diff --git a/cluster/kube/k0.libsonnet b/cluster/kube/k0.libsonnet index 53562c96..f8405dc6 100644 --- a/cluster/kube/k0.libsonnet +++ b/cluster/kube/k0.libsonnet @@ -416,6 +416,7 @@ local rook = import "lib/rook.libsonnet"; { namespace: "covid-formity", dns: "covid.hackerspace.pl" }, { namespace: "covid-formity", dns: "www.covid.hackerspace.pl" }, { namespace: "inventory", dns: "inventory.hackerspace.pl" }, + { namespace: "ldapweb", dns: "profile.hackerspace.pl" }, { namespace: "devtools-prod", dns: "hackdoc.hackerspace.pl" }, { namespace: "devtools-prod", dns: "cs.hackerspace.pl" }, { namespace: "engelsystem-prod", dns: "engelsystem.hackerspace.pl" }, diff --git a/hswaw/kube/hswaw.jsonnet b/hswaw/kube/hswaw.jsonnet index 08aa5c94..838247ff 100644 --- a/hswaw/kube/hswaw.jsonnet +++ b/hswaw/kube/hswaw.jsonnet @@ -2,7 +2,6 @@ local mirko = import "../../kube/mirko.libsonnet"; local kube = import "../../kube/kube.libsonnet"; local smsgw = import "smsgw.libsonnet"; -local ldapweb = import "ldapweb.libsonnet"; local teleimg = import "teleimg.libsonnet"; local frab = import "frab.libsonnet"; local pretalx = import "pretalx.libsonnet"; @@ -17,7 +16,6 @@ local capacifier = import "capacifier.libsonnet"; cfg+: { smsgw: smsgw.cfg, - ldapweb: ldapweb.cfg, teleimg: teleimg.cfg, frab: frab.cfg, pretalx: pretalx.cfg, @@ -28,7 +26,6 @@ local capacifier = import "capacifier.libsonnet"; components: { smsgw: smsgw.component(cfg.smsgw, env), - ldapweb: ldapweb.component(cfg.ldapweb, env), teleimg: teleimg.teleimg(cfg.teleimg, env), lelegram: teleimg.lelegram(cfg.teleimg, env), frab: frab.component(cfg.frab, env), @@ -49,9 +46,6 @@ local capacifier = import "capacifier.libsonnet"; }, webhookFQDN: "smsgw-webhook-prod.hswaw.net", }, - ldapweb+: { - webFQDN: "profile.hackerspace.pl", - }, teleimg+: { webFQDN: "teleimg.hswaw.net", secret+: { diff --git a/hswaw/kube/ldapweb.libsonnet b/hswaw/kube/ldapweb.libsonnet deleted file mode 100644 index 2cc94323..00000000 --- a/hswaw/kube/ldapweb.libsonnet +++ /dev/null @@ -1,120 +0,0 @@ -local mirko = import "../../kube/mirko.libsonnet"; -local kube = import "../../kube/kube.libsonnet"; - -{ - cfg:: { - # Manually built from code.hackerspace.pl/informatic/ldap-web-public. - image: "registry.k0.hswaw.net/radex/ldap-web:1695415920", - webFQDN: error "webFQDN must be set!", - }, - - component(cfg, env): mirko.Component(env, "ldapweb") { - local ldapweb = self, - cfg+: { - image: cfg.image, - volumes+: { - config: kube.ConfigMapVolume(ldapweb.configmap), - }, - container: ldapweb.Container("main") { - # Starts by default on port 8000. - volumeMounts_+: { - config: { mountPath: "/app/webapp/config.py", subPath: "config.py", }, - }, - }, - ports+: { - publicHTTP: { - web: { - port: 8000, - dns: cfg.webFQDN, - }, - }, - }, - }, - - configmap: kube.ConfigMap(ldapweb.makeName("config")) { - metadata+: ldapweb.metadata, - data: { - "config.py": ||| - import flask_wtf - import wtforms - import secrets - - secret_key = secrets.token_hex(32) - - ldap_url = 'ldap://ldap.hackerspace.pl' - dn_format = "uid=%s,ou=people,dc=hackerspace,dc=pl" - - ldapweb_admin_group = 'cn=zarzad,ou=Group,dc=hackerspace,dc=pl' - - ldap_base = 'dc=hackerspace,dc=pl' - ldap_people = 'ou=People,dc=hackerspace,dc=pl' - admin_groups = { - 'Fatty': 'cn=fatty,ou=Group,dc=hackerspace,dc=pl', - 'Starving': 'cn=starving,ou=Group,dc=hackerspace,dc=pl', - 'Potato': 'cn=potato,ou=Group,dc=hackerspace,dc=pl', - } - - admin_dn = 'cn=ldapweb,ou=Services,dc=hackerspace,dc=pl' - admin_pw = 'unused' - - hackerspace_name = 'Warsaw Hackerspace' - - readable_names = { - 'commonname': u'Common Name', - 'givenname': u'Given Name', - 'gecos': u'GECOS (public name)', - 'surname': u'Surname', - 'loginshell': u'Shell', - 'telephonenumber': 'Phone Number', - 'mobiletelephonenumber': 'Mobile Number', - 'sshpublickey': 'SSH Public Key', - 'mifareidhash': 'MIFARE ID Hash', - } - - full_name = { - 'cn': 'commonname', - 'gecos': 'gecos', - 'sn': 'surname', - 'mobile': 'mobiletelephonenumber', - 'l': 'locality', - } - - can_add = set([ - 'telephonenumber', - 'mobiletelephonenumber', - 'sshpublickey', - 'mifareidhash', - ]) - can_delete = can_add - can_modify = can_add | set([ - 'givenname', 'surname', 'commonname', 'gecos', - ]) - can = { 'add':can_add, 'mod':can_modify, 'del':can_delete } - admin_required = set() - - - perm_errors = { - 'add': 'You cannot add this attribute!', - 'mod': 'You cannot change this attribute!', - 'del': 'You cannot delete this attribute!', - } - std_templates = { - 'add': 'ops/add.html', - 'mod': 'ops/mod.html', - 'del': 'ops/del.html', - } - - - - default_field = (wtforms.fields.StringField, {}) - fields = { 'telephonenumber': (wtforms.fields.StringField, {'validators': [wtforms.validators.Regexp(r'[+0-9 ]+')]})} - - kadmin_passwd = True - kadmin_principal_map = "{}@HACKERSPACE.PL" - - TOKEN_LENGTH = 32 - |||, - }, - }, - }, -} diff --git a/hswaw/ldapweb/prod.jsonnet b/hswaw/ldapweb/prod.jsonnet new file mode 100644 index 00000000..00f3cca0 --- /dev/null +++ b/hswaw/ldapweb/prod.jsonnet @@ -0,0 +1,155 @@ +local kube = import "../../kube/kube.libsonnet"; + +{ + local top = self, + local cfg = self.cfg, + + cfg:: { + name: 'ldapweb', + namespace: 'ldapweb', + domain: 'profile.hackerspace.pl', + image: 'registry.k0.hswaw.net/radex/ldap-web:1695415920', + }, + + ns: kube.Namespace(cfg.namespace), + + deployment: top.ns.Contain(kube.Deployment(cfg.name)) { + spec+: { + replicas: 1, + template+: { + spec+: { + volumes_: { + config: kube.ConfigMapVolume(top.configmap), + }, + containers_: { + default: kube.Container("default") { + image: cfg.image, + resources: { + requests: { cpu: "25m", memory: "64Mi" }, + limits: { cpu: "500m", memory: "128Mi" }, + }, + ports_: { + http: { containerPort: 8000 }, + }, + volumeMounts_: { + config: { mountPath: '/app/webapp/config.py', subPath: 'config.py' }, + } + }, + }, + }, + }, + }, + }, + + service: top.ns.Contain(kube.Service(cfg.name)) { + target_pod:: top.deployment.spec.template, + }, + + ingress: top.ns.Contain(kube.Ingress(cfg.name)) { + metadata+: { + annotations+: { + "kubernetes.io/tls-acme": "true", + "cert-manager.io/cluster-issuer": "letsencrypt-prod", + "nginx.ingress.kubernetes.io/proxy-body-size": "0", + }, + }, + spec+: { + tls: [ { hosts: [ cfg.domain ], secretName: cfg.name + "-tls" } ], + rules: [ + { + host: cfg.domain, + http: { + paths: [ + { path: "/", backend: top.service.name_port }, + ], + }, + }, + ], + }, + }, + + configmap: top.ns.Contain(kube.ConfigMap(cfg.name + "-config")) { + data: { + "config.py": ||| + import flask_wtf + import wtforms + import secrets + + secret_key = secrets.token_hex(32) + + ldap_url = 'ldap://ldap.hackerspace.pl' + dn_format = "uid=%s,ou=people,dc=hackerspace,dc=pl" + + ldapweb_admin_group = 'cn=zarzad,ou=Group,dc=hackerspace,dc=pl' + + ldap_base = 'dc=hackerspace,dc=pl' + ldap_people = 'ou=People,dc=hackerspace,dc=pl' + admin_groups = { + 'Fatty': 'cn=fatty,ou=Group,dc=hackerspace,dc=pl', + 'Starving': 'cn=starving,ou=Group,dc=hackerspace,dc=pl', + 'Potato': 'cn=potato,ou=Group,dc=hackerspace,dc=pl', + } + + admin_dn = 'cn=ldapweb,ou=Services,dc=hackerspace,dc=pl' + admin_pw = 'unused' + + hackerspace_name = 'Warsaw Hackerspace' + + readable_names = { + 'commonname': u'Common Name', + 'givenname': u'Given Name', + 'gecos': u'GECOS (public name)', + 'surname': u'Surname', + 'loginshell': u'Shell', + 'telephonenumber': 'Phone Number', + 'mobiletelephonenumber': 'Mobile Number', + 'sshpublickey': 'SSH Public Key', + 'mifareidhash': 'MIFARE ID Hash', + } + + full_name = { + 'cn': 'commonname', + 'gecos': 'gecos', + 'sn': 'surname', + 'mobile': 'mobiletelephonenumber', + 'l': 'locality', + } + + can_add = set([ + 'telephonenumber', + 'mobiletelephonenumber', + 'sshpublickey', + 'mifareidhash', + ]) + can_delete = can_add + can_modify = can_add | set([ + 'givenname', 'surname', 'commonname', 'gecos', + ]) + can = { 'add':can_add, 'mod':can_modify, 'del':can_delete } + admin_required = set() + + + perm_errors = { + 'add': 'You cannot add this attribute!', + 'mod': 'You cannot change this attribute!', + 'del': 'You cannot delete this attribute!', + } + std_templates = { + 'add': 'ops/add.html', + 'mod': 'ops/mod.html', + 'del': 'ops/del.html', + } + + + + default_field = (wtforms.fields.StringField, {}) + fields = { 'telephonenumber': (wtforms.fields.StringField, {'validators': [wtforms.validators.Regexp(r'[+0-9 ]+')]})} + + kadmin_passwd = True + kadmin_principal_map = "{}@HACKERSPACE.PL" + + TOKEN_LENGTH = 32 + |||, + }, + }, +}