diff --git a/bgpwtf/cccampix/BUILD b/bgpwtf/cccampix/BUILD index 291590aa..db123759 100644 --- a/bgpwtf/cccampix/BUILD +++ b/bgpwtf/cccampix/BUILD @@ -20,6 +20,7 @@ container_layer( files = [ "//bgpwtf/cccampix:ripe-sync.par", "//bgpwtf/cccampix/irr:irr", + "//bgpwtf/cccampix/pgpencryptor:pgpencryptor", "//bgpwtf/cccampix/peeringdb:peeringdb", "//bgpwtf/cccampix/verifier:verifier", "//bgpwtf/cccampix/frontend:frontend.par", diff --git a/bgpwtf/cccampix/kube/ix.libsonnet b/bgpwtf/cccampix/kube/ix.libsonnet index 597252d2..297fd34f 100644 --- a/bgpwtf/cccampix/kube/ix.libsonnet +++ b/bgpwtf/cccampix/kube/ix.libsonnet @@ -5,7 +5,7 @@ local kube = import "../../../kube/kube.libsonnet"; local ix = self, local cfg = ix.cfg, cfg:: { - image: "registry.k0.hswaw.net/bgpwtf/cccampix:1565566961-49bf87f8e1ff80e35acd8eb9fc699c4ae0bf250e", + image: "registry.k0.hswaw.net/bgpwtf/cccampix:1565803250-3a1811e363502c697ea337c15d653698bd662dae", domain: "ix-status.bgp.wtf", octorpki: { @@ -28,6 +28,17 @@ local kube = import "../../../kube/kube.libsonnet"; }, }, + pgpencryptor: { + image: cfg.image, + db: { + host: "public.crdb-waw1.svc.cluster.local", + port: 26257, + username: "cccampix", + name: "cccampix-pgpencryptor", + tlsSecret: "client-cccampix-certificate", + }, + }, + irr: { image: cfg.image, }, @@ -170,7 +181,7 @@ local kube = import "../../../kube/kube.libsonnet"; ], }, - verifier: ix.component("verifier") { + crdb:: { volumes: { tls: { secret: { @@ -184,23 +195,40 @@ local kube = import "../../../kube/kube.libsonnet"; mountPath: "/tls", }, }, - args: [ - "/ix/verifier", - "-hspki_disable", + args(dbconf): [ "-dsn", "postgres://%s@%s:%d/%s?sslmode=require&sslrootcert=%s&sslcert=%s&sslkey=%s" % [ - cfg.verifier.db.username, - cfg.verifier.db.host, - cfg.verifier.db.port, - cfg.verifier.db.name, + dbconf.username, + dbconf.host, + dbconf.port, + dbconf.name, "/tls/ca.crt", "/tls/tls.crt", "/tls/tls.key", ], + ] + }, + + verifier: ix.component("verifier") { + volumes: ix.crdb.volumes, + volumeMounts: ix.crdb.volumeMounts, + args: [ + "/ix/verifier", + "-hspki_disable", + "-listen_address=0.0.0.0:4200", "-peeringdb=" + ix.peeringdb.address, "-irr=" + ix.irr.address, - "-listen_address=0.0.0.0:4200", "-octorpki=" + ix.octorpki.address, - ], + ] + ix.crdb.args(cfg.verifier.db), + }, + + pgpencryptor: ix.component("pgpencryptor") { + volumes: ix.crdb.volumes, + volumeMounts: ix.crdb.volumeMounts, + args: [ + "/ix/pgpencryptor", + "-hspki_disable", + "-listen_address=0.0.0.0:4200", + ] + ix.crdb.args(cfg.pgpencryptor.db), }, frontend: ix.component("frontend") { diff --git a/bgpwtf/cccampix/proto/BUILD.bazel b/bgpwtf/cccampix/proto/BUILD.bazel index 9aa84eb5..e8a54ba9 100644 --- a/bgpwtf/cccampix/proto/BUILD.bazel +++ b/bgpwtf/cccampix/proto/BUILD.bazel @@ -30,7 +30,7 @@ python_grpc_compile( py_library( name = "ix_py_proto", - srcs = ["ix_py_proto_src",], + srcs = ["ix_py_proto_src"], visibility = ["//visibility:public"], deps = [ "@pip36//protobuf",