hscloud/app/inventory/prod.jsonnet

local kube = import "../../kube/hscloud.libsonnet";
local postgres = import '../../kube/postgres_v.libsonnet';

{
  local top = self,
  local cfg = top.cfg,

  cfg:: {
    name: 'inventory',
    namespace: 'inventory',
    domain: 'inventory.hackerspace.pl',

    image: 'registry.k0.hswaw.net/palid/spejstore:1694280421',
    db: {
      name: 'inventory',
      username: 'inventory',
    },
    oauthClientId: '82fffb65-0bbd-4d18-becd-0ce0b31373cf',
    storageClassName: 'waw-hdd-redundant-3',

    mediaPath: '/var/www/media',
  },

  secrets:: {
    postgres: { secretKeyRef: { name: cfg.name, key: 'postgres_password' } },
    oauth: { secretKeyRef: { name: cfg.name, key: 'oauth_secret' } },
  },

  ns: kube.Namespace(cfg.namespace),
  deployment: top.ns.Contain(kube.Deployment(cfg.name)) {
    spec+: {
      template+: {
        spec+: {
          volumes_: {
            media: kube.PersistentVolumeClaimVolume(top.media),
          },
          containers_: {
            default: kube.Container('default') {
              image: cfg.image,
              ports_: {
                web: { containerPort: 8000 },
              },
              env_: {
                SPEJSTORE_ENV: 'prod',
                SPEJSTORE_DB_NAME: cfg.db.name,
                SPEJSTORE_DB_USER: cfg.db.username,
                SPEJSTORE_DB_PASSWORD: top.secrets.postgres,
                SPEJSTORE_DB_HOST: top.psql.svc.host,
                SPEJSTORE_DB_PORT: top.psql.svc.port,
                SPEJSTORE_ALLOWED_HOSTS: cfg.domain,
                SPEJSTORE_CLIENT_ID: cfg.oauthClientId,
                SPEJSTORE_SECRET: top.secrets.oauth,
                SPEJSTORE_MEDIA_ROOT: cfg.mediaPath,
                SPEJSTORE_REQUIRE_AUTH: 'true',
                SPEJSTORE_LAN_ALLOWED_ADDRESS_SPACE: '185.236.240.5',
              },
              volumeMounts_: {
                media: { mountPath: cfg.mediaPath },
              },
            },
          },
        },
      },
    },
  },

  media: top.ns.Contain(kube.PersistentVolumeClaim(cfg.name)) {
    spec+: {
      storageClassName: cfg.storageClassName,
      accessModes: ['ReadWriteOnce'],
      resources: {
        requests: {
          storage: '20Gi',
        },
      },
    },
  },

  psql: postgres {
    cfg+: {
      namespace: cfg.namespace,
      appName: cfg.name,
      storageClassName: cfg.storageClassName,
      version: '15.4',

      database: cfg.db.name,
      username: cfg.db.username,
      password: top.secrets.postgres,
    },
    bouncer: {},
  },

  service: top.ns.Contain(kube.Service(cfg.name)) {
    target_pod:: top.deployment.spec.template,
  },

  ingress: top.ns.Contain(kube.SimpleIngress(cfg.name)) {
    hosts:: [cfg.domain],
    target_service:: top.service,
  },
}