forked from hswaw/hscloud
86 lines
2.7 KiB
Plaintext
86 lines
2.7 KiB
Plaintext
// Production deployment of oodviewer.q3k.me.
|
|
//
|
|
// See README.md for more information.
|
|
|
|
local kube = import "../../kube/kube.libsonnet";
|
|
|
|
{
|
|
local top = self,
|
|
local cfg = self.cfg,
|
|
ns: kube.Namespace("oodviewer-prod"),
|
|
|
|
cfg:: {
|
|
dbUser: "ood",
|
|
dbPass: std.split(importstr "secrets/plain/postgres-pass", "\n")[0],
|
|
dbHost: "hackerspace.pl",
|
|
dbName: "ood",
|
|
postgresConnectionString: "postgres://%s:%s@%s/%s?sslmode=disable" % [cfg.dbUser, cfg.dbPass, cfg.dbHost, cfg.dbName],
|
|
|
|
image: "registry.k0.hswaw.net/q3k/oodviewer:315532800-5cd20075113e74d0a69f501c74db766cba597662",
|
|
domain: "oodviewer.q3k.me",
|
|
},
|
|
|
|
secret: top.ns.Contain(kube.Secret("oodviewer")) {
|
|
data_: {
|
|
"postgres": cfg.postgresConnectionString,
|
|
},
|
|
},
|
|
|
|
deploy: top.ns.Contain(kube.Deployment("oodviewer")) {
|
|
spec+: {
|
|
replicas: 3,
|
|
template+: {
|
|
spec+: {
|
|
containers_: {
|
|
default: kube.Container("default") {
|
|
image: cfg.image,
|
|
command: [
|
|
"/hswaw/oodviewer",
|
|
"-listen", "0.0.0.0:8080",
|
|
"-postgres", "$(POSTGRES)",
|
|
],
|
|
env_: {
|
|
POSTGRES: kube.SecretKeyRef(top.secret, "postgres"),
|
|
},
|
|
resources: {
|
|
requests: { cpu: "0.01", memory: "64M" },
|
|
limits: { cpu: "1", memory: "256M" },
|
|
},
|
|
ports_: {
|
|
http: { containerPort: 8080 },
|
|
},
|
|
},
|
|
},
|
|
},
|
|
},
|
|
},
|
|
},
|
|
|
|
service: top.ns.Contain(kube.Service("oodviewer")) {
|
|
target_pod:: top.deploy.spec.template,
|
|
},
|
|
|
|
ingress: top.ns.Contain(kube.Ingress("oodviewer")) {
|
|
metadata+: {
|
|
annotations+: {
|
|
"kubernetes.io/tls-acme": "true",
|
|
"certmanager.k8s.io/cluster-issuer": "letsencrypt-prod",
|
|
"nginx.ingress.kubernetes.io/proxy-body-size": "0",
|
|
},
|
|
},
|
|
spec+: {
|
|
tls: [ { hosts: [ cfg.domain ], secretName: "oodviewer-tls" } ],
|
|
rules: [
|
|
{
|
|
host: cfg.domain,
|
|
http: {
|
|
paths: [
|
|
{ path: "/", backend: top.service.name_port },
|
|
],
|
|
},
|
|
},
|
|
],
|
|
},
|
|
}
|
|
}
|