diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..08a6ee6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +examples/k8s/tanka/vendor/* diff --git a/examples/k8s/tanka/README.md b/examples/k8s/tanka/README.md index f3106fd..0f33210 100644 --- a/examples/k8s/tanka/README.md +++ b/examples/k8s/tanka/README.md @@ -4,8 +4,9 @@ * Install [Tanka](https://tanka.dev/install) and `jb` * Install dependencies with `jb install` -* Edit tunables in `environments/default/vars.libsonnet` as desired +* Edit tunables in `environments/default/rspamd-config.libsonnet` as desired (refer to `default/rspamd-config.libsonnet`) * Populate Rspamd configuration in `environments/default/config` directory as desired -* Import whatever files you populate there in `environments/default/config.libsonnet` +* Import whatever files you populate there in `environments/default/rspamd-config.libsonnet` * Edit `environments/default/spec.json` as appropriate for your install target +* Further customisations can be applied in `environments/default/main.jsonnet` * Deploy with `tk apply environments/default` diff --git a/examples/k8s/tanka/environments/default/vars.libsonnet b/examples/k8s/tanka/default/rspamd-config.libsonnet similarity index 85% rename from examples/k8s/tanka/environments/default/vars.libsonnet rename to examples/k8s/tanka/default/rspamd-config.libsonnet index 50dcc8b..4707bc2 100644 --- a/examples/k8s/tanka/environments/default/vars.libsonnet +++ b/examples/k8s/tanka/default/rspamd-config.libsonnet @@ -1,4 +1,10 @@ { + // configmaps for user's rspamd configuration files + configmaps: { + root: {}, + locald: {}, + overrided: {}, + }, // should we create our namespace create_namespace: true, // name for dbdir volume diff --git a/examples/k8s/tanka/environments/default/config.libsonnet b/examples/k8s/tanka/environments/default/config.libsonnet deleted file mode 100644 index dd675ef..0000000 --- a/examples/k8s/tanka/environments/default/config.libsonnet +++ /dev/null @@ -1,13 +0,0 @@ -// import all your configuration files here - -{ - root: { - //"rspamd.local.lua": importstr 'config/rspamd.local.lua', - }, - locald: { - //"redis.conf": importstr 'config/local.d/redis.conf', - }, - overrided: { - //"phishing.conf": importstr 'config/override.d/phishing.conf', - }, -} diff --git a/examples/k8s/tanka/environments/default/main.jsonnet b/examples/k8s/tanka/environments/default/main.jsonnet index 8903b37..a06adbd 100644 --- a/examples/k8s/tanka/environments/default/main.jsonnet +++ b/examples/k8s/tanka/environments/default/main.jsonnet @@ -2,7 +2,7 @@ local k = import 'github.com/grafana/jsonnet-libs/ksonnet-util/kausal.libsonnet' local rspamd = import 'rspamd.libsonnet'; rspamd -// make local modifications here +// make local modifications here; see also rspamd-config.libsonnet /* { rspamd+: { diff --git a/examples/k8s/tanka/environments/default/rspamd-config.libsonnet b/examples/k8s/tanka/environments/default/rspamd-config.libsonnet new file mode 100644 index 0000000..7843e8a --- /dev/null +++ b/examples/k8s/tanka/environments/default/rspamd-config.libsonnet @@ -0,0 +1,17 @@ +(import '../../default/rspamd-config.libsonnet') + { + // override values here + /* + configmaps+:: { + root: { + //"rspamd.local.lua": importstr 'config/rspamd.local.lua', + }, + locald: { + //"redis.conf": importstr 'config/local.d/redis.conf', + }, + overrided: { + //"phishing.conf": importstr 'config/override.d/phishing.conf', + }, + }, + */ + //enable_pvc: true, +} diff --git a/examples/k8s/tanka/environments/default/rspamd.libsonnet b/examples/k8s/tanka/lib/rspamd.libsonnet similarity index 55% rename from examples/k8s/tanka/environments/default/rspamd.libsonnet rename to examples/k8s/tanka/lib/rspamd.libsonnet index 7a7a271..76245b1 100644 --- a/examples/k8s/tanka/environments/default/rspamd.libsonnet +++ b/examples/k8s/tanka/lib/rspamd.libsonnet @@ -1,5 +1,4 @@ -local configData = import 'config.libsonnet'; -local vars = import 'vars.libsonnet'; +local rspamd_config = import 'rspamd-config.libsonnet'; local k = import 'github.com/grafana/jsonnet-libs/ksonnet-util/kausal.libsonnet'; @@ -11,22 +10,22 @@ local persistentVolumeClaim = k.core.v1.persistentVolumeClaim; local service = k.core.v1.service; local serviceAccount = k.core.v1.serviceAccount; -local configMapRoot = configMap.new('rspamd-config-root') + configMap.withData(configData.root); -local configMapLocal = configMap.new('rspamd-config-locald') + configMap.withData(configData.locald); -local configMapOverride = configMap.new('rspamd-config-overrided') + configMap.withData(configData.overrided); +local configMapRoot = configMap.new('rspamd-config-root') + configMap.withData(rspamd_config.configmaps.root); +local configMapLocal = configMap.new('rspamd-config-locald') + configMap.withData(rspamd_config.configmaps.locald); +local configMapOverride = configMap.new('rspamd-config-overrided') + configMap.withData(rspamd_config.configmaps.overrided); local configHash = std.native('sha256')(std.manifestJson(configMapRoot) + std.manifestJson(configMapLocal) + std.manifestJson(configMapOverride)); -local spec = std.native('parseJson')(importstr 'spec.json').spec; -local rspamdNamespace = namespace.new(spec.namespace); +local tk = import 'tk'; +local rspamdNamespace = namespace.new(tk.env.spec.namespace); -local pvc = persistentVolumeClaim.new(vars.dbdir_name) + +local pvc = persistentVolumeClaim.new(rspamd_config.dbdir_name) + persistentVolumeClaim.mixin.spec.withAccessModes(['ReadWriteOncePod']) + - persistentVolumeClaim.mixin.spec.withStorageClassName(vars.storageclass) + - persistentVolumeClaim.mixin.spec.resources.withRequests({ storage: vars.dbdir_size }); + persistentVolumeClaim.mixin.spec.withStorageClassName(rspamd_config.storageclass) + + persistentVolumeClaim.mixin.spec.resources.withRequests({ storage: rspamd_config.dbdir_size }); local labels = { - name: vars.name, - namespace: spec.namespace, + name: rspamd_config.name, + namespace: tk.env.spec.namespace, }; local volumeMounts = [ @@ -51,10 +50,10 @@ local volumeMounts = [ local volumes = [ { name: 'dbdir', - } + (if vars.enable_pvc then - { persistentVolumeClaim: { claimName: vars.dbdir_name } } + } + (if rspamd_config.enable_pvc then + { persistentVolumeClaim: { claimName: rspamd_config.dbdir_name } } else - { emptyDir: { sizeLimit: vars.dbdir_size } }), + { emptyDir: { sizeLimit: rspamd_config.dbdir_size } }), { name: 'config-root', configMap: { @@ -76,14 +75,21 @@ local volumes = [ ]; local rspamdDeployment = deployment.new( - name=vars.name, - replicas=vars.replicas, + name=rspamd_config.name, + replicas=rspamd_config.replicas, containers=[ - container.new( - name=vars.name, - image=vars.image_name + ':' + vars.image_tag, + container.mixin.startupProbe.httpGet.withPath('/ping') + + container.mixin.startupProbe.httpGet.withPort(11333) + + container.mixin.startupProbe.withPeriodSeconds(10) + + container.mixin.startupProbe.withFailureThreshold(30) + + container.mixin.livenessProbe.httpGet.withPath('/ping') + + container.mixin.livenessProbe.httpGet.withPort(11333) + + container.mixin.livenessProbe.withFailureThreshold(3) + + container.new( + name=rspamd_config.name, + image=rspamd_config.image_name + ':' + rspamd_config.image_tag, ) - + container.withImagePullPolicy(vars.image_pull_policy) + + container.mixin.withImagePullPolicy(rspamd_config.image_pull_policy) + container.mixin.withPorts([ { containerPort: 11332, name: 'proxy' }, { containerPort: 11333, name: 'normal' }, @@ -92,13 +98,14 @@ local rspamdDeployment = deployment.new( + container.mixin.withVolumeMounts(volumeMounts), ], ) + deployment.mixin.spec.selector.withMatchLabels(labels) - + (if vars.service_account != '' then deployment.mixin.spec.template.spec.withServiceAccountName(vars.service_account) else {}) + + (if rspamd_config.service_account != '' then deployment.mixin.spec.template.spec.withServiceAccountName(rspamd_config.service_account) else {}) + deployment.mixin.spec.template.spec.withVolumes(volumes) + deployment.metadata.withAnnotations({ 'checksum/config': configHash }) + deployment.mixin.spec.template.metadata.withLabels(labels); + local rspamdService = service.new( - name=vars.name, + name=rspamd_config.name, selector=labels, ports=[ { @@ -124,13 +131,13 @@ local rspamdService = service.new( { rspamd: { - configmap_root: configMap.new('rspamd-config-root') + configMap.withData(configData.root), - configmap_locald: configMap.new('rspamd-config-locald') + configMap.withData(configData.locald), - configmap_overrided: configMap.new('rspamd-config-overrided') + configMap.withData(configData.overrided), + configmap_root: configMapRoot, + configmap_locald: configMapLocal, + configmap_overrided: configMapOverride, deployment: rspamdDeployment, } - + (if vars.create_namespace != '' then { namespace: rspamdNamespace } else {}) - + (if vars.service_account != '' then { service_account: serviceAccount.new(vars.service_account) } else {}) - + (if vars.enable_pvc then { pvc: pvc } else {}) - + (if vars.enable_service then { service: rspamdService } else {}), + + (if rspamd_config.create_namespace != '' then { namespace: rspamdNamespace } else {}) + + (if rspamd_config.service_account != '' then { service_account: serviceAccount.new(rspamd_config.service_account) } else {}) + + (if rspamd_config.enable_pvc then { pvc: pvc } else {}) + + (if rspamd_config.enable_service then { service: rspamdService } else {}), }