local kube = import "k8s/configs/base.libsonnet"; local images = import "k8s/configs/images.libsonnet"; local templates = import "k8s/configs/templates/templates.libsonnet"; local linuxserver = import "k8s/configs/templates/core/linuxserver.libsonnet"; local WebPort = 3000; local probe(delaySeconds) = { initialDelaySeconds: delaySeconds, periodSeconds: 30, tcpSocket: { port: "http", }, }; // N.B. Memcached password is not currently configurable // because I don't know if it can be configured via environment variable. local SecretParams = kube.simpleFieldStruct([ "name", "namespace", "psql_password", ]) { // "gitea" #psql_name: "Z2l0ZWE=", #psql_user: "Z2l0ZWE=", // "forgejo" psql_name: "Zm9yZ2Vqbw==", psql_user: "Zm9yZ2Vqbw==", }; local Secret(params) = kube.Secret(params.namespace, params.name) { type: "Opaque", data+: { "psql-password": params.psql_password, } }; local ConfigMapParams = kube.simpleFieldStruct([ "namespace", "name", "ingressHost", "memcacheService", "postgresDbService", "postgresDbNamespace", ]) { image: images.Prod["codeberg.org/forgejo/forgejo"], memcachePort: 11211, }; local ConfigMap(params) = kube.ConfigMap(params.namespace, params.name) { data: { "app.ini": ||| [cache] ADAPTER = memcache ENABLED = false HOST = %(memcacheService)s.%(namespace)s.default.svc.cluster.local:%(memcachePort)d [database] DB_TYPE = postgres [security] INSTALL_LOCK = true [service] DISABLE_REGISTRATION = true [server] APP_DATA_PATH = /data DOMAIN = %(ingressHost)s HTTP_PORT = %(webPort)d PROTOCOL = http ROOT_URL = https://%(ingressHost)s ||| % { webPort: WebPort, memcacheService: params.memcacheService, namespace: params.namespace, memcachePort: params.memcachePort, ingressHost: params.ingressHost, }, // SSH disabled because cluster port configuration is difficult. //SSH_DOMAIN = gitea.cheapassbox.com //SSH_LISTEN_PORT = 22 //SSH_PORT = 22 } }; // Not used for now. /* local SshService(params) = kube.Service(params.namespace, params.name) { metadata+: { labels+: Labels(params), annotations+: Annotations(params), }, spec+: { type: "ClusterIP", ports: [ { name: "ssh", port: 22, targetPort: 22, protocol: "TCP", }, ], } }; */ local Params = kube.simpleFieldStruct([ "namespace", "name", "filePath", "postgresUser", "postgresService", "postgresDatabase", "postgresNamespace", "secretName", "secretDbPwdKey", // TODO: is this needed? //"ingressHost", "configClaimName", "dataClaimName", ]) { labels: {}, gatekeeperSidecar: null, lsParams: linuxserver.AppParams { name: $.name, namespace: $.namespace, filePath: $.filePath, templatePath: std.thisFile, baseAppName: "forgejo", imageName: "codeberg.org/forgejo/forgejo", labels+: $.labels, gatekeeperSidecar: $.gatekeeperSidecar, env: linuxserver.Env { others: [ kube.NameVal("FORGEJO__database__DB_TYPE", "postgres"), kube.NameVal("FORGEJO__database__HOST", $.postgresService + "." + $.postgresNamespace + ".svc.cluster.local"), kube.NameVal("FORGEJO__database__NAME", $.postgresDatabase), kube.NameVal("FORGEJO__database__USER", $.postgresUser), { name: "FORGEJO__database__PASSWD", valueFrom: { secretKeyRef: { name: $.secretName, key: $.secretDbPwdKey, } } }, ] }, services: [ linuxserver.Service { suffix: "ui", spec: kube.SvcUtil.BasicHttpClusterIpSpec(WebPort) }, ], ports: [ kube.DeployUtil.ContainerPort("http", WebPort), ], configMaps: [ linuxserver.ConfigMap { name: "forgejo-config", bindName: $.configClaimName, // TODO: Double check this. mountPath: "/etc/forgejo/conf", }, ], pvcs: [ linuxserver.Pvc{ name: "forgejo-data", mountPath: "/data", bindName: $.dataClaimName, }, ], resources: { requests: { cpu: "300m", memory: "1500Mi", }, limits: { cpu: "600m", memory: "3000Mi", }, }, livenessProbe: probe(/*delaySeconds=*/60), readinessProbe: probe(/*delaySeconds=*/60), }, }; local App(params) = linuxserver.App(params.lsParams); { WebPort: WebPort, ConfigMapParams: ConfigMapParams, ConfigMap: ConfigMap, SecretParams: SecretParams, Secret: Secret, Params: Params, App(params): App(params), }