2019-10-02 18:46:48 +00:00
|
|
|
local mirko = import "../../kube/mirko.libsonnet";
|
|
|
|
local kube = import "../../kube/kube.libsonnet";
|
|
|
|
|
|
|
|
{
|
|
|
|
hswaw(name):: mirko.Environment(name) {
|
|
|
|
local env = self,
|
|
|
|
local cfg = self.cfg,
|
|
|
|
|
|
|
|
cfg+: {
|
|
|
|
smsgw: {
|
|
|
|
secret: {
|
|
|
|
twilio_token: error "twilio_token must be set",
|
|
|
|
},
|
|
|
|
image: "registry.k0.hswaw.net/q3k/smsgs:1570049853-05c5b491c45de6d960979d4aee8635768f3178e9",
|
|
|
|
webhookFQDN: error "webhookFQDN must be set",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
|
|
|
|
components: {
|
|
|
|
smsgw: mirko.Component(env, "smsgw") {
|
|
|
|
local smsgw = self,
|
|
|
|
cfg+: {
|
|
|
|
image: cfg.smsgw.image,
|
|
|
|
container: smsgw.GoContainer("main", "/smsgw/smsgw") {
|
|
|
|
env_: {
|
|
|
|
TWILIO_TOKEN: kube.SecretKeyRef(smsgw.secret, "twilio_token"),
|
|
|
|
},
|
|
|
|
command+: [
|
|
|
|
"-twilio_friendly_phone", "48732168371",
|
|
|
|
"-twilio_sid", "AC806ed4bf4b6c80c8f8ea686379b69518",
|
|
|
|
"-twilio_token", "$(TWILIO_TOKEN)",
|
|
|
|
"-webhook_listen", "0.0.0.0:5000",
|
|
|
|
"-webhook_public", "https://%s/" % [ env.cfg.smsgw.webhookFQDN ],
|
|
|
|
],
|
|
|
|
},
|
|
|
|
ports+: {
|
|
|
|
publicHTTP: {
|
|
|
|
webhook: {
|
|
|
|
port: 5000,
|
|
|
|
dns: env.cfg.smsgw.webhookFQDN,
|
|
|
|
}
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
|
|
|
|
secret: kube.Secret("smsgw") {
|
|
|
|
metadata+: smsgw.metadata,
|
|
|
|
data: env.cfg.smsgw.secret,
|
|
|
|
},
|
|
|
|
|
|
|
|
// Temporary machinery to access gRPC from outsite.
|
|
|
|
// In the future, this will be handled by a proxy/API gateway.
|
|
|
|
// For now, we need this running.
|
|
|
|
// TODO(q3k): remove this when we have an API GW or proxy.
|
|
|
|
stopgap: {
|
2019-10-17 17:56:15 +00:00
|
|
|
local stopgap = self,
|
|
|
|
|
2019-10-02 18:46:48 +00:00
|
|
|
rpcLB: kube.Service("smsgw-tcp-rpc") {
|
|
|
|
metadata+: smsgw.metadata,
|
|
|
|
target_pod: smsgw.deployment.spec.template,
|
|
|
|
spec+: {
|
|
|
|
type: "LoadBalancer",
|
|
|
|
ports: [
|
|
|
|
{ name: "grpc-external", port: 443, targetPort: 4200 },
|
|
|
|
],
|
|
|
|
},
|
|
|
|
},
|
|
|
|
|
2019-10-17 17:56:15 +00:00
|
|
|
mkClientCert(name, cn):: kube.Certificate(name) {
|
2019-10-02 18:46:48 +00:00
|
|
|
metadata+: smsgw.metadata,
|
|
|
|
spec: {
|
2019-10-17 17:56:15 +00:00
|
|
|
secretName: name,
|
2019-10-02 18:46:48 +00:00
|
|
|
duration: "35040h0m0s", // 4 years
|
|
|
|
issuerRef: {
|
|
|
|
// Contract with cluster/lib/pki.libsonnet.
|
|
|
|
// Copied over.
|
|
|
|
name: "pki-ca",
|
|
|
|
kind: "ClusterIssuer",
|
|
|
|
},
|
2019-10-17 17:56:15 +00:00
|
|
|
commonName: cn,
|
2019-10-02 18:46:48 +00:00
|
|
|
},
|
|
|
|
},
|
2019-10-17 17:56:15 +00:00
|
|
|
|
|
|
|
kasownikCert: stopgap.mkClientCert("smsgw-tcp-rpc-consumer", "kasownik.external.hswaw.net"),
|
|
|
|
piorekfCert: stopgap.mkClientCert("smsgw-tcp-rpc-piorekf", "piorekf.person.hswaw.net"),
|
2019-10-02 18:46:48 +00:00
|
|
|
}
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
|
|
|
|
prod: self.hswaw("hswaw-prod") {
|
|
|
|
cfg+: {
|
|
|
|
smsgw+: {
|
|
|
|
secret+: {
|
|
|
|
twilio_token: std.base64(std.split(importstr "secrets/plain/prod-twilio-token", "\n")[0]),
|
|
|
|
},
|
|
|
|
webhookFQDN: "smsgw-webhook-prod.hswaw.net",
|
|
|
|
}
|
|
|
|
},
|
|
|
|
},
|
|
|
|
}
|