forked from hswaw/hscloud
255 lines
9.5 KiB
Text
255 lines
9.5 KiB
Text
local mirko = import "../../kube/mirko.libsonnet";
|
|
local kube = import "../../kube/kube.libsonnet";
|
|
local postgres = import "../../kube/postgres.libsonnet";
|
|
local redis = import "../../kube/redis.libsonnet";
|
|
|
|
// Copy over the secret from the ceph cluster namespace to the environment
|
|
// namespace. Eg.
|
|
// cluster=ceph-waw3
|
|
// pool=waw-hdd-redundant-3-object
|
|
// namespace=hswaw-prod
|
|
// kubectl get -n $cluster secret rook-ceph-object-user-$pool-$namespace-pretalx-s3 -o json > hswaw/kube/secrets/plain/prod-pretalx-s3.json
|
|
|
|
{
|
|
local cfg = self.cfg,
|
|
cfg:: {
|
|
// q3k's fork for S3 support (q3k/s3)
|
|
image: "registry.k0.hswaw.net/q3k/pretalx-docker:20200217-1581977177",
|
|
storageClassName: error "storageClassName must be set!",
|
|
webFQDN: error "webFQDN must be set!",
|
|
|
|
smtpPassword: error "smtpPassword must be set!",
|
|
|
|
s3: {
|
|
cluster: "ceph-waw3",
|
|
pool: "waw-hdd-redundant-3-object",
|
|
credsSecret: error "credsSecret msut be set",
|
|
},
|
|
|
|
smtp: {
|
|
server: "mail.hackerspace.pl",
|
|
from: "pretalx@hackerspace.pl",
|
|
username: "pretalx",
|
|
},
|
|
},
|
|
|
|
component(cfg, env): mirko.Component(env, "pretalx") {
|
|
local pretalx = self,
|
|
cfg+: {
|
|
image: cfg.image,
|
|
volumes+: {
|
|
data: kube.PersistentVolumeClaimVolume(pretalx.volumeData),
|
|
config: kube.SecretVolume(pretalx.config),
|
|
},
|
|
|
|
pgpass:: { secretKeyRef: { name: pretalx.makeName("-postgres"), key: "postgres_password", } },
|
|
|
|
containers:: {
|
|
default: pretalx.Container("main") {
|
|
volumeMounts_+: {
|
|
data: { mountPath: "/data", },
|
|
config: { mountPath: "/etc/pretalx" },
|
|
},
|
|
workingDir: "/pretalx/src",
|
|
command: [
|
|
"gunicorn", "pretalx.wsgi",
|
|
"--name", "pretalx",
|
|
"--workers", "4",
|
|
"--max-requests", "1200",
|
|
"--max-requests-jitter", "50",
|
|
"--log-level", "info",
|
|
"--bind", "0.0.0.0:8080",
|
|
],
|
|
env_: {
|
|
PRETALX_DB_PASS: pretalx.cfg.pgpass,
|
|
HOME: "/pretalx",
|
|
PRETALX_DATA_DIR: "/data",
|
|
},
|
|
resources: {
|
|
// thicc Python
|
|
requests: {
|
|
cpu: "100m",
|
|
memory: "512Mi",
|
|
},
|
|
limits: {
|
|
cpu: "1",
|
|
memory: "2Gi",
|
|
},
|
|
},
|
|
},
|
|
worker: pretalx.Container("worker") {
|
|
volumeMounts_+: {
|
|
data: { mountPath: "/data", },
|
|
config: { mountPath: "/etc/pretalx" },
|
|
},
|
|
workingDir: "/pretalx/src",
|
|
command: [
|
|
"celery", "-A", "pretalx.celery_app", "worker",
|
|
"-l", "info",
|
|
],
|
|
env_: {
|
|
PRETALX_DB_PASS: pretalx.cfg.pgpass,
|
|
HOME: "/pretalx",
|
|
PRETALX_DATA_DIR: "/data",
|
|
},
|
|
resources: {
|
|
// thicc Python
|
|
requests: {
|
|
cpu: "100m",
|
|
memory: "512Mi",
|
|
},
|
|
limits: {
|
|
cpu: "1",
|
|
memory: "2Gi",
|
|
},
|
|
},
|
|
},
|
|
},
|
|
securityContext: {
|
|
runAsUser: 999,
|
|
},
|
|
ports+: {
|
|
publicHTTP: {
|
|
web: {
|
|
port: 8080,
|
|
dns: cfg.webFQDN,
|
|
},
|
|
},
|
|
},
|
|
},
|
|
|
|
secret: kube.Secret(pretalx.makeName("secret")) {
|
|
metadata+: pretalx.metadata,
|
|
data: {
|
|
smtpPassword: cfg.smtpPassword,
|
|
},
|
|
},
|
|
|
|
cronjob: kube.CronJob(pretalx.makeName("runperiodic")) {
|
|
metadata+: pretalx.metadata,
|
|
spec+: {
|
|
schedule: "*/5 * * * *",
|
|
jobTemplate+: {
|
|
spec+: {
|
|
selector:: null,
|
|
template+: {
|
|
spec+: {
|
|
containers_: {
|
|
runperiodic: kube.Container("runperiodic") {
|
|
image: cfg.image,
|
|
workingDir: "/pretalx/src",
|
|
volumeMounts_+: {
|
|
config: { mountPath: "/etc/pretalx" },
|
|
},
|
|
env_: {
|
|
PRETALX_DB_PASS: pretalx.cfg.pgpass,
|
|
HOME: "/pretalx",
|
|
PRETALX_DATA_DIR: "/data",
|
|
},
|
|
command: [
|
|
"python3", "-m", "pretalx",
|
|
"runperiodic",
|
|
],
|
|
},
|
|
},
|
|
securityContext: {
|
|
runAsUser: 999,
|
|
},
|
|
volumes_+: {
|
|
config: kube.SecretVolume(pretalx.config),
|
|
},
|
|
},
|
|
},
|
|
},
|
|
},
|
|
},
|
|
},
|
|
|
|
config: kube.Secret(pretalx.makeName("-config")) {
|
|
metadata+: pretalx.metadata,
|
|
data: {
|
|
"pretalx.cfg": std.base64(std.manifestIni({
|
|
sections: {
|
|
filesystem: {
|
|
data: "/data", media: "/data/media", logs: "/data/logs",
|
|
},
|
|
site: {
|
|
debug: false,
|
|
url: "https://%s" % cfg.webFQDN,
|
|
},
|
|
s3media: {
|
|
bucket: "pretalx-prod",
|
|
access_key_id: std.base64Decode(cfg.s3.credsSecret.data.AccessKey),
|
|
secret_access_key: std.base64Decode(cfg.s3.credsSecret.data.SecretKey),
|
|
endpoint: "https://object.ceph-waw3.hswaw.net",
|
|
},
|
|
database: {
|
|
backend: "postgresql",
|
|
name: "pretalx",
|
|
user: "pretalx",
|
|
// password: ... // provided by environment variable from secret
|
|
host: pretalx.postgres.bouncer.svc.host,
|
|
//port: 5432
|
|
},
|
|
mail: {
|
|
from: cfg.smtp.from,
|
|
host: cfg.smtp.server,
|
|
port: 587,
|
|
user: cfg.smtp.username,
|
|
password: cfg.smtpPassword,
|
|
tls: "True",
|
|
},
|
|
celery: {
|
|
backend: "redis://%s/1" % [pretalx.redis.svc.host],
|
|
broker: "redis://%s/2" % [pretalx.redis.svc.host],
|
|
},
|
|
},
|
|
})),
|
|
},
|
|
},
|
|
|
|
postgres: postgres {
|
|
cfg+: {
|
|
namespace: pretalx.metadata.namespace,
|
|
appName: pretalx.makeName("-pretalx"),
|
|
storageClassName: cfg.storageClassName,
|
|
prefix: pretalx.makeName("-postgres") + "-",
|
|
database: "pretalx",
|
|
username: "pretalx",
|
|
password: pretalx.cfg.pgpass,
|
|
},
|
|
},
|
|
|
|
redis: redis {
|
|
cfg+: {
|
|
namespace: pretalx.metadata.namespace,
|
|
appName: pretalx.makeName("-pretalx"),
|
|
storageClassName: cfg.storageClassName,
|
|
prefix: pretalx.makeName("-redis") + "-",
|
|
},
|
|
},
|
|
|
|
volumeData: kube.PersistentVolumeClaim(pretalx.makeName("-data")) {
|
|
metadata+: pretalx.metadata,
|
|
spec+: {
|
|
storageClassName: cfg.storageClassName,
|
|
accessModes: ["ReadWriteOnce"],
|
|
resources: {
|
|
requests: {
|
|
storage: "5Gi",
|
|
},
|
|
},
|
|
},
|
|
},
|
|
|
|
s3: kube.CephObjectStoreUser(pretalx.makeNameGlobal("-s3")) {
|
|
metadata+: {
|
|
namespace: cfg.s3.cluster,
|
|
},
|
|
spec: {
|
|
store: cfg.s3.pool,
|
|
displayName: pretalx.makeNameGlobal("-s3"),
|
|
},
|
|
},
|
|
},
|
|
}
|