hscloud/hswaw/kube/frab.libsonnet
2020-02-15 12:40:25 +01:00

104 lines
3.7 KiB
Text

local mirko = import "../../kube/mirko.libsonnet";
local kube = import "../../kube/kube.libsonnet";
local postgres = import "../../kube/postgres.libsonnet";
{
local cfg = self.cfg,
cfg:: {
# Manually built from code.hackerspace.pl/q3k/ldap-web-public.
image: "frab/frab@sha256:30051f5153c4f02a8a1bee4b306bd696e2b018f2b13d16bd9c681fc1d633de3e",
storageClassName: error "storageClassName must be set!",
webFQDN: error "webFQDN must be set!",
secret: {
secretKeyBase: error "secretKeyBase must be set!",
smtpPassword: error "smtpPassword must be set!",
},
smtp: {
server: "mail.hackerspace.pl",
from: "frab@hackerspace.pl",
username: "frab",
},
},
component(cfg, env): mirko.Component(env, "frab") {
local frab = self,
cfg+: {
image: cfg.image,
volumes+: {
public: kube.PersistentVolumeClaimVolume(frab.volumePublic),
},
pgpass:: { secretKeyRef: { name: frab.makeName("-postgres"), key: "postgres_password", } },
container: frab.Container("main") {
volumeMounts_+: {
public: { mountPath: "/home/frab/app/public", },
},
// order matters (for POSTGRES_PASS substitution), we don't use env_
env: [
{ name: "TZ", value: "Europe/Warsaw" },
{ name: "POSTGRES_PASS", valueFrom: frab.cfg.pgpass },
{ name: "DATABASE_URL", value: "postgresql://frab:$(POSTGRES_PASS)@%s/frab" % [frab.postgres.svc.host] },
{ name: "SECRET_KEY_BASE", valueFrom: kube.SecretKeyRef(frab.secret, "secretKeyBase") },
{ name: "FROM_EMAIL", value: cfg.smtp.from },
{ name: "SMTP_ADDRESS", value: cfg.smtp.server },
{ name: "SMTP_USERNAME", value: cfg.smtp.username },
{ name: "SMTP_PASSWORD", valueFrom: kube.SecretKeyRef(frab.secret, "smtpPassword") },
{ name: "SMTP_PORT", value: "587" },
{ name: "SMTP_NOTLS", value: "false" },
],
resources: {
// thicc RoR
requests: {
cpu: "100m",
memory: "512Mi",
},
limits: {
cpu: "1",
memory: "1Gi",
},
},
},
ports+: {
publicHTTP: {
web: {
port: 3000,
dns: cfg.webFQDN,
},
},
},
},
secret: kube.Secret(frab.makeName("-secret")) {
metadata+: frab.metadata,
data: cfg.secret,
},
postgres: postgres {
cfg+: {
namespace: frab.metadata.namespace,
appName: "frab",
storageClassName: cfg.storageClassName,
prefix: frab.makeName("-postgres") + "-",
database: "frab",
username: "frab",
password: frab.cfg.pgpass,
},
},
volumePublic: kube.PersistentVolumeClaim(frab.makeName("-public")) {
metadata+: frab.metadata,
spec+: {
storageClassName: cfg.storageClassName,
accessModes: ["ReadWriteOnce"],
resources: {
requests: {
storage: "5Gi",
},
},
},
},
},
}