bgpwtf/cccampix: deploy pgpencryptor

Change-Id: I3714c81b663781d9b449695760d83c1b8841d0e0
2019-08-14 18:50:10 +02:00 · 2019-08-14 18:50:10 +02:00 · 915b265b8a
parent 187c4bb60a
commit 915b265b8a
3 changed files with 41 additions and 12 deletions
--- a/bgpwtf/cccampix/BUILD
+++ b/bgpwtf/cccampix/BUILD
@ -20,6 +20,7 @@ container_layer(
    files = [
        "//bgpwtf/cccampix:ripe-sync.par",
        "//bgpwtf/cccampix/irr:irr",
+        "//bgpwtf/cccampix/pgpencryptor:pgpencryptor",
        "//bgpwtf/cccampix/peeringdb:peeringdb",
        "//bgpwtf/cccampix/verifier:verifier",
        "//bgpwtf/cccampix/frontend:frontend.par",
--- a/bgpwtf/cccampix/kube/ix.libsonnet
+++ b/bgpwtf/cccampix/kube/ix.libsonnet
@ -5,7 +5,7 @@ local kube = import "../../../kube/kube.libsonnet";
        local ix = self,
        local cfg = ix.cfg,
        cfg:: {
-            image: "registry.k0.hswaw.net/bgpwtf/cccampix:1565566961-49bf87f8e1ff80e35acd8eb9fc699c4ae0bf250e",
+            image: "registry.k0.hswaw.net/bgpwtf/cccampix:1565803250-3a1811e363502c697ea337c15d653698bd662dae",

            domain: "ix-status.bgp.wtf",
            octorpki: {
@ -28,6 +28,17 @@ local kube = import "../../../kube/kube.libsonnet";
                },
            },

+            pgpencryptor: {
+                image: cfg.image,
+                db: {
+                    host: "public.crdb-waw1.svc.cluster.local",
+                    port: 26257,
+                    username: "cccampix",
+                    name: "cccampix-pgpencryptor",
+                    tlsSecret: "client-cccampix-certificate",
+                },
+            },
+
            irr: {
                image: cfg.image,
            },
@ -170,7 +181,7 @@ local kube = import "../../../kube/kube.libsonnet";
            ],
        },

-        verifier: ix.component("verifier") {
+        crdb:: {
            volumes: {
                tls: {
                    secret: {
@ -184,23 +195,40 @@ local kube = import "../../../kube/kube.libsonnet";
                    mountPath: "/tls",
                },
            },
-            args: [
-                "/ix/verifier",
-                "-hspki_disable",
+            args(dbconf): [
                "-dsn", "postgres://%s@%s:%d/%s?sslmode=require&sslrootcert=%s&sslcert=%s&sslkey=%s" % [
-                    cfg.verifier.db.username,
-                    cfg.verifier.db.host,
-                    cfg.verifier.db.port,
-                    cfg.verifier.db.name,
+                    dbconf.username,
+                    dbconf.host,
+                    dbconf.port,
+                    dbconf.name,
                    "/tls/ca.crt",
                    "/tls/tls.crt",
                    "/tls/tls.key",
                ],
+            ]
+        },
+
+        verifier: ix.component("verifier") {
+            volumes: ix.crdb.volumes,
+            volumeMounts: ix.crdb.volumeMounts,
+            args: [
+                "/ix/verifier",
+                "-hspki_disable",
+                "-listen_address=0.0.0.0:4200",
                "-peeringdb=" + ix.peeringdb.address,
                "-irr=" + ix.irr.address,
-                "-listen_address=0.0.0.0:4200",
                "-octorpki=" + ix.octorpki.address,
-            ],
+            ] + ix.crdb.args(cfg.verifier.db),
+        },
+
+        pgpencryptor: ix.component("pgpencryptor") {
+            volumes: ix.crdb.volumes,
+            volumeMounts: ix.crdb.volumeMounts,
+            args: [
+                "/ix/pgpencryptor",
+                "-hspki_disable",
+                "-listen_address=0.0.0.0:4200",
+            ] + ix.crdb.args(cfg.pgpencryptor.db),
        },

        frontend: ix.component("frontend") {
--- a/bgpwtf/cccampix/proto/BUILD.bazel
+++ b/bgpwtf/cccampix/proto/BUILD.bazel
@ -30,7 +30,7 @@ python_grpc_compile(

 py_library(
    name = "ix_py_proto",
-    srcs = ["ix_py_proto_src",],
+    srcs = ["ix_py_proto_src"],
    visibility = ["//visibility:public"],
    deps = [
        "@pip36//protobuf",