Rewrite to jsonnet because reasons

3 years ago · 66750faf92
parent da29cc90c6
commit 66750faf92
23 changed files with 451 additions and 269 deletions
--- a/base/kustomization.yaml
+++ b/base/kustomization.yaml
@ -1,16 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-
-resources:
-  - postgres.yaml
-  - rabbitmq.yaml
-
-configMapGenerator:
-  - name: rabbitmq-config
-    files:
-      - enabled_plugins=etc/rabbitmq/enabled_plugins
-      - rabbitmq.conf=etc/rabbitmq/rabbitmq.conf
-      - rmq_schema.json=etc/rabbitmq/rmq_schema.json
-  - name: postgres-dbinit
-    files:
-      - piccdb.sql
--- a/base/postgres.yaml
+++ b/base/postgres.yaml
@ -1,57 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: postgres
-spec:
-  type: LoadBalancer
-  selector:
-    app: postgres
-  ports:
-    - protocol: TCP
-      port: 5432
---
-apiVersion: apps/v1
-kind: StatefulSet
-metadata:
-  name: postgres
-spec:
-  selector:
-    matchLabels:
-      app: postgres
-  serviceName: "postgres"
-  template:
-    metadata:
-      labels:
-        app: postgres
-    spec:
-      containers:
-        - name: postgres
-          image: docker.io/postgres:13
-          ports:
-            - containerPort: 5432
-              name: db
-          env:
-            - name: POSTGRES_DB
-              value: picc
-            - name: POSTGRES_PASSWORD
-              valueFrom:
-                secretKeyRef:
-                  name: postgres-password
-                  key: password
-          volumeMounts:
-            - name: postgres-data
-              mountPath: /var/lib/postgresql/data
-            - name: dbinit
-              mountPath: /docker-entrypoint-initdb.d
-      volumes:
-        - name: dbinit
-          configMap:
-            name: postgres-dbinit
-  volumeClaimTemplates:
-    - metadata:
-        name: postgres-data
-      spec:
-        accessModes: [ "ReadWriteOnce" ]
-        resources:
-          requests:
-            storage: 100Mi
--- a/base/rabbitmq.yaml
+++ b/base/rabbitmq.yaml
@ -1,53 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: rabbitmq
-spec:
-  type: LoadBalancer
-  selector:
-    app: rabbitmq
-  ports:
-    - name: amqp
-      port: 5672
-    - name: web
-      port: 15672
-    - name: mqtt
-      port: 1883
---
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: rabbitmq
-  labels:
-    app: rabbitmq
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: rabbitmq
-  template:
-    metadata:
-      labels:
-        app: rabbitmq
-    spec:
-      containers:
-        - name: rabbitmq
-          image: docker.io/rabbitmq:3
-          ports:
-            - containerPort: 5672
-            - containerPort: 15672
-            - containerPort: 1883
-          volumeMounts:
-            - mountPath: "/etc/rabbitmq"
-              name: config
-      volumes:
-        - name: config
-          configMap:
-            name: rabbitmq-config
-            items:
-              - key: "enabled_plugins"
-                path: "enabled_plugins"
-              - key: "rabbitmq.conf"
-                path: "rabbitmq.conf"
-              - key: "rmq_schema.json"
-                path: "rmq_schema.json"
--- a/deployments/picc/picc.jsonnet
+++ b/deployments/picc/picc.jsonnet
@ -0,0 +1,4 @@
+function(namespace){
+    picc_app: import "picc_app.jsonnet",
+    picc_config: (import "picc_config.jsonnet")(namespace),
+}
--- a/deployments/picc/picc_app.jsonnet
+++ b/deployments/picc/picc_app.jsonnet
@ -0,0 +1,71 @@
+{
+    apiVersion: "apps/v1",
+    kind: "Deployment",
+    metadata: {
+        name: "picc",
+        labels: {
+            app: "picc"
+        }
+    },
+    spec: {
+        replicas: 1,
+        selector: {
+            matchLabels: {
+                app: "picc"
+            }
+        },
+        template: {
+            metadata: {
+                labels: {
+                    app: "picc"
+                }
+            },
+            spec: {
+                containers: [
+                    {
+                        name: "picc",
+                        image: "docker.raptorpond.com/picc",
+                        env: [
+                            {
+                                name: "RABBITMQ_HOST",
+                                valueFrom: {
+                                    configMapKeyRef: {
+                                        name: "picc-config",
+                                        key: "rabbitmq_host"
+                                    }
+                                }
+                            },
+                            {
+                                name: "RABBITMQ_PORT",
+                                valueFrom: {
+                                    configMapKeyRef: {
+                                        name: "picc-config",
+                                        key: "rabbitmq_port"
+                                    }
+                                }
+                            },
+                            {
+                                name: "POSTGRES_HOST",
+                                valueFrom: {
+                                    configMapKeyRef: {
+                                        name: "picc-config",
+                                        key: "postgres_host"
+                                    }
+                                }
+                            },
+                            {
+                                name: "POSTGRES_PASSWORD",
+                                valueFrom: {
+                                    secretKeyRef: {
+                                        name: "postgres-password",
+                                        key: "password"
+                                    }
+                                }
+                            }
+                        ]
+                    }
+                ]
+            }
+        }
+    }
+}
--- a/deployments/picc/picc_config.jsonnet
+++ b/deployments/picc/picc_config.jsonnet
@ -0,0 +1,12 @@
+function(namespace){
+    kind: "ConfigMap",
+    apiVersion: "v1",
+    metadata: {
+    	name: "picc-config"
+    },
+    data: {
+        rabbitmq_host: "rabbitmq.%s" % [namespace],
+        rabbitmq_port: "5672",
+        postgres_host: "postgres.%s" % [namespace]
+    }
+}
--- a/deployments/postgres/piccdb.sql
+++ b/deployments/postgres/piccdb.sql
@ -1,44 +1,44 @@
-BEGIN;
-
-DROP TABLE IF EXISTS picc_events;
-DROP TABLE IF EXISTS picc_locations;
-
-CREATE TABLE picc_locations
-(
-    id            SERIAL PRIMARY KEY,
-    location_name TEXT NOT NULL
-    -- TODO: figure out PostGIS
-);
-
-INSERT INTO picc_locations (id, location_name)
-VALUES (0, 'Unknown');
-INSERT INTO picc_locations (id, location_name)
-VALUES (1, 'Not Applicable');
-
-DROP TABLE IF EXISTS picc_events;
-
-CREATE TABLE picc_events
-(
-    id             BIGSERIAL PRIMARY KEY,                                                                 -- ID
-    log_time       TIMESTAMP with time zone NOT NULL                           DEFAULT CURRENT_TIMESTAMP, -- Time when event was logged
-    event_time     TIMESTAMP with time zone,                                                              -- Optional: time when event was generated, can be different than log_time
-    event_location integer                  NOT NULL references picc_locations DEFAULT 0,                 -- Location associated with event
--     sender         text                     NOT NULL, -- Sender is implicit in whoever owns the endpoint
-    endpoint       text
-        CONSTRAINT valid_endpoint CHECK ( endpoint ~ '^([A-Za-z0-9_-]+\.)*([A-Za-z0-9_-]+)$' ),             -- Event endpoint
-    body           jsonb                    NOT NULL                                                      -- Event body content
-);
-
-CREATE INDEX idx_picc_events_endpoint ON picc_events (endpoint);
-
-- DROP TABLE IF EXISTS mqtt;
--
-- CREATE TABLE picc_mqtt
-- (
--     id           BIGSERIAL PRIMARY KEY,
--     receive_time TIMESTAMP,
--     routing_key  TEXT,
--     payload      TEXT
-- );
-
+BEGIN;
+
+DROP TABLE IF EXISTS picc_events;
+DROP TABLE IF EXISTS picc_locations;
+
+CREATE TABLE picc_locations
+(
+    id            SERIAL PRIMARY KEY,
+    location_name TEXT NOT NULL
+    -- TODO: figure out PostGIS
+);
+
+INSERT INTO picc_locations (id, location_name)
+VALUES (0, 'Unknown');
+INSERT INTO picc_locations (id, location_name)
+VALUES (1, 'Not Applicable');
+
+DROP TABLE IF EXISTS picc_events;
+
+CREATE TABLE picc_events
+(
+    id             BIGSERIAL PRIMARY KEY,                                                                 -- ID
+    log_time       TIMESTAMP with time zone NOT NULL                           DEFAULT CURRENT_TIMESTAMP, -- Time when event was logged
+    event_time     TIMESTAMP with time zone,                                                              -- Optional: time when event was generated, can be different than log_time
+    event_location integer                  NOT NULL references picc_locations DEFAULT 0,                 -- Location associated with event
+--     sender         text                     NOT NULL, -- Sender is implicit in whoever owns the endpoint
+    endpoint       text
+        CONSTRAINT valid_endpoint CHECK ( endpoint ~ '^([A-Za-z0-9_-]+\.)*([A-Za-z0-9_-]+)$' ),             -- Event endpoint
+    body           jsonb                    NOT NULL                                                      -- Event body content
+);
+
+CREATE INDEX idx_picc_events_endpoint ON picc_events (endpoint);
+
+-- DROP TABLE IF EXISTS mqtt;
+--
+-- CREATE TABLE picc_mqtt
+-- (
+--     id           BIGSERIAL PRIMARY KEY,
+--     receive_time TIMESTAMP,
+--     routing_key  TEXT,
+--     payload      TEXT
+-- );
+
 COMMIT;
--- a/deployments/postgres/postgres.jsonnet
+++ b/deployments/postgres/postgres.jsonnet
@ -0,0 +1,12 @@
+local utils = import "../../lib/picc-k8s.libsonnet";
+
+function(password=null, ip=null){
+    postgres_app: import "postgres_app.jsonnet",
+    postgres_service: utils.service(name="postgres", ports=[{name: "postgres", protocol: "TCP", port:5432}], ip=ip),
+    postgres_password:
+        if password != null then
+            (import "postgres_password.jsonnet")(password)
+        else
+            (import "postgres_password.jsonnet")(),
+    postgres_dbinit: import "postgres_dbinit.jsonnet"
+}
--- a/deployments/postgres/postgres_app.jsonnet
+++ b/deployments/postgres/postgres_app.jsonnet
@ -0,0 +1,80 @@
+{
+    apiVersion: "apps/v1",
+    kind: "StatefulSet",
+    metadata: {
+        name: "postgres"
+    },
+    spec: {
+        selector: {
+            matchLabels: {
+                app: "postgres"
+            }
+        },
+        serviceName: "postgres",
+        template: {
+            metadata:{
+                labels: {
+                    app: "postgres"
+                }
+            },
+            spec: {
+                containers: [
+                    {
+                        name: "postgres",
+                        image: "docker.io/postgres:13",
+                        ports: [
+                            {containerPort: 5432,
+                             name: "db"}
+                        ],
+                        env: [
+                            {
+                                name: "POSTGRES_DB",
+                                value: "picc"
+                            },
+                            {
+                                name: "POSTGRES_PASSWORD",
+                                valueFrom: {
+                                    secretKeyRef: {
+                                        name: "postgres-password",
+                                        key: "password"
+                                    }
+                                }
+                            }
+                        ],
+                        volumeMounts: [
+                            {
+                                name: "postgres-data",
+                                mountPath: "/var/lib/postgresql/data"
+                            },
+                            {
+                                name: "dbinit",
+                                mountPath: "/docker-entrypoint-initdb.d"
+                            }
+                        ]
+                    }
+                ],
+                volumes: [
+                    {
+                        name: "dbinit",
+                        configMap: {
+                            name: "postgres-dbinit"
+                        }
+                    }
+                ]
+            }
+        },
+        volumeClaimTemplates : [{
+            metadata: {
+                name: "postgres-data"
+            },
+            spec: {
+                accessModes: ["ReadWriteOnce"],
+                resources: {
+                    requests: {
+                        storage: "100Mi"
+                    }
+                }
+            }
+        }]
+    }
+}
--- a/deployments/postgres/postgres_dbinit.jsonnet
+++ b/deployments/postgres/postgres_dbinit.jsonnet
@ -0,0 +1,10 @@
+{
+	kind: "ConfigMap",
+	apiVersion: "v1",
+	metadata: {
+		name: "postgres-dbinit"
+	},
+	data: {
+	    "piccdb.sql": importstr "piccdb.sql"
+	}
+}
--- a/deployments/postgres/postgres_password.jsonnet
+++ b/deployments/postgres/postgres_password.jsonnet
@ -0,0 +1,11 @@
+function(password = "piccpass") {
+	kind: "Secret",
+	apiVersion: "v1",
+	metadata: {
+		name: "postgres-password"
+	},
+	data: {
+		"password": std.base64(password)
+	},
+	type: "Opaque"
+}
--- a/deployments/rabbitmq/etc/rabbitmq/enabled_plugins
+++ b/deployments/rabbitmq/etc/rabbitmq/enabled_plugins
--- a/deployments/rabbitmq/etc/rabbitmq/rabbitmq.conf
+++ b/deployments/rabbitmq/etc/rabbitmq/rabbitmq.conf
@ -1,21 +1,21 @@
-loopback_users.guest = false
-listeners.tcp.default = 5672
-management.tcp.port = 15672
-
-#mqtt.listeners.tcp.default = 1883
-## Default MQTT with TLS port is 8883
-# mqtt.listeners.ssl.default = 8883
-
-# anonymous connections, if allowed, will use the default
-# credentials specified here
-#mqtt.allow_anonymous  = true
-#mqtt.default_user     = guest
-#mqtt.default_pass     = guest
-
-#mqtt.vhost            = /
-mqtt.exchange         = mqtt
-# 24 hours by default
-#mqtt.subscription_ttl = 86400000
-#mqtt.prefetch         = 10
-
+loopback_users.guest = false
+listeners.tcp.default = 5672
+management.tcp.port = 15672
+
+#mqtt.listeners.tcp.default = 1883
+## Default MQTT with TLS port is 8883
+# mqtt.listeners.ssl.default = 8883
+
+# anonymous connections, if allowed, will use the default
+# credentials specified here
+#mqtt.allow_anonymous  = true
+#mqtt.default_user     = guest
+#mqtt.default_pass     = guest
+
+#mqtt.vhost            = /
+mqtt.exchange         = mqtt
+# 24 hours by default
+#mqtt.subscription_ttl = 86400000
+#mqtt.prefetch         = 10
+
 load_definitions = /etc/rabbitmq/rmq_schema.json
--- a/deployments/rabbitmq/etc/rabbitmq/rmq_schema.json
+++ b/deployments/rabbitmq/etc/rabbitmq/rmq_schema.json
@ -1,40 +1,40 @@
-{
-  "rabbit_version": "3.8.9",
-  "rabbitmq_version": "3.8.9",
-  "product_name": "RabbitMQ",
-  "product_version": "3.8.9",
-  "users": [
-    {
-      "name": "guest",
-      "password_hash": "KzhdT8G04Hon/5BEAasW4KF9NVBpwo3MIKGBs0nJjz8KLBvq",
-      "hashing_algorithm": "rabbit_password_hashing_sha256",
-      "tags": "administrator"
-    }
-  ],
-  "vhosts": [
-    {
-      "name": "/"
-    }
-  ],
-  "permissions": [
-    {
-      "user": "guest",
-      "vhost": "/",
-      "configure": ".*",
-      "write": ".*",
-      "read": ".*"
-    }
-  ],
-  "policies": [],
-  "exchanges": [
-    {
-      "name": "mqtt",
-      "vhost": "/",
-      "type": "topic",
-      "durable": true,
-      "auto_delete": false,
-      "internal": false,
-      "arguments": {}
-    }
-  ]
+{
+  "rabbit_version": "3.8.9",
+  "rabbitmq_version": "3.8.9",
+  "product_name": "RabbitMQ",
+  "product_version": "3.8.9",
+  "users": [
+    {
+      "name": "guest",
+      "password_hash": "KzhdT8G04Hon/5BEAasW4KF9NVBpwo3MIKGBs0nJjz8KLBvq",
+      "hashing_algorithm": "rabbit_password_hashing_sha256",
+      "tags": "administrator"
+    }
+  ],
+  "vhosts": [
+    {
+      "name": "/"
+    }
+  ],
+  "permissions": [
+    {
+      "user": "guest",
+      "vhost": "/",
+      "configure": ".*",
+      "write": ".*",
+      "read": ".*"
+    }
+  ],
+  "policies": [],
+  "exchanges": [
+    {
+      "name": "mqtt",
+      "vhost": "/",
+      "type": "topic",
+      "durable": true,
+      "auto_delete": false,
+      "internal": false,
+      "arguments": {}
+    }
+  ]
 }
--- a/deployments/rabbitmq/rabbitmq.jsonnet
+++ b/deployments/rabbitmq/rabbitmq.jsonnet
@ -0,0 +1,11 @@
+local utils = import "../../lib/picc-k8s.libsonnet";
+
+function(ip=null){
+    rabbitmq_app: import "rabbitmq_app.jsonnet",
+    rabbitmq_service: utils.service(name="rabbitmq",
+                                    ports=[{name: "amqp", port: 5672},
+                                            {name: "web", port: 15672},
+                                            {name: "mqtt", port: 1883}],
+                                    ip=ip),
+    rabbitmq_conf: import "rabbitmq_config.jsonnet"
+}
--- a/deployments/rabbitmq/rabbitmq_app.jsonnet
+++ b/deployments/rabbitmq/rabbitmq_app.jsonnet
@ -0,0 +1,60 @@
+{
+    apiVersion: "apps/v1",
+    kind: "Deployment",
+    metadata: {
+        name: "rabbitmq",
+        labels: {
+            app: "rabbitmq"
+        }
+    },
+    spec: {
+        replicas: 1,
+        selector: {
+            matchLabels: {
+                app: "rabbitmq"
+            }
+        },
+        template: {
+            metadata: {
+                labels: {
+                    app: "rabbitmq"
+                }
+            },
+            spec: {
+                containers: [
+                    {
+                        name: "rabbitmq",
+                        image: "docker.io/rabbitmq:3",
+                        ports: [
+                            {containerPort: 5672},
+                            {containerPort: 15672},
+                            {containerPort: 1883}
+                        ],
+                        volumeMounts: [
+                            {
+                                mountPath: "/etc/rabbitmq",
+                                name: "config"
+                            }
+                        ]
+                    }
+                ],
+                volumes: [
+                    {
+                        name: "config",
+                        configMap: {
+                            name: "rabbitmq-config",
+                            items: [
+                                {key: "enabled_plugins",
+                                    path: "enabled_plugins"},
+                                {key: "rabbitmq.conf",
+                                    path: "rabbitmq.conf"},
+                                {key: "rmq_schema.json",
+                                    path: "rmq_schema.json"}
+                            ]
+                        }
+                    }
+                ]
+            }
+        }
+    }
+}
--- a/deployments/rabbitmq/rabbitmq_config.jsonnet
+++ b/deployments/rabbitmq/rabbitmq_config.jsonnet
@ -0,0 +1,12 @@
+{
+	kind: "ConfigMap",
+	apiVersion: "v1",
+	metadata: {
+		name: "rabbitmq-config"
+	},
+	data: {
+	    "enabled_plugins": importstr "etc/rabbitmq/enabled_plugins",
+	    "rabbitmq.conf": importstr "etc/rabbitmq/rabbitmq.conf",
+	    "rmq_schema.json": importstr "etc/rabbitmq/rmq_schema.json"
+	}
+}
--- a/lib/picc-k8s.libsonnet
+++ b/lib/picc-k8s.libsonnet
@ -0,0 +1,35 @@
+{
+    addNamespace(manifest, namespace)::
+    manifest +
+    {
+        metadata+: {
+            namespace: namespace
+        }
+    },
+
+    createNamespace(namespace)::
+    {
+        apiVersion: "v1",
+        kind: "Namespace",
+        metadata: {
+            name: namespace
+        }
+    },
+
+    service(name, ports, ip=null)::
+    {
+        apiVersion: "v1",
+        kind: "Service",
+        metadata: {
+            name: name
+        },
+        spec: {
+            type: "LoadBalancer",
+            selector: {
+                app: name
+            },
+            ports: ports,
+            [if ip != null then "loadBalancerIP"]: ip
+        }
+    }
+}
--- a/overlay/development/kustomization.yaml
+++ b/overlay/development/kustomization.yaml
@ -1,29 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-
-namespace: picc-dev
-
-resources:
-  - namespace.yaml
-  - ../../base
-
-secretGenerator:
-  - name: postgres-password
-    literals:
-      - password=piccpass
-
-patches:
-  - patch: |-
-      - op: add
-        path: /spec/loadBalancerIP
-        value: 192.168.2.201
-    target:
-      kind: Service
-      name: postgres
-  - patch: |-
-      - op: add
-        path: /spec/loadBalancerIP
-        value: 192.168.2.200
-    target:
-      kind: Service
-      name: rabbitmq
--- a/overlay/development/namespace.yaml
+++ b/overlay/development/namespace.yaml
@ -1,6 +0,0 @@
-kind: Namespace
-apiVersion: v1
-metadata:
-  name: picc-dev
-  labels:
-    name: picc-dev
--- a/overlay/production/namespace.yaml
+++ b/overlay/production/namespace.yaml
@ -1,6 +0,0 @@
-kind: Namespace
-apiVersion: v1
-metadata:
-  name: picc-prod
-  labels:
-    name: picc-prod
--- a/profiles/development.jsonnet
+++ b/profiles/development.jsonnet
@ -0,0 +1,13 @@
+local namespace="picc-dev";
+
+local utils = import "../lib/picc-k8s.libsonnet";
+
+local postgres = import "../deployments/postgres/postgres.jsonnet";
+local postgres_manifests = postgres(ip="192.168.2.201");
+
+local rabbitmq = import "../deployments/rabbitmq/rabbitmq.jsonnet";
+local rabbitmq_manifests = rabbitmq(ip="192.168.2.200");
+
+[utils.createNamespace(namespace),] +
+[utils.addNamespace(postgres_manifests[manifest], namespace) for manifest in std.objectFields(postgres_manifests)] +
+[utils.addNamespace(rabbitmq_manifests[manifest], namespace) for manifest in std.objectFields(rabbitmq_manifests)]
--- a/profiles/production.jsonnet
+++ b/profiles/production.jsonnet
@ -0,0 +1,18 @@
+local namespace="picc-prod";
+
+local utils = import "../lib/picc-k8s.libsonnet";
+
+local postgres = import "../deployments/postgres/postgres.jsonnet";
+local rabbitmq = import "../deployments/rabbitmq/rabbitmq.jsonnet";
+local picc = import "../deployments/picc/picc.jsonnet";
+
+function(postgres_password)
+
+local postgres_manifests = postgres(password=postgres_password);
+local rabbitmq_manifests = rabbitmq();
+local picc_manifests = picc(namespace);
+
+[utils.createNamespace(namespace),] +
+[utils.addNamespace(postgres_manifests[manifest], namespace) for manifest in std.objectFields(postgres_manifests)] +
+[utils.addNamespace(rabbitmq_manifests[manifest], namespace) for manifest in std.objectFields(rabbitmq_manifests)] +
+[utils.addNamespace(picc_manifests[manifest], namespace) for manifest in std.objectFields(picc_manifests)]