hswaw/teleimg: migrate away from mirko.libsonnet

Change-Id: I173b48832ebb1cc187ff2020c78d4ec0748e3a98 Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1794 Reviewed-by: q3k <q3k@hackerspace.pl>
2024-10-18 02:58:06 +00:00 · 2023-11-18 10:08:43 +01:00 · 2023-11-18 10:08:43 +01:00 · db8d90216b
commit db8d90216b
parent 56b2e04106
8 changed files with 70 additions and 53 deletions
--- a/hswaw/kube/hswaw.jsonnet
+++ b/hswaw/kube/hswaw.jsonnet
@ -1,7 +1,6 @@
 local mirko = import "../../kube/mirko.libsonnet";
 local kube = import "../../kube/kube.libsonnet";

-local teleimg = import "teleimg.libsonnet";
 local pretalx = import "pretalx.libsonnet";

 {
@ -10,12 +9,10 @@ local pretalx = import "pretalx.libsonnet";
        local cfg = self.cfg,

        cfg+: {
-            teleimg: teleimg.cfg,
            pretalx: pretalx.cfg,
        },

        components: {
-            teleimg: teleimg.teleimg(cfg.teleimg, env),
            pretalx: pretalx.component(cfg.pretalx, env) {
                cronjob: null,
            },
@ -24,12 +21,6 @@ local pretalx = import "pretalx.libsonnet";

    prod: self.hswaw("hswaw-prod") {
        cfg+: {
-            teleimg+: {
-                webFQDN: "teleimg.hswaw.net",
-                secret+: {
-                    telegram_token: std.base64(std.split(importstr "secrets/plain/prod-telegram-token", "\n")[0]),
-                },
-            },
            pretalx+: {
                storageClassName: "waw-hdd-redundant-3",
                webFQDN: "cfp.cebula.camp",
--- a/hswaw/kube/teleimg.libsonnet
+++ b/hswaw/kube/teleimg.libsonnet
@ -1,43 +0,0 @@
-local mirko = import "../../kube/mirko.libsonnet";
-local kube = import "../../kube/kube.libsonnet";
-
-{
-    cfg:: {
-        secret: {
-            telegram_token: error "telegram_token must be set",
-        },
-        image: {
-            teleimg: "registry.k0.hswaw.net/q3k/teleimg:1578259776-a07688fe74efe1e190d58092a9f50d4275a15e3d",
-        },
-        webFQDN: error "webFQDN must be set!",
-    },
-
-    teleimg(cfg, env):: mirko.Component(env, "teleimg") {
-        local teleimg = self,
-        cfg+: {
-            image: cfg.image.teleimg,
-            container: teleimg.GoContainer("main", "/teleimg/teleimg") {
-                env_: {
-                    TELEGRAM_TOKEN: kube.SecretKeyRef(teleimg.secret, "telegram_token"),
-                },
-                command+: [
-                    "-public_listen", "0.0.0.0:5000",
-                    "-telegram_token", "$(TELEGRAM_TOKEN)",
-                ],
-            },
-            ports+: {
-                publicHTTP: {
-                    public: {
-                        port: 5000,
-                        dns: cfg.webFQDN,
-                    },
-                },
-            },
-        },
-
-        secret: kube.Secret("teleimg") {
-            metadata+: teleimg.metadata,
-            data: cfg.secret,
-        },
-    },
-}
--- a/personal/q3k/teleimg/BUILD
+++ b/personal/q3k/teleimg/BUILD
@ -4,7 +4,7 @@ load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library")
 go_library(
    name = "teleimg_lib",
    srcs = ["main.go"],
-    importpath = "code.hackerspace.pl/hscloud/personal/q3k/teleimg",
+    importpath = "code.hackerspace.pl/hscloud/hswaw/teleimg",
    visibility = ["//visibility:private"],
    deps = [
        "//go/mirko",
--- a/personal/q3k/teleimg/README.md
+++ b/personal/q3k/teleimg/README.md
--- a/personal/q3k/teleimg/main.go
+++ b/personal/q3k/teleimg/main.go
--- a/hswaw/teleimg/prod.jsonnet
+++ b/hswaw/teleimg/prod.jsonnet
@ -0,0 +1,68 @@
+local kube = import "../../kube/hscloud.libsonnet";
+local hspki = import "../../kube/hspki.libsonnet";
+
+{
+    local top = self,
+    local cfg = self.cfg,
+
+    cfg:: {
+        name: 'teleimg',
+        namespace: 'teleimg',
+        domain: 'teleimg.hswaw.net',
+        image: 'registry.k0.hswaw.net/q3k/teleimg:1578259776-a07688fe74efe1e190d58092a9f50d4275a15e3d',
+    },
+
+    // kubectl -n teleimg create secret generic teleimg --from-literal=telegram_token=xxxx
+    // original: std.base64(std.split(importstr "secrets/plain/prod-telegram-token", "\n")[0])
+    secretRefs:: {
+        telegram_token: { secretKeyRef: { name: cfg.name, key: 'telegram_token' } },
+    },
+
+    local ns = kube.Namespace(cfg.namespace),
+
+    deployment: ns.Contain(kube.Deployment(cfg.name)) {
+        spec+: {
+            replicas: 1,
+            template+: {
+                spec+: top.pki.PodSpec {
+                    containers_: {
+                        default: top.pki.GoContainer("default") {
+                            image: cfg.image,
+                            executable_: "/teleimg/teleimg",
+                            command+: [
+                                "-public_listen", "0.0.0.0:8080",
+                                "-telegram_token", "$(TELEGRAM_TOKEN)",
+                            ],
+                            env_: {
+                                TELEGRAM_TOKEN: top.secretRefs.telegram_token,
+                            },
+                            resources: {
+                                requests: { cpu: "25m", memory: "64Mi" },
+                                limits: { cpu: "500m", memory: "128Mi" },
+                            },
+                            ports_: {
+                                http: { containerPort: 8080 },
+                            },
+                        },
+                    },
+                },
+            },
+        },
+    },
+
+    service: ns.Contain(kube.Service(cfg.name)) {
+        target:: top.deployment,
+    },
+
+    ingress: ns.Contain(kube.SimpleIngress(cfg.name)) {
+        hosts:: [cfg.domain],
+        target:: top.service,
+    },
+
+    pki: ns.Contain(hspki) {
+        cfg+: {
+            name: cfg.name,
+            namespace: cfg.namespace,
+        }
+    },
+}
--- a/hswaw/teleimg/secrets/.gitignore
+++ b/hswaw/teleimg/secrets/.gitignore
@ -0,0 +1 @@
+plain
--- a/hswaw/teleimg/secrets/cipher/prod-telegram-token
+++ b/hswaw/teleimg/secrets/cipher/prod-telegram-token