forked from hswaw/hscloud
126 lines
4.9 KiB
Plaintext
126 lines
4.9 KiB
Plaintext
# covid19.hackerspace.pl, a covid-formity instance.
|
|
# This needs a secret provisioned, create with:
|
|
# kubectl -n covid-formity create secret generic covid-formity --from-literal=postgres_password=$(pwgen 24 1) --from-literal=secret_key=$(pwgen 24 1) --from-literal=oauth2_secret=...
|
|
|
|
local kube = import "../../kube/kube.libsonnet";
|
|
local redis = import "../../kube/redis.libsonnet";
|
|
local postgres = import "../../kube/postgres.libsonnet";
|
|
|
|
{
|
|
local app = self,
|
|
local cfg = app.cfg,
|
|
cfg:: {
|
|
namespace: "covid-formity",
|
|
image: "registry.k0.hswaw.net/informatic/covid-formity@sha256:53c5fb0dbc4a6660ab47e39869a516f1e3f833dee5a03867386771bd9ffaf7b8",
|
|
domain: "covid19.hackerspace.pl",
|
|
altDomains: ["covid.hackerspace.pl", "www.covid.hackerspace.pl"],
|
|
},
|
|
|
|
metadata(component):: {
|
|
namespace: app.cfg.namespace,
|
|
labels: {
|
|
"app.kubernetes.io/name": "covid-formity",
|
|
"app.kubernetes.io/managed-by": "kubecfg",
|
|
"app.kubernetes.io/component": component,
|
|
},
|
|
},
|
|
|
|
namespace: kube.Namespace(app.cfg.namespace),
|
|
|
|
postgres: postgres {
|
|
cfg+: {
|
|
namespace: cfg.namespace,
|
|
appName: "covid-formity",
|
|
database: "covid-formity",
|
|
username: "covid-formity",
|
|
password: { secretKeyRef: { name: "covid-formity", key: "postgres_password" } },
|
|
},
|
|
},
|
|
|
|
redis: redis {
|
|
cfg+: {
|
|
namespace: cfg.namespace,
|
|
appName: "covid-formity",
|
|
password: { secretKeyRef: { name: "covid-formity", key: "redis_password" } },
|
|
storageClassName: app.postgres.cfg.storageClassName,
|
|
},
|
|
},
|
|
|
|
deployment: kube.Deployment("covid-formity") {
|
|
metadata+: app.metadata("covid-formity"),
|
|
spec+: {
|
|
replicas: 1,
|
|
template+: {
|
|
spec+: {
|
|
containers_: {
|
|
web: kube.Container("covid-formity") {
|
|
image: cfg.image,
|
|
ports_: {
|
|
http: { containerPort: 5000 },
|
|
},
|
|
env_: {
|
|
DATABASE_HOSTNAME: "postgres",
|
|
DATABASE_USERNAME: app.postgres.cfg.username,
|
|
DATABASE_PASSWORD: app.postgres.cfg.password,
|
|
CACHE_REDIS_PASSWORD: app.redis.cfg.password,
|
|
CACHE_REDIS_URL: "redis://default:$(CACHE_REDIS_PASSWORD)@redis",
|
|
DATABASE_NAME: app.postgres.cfg.appName,
|
|
SPACEAUTH_CONSUMER_KEY: "covid-formity",
|
|
SPACEAUTH_CONSUMER_SECRET: { secretKeyRef: { name: "covid-formity", key: "oauth2_secret" } },
|
|
SECRET_KEY: { secretKeyRef: { name: "covid-formity", key: "secret_key" } },
|
|
SHIPPING_KURJERZY_EMAIL: "qrde@hackerspace.pl",
|
|
SHIPPING_KURJERZY_PASSWORD: { secretKeyRef: { name: "covid-formity-shipping", key: "kurjerzy_password" } },
|
|
},
|
|
},
|
|
},
|
|
},
|
|
},
|
|
},
|
|
},
|
|
|
|
svc: kube.Service("covid-formity") {
|
|
metadata+: app.metadata("covid-formity"),
|
|
target_pod:: app.deployment.spec.template,
|
|
spec+: {
|
|
ports: [
|
|
{ name: "http", port: 5000, targetPort: 5000, protocol: "TCP" },
|
|
],
|
|
type: "ClusterIP",
|
|
},
|
|
},
|
|
|
|
ingress: kube.Ingress("covid-formity") {
|
|
metadata+: app.metadata("covid-formity") {
|
|
annotations+: {
|
|
"kubernetes.io/tls-acme": "true",
|
|
"certmanager.k8s.io/cluster-issuer": "letsencrypt-prod",
|
|
"nginx.ingress.kubernetes.io/proxy-body-size": "0",
|
|
"nginx.ingress.kubernetes.io/configuration-snippet": "
|
|
location /qr1 { rewrite ^/qr1(.*)$ https://covid.hackerspace.pl$1 redirect; }
|
|
location /video { return 302 https://youtu.be/eC19w2NFO0E; }
|
|
location /manual { return 302 https://wiki.hackerspace.pl/_media/projects:covid-19:przylbica-instrukcja-v1.0.pdf; }
|
|
",
|
|
},
|
|
},
|
|
spec+: {
|
|
tls: [
|
|
{
|
|
hosts: [cfg.domain] + cfg.altDomains,
|
|
secretName: "covid-formity-tls",
|
|
},
|
|
],
|
|
rules: [
|
|
{
|
|
host: dom,
|
|
http: {
|
|
paths: [
|
|
{ path: "/", backend: app.svc.name_port },
|
|
]
|
|
},
|
|
}
|
|
for dom in [cfg.domain] + cfg.altDomains
|
|
],
|
|
},
|
|
},
|
|
}
|