~thesuess/infrastructure

infrastructure/services/lib/openshift_console.libsonnet -rw-r--r-- 3.1 KiB
9eb8cd1fDominik Süß feat: grafana azure auth 5 days ago
                                                                                
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
(import "ksonnet-util/kausal.libsonnet") +
{
  _config+:: {
    openshift_console: {
      name: "openshift-console",
      image: "quay.io/openshift/origin-console:4.12",
      host: "console.k3s.suess.wtf",

      oidc_client_id: error "$._config.openshift_console.oidc_client_id must be defined",
      oidc_client_secret: error "$._config.openshift_console.oidc_client_secret must be defined",
      oidc_issuer_url: error "$._config.openshift_console.oidc_client_issuer_url must be defined",
    },
  },

  local deployment = $.apps.v1.deployment,
  local container = $.core.v1.container,
  local port = $.core.v1.containerPort,
  local envVarSource = $.core.v1.envVarSource,
  local volumeMount = $.core.v1.volumeMount,
  local volume = $.core.v1.volume,
  local pvc = $.core.v1.persistentVolumeClaim,
  local configMap = $.core.v1.configMap,
  local secret = $.core.v1.secret,
  local ingressRoute = $.traefik.ingressRoute,
  local config = $._config.openshift_console,

  openshift_console: {
    secret: secret.new(name=$._config.openshift_console.name, data={})
    + secret.withStringData({
      'BRIDGE_USER_AUTH_OIDC_CLIENT_SECRET': config.oidc_client_secret,
    }),
    deployment: deployment.new(name=$._config.openshift_console.name, replicas=1, containers=[
                  container.new(name="openshift-console",image=$._config.openshift_console.image)
                  + container.withPorts([
                      port.new("http",9000),
                  ])
                  + container.withEnvMap({
                    'BRIDGE_USER_AUTH': 'oidc',
                    'BRIDGE_USER_AUTH_OIDC_CLIENT_ID': config.oidc_client_id,
                    'BRIDGE_USER_AUTH_OIDC_ISSUER_URL': config.oidc_issuer_url,
                    'BRIDGE_BASE_ADDRESS': 'https://'+config.host,
                    'BRIDGE_K8S_AUTH': 'oidc',
                    'BRIDGE_K8S_MODE': 'off-cluster',
                    'BRIDGE_USER_SETTINGS_LOCATION': 'localstorage',
                    'BRIDGE_CONTROL_PLANE_TOPOLOGY_MODE': 'SingleReplica',
                    'BRIDGE_K8S_MODE_OFF_CLUSTER_ENDPOINT': 'https://kubernetes.default.svc',
                    'BRIDGE_K8S_MODE_OFF_CLUSTER_SKIP_VERIFY_TLS': 'true',
                    'BRIDGE_K8S_MODE_OFF_CLUSTER_THANOS': 'http://prometheus-k8s.monitoring.svc:9090',
                    'BRIDGE_K8S_MODE_OFF_CLUSTER_ALERTMANAGER': 'http://alertmanager-main.monitoring.svc:9093',
                  })
                  + container.withEnvFrom([
                    $.core.v1.envFromSource.secretRef.withName($.openshift_console.secret.metadata.name)
                  ])
                  + container.resources.withRequests({
                    cpu: '10m',
                    memory: '64Mi',
                  })
                  + container.resources.withLimits({
                    cpu: '200m',
                    memory: '128Mi',
                  })
                ])

                + deployment.spec.template.spec.withNodeSelector({'kubernetes.io/arch': "amd64"}),

    service: $.util.serviceFor(self.deployment),
    route: $.util.routeFor(self.service,$._config.openshift_console.host,public=true),
  }
}