hscloud/devtools/issues/redmine.libsonnet
Radek Pietruszewski f5844311eb */kube: Add kube.SimpleIngress
Change-Id: Iddcac629b9938f228dd93b32e58bb14606d5c6e5
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1745
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-10-28 17:55:48 +00:00

168 lines
6.5 KiB
Text

local kube = import "../../kube/hscloud.libsonnet";
local postgres = import "../../kube/postgres.libsonnet";
{
local app = self,
local cfg = app.cfg,
cfg:: {
namespace: "redmine",
image: "registry.k0.hswaw.net/informatic/redmine@sha256:b04d1fd04549424e505722c9feb0b6741a057cb8f0fab68ad3730ecb167417df",
domain: error "domain must be set",
storageClassName: "waw-hdd-redundant-3",
database: {
host: "postgres",
name: "redmine",
username: "redmine",
password: { secretKeyRef: { name: "redmine", key: "postgres_password" } },
port: 5432,
},
b: {
domains: [],
image: "registry.k0.hswaw.net/q3k/b:315532800-6cc2f867951e123909b23955cd7bcbcc3ec24f8a",
},
storage: {
endpoint: error "storage.endpoint must be set",
region: error "storage.region must be set",
bucket: error "storage.bucket must be set",
accessKey: error "storage.accessKey must be set",
secretKey: error "storage.secretKey must be set",
},
oidc: {
server: error "oidc.server must be set",
clientID: error "oidc.clientID must be set",
clientSecret: error "oidc.clientSecret must be set",
},
# Mailing configuration object passed to smtp_settings
mailing: {
address: error "mailing.address must be set",
port: 465,
ssl: true,
domain: error "mailing.domain must be set",
authentication: ":login",
user_name: error "mailing.user_name must be set",
password: error "mailing.password must be set",
},
},
# Generates YAML file while preserving specified ruby-style symbols.
# (ie. removes surrounding quotes)
rubyYaml(obj, symbols):: std.foldr(function (symbol, str) std.strReplace(str, '"%s"' % symbol, symbol), symbols, std.manifestYamlDoc(obj)),
ns: kube.Namespace(app.cfg.namespace),
postgres: postgres {
cfg+: {
namespace: cfg.namespace,
appName: "redmine",
database: cfg.database.name,
username: cfg.database.username,
password: cfg.database.password,
storageClassName: cfg.storageClassName,
},
},
deployment: app.ns.Contain(kube.Deployment("redmine")) {
spec+: {
replicas: 1,
template+: {
spec+: {
securityContext: {
runAsUser: 999,
runAsGroup: 999,
fsGroup: 999,
},
containers_: {
web: kube.Container("redmine") {
image: cfg.image,
args: ['sh', '-c', |||
set -e
echo "${X_EXTRA_CONFIGURATION}" > config/configuration.yml
exec /docker-entrypoint.sh rails server -b 0.0.0.0
|||],
ports_: {
http: { containerPort: 3000 },
},
env_: {
REDMINE_DB_POSTGRES: cfg.database.host,
REDMINE_DB_PORT: cfg.database.port,
REDMINE_DB_USERNAME: cfg.database.username,
REDMINE_DB_PASSWORD: cfg.database.password,
REDMINE_DB_DATABASE: cfg.database.name,
REDMINE_SECRET_KEY_BASE: { secretKeyRef: { name: "redmine", key: "secret_key" } },
REDMINE_OIDC_SERVER: cfg.oidc.server,
REDMINE_OIDC_CLIENT_ID: cfg.oidc.clientID,
REDMINE_OIDC_CLIENT_SECRET: cfg.oidc.clientSecret,
REDMINE_OIDC_ADMIN_GROUP: "issues-admin",
REDMINE_S3_ENDPOINT: cfg.storage.endpoint,
REDMINE_S3_BUCKET: cfg.storage.bucket,
REDMINE_S3_ACCESS_KEY_ID: cfg.storage.accessKey,
REDMINE_S3_SECRET_ACCESS_KEY: cfg.storage.secretKey,
REDMINE_S3_REGION: cfg.storage.region,
REDMINE_MAILING_PASSWORD: cfg.mailing.password,
X_EXTRA_CONFIGURATION: app.rubyYaml({
production: {
email_delivery: {
delivery_method: ":smtp",
smtp_settings: cfg.mailing {
password: "$(REDMINE_MAILING_PASSWORD)",
},
}
},
}, [":smtp", ":login"]),
},
},
},
},
},
},
},
svc: app.ns.Contain(kube.Service("redmine")) {
target_pod:: app.deployment.spec.template,
},
ingress: app.ns.Contain(kube.SimpleIngress("redmine")) {
hosts:: [cfg.domain],
target_service:: app.svc,
},
b: (if std.length(cfg.b.domains) > 0 then {
deployment: app.ns.Contain(kube.Deployment("b")) {
spec+: {
replicas: 3,
template+: {
spec+: {
containers_: {
default: kube.Container("default") {
image: "registry.k0.hswaw.net/q3k/b:315532800-6cc2f867951e123909b23955cd7bcbcc3ec24f8a",
ports_: {
http: { containerPort: 8000 },
},
command: [
"/devtools/issues/b",
],
},
},
},
},
},
},
svc: app.ns.Contain(kube.Service("b")) {
target_pod:: app.b.deployment.spec.template,
},
ingress: app.ns.Contain(kube.SimpleIngress("b")) {
hosts:: cfg.b.domains,
target_service:: app.b.svc,
},
} else {}),
}