forked from hswaw/hscloud
bgpwtf/cccampix: deploy pgpencryptor
Change-Id: I3714c81b663781d9b449695760d83c1b8841d0e0master
parent
187c4bb60a
commit
915b265b8a
|
@ -20,6 +20,7 @@ container_layer(
|
|||
files = [
|
||||
"//bgpwtf/cccampix:ripe-sync.par",
|
||||
"//bgpwtf/cccampix/irr:irr",
|
||||
"//bgpwtf/cccampix/pgpencryptor:pgpencryptor",
|
||||
"//bgpwtf/cccampix/peeringdb:peeringdb",
|
||||
"//bgpwtf/cccampix/verifier:verifier",
|
||||
"//bgpwtf/cccampix/frontend:frontend.par",
|
||||
|
|
|
@ -5,7 +5,7 @@ local kube = import "../../../kube/kube.libsonnet";
|
|||
local ix = self,
|
||||
local cfg = ix.cfg,
|
||||
cfg:: {
|
||||
image: "registry.k0.hswaw.net/bgpwtf/cccampix:1565566961-49bf87f8e1ff80e35acd8eb9fc699c4ae0bf250e",
|
||||
image: "registry.k0.hswaw.net/bgpwtf/cccampix:1565803250-3a1811e363502c697ea337c15d653698bd662dae",
|
||||
|
||||
domain: "ix-status.bgp.wtf",
|
||||
octorpki: {
|
||||
|
@ -28,6 +28,17 @@ local kube = import "../../../kube/kube.libsonnet";
|
|||
},
|
||||
},
|
||||
|
||||
pgpencryptor: {
|
||||
image: cfg.image,
|
||||
db: {
|
||||
host: "public.crdb-waw1.svc.cluster.local",
|
||||
port: 26257,
|
||||
username: "cccampix",
|
||||
name: "cccampix-pgpencryptor",
|
||||
tlsSecret: "client-cccampix-certificate",
|
||||
},
|
||||
},
|
||||
|
||||
irr: {
|
||||
image: cfg.image,
|
||||
},
|
||||
|
@ -170,7 +181,7 @@ local kube = import "../../../kube/kube.libsonnet";
|
|||
],
|
||||
},
|
||||
|
||||
verifier: ix.component("verifier") {
|
||||
crdb:: {
|
||||
volumes: {
|
||||
tls: {
|
||||
secret: {
|
||||
|
@ -184,23 +195,40 @@ local kube = import "../../../kube/kube.libsonnet";
|
|||
mountPath: "/tls",
|
||||
},
|
||||
},
|
||||
args: [
|
||||
"/ix/verifier",
|
||||
"-hspki_disable",
|
||||
args(dbconf): [
|
||||
"-dsn", "postgres://%s@%s:%d/%s?sslmode=require&sslrootcert=%s&sslcert=%s&sslkey=%s" % [
|
||||
cfg.verifier.db.username,
|
||||
cfg.verifier.db.host,
|
||||
cfg.verifier.db.port,
|
||||
cfg.verifier.db.name,
|
||||
dbconf.username,
|
||||
dbconf.host,
|
||||
dbconf.port,
|
||||
dbconf.name,
|
||||
"/tls/ca.crt",
|
||||
"/tls/tls.crt",
|
||||
"/tls/tls.key",
|
||||
],
|
||||
]
|
||||
},
|
||||
|
||||
verifier: ix.component("verifier") {
|
||||
volumes: ix.crdb.volumes,
|
||||
volumeMounts: ix.crdb.volumeMounts,
|
||||
args: [
|
||||
"/ix/verifier",
|
||||
"-hspki_disable",
|
||||
"-listen_address=0.0.0.0:4200",
|
||||
"-peeringdb=" + ix.peeringdb.address,
|
||||
"-irr=" + ix.irr.address,
|
||||
"-listen_address=0.0.0.0:4200",
|
||||
"-octorpki=" + ix.octorpki.address,
|
||||
],
|
||||
] + ix.crdb.args(cfg.verifier.db),
|
||||
},
|
||||
|
||||
pgpencryptor: ix.component("pgpencryptor") {
|
||||
volumes: ix.crdb.volumes,
|
||||
volumeMounts: ix.crdb.volumeMounts,
|
||||
args: [
|
||||
"/ix/pgpencryptor",
|
||||
"-hspki_disable",
|
||||
"-listen_address=0.0.0.0:4200",
|
||||
] + ix.crdb.args(cfg.pgpencryptor.db),
|
||||
},
|
||||
|
||||
frontend: ix.component("frontend") {
|
||||
|
|
|
@ -30,7 +30,7 @@ python_grpc_compile(
|
|||
|
||||
py_library(
|
||||
name = "ix_py_proto",
|
||||
srcs = ["ix_py_proto_src",],
|
||||
srcs = ["ix_py_proto_src"],
|
||||
visibility = ["//visibility:public"],
|
||||
deps = [
|
||||
"@pip36//protobuf",
|
||||
|
|
Loading…
Reference in New Issue