cheshire
/
hscloud
forked from hswaw/hscloud
1
0
Fork 0
Code Pull Requests Activity

bgpwtf/cccampix: add and deploy octorpki 

Change-Id: I8d5de697925b65d8f0e762b2f2acad3a7e560fe6
master
q3k 2019-07-30 13:03:03 +02:00
parent b2d6b112b5
commit beefe44228
10 changed files with 243 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

65
WORKSPACE
View File

@ -534,3 +534,68 @@ go_repository(
importpath = "gopkg.in/inf.v0",
)
go_repository(
name = "com_github_cloudflare_cfrpki",
commit = "adece784464315db69299ba75e9287c60cd95c69",
importpath = "github.com/cloudflare/cfrpki",
)
go_repository(
name = "com_github_prometheus_client_golang",
commit = "bb9b00a86ebaaa691ba43af1f9ba9d16156cc545",
importpath = "github.com/prometheus/client_golang",
)
go_repository(
name = "com_github_rs_cors",
commit = "db0fe48135e83b5812a5a31be0eea66984b1b521",
importpath = "github.com/rs/cors",
)
go_repository(
name = "com_github_cloudflare_gortr",
commit = "95270606e8853d9b93f5be46d656d08ec0a4ef09",
importpath = "github.com/cloudflare/gortr",
)
go_repository(
name = "com_github_gorilla_mux",
commit = "e67b3c02c7195c052acff13261f0c9fd1ba53011",
importpath = "github.com/gorilla/mux",
)
go_repository(
name = "com_github_sirupsen_logrus",
commit = "07a84ee7412e7a28663d92930a1d46f81b124ee1",
importpath = "github.com/sirupsen/logrus",
)
go_repository(
name = "com_github_prometheus_common",
commit = "33bc620f956eb70fbb8355e87df6a97891657ed5",
importpath = "github.com/prometheus/common",
)
go_repository(
name = "com_github_beorn7_perks",
commit = "4b2b341e8d7715fae06375aa633dbb6e91b3fb46",
importpath = "github.com/beorn7/perks",
)
go_repository(
name = "com_github_prometheus_client_model",
commit = "fd36f4220a901265f90734c3183c5f0c91daa0b8",
importpath = "github.com/prometheus/client_model",
)
go_repository(
name = "com_github_prometheus_procfs",
commit = "8f55e607908ea781ad9d08521730d73e047d9ac4",
importpath = "github.com/prometheus/procfs",
)
go_repository(
name = "com_github_matttproud_golang_protobuf_extensions",
commit = "c182affec369e30f25d3eb8cd8a478dee585ae7d",
importpath = "github.com/matttproud/golang_protobuf_extensions",
)

9
bgpwtf/cccampix/kube/camp.jsonnet Normal file
View File

@ -0,0 +1,9 @@
local ix = import "ix.libsonnet";
{
camp: ix.IX {
cfg+: {
namespace: "cccamp-ix",
},
},
}

84
bgpwtf/cccampix/kube/ix.libsonnet Normal file
View File

@ -0,0 +1,84 @@
local kube = import "../../../kube/kube.libsonnet";
{
IX: {
local ix = self,
local cfg = ix.cfg,
cfg:: {
octorpki: {
image: "registry.k0.hswaw.net/q3k/octorpki:1564072856-3bfb2ef7fd180e774f74bbc9eebf6d97b9d80003",
storageClassName: "waw-hdd-redundant-1",
resources: {
requests: { cpu: "100m", memory: "500Mi" },
limits: { cpu: "500m", memory: "1Gi" },
},
},
appName: "ix",
namespace: error "namespace must be defined",
prefix: "",
},
namespace: kube.Namespace(cfg.namespace),
name(component):: cfg.prefix + component,
metadata(component):: {
namespace: cfg.namespace,
labels: {
"app.kubernetes.io/name": cfg.appName,
"app.kubernetes.io/managed-by": "kubecfg",
"app.kubernetes.io/component": component,
},
},
octorpki: {
cache: kube.PersistentVolumeClaim(ix.name("octorpki")) {
metadata+: ix.metadata("octorpki"),
spec+: {
storageClassName: cfg.octorpki.storageClassName,
accessModes: [ "ReadWriteOnce" ],
resources: {
requests: {
storage: "2Gi",
},
},
},
},
deployment: kube.Deployment(ix.name("octorpki")) {
metadata+: ix.metadata("octorpki"),
spec+: {
template+: {
spec+: {
volumes_: {
cache: kube.PersistentVolumeClaimVolume(ix.octorpki.cache),
},
containers_: {
octorpki: kube.Container(ix.name("octorpki")){
image: cfg.octorpki.image,
args: [
"/octorpki/entrypoint.sh",
],
ports_: {
client: { containerPort: 8080 },
},
volumeMounts_: {
cache: { mountPath: "/cache" },
},
resources: cfg.octorpki.resources,
},
},
},
},
},
},
svc: kube.Service(ix.name("octorpki")) {
metadata+: ix.metadata("octorpki"),
target_pod:: ix.octorpki.deployment.spec.template,
spec+: {
ports: [
{ name: "client", port: 8080, targetPort: 8080, protocol: "TCP" },
],
},
},
},
},
}

35
bgpwtf/cccampix/octorpki/BUILD.bazel Normal file
View File

@ -0,0 +1,35 @@
load("@io_bazel_rules_docker//container:container.bzl", "container_image", "container_layer", "container_push")
container_layer(
name = "layer_bin",
files = [
"@com_github_cloudflare_cfrpki//cmd/octorpki:octorpki",
"entrypoint.sh",
],
directory = "/octorpki/",
)
container_layer(
name = "layer_tals",
files = glob(["tals/*"]),
directory = "/octorpki/tals/",
)
container_image(
name = "octorpki",
base = "@prodimage-bionic//image",
entrypoint = "/octorpki/entrypoint.sh",
layers = [
":layer_bin",
":layer_tals",
],
)
container_push(
name = "push",
image = ":octorpki",
format = "Docker",
registry = "registry.k0.hswaw.net",
repository = "q3k/octorpki",
tag = "{BUILD_TIMESTAMP}-{STABLE_GIT_COMMIT}",
)

7
bgpwtf/cccampix/octorpki/entrypoint.sh Normal file
View File

@ -0,0 +1,7 @@
#!/bin/sh
set -e
cd /octorpki
./octorpki -cache /cache/ -output.sign=false "$@"

9
bgpwtf/cccampix/octorpki/tals/afrinic.tal Normal file
View File

@ -0,0 +1,9 @@
rsync://rpki.afrinic.net/repository/AfriNIC.cer
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxsAqAhWIO+ON2Ef9oRDM
pKxv+AfmSLIdLWJtjrvUyDxJPBjgR+kVrOHUeTaujygFUp49tuN5H2C1rUuQavTH
vve6xNF5fU3OkTcqEzMOZy+ctkbde2SRMVdvbO22+TH9gNhKDc9l7Vu01qU4LeJH
k3X0f5uu5346YrGAOSv6AaYBXVgXxa0s9ZvgqFpim50pReQe/WI3QwFKNgpPzfQL
6Y7fDPYdYaVOXPXSKtx7P4s4KLA/ZWmRL/bobw/i2fFviAGhDrjqqqum+/9w1hEl
L/vqihVnV18saKTnLvkItA/Bf5i11Yhw2K7qv573YWxyuqCknO/iYLTR1DToBZcZ
UQIDAQAB

9
bgpwtf/cccampix/octorpki/tals/apnic.tal Normal file
View File

@ -0,0 +1,9 @@
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx9RWSL61YAAYumEiU8z8
qH2ETVIL01ilxZlzIL9JYSORMN5Cmtf8V2JblIealSqgOTGjvSjEsiV73s67zYQI
7C/iSOb96uf3/s86NqbxDiFQGN8qG7RNcdgVuUlAidl8WxvLNI8VhqbAB5uSg/Mr
LeSOvXRja041VptAxIhcGzDMvlAJRwkrYK/Mo8P4E2rSQgwqCgae0ebY1CsJ3Cjf
i67C1nw7oXqJJovvXJ4apGmEv8az23OLC6Ki54Ul/E6xk227BFttqFV3YMtKx42H
cCcDVZZy01n7JjzvO8ccaXmHIgR7utnqhBRNNq5Xc5ZhbkrUsNtiJmrZzVlgU6Ou
0wIDAQAB

7
bgpwtf/cccampix/octorpki/tals/arin.tal Normal file
View File

@ -0,0 +1,7 @@
rsync://rpki.arin.net/repository/arin-rpki-ta.cer
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3lZPjbHvMRV5sDDqfLc/685th5FnreHMJjg8
pEZUbG8Y8TQxSBsDebbsDpl3Ov3Cj1WtdrJ3CIfQODCPrrJdOBSrMATeUbPC+JlNf2SRP3UB+VJFgtTj
0RN8cEYIuhBW5t6AxQbHhdNQH+A1F/OJdw0q9da2U29Lx85nfFxvnC1EpK9CbLJS4m37+RlpNbT1cba+
b+loXpx0Qcb1C4UpJCGDy7uNf5w6/+l7RpATAHqqsX4qCtwwDYlbHzp2xk9owF3mkCxzl0HwncO+sEHH
eaL3OjtwdIGrRGeHi2Mpt+mvWHhtQqVG+51MHTyg+nIjWFKKGx1Q9+KDx4wJStwveQIDAQAB

9
bgpwtf/cccampix/octorpki/tals/lacnic.tal Normal file
View File

@ -0,0 +1,9 @@
rsync://repository.lacnic.net/rpki/lacnic/rta-lacnic-rpki.cer
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqZEzhYK0+PtDOPfub/KR
c3MeWx3neXx4/wbnJWGbNAtbYqXg3uU5J4HFzPgk/VIppgSKAhlO0H60DRP48by9
gr5/yDHu2KXhOmnMg46sYsUIpfgtBS9+VtrqWziJfb+pkGtuOWeTnj6zBmBNZKK+
5AlMCW1WPhrylIcB+XSZx8tk9GS/3SMQ+YfMVwwAyYjsex14Uzto4GjONALE5oh1
M3+glRQduD6vzSwOD+WahMbc9vCOTED+2McLHRKgNaQf0YJ9a1jG9oJIvDkKXEqd
fqDRktwyoD74cV57bW3tBAexB7GglITbInyQAsmdngtfg2LUMrcROHHP86QPZINj
DQIDAQAB

9
bgpwtf/cccampix/octorpki/tals/ripe.tal Normal file
View File

@ -0,0 +1,9 @@
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0URYSGqUz2myBsOzeW1j
Q6NsxNvlLMyhWknvnl8NiBCs/T/S2XuNKQNZ+wBZxIgPPV2pFBFeQAvoH/WK83Hw
A26V2siwm/MY2nKZ+Olw+wlpzlZ1p3Ipj2eNcKrmit8BwBC8xImzuCGaV0jkRB0G
Z0hoH6Ml03umLprRsn6v0xOP0+l6Qc1ZHMFVFb385IQ7FQQTcVIxrdeMsoyJq9eM
kE6DoclHhF/NlSllXubASQ9KUWqJ0+Ot3QCXr4LXECMfkpkVR2TZT+v5v658bHVs
6ZxRD1b6Uk1uQKAyHUbn/tXvP8lrjAibGzVsXDT2L0x4Edx+QdixPgOji3gBMyL2
VwIDAQAB