container("redmine") {
|
|
image: cfg.image,
|
|
args: ['sh', '-c', |||
|
|
set -e
|
|
echo "${X_EXTRA_CONFIGURATION}" > config/configuration.yml
|
|
exec /docker-entrypoint.sh rails server -b 0.0.0.0
|
|
|||],
|
|
ports_: {
|
|
http: { containerPort: 3000 },
|
|
},
|
|
env_: {
|
|
REDMINE_DB_POSTGRES: cfg.database.host,
|
|
REDMINE_DB_PORT: cfg.database.port,
|
|
REDMINE_DB_USERNAME: cfg.database.username,
|
|
REDMINE_DB_PASSWORD: cfg.database.password,
|
|
REDMINE_DB_DATABASE: cfg.database.name,
|
|
|
|
REDMINE_SECRET_KEY_BASE: { secretKeyRef: { name: "redmine", key: "secret_key" } },
|
|
|
|
REDMINE_OIDC_SERVER: cfg.oidc.server,
|
|
REDMINE_OIDC_CLIENT_ID: cfg.oidc.clientID,
|
|
REDMINE_OIDC_CLIENT_SECRET: cfg.oidc.clientSecret,
|
|
REDMINE_OIDC_ADMIN_GROUP: "issues-admin",
|
|
|
|
REDMINE_S3_ENDPOINT: cfg.storage.endpoint,
|
|
REDMINE_S3_BUCKET: cfg.storage.bucket,
|
|
REDMINE_S3_ACCESS_KEY_ID: cfg.storage.accessKey,
|
|
REDMINE_S3_SECRET_ACCESS_KEY: cfg.storage.secretKey,
|
|
REDMINE_S3_REGION: cfg.storage.region,
|
|
|
|
REDMINE_MAILING_PASSWORD: cfg.mailing.password,
|
|
X_EXTRA_CONFIGURATION: app.rubyYaml({
|
|
production: {
|
|
email_delivery: {
|
|
delivery_method: ":smtp",
|
|
smtp_settings: cfg.mailing {
|
|
password: "$(REDMINE_MAILING_PASSWORD)",
|
|
},
|
|
}
|
|
},
|
|
}, [":smtp", ":login"]),
|
|
},
|
|
},
|
|
},
|
|
},
|
|
},
|
|
},
|
|
},
|
|
|
|
svc: app.ns.Contain(kube.Service("redmine")) {
|
|
target_pod:: app.deployment.spec.template,
|
|
},
|
|
|
|
ingress: app.ns.Contain(kube.SimpleIngress("redmine")) {
|
|
hosts:: [cfg.domain],
|
|
target_service:: app.svc,
|
|
},
|
|
|
|
b: (if std.length(cfg.b.domains) > 0 then {
|
|
deployment: app.ns.Contain(kube.Deployment("b")) {
|
|
spec+: {
|
|
replicas: 3,
|
|
template+: {
|
|
spec+: {
|
|
containers_: {
|
|
default: kube.Container("default") {
|
|
image: "registry.k0.hswaw.net/q3k/b:315532800-6cc2f867951e123909b23955cd7bcbcc3ec24f8a",
|
|
ports_: {
|
|
http: { containerPort: 8000 },
|
|
},
|
|
command: [
|
|
"/devtools/issues/b",
|
|
],
|
|
},
|
|
},
|
|
},
|
|
},
|
|
},
|
|
},
|
|
svc: app.ns.Contain(kube.Service("b")) {
|
|
target_pod:: app.b.deployment.spec.template,
|
|
},
|
|
ingress: app.ns.Contain(kube.SimpleIngress("b")) {
|
|
hosts:: cfg.b.domains,
|
|
target_service:: app.b.svc,
|
|
},
|
|
} else {}),
|
|
|
|
}
|