2019-07-30 11:03:03 +00:00
|
|
|
local kube = import "../../../kube/kube.libsonnet";
|
|
|
|
|
|
|
|
{
|
|
|
|
IX: {
|
|
|
|
local ix = self,
|
|
|
|
local cfg = ix.cfg,
|
|
|
|
cfg:: {
|
2019-08-01 18:16:27 +00:00
|
|
|
image: "registry.k0.hswaw.net/bgpwtf/cccampix:1565559239-95928eecd7e35e8582fa011d1457643ca398c310",
|
|
|
|
|
|
|
|
domain: "ix-status.bgp.wtf",
|
2019-07-30 11:03:03 +00:00
|
|
|
octorpki: {
|
2019-08-01 18:16:27 +00:00
|
|
|
image: "registry.k0.hswaw.net/bgpwtf/cccampix:1565469898-95928eecd7e35e8582fa011d1457643ca398c310",
|
2019-08-09 16:24:00 +00:00
|
|
|
storageClassName: "waw-hdd-redundant-2",
|
2019-07-30 11:03:03 +00:00
|
|
|
resources: {
|
2019-08-01 18:16:27 +00:00
|
|
|
requests: { cpu: "200m", memory: "1Gi" },
|
|
|
|
limits: { cpu: "1", memory: "2Gi" },
|
|
|
|
},
|
|
|
|
},
|
|
|
|
|
|
|
|
verifier: {
|
|
|
|
image: cfg.image,
|
|
|
|
db: {
|
|
|
|
host: "public.crdb-waw1.svc.cluster.local",
|
|
|
|
port: 26257,
|
|
|
|
username: "cccampix",
|
|
|
|
name: "cccampix",
|
|
|
|
tlsSecret: "client-cccampix-certificate",
|
2019-07-30 11:03:03 +00:00
|
|
|
},
|
|
|
|
},
|
|
|
|
|
2019-08-01 18:16:27 +00:00
|
|
|
irr: {
|
|
|
|
image: cfg.image,
|
|
|
|
},
|
|
|
|
|
|
|
|
peeringdb: {
|
|
|
|
image: cfg.image,
|
|
|
|
},
|
|
|
|
|
|
|
|
frontend: {
|
|
|
|
image: cfg.image,
|
|
|
|
},
|
|
|
|
|
2019-07-30 11:03:03 +00:00
|
|
|
appName: "ix",
|
|
|
|
namespace: error "namespace must be defined",
|
|
|
|
prefix: "",
|
|
|
|
},
|
|
|
|
|
|
|
|
namespace: kube.Namespace(cfg.namespace),
|
|
|
|
name(component):: cfg.prefix + component,
|
|
|
|
metadata(component):: {
|
|
|
|
namespace: cfg.namespace,
|
|
|
|
labels: {
|
|
|
|
"app.kubernetes.io/name": cfg.appName,
|
|
|
|
"app.kubernetes.io/managed-by": "kubecfg",
|
|
|
|
"app.kubernetes.io/component": component,
|
|
|
|
},
|
|
|
|
},
|
|
|
|
|
|
|
|
octorpki: {
|
2019-08-01 18:16:27 +00:00
|
|
|
address:: "%s.%s.svc.cluster.local:%d" % [
|
|
|
|
"octorpki",
|
|
|
|
ix.cfg.namespace,
|
|
|
|
8080,
|
|
|
|
],
|
2019-07-30 11:03:03 +00:00
|
|
|
cache: kube.PersistentVolumeClaim(ix.name("octorpki")) {
|
|
|
|
metadata+: ix.metadata("octorpki"),
|
|
|
|
spec+: {
|
|
|
|
storageClassName: cfg.octorpki.storageClassName,
|
|
|
|
accessModes: [ "ReadWriteOnce" ],
|
|
|
|
resources: {
|
|
|
|
requests: {
|
|
|
|
storage: "2Gi",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
deployment: kube.Deployment(ix.name("octorpki")) {
|
|
|
|
metadata+: ix.metadata("octorpki"),
|
|
|
|
spec+: {
|
|
|
|
template+: {
|
|
|
|
spec+: {
|
|
|
|
volumes_: {
|
|
|
|
cache: kube.PersistentVolumeClaimVolume(ix.octorpki.cache),
|
|
|
|
},
|
|
|
|
containers_: {
|
|
|
|
octorpki: kube.Container(ix.name("octorpki")){
|
|
|
|
image: cfg.octorpki.image,
|
|
|
|
args: [
|
|
|
|
"/octorpki/entrypoint.sh",
|
|
|
|
],
|
|
|
|
ports_: {
|
|
|
|
client: { containerPort: 8080 },
|
|
|
|
},
|
|
|
|
volumeMounts_: {
|
|
|
|
cache: { mountPath: "/cache" },
|
|
|
|
},
|
|
|
|
resources: cfg.octorpki.resources,
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
svc: kube.Service(ix.name("octorpki")) {
|
|
|
|
metadata+: ix.metadata("octorpki"),
|
|
|
|
target_pod:: ix.octorpki.deployment.spec.template,
|
|
|
|
spec+: {
|
|
|
|
ports: [
|
|
|
|
{ name: "client", port: 8080, targetPort: 8080, protocol: "TCP" },
|
|
|
|
],
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
2019-08-01 18:16:27 +00:00
|
|
|
|
|
|
|
component(name):: {
|
|
|
|
local component = self,
|
|
|
|
args:: error "args must be set",
|
|
|
|
name:: name,
|
|
|
|
port:: 4200,
|
|
|
|
volumes:: {},
|
|
|
|
volumeMounts:: {},
|
|
|
|
|
|
|
|
deployment: kube.Deployment(ix.name(name)) {
|
|
|
|
metadata+: ix.metadata(name),
|
|
|
|
spec+: {
|
|
|
|
template+: {
|
|
|
|
spec+: {
|
|
|
|
volumes_: component.volumes,
|
|
|
|
containers_: {
|
|
|
|
[name]: kube.Container(ix.name(name)) {
|
|
|
|
image: cfg[name].image,
|
|
|
|
args: component.args,
|
|
|
|
volumeMounts_: component.volumeMounts,
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
svc: kube.Service(ix.name(name)) {
|
|
|
|
metadata+: ix.metadata(name),
|
|
|
|
target_pod:: component.deployment.spec.template,
|
|
|
|
spec+: {
|
|
|
|
ports: [
|
|
|
|
{ name: "client", port: component.port, targetPort: component.port, protocol: "TCP" },
|
|
|
|
],
|
|
|
|
},
|
|
|
|
},
|
|
|
|
|
|
|
|
address:: "%s.%s.svc.cluster.local:%d" % [
|
|
|
|
component.name,
|
|
|
|
ix.cfg.namespace,
|
|
|
|
component.port,
|
|
|
|
],
|
|
|
|
},
|
|
|
|
|
|
|
|
irr: ix.component("irr") {
|
|
|
|
args: [
|
|
|
|
"/ix/irr",
|
|
|
|
"-hspki_disable",
|
|
|
|
"-listen_address=0.0.0.0:4200",
|
|
|
|
],
|
|
|
|
},
|
|
|
|
|
|
|
|
peeringdb: ix.component("peeringdb") {
|
|
|
|
args: [
|
|
|
|
"/ix/peeringdb",
|
|
|
|
"-hspki_disable",
|
|
|
|
"-listen_address=0.0.0.0:4200",
|
|
|
|
],
|
|
|
|
},
|
|
|
|
|
|
|
|
verifier: ix.component("verifier") {
|
|
|
|
volumes: {
|
|
|
|
tls: {
|
|
|
|
secret: {
|
|
|
|
secretName: cfg.verifier.db.tlsSecret,
|
|
|
|
defaultMode: kube.parseOctal("0400"),
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
volumeMounts: {
|
|
|
|
tls: {
|
|
|
|
mountPath: "/tls",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
args: [
|
|
|
|
"/ix/verifier",
|
|
|
|
"-hspki_disable",
|
|
|
|
"-dsn", "postgres://%s@%s:%d/%s?sslmode=require&sslrootcert=%s&sslcert=%s&sslkey=%s" % [
|
|
|
|
cfg.verifier.db.username,
|
|
|
|
cfg.verifier.db.host,
|
|
|
|
cfg.verifier.db.port,
|
|
|
|
cfg.verifier.db.name,
|
|
|
|
"/tls/ca.crt",
|
|
|
|
"/tls/tls.crt",
|
|
|
|
"/tls/tls.key",
|
|
|
|
],
|
|
|
|
"-peeringdb=" + ix.peeringdb.address,
|
|
|
|
"-irr=" + ix.irr.address,
|
|
|
|
"-listen_address=0.0.0.0:4200",
|
|
|
|
"-octorpki=" + ix.octorpki.address,
|
|
|
|
],
|
|
|
|
},
|
|
|
|
|
|
|
|
frontend: ix.component("frontend") {
|
|
|
|
port: 8080,
|
|
|
|
args: [
|
|
|
|
"/ix/frontend.par",
|
|
|
|
"--flask_secret=dupa",
|
|
|
|
"--listen=0.0.0.0:8080",
|
|
|
|
"--verifier=" + ix.verifier.address,
|
|
|
|
],
|
|
|
|
},
|
|
|
|
|
|
|
|
ingress: kube.Ingress("ingress") {
|
|
|
|
metadata+: ix.metadata("public") {
|
|
|
|
annotations+: {
|
|
|
|
"kubernetes.io/tls-acme": "true",
|
|
|
|
"certmanager.k8s.io/cluster-issuer": "letsencrypt-prod",
|
|
|
|
"nginx.ingress.kubernetes.io/proxy-body-size": "0",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
spec+: {
|
|
|
|
tls: [
|
|
|
|
{ hosts: [cfg.domain], secretName: "public-tls"}
|
|
|
|
],
|
|
|
|
rules: [
|
|
|
|
{
|
|
|
|
host: cfg.domain,
|
|
|
|
http: {
|
|
|
|
paths: [
|
|
|
|
{ path: "/", backend: ix.frontend.svc.name_port },
|
|
|
|
],
|
|
|
|
},
|
|
|
|
},
|
|
|
|
],
|
|
|
|
},
|
|
|
|
},
|
2019-07-30 11:03:03 +00:00
|
|
|
},
|
|
|
|
}
|