From 5f2dc8530d13a16656889dc87de183b411e835b5 Mon Sep 17 00:00:00 2001 From: Sergiusz Bazanski Date: Tue, 2 Apr 2019 02:36:22 +0200 Subject: [PATCH] toot: wip --- app/toot/prod.jsonnet | 35 +++++++++++++++++ kube/postgres.libsonnet | 84 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 119 insertions(+) create mode 100644 app/toot/prod.jsonnet create mode 100644 kube/postgres.libsonnet diff --git a/app/toot/prod.jsonnet b/app/toot/prod.jsonnet new file mode 100644 index 00000000..e30247b2 --- /dev/null +++ b/app/toot/prod.jsonnet @@ -0,0 +1,35 @@ +# toot.hackerspace.pl, a Mastodon instance. +# This needs a secret provisioned, create with: +# kubectl -n toot create secret generic mastodon --from-literal=postgres_password=$(pwgen 24 1) + +local kube = import "../../kube/kube.libsonnet"; +local postgres = import "../../kube/postgres.libsonnet"; + +{ + local app = self, + local cfg = app.cfg, + cfg:: { + namespace: "toot", + }, + + metadata(component):: { + namespace: app.cfg.namespace, + labels: { + "app.kubernetes.io/name": "toot", + "app.kubernetes.io/managed-by": "kubecfg", + "app.kubernetes.io/component": component, + }, + }, + + namespace: kube.Namespace(app.cfg.namespace), + + postgres: postgres { + cfg+: { + namespace: cfg.namespace, + appName: "toot", + database: "mastodon", + username: "mastodon", + password: { secretKeyRef: { name: "mastodon", key: "postgres_password" } }, + }, + }, +} diff --git a/kube/postgres.libsonnet b/kube/postgres.libsonnet new file mode 100644 index 00000000..bc087cf6 --- /dev/null +++ b/kube/postgres.libsonnet @@ -0,0 +1,84 @@ +# PostgreSQL on Kubernetes. + +local kube = import "kube.libsonnet"; + +{ + local postgres = self, + local cfg = postgres.cfg, + cfg:: { + namespace: error "namespace must be set", + appName: error "app name must be set", + storageClassName: "waw-hdd-redundant-1", + prefix: "", # if set, should be 'foo-' + + image: "postgres:10.4", + database: error "database must be set", + username: error "username must be set", + # not literal, instead ref for env (like { secretKeyRef: ... }) + password: error "password must be set", + }, + + makeName(suffix):: cfg.prefix + suffix, + + metadata:: { + namespace: cfg.namespace, + labels: { + "app.kubernetes.io/name": cfg.appName, + "app.kubernetes.io/managed-by": "kubecfg", + "app.kubernetes.io/component": "postgres", + }, + }, + + volumeClaim: kube.PersistentVolumeClaim(postgres.makeName("postgres")) { + metadata+: postgres.metadata, + spec+: { + storageClassName: cfg.storageClassName, + accessModes: [ "ReadWriteOnce" ], + resources: { + requests: { + storage: "30Gi", + }, + }, + }, + }, + deployment: kube.Deployment(postgres.makeName("postgres")) { + metadata+: postgres.metadata, + spec+: { + replicas: 1, + template+: { + spec+: { + volumes_: { + data: kube.PersistentVolumeClaimVolume(postgres.volumeClaim), + }, + containers_: { + postgres: kube.Container(postgres.makeName("postgres")) { + image: cfg.image, + ports_: { + client: { containerPort: 5432 }, + }, + env_: { + POSTGRES_DB: cfg.database, + POSTGRES_USER: cfg.username, + POSTGRES_PASSWORD: cfg.password, + PGDATA: "/var/lib/postgresql/data/pgdata", + }, + volumeMounts_: { + data: { mountPath: "/var/lib/postgresql/data" }, + }, + }, + }, + }, + }, + }, + }, + svc: kube.Service(postgres.makeName("postgres")) { + metadata+: postgres.metadata, + target_pod:: postgres.deployment.spec.template, + spec+: { + ports: [ + { name: "client", port: 5432, targetPort: 5432, protocol: "TCP" }, + ], + type: "ClusterIP", + }, + }, +}