diff --git a/personal/q3k/ppsa.jsonnet b/personal/q3k/ppsa.jsonnet new file mode 100644 index 00000000..46eda707 --- /dev/null +++ b/personal/q3k/ppsa.jsonnet @@ -0,0 +1,61 @@ +local kube = import "../../kube/kube.libsonnet"; + +{ + local top = self, + ns: kube.Namespace("personal-q3k"), + + deploy: top.ns.Contain(kube.Deployment("ppsa-jsonapi")) { + spec+: { + template+: { + spec+: { + containers_: { + default: kube.Container("default") { + image: "registry.k0.hswaw.net/q3k/ppsa-jsonapi:1615508489", + ports_: { + http: { containerPort: 8080 }, + }, + resources: { + requests: { + cpu: "10m", + memory: "64M", + }, + limits: { + cpu: "100m", + memory: "256M", + }, + }, + }, + }, + }, + }, + }, + }, + svc: top.ns.Contain(kube.Service("ppsa-jsonapi")) { + target_pod:: top.deploy.spec.template, + }, + ingress: top.ns.Contain(kube.Ingress("ppsa-jsonapi")) { + metadata+: { + annotations+: { + "kubernetes.io/tls-acme": "true", + "certmanager.k8s.io/cluster-issuer": "letsencrypt-prod", + "nginx.ingress.kubernetes.io/proxy-body-size": "0", + }, + }, + spec+: { + tls: [ + { hosts: [ "ppsa.app.q3k.org"], secretName: "ppsa-jsonapi-tls", }, + ], + rules: [ + { + host: "ppsa.app.q3k.org", + http: { + paths: [ + { path: "/", backend: top.svc.name_port }, + ], + }, + }, + ], + }, + }, + +} diff --git a/personal/q3k/rc3.jsonnet b/personal/q3k/rc3.jsonnet new file mode 100644 index 00000000..879e2917 --- /dev/null +++ b/personal/q3k/rc3.jsonnet @@ -0,0 +1,60 @@ +local kube = import "../../kube/kube.libsonnet"; + +{ + local rc3 = self, + deploy: kube.Deployment("rc3-data") { + metadata+: { + namespace: "personal-q3k", + }, + spec+: { + template+: { + spec+: { + containers_: { + default: kube.Container("default") { + image: "registry.k0.hswaw.net/q3k/rc3-data:1610640062", + ports_: { + http: { containerPort: 8080 }, + }, + }, + }, + securityContext: { + // nginx:nginx + runAsUser: 101, + runAsGroup: 101, + }, + }, + }, + }, + }, + svc: kube.Service("rc3-data") { + metadata+: { + namespace: "personal-q3k", + }, + target_pod:: rc3.deploy.spec.template, + }, + ingress: kube.Ingress("rc3-data") { + metadata+: { + namespace: "personal-q3k", + annotations+: { + "kubernetes.io/tls-acme": "true", + "certmanager.k8s.io/cluster-issuer": "letsencrypt-prod", + "nginx.ingress.kubernetes.io/proxy-body-size": "0", + }, + }, + spec+: { + tls: [ + { hosts: [ "rc3-data.q3k.org"], secretName: "rc3-data-tls", }, + ], + rules: [ + { + host: "rc3-data.q3k.org", + http: { + paths: [ + { path: "/", backend: rc3.svc.name_port }, + ], + }, + }, + ], + }, + }, +}