8157b39ea4
Some checks failed
CI / build (push) Failing after 12s
GitOrigin-RevId: 6370f6ea785709295b6abcf9c60717cacf3ac432
201 lines
4.6 KiB
Jsonnet
201 lines
4.6 KiB
Jsonnet
local kube = import "k8s/configs/base.libsonnet";
|
|
local images = import "k8s/configs/images.libsonnet";
|
|
local templates = import "k8s/configs/templates/templates.libsonnet";
|
|
local linuxserver = import "k8s/configs/templates/core/linuxserver.libsonnet";
|
|
|
|
local WebPort = 3000;
|
|
|
|
local probe(delaySeconds) = {
|
|
initialDelaySeconds: delaySeconds,
|
|
periodSeconds: 30,
|
|
tcpSocket: {
|
|
port: "http",
|
|
},
|
|
};
|
|
|
|
// N.B. Memcached password is not currently configurable
|
|
// because I don't know if it can be configured via environment variable.
|
|
local SecretParams = kube.simpleFieldStruct([
|
|
"name",
|
|
"namespace",
|
|
"psql_password",
|
|
]) {
|
|
// "gitea"
|
|
#psql_name: "Z2l0ZWE=",
|
|
#psql_user: "Z2l0ZWE=",
|
|
// "forgejo"
|
|
psql_name: "Zm9yZ2Vqbw==",
|
|
psql_user: "Zm9yZ2Vqbw==",
|
|
};
|
|
|
|
local Secret(params) = kube.Secret(params.namespace, params.name) {
|
|
type: "Opaque",
|
|
data+: {
|
|
"psql-password": params.psql_password,
|
|
}
|
|
};
|
|
|
|
local ConfigMapParams = kube.simpleFieldStruct([
|
|
"namespace",
|
|
"name",
|
|
"ingressHost",
|
|
"memcacheService",
|
|
"postgresDbService",
|
|
"postgresDbNamespace",
|
|
]) {
|
|
image: images.Prod["codeberg.org/forgejo/forgejo"],
|
|
memcachePort: 11211,
|
|
};
|
|
|
|
local ConfigMap(params) = kube.ConfigMap(params.namespace, params.name) {
|
|
data: {
|
|
"app.ini": |||
|
|
[cache]
|
|
ADAPTER = memcache
|
|
ENABLED = false
|
|
HOST = %(memcacheService)s.%(namespace)s.default.svc.cluster.local:%(memcachePort)d
|
|
|
|
[database]
|
|
DB_TYPE = postgres
|
|
|
|
[security]
|
|
INSTALL_LOCK = true
|
|
|
|
[service]
|
|
DISABLE_REGISTRATION = true
|
|
|
|
[server]
|
|
APP_DATA_PATH = /data
|
|
DOMAIN = %(ingressHost)s
|
|
HTTP_PORT = %(webPort)d
|
|
PROTOCOL = http
|
|
ROOT_URL = https://%(ingressHost)s
|
|
||| % {
|
|
webPort: WebPort,
|
|
memcacheService: params.memcacheService,
|
|
namespace: params.namespace,
|
|
memcachePort: params.memcachePort,
|
|
ingressHost: params.ingressHost,
|
|
},
|
|
|
|
// SSH disabled because cluster port configuration is difficult.
|
|
//SSH_DOMAIN = gitea.cheapassbox.com
|
|
//SSH_LISTEN_PORT = 22
|
|
//SSH_PORT = 22
|
|
}
|
|
};
|
|
|
|
// Not used for now.
|
|
/*
|
|
local SshService(params) = kube.Service(params.namespace, params.name) {
|
|
metadata+: {
|
|
labels+: Labels(params),
|
|
annotations+: Annotations(params),
|
|
},
|
|
spec+: {
|
|
type: "ClusterIP",
|
|
ports: [
|
|
{
|
|
name: "ssh",
|
|
port: 22,
|
|
targetPort: 22,
|
|
protocol: "TCP",
|
|
},
|
|
],
|
|
}
|
|
};
|
|
*/
|
|
|
|
local Params = kube.simpleFieldStruct([
|
|
"namespace",
|
|
"name",
|
|
"filePath",
|
|
"postgresUser",
|
|
"postgresService",
|
|
"postgresDatabase",
|
|
"postgresNamespace",
|
|
"secretName",
|
|
"secretDbPwdKey",
|
|
// TODO: is this needed?
|
|
//"ingressHost",
|
|
"configClaimName",
|
|
"dataClaimName",
|
|
]) {
|
|
labels: {},
|
|
gatekeeperSidecar: null,
|
|
lsParams: linuxserver.AppParams {
|
|
name: $.name,
|
|
namespace: $.namespace,
|
|
filePath: $.filePath,
|
|
templatePath: std.thisFile,
|
|
baseAppName: "forgejo",
|
|
imageName: "codeberg.org/forgejo/forgejo",
|
|
labels+: $.labels,
|
|
gatekeeperSidecar: $.gatekeeperSidecar,
|
|
env: linuxserver.Env {
|
|
others: [
|
|
kube.NameVal("FORGEJO__database__DB_TYPE", "postgres"),
|
|
kube.NameVal("FORGEJO__database__HOST",
|
|
$.postgresService + "." + $.postgresNamespace + ".svc.cluster.local"),
|
|
kube.NameVal("FORGEJO__database__NAME", $.postgresDatabase),
|
|
kube.NameVal("FORGEJO__database__USER", $.postgresUser),
|
|
{
|
|
name: "FORGEJO__database__PASSWD",
|
|
valueFrom: {
|
|
secretKeyRef: {
|
|
name: $.secretName,
|
|
key: $.secretDbPwdKey,
|
|
}
|
|
}
|
|
},
|
|
]
|
|
},
|
|
services: [
|
|
linuxserver.Service {
|
|
suffix: "ui",
|
|
spec: kube.SvcUtil.BasicHttpClusterIpSpec(WebPort)
|
|
},
|
|
],
|
|
ports: [ kube.DeployUtil.ContainerPort("http", WebPort), ],
|
|
configMaps: [
|
|
linuxserver.ConfigMap {
|
|
name: "forgejo-config",
|
|
bindName: $.configClaimName,
|
|
// TODO: Double check this.
|
|
mountPath: "/etc/forgejo/conf",
|
|
},
|
|
],
|
|
pvcs: [
|
|
linuxserver.Pvc{
|
|
name: "forgejo-data",
|
|
mountPath: "/data",
|
|
bindName: $.dataClaimName,
|
|
},
|
|
],
|
|
resources: {
|
|
requests: {
|
|
cpu: "300m",
|
|
memory: "1500Mi",
|
|
},
|
|
limits: {
|
|
cpu: "600m",
|
|
memory: "3000Mi",
|
|
},
|
|
},
|
|
|
|
livenessProbe: probe(/*delaySeconds=*/60),
|
|
readinessProbe: probe(/*delaySeconds=*/60),
|
|
},
|
|
};
|
|
|
|
local App(params) = linuxserver.App(params.lsParams);
|
|
|
|
{
|
|
WebPort: WebPort,
|
|
ConfigMapParams: ConfigMapParams,
|
|
ConfigMap: ConfigMap,
|
|
SecretParams: SecretParams,
|
|
Secret: Secret,
|
|
Params: Params,
|
|
App(params): App(params),
|
|
}
|