mirror of https://gerrit.hackerspace.pl/hscloud
89 lines
3.0 KiB
Plaintext
89 lines
3.0 KiB
Plaintext
# Deploy prodvider (prodaccess server) in cluster.
|
|
|
|
local kube = import "../../../kube/kube.libsonnet";
|
|
|
|
{
|
|
Environment: {
|
|
local env = self,
|
|
local cfg = env.cfg,
|
|
|
|
cfg:: {
|
|
namespace: "prodvider",
|
|
image: "registry.k0.hswaw.net/q3k/prodvider:315532800-21bacc96d76e4f2074e769dfc65ab43702f52d10",
|
|
|
|
apiEndpoint: error "API endpoint must be set",
|
|
|
|
pki: {
|
|
intermediate: {
|
|
cert: importstr "../../certs/ca-kube-prodvider.cert",
|
|
key: importstr "../../secrets/plain/ca-kube-prodvider.key",
|
|
},
|
|
kube: {
|
|
cert: importstr "../../certs/ca-kube.crt",
|
|
},
|
|
}
|
|
},
|
|
|
|
namespace: kube.Namespace(cfg.namespace),
|
|
|
|
metadata(component):: {
|
|
namespace: cfg.namespace,
|
|
labels: {
|
|
"app.kubernetes.io/name": "prodvider",
|
|
"app.kubernetes.io/managed-by": "kubecfg",
|
|
"app.kubernetes.io/component": component,
|
|
},
|
|
},
|
|
|
|
secret: kube.Secret("ca") {
|
|
metadata+: env.metadata("prodvider"),
|
|
data_: {
|
|
"intermediate-ca.crt": cfg.pki.intermediate.cert,
|
|
"intermediate-ca.key": cfg.pki.intermediate.key,
|
|
"ca.crt": cfg.pki.kube.cert,
|
|
},
|
|
},
|
|
|
|
deployment: kube.Deployment("prodvider") {
|
|
metadata+: env.metadata("prodvider"),
|
|
spec+: {
|
|
replicas: 3,
|
|
template+: {
|
|
spec+: {
|
|
volumes_: {
|
|
ca: kube.SecretVolume(env.secret),
|
|
},
|
|
containers_: {
|
|
prodvider: kube.Container("prodvider") {
|
|
image: cfg.image,
|
|
args: [
|
|
"/cluster/prodvider/prodvider",
|
|
"-listen_address", "0.0.0.0:8080",
|
|
"-ca_key_path", "/opt/ca/intermediate-ca.key",
|
|
"-ca_certificate_path", "/opt/ca/intermediate-ca.crt",
|
|
"-kube_ca_certificate_path", "/opt/ca/ca.crt",
|
|
"-kubernetes_host", cfg.apiEndpoint,
|
|
],
|
|
volumeMounts_: {
|
|
ca: { mountPath: "/opt/ca" },
|
|
}
|
|
},
|
|
},
|
|
},
|
|
},
|
|
},
|
|
},
|
|
|
|
svc: kube.Service("prodvider") {
|
|
metadata+: env.metadata("prodvider"),
|
|
target_pod:: env.deployment.spec.template,
|
|
spec+: {
|
|
type: "LoadBalancer",
|
|
ports: [
|
|
{ name: "public", port: 443, targetPort: 8080, protocol: "TCP" },
|
|
],
|
|
},
|
|
},
|
|
},
|
|
}
|