diff --git a/WORKSPACE b/WORKSPACE index 0a7a532f..5d0d9817 100644 --- a/WORKSPACE +++ b/WORKSPACE @@ -534,3 +534,68 @@ go_repository( importpath = "gopkg.in/inf.v0", ) +go_repository( + name = "com_github_cloudflare_cfrpki", + commit = "adece784464315db69299ba75e9287c60cd95c69", + importpath = "github.com/cloudflare/cfrpki", +) + +go_repository( + name = "com_github_prometheus_client_golang", + commit = "bb9b00a86ebaaa691ba43af1f9ba9d16156cc545", + importpath = "github.com/prometheus/client_golang", +) + +go_repository( + name = "com_github_rs_cors", + commit = "db0fe48135e83b5812a5a31be0eea66984b1b521", + importpath = "github.com/rs/cors", +) + +go_repository( + name = "com_github_cloudflare_gortr", + commit = "95270606e8853d9b93f5be46d656d08ec0a4ef09", + importpath = "github.com/cloudflare/gortr", +) + +go_repository( + name = "com_github_gorilla_mux", + commit = "e67b3c02c7195c052acff13261f0c9fd1ba53011", + importpath = "github.com/gorilla/mux", +) + +go_repository( + name = "com_github_sirupsen_logrus", + commit = "07a84ee7412e7a28663d92930a1d46f81b124ee1", + importpath = "github.com/sirupsen/logrus", +) + +go_repository( + name = "com_github_prometheus_common", + commit = "33bc620f956eb70fbb8355e87df6a97891657ed5", + importpath = "github.com/prometheus/common", +) + +go_repository( + name = "com_github_beorn7_perks", + commit = "4b2b341e8d7715fae06375aa633dbb6e91b3fb46", + importpath = "github.com/beorn7/perks", +) + +go_repository( + name = "com_github_prometheus_client_model", + commit = "fd36f4220a901265f90734c3183c5f0c91daa0b8", + importpath = "github.com/prometheus/client_model", +) + +go_repository( + name = "com_github_prometheus_procfs", + commit = "8f55e607908ea781ad9d08521730d73e047d9ac4", + importpath = "github.com/prometheus/procfs", +) + +go_repository( + name = "com_github_matttproud_golang_protobuf_extensions", + commit = "c182affec369e30f25d3eb8cd8a478dee585ae7d", + importpath = "github.com/matttproud/golang_protobuf_extensions", +) diff --git a/bgpwtf/cccampix/kube/camp.jsonnet b/bgpwtf/cccampix/kube/camp.jsonnet new file mode 100644 index 00000000..c059401d --- /dev/null +++ b/bgpwtf/cccampix/kube/camp.jsonnet @@ -0,0 +1,9 @@ +local ix = import "ix.libsonnet"; + +{ + camp: ix.IX { + cfg+: { + namespace: "cccamp-ix", + }, + }, +} diff --git a/bgpwtf/cccampix/kube/ix.libsonnet b/bgpwtf/cccampix/kube/ix.libsonnet new file mode 100644 index 00000000..def1d792 --- /dev/null +++ b/bgpwtf/cccampix/kube/ix.libsonnet @@ -0,0 +1,84 @@ +local kube = import "../../../kube/kube.libsonnet"; + +{ + IX: { + local ix = self, + local cfg = ix.cfg, + cfg:: { + octorpki: { + image: "registry.k0.hswaw.net/q3k/octorpki:1564072856-3bfb2ef7fd180e774f74bbc9eebf6d97b9d80003", + storageClassName: "waw-hdd-redundant-1", + resources: { + requests: { cpu: "100m", memory: "500Mi" }, + limits: { cpu: "500m", memory: "1Gi" }, + }, + }, + + appName: "ix", + namespace: error "namespace must be defined", + prefix: "", + }, + + namespace: kube.Namespace(cfg.namespace), + name(component):: cfg.prefix + component, + metadata(component):: { + namespace: cfg.namespace, + labels: { + "app.kubernetes.io/name": cfg.appName, + "app.kubernetes.io/managed-by": "kubecfg", + "app.kubernetes.io/component": component, + }, + }, + + octorpki: { + cache: kube.PersistentVolumeClaim(ix.name("octorpki")) { + metadata+: ix.metadata("octorpki"), + spec+: { + storageClassName: cfg.octorpki.storageClassName, + accessModes: [ "ReadWriteOnce" ], + resources: { + requests: { + storage: "2Gi", + }, + }, + }, + }, + deployment: kube.Deployment(ix.name("octorpki")) { + metadata+: ix.metadata("octorpki"), + spec+: { + template+: { + spec+: { + volumes_: { + cache: kube.PersistentVolumeClaimVolume(ix.octorpki.cache), + }, + containers_: { + octorpki: kube.Container(ix.name("octorpki")){ + image: cfg.octorpki.image, + args: [ + "/octorpki/entrypoint.sh", + ], + ports_: { + client: { containerPort: 8080 }, + }, + volumeMounts_: { + cache: { mountPath: "/cache" }, + }, + resources: cfg.octorpki.resources, + }, + }, + }, + }, + }, + }, + svc: kube.Service(ix.name("octorpki")) { + metadata+: ix.metadata("octorpki"), + target_pod:: ix.octorpki.deployment.spec.template, + spec+: { + ports: [ + { name: "client", port: 8080, targetPort: 8080, protocol: "TCP" }, + ], + }, + }, + }, + }, +} diff --git a/bgpwtf/cccampix/octorpki/BUILD.bazel b/bgpwtf/cccampix/octorpki/BUILD.bazel new file mode 100644 index 00000000..d9fc4916 --- /dev/null +++ b/bgpwtf/cccampix/octorpki/BUILD.bazel @@ -0,0 +1,35 @@ +load("@io_bazel_rules_docker//container:container.bzl", "container_image", "container_layer", "container_push") + +container_layer( + name = "layer_bin", + files = [ + "@com_github_cloudflare_cfrpki//cmd/octorpki:octorpki", + "entrypoint.sh", + ], + directory = "/octorpki/", +) + +container_layer( + name = "layer_tals", + files = glob(["tals/*"]), + directory = "/octorpki/tals/", +) + +container_image( + name = "octorpki", + base = "@prodimage-bionic//image", + entrypoint = "/octorpki/entrypoint.sh", + layers = [ + ":layer_bin", + ":layer_tals", + ], +) + +container_push( + name = "push", + image = ":octorpki", + format = "Docker", + registry = "registry.k0.hswaw.net", + repository = "q3k/octorpki", + tag = "{BUILD_TIMESTAMP}-{STABLE_GIT_COMMIT}", +) diff --git a/bgpwtf/cccampix/octorpki/entrypoint.sh b/bgpwtf/cccampix/octorpki/entrypoint.sh new file mode 100644 index 00000000..62c59b1e --- /dev/null +++ b/bgpwtf/cccampix/octorpki/entrypoint.sh @@ -0,0 +1,7 @@ +#!/bin/sh + +set -e + +cd /octorpki + +./octorpki -cache /cache/ -output.sign=false "$@" diff --git a/bgpwtf/cccampix/octorpki/tals/afrinic.tal b/bgpwtf/cccampix/octorpki/tals/afrinic.tal new file mode 100644 index 00000000..fc7639f3 --- /dev/null +++ b/bgpwtf/cccampix/octorpki/tals/afrinic.tal @@ -0,0 +1,9 @@ +rsync://rpki.afrinic.net/repository/AfriNIC.cer + +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxsAqAhWIO+ON2Ef9oRDM +pKxv+AfmSLIdLWJtjrvUyDxJPBjgR+kVrOHUeTaujygFUp49tuN5H2C1rUuQavTH +vve6xNF5fU3OkTcqEzMOZy+ctkbde2SRMVdvbO22+TH9gNhKDc9l7Vu01qU4LeJH +k3X0f5uu5346YrGAOSv6AaYBXVgXxa0s9ZvgqFpim50pReQe/WI3QwFKNgpPzfQL +6Y7fDPYdYaVOXPXSKtx7P4s4KLA/ZWmRL/bobw/i2fFviAGhDrjqqqum+/9w1hEl +L/vqihVnV18saKTnLvkItA/Bf5i11Yhw2K7qv573YWxyuqCknO/iYLTR1DToBZcZ +UQIDAQAB diff --git a/bgpwtf/cccampix/octorpki/tals/apnic.tal b/bgpwtf/cccampix/octorpki/tals/apnic.tal new file mode 100644 index 00000000..fc781ee2 --- /dev/null +++ b/bgpwtf/cccampix/octorpki/tals/apnic.tal @@ -0,0 +1,9 @@ +rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer + +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx9RWSL61YAAYumEiU8z8 +qH2ETVIL01ilxZlzIL9JYSORMN5Cmtf8V2JblIealSqgOTGjvSjEsiV73s67zYQI +7C/iSOb96uf3/s86NqbxDiFQGN8qG7RNcdgVuUlAidl8WxvLNI8VhqbAB5uSg/Mr +LeSOvXRja041VptAxIhcGzDMvlAJRwkrYK/Mo8P4E2rSQgwqCgae0ebY1CsJ3Cjf +i67C1nw7oXqJJovvXJ4apGmEv8az23OLC6Ki54Ul/E6xk227BFttqFV3YMtKx42H +cCcDVZZy01n7JjzvO8ccaXmHIgR7utnqhBRNNq5Xc5ZhbkrUsNtiJmrZzVlgU6Ou +0wIDAQAB diff --git a/bgpwtf/cccampix/octorpki/tals/arin.tal b/bgpwtf/cccampix/octorpki/tals/arin.tal new file mode 100644 index 00000000..92f84bfc --- /dev/null +++ b/bgpwtf/cccampix/octorpki/tals/arin.tal @@ -0,0 +1,7 @@ +rsync://rpki.arin.net/repository/arin-rpki-ta.cer + +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3lZPjbHvMRV5sDDqfLc/685th5FnreHMJjg8 +pEZUbG8Y8TQxSBsDebbsDpl3Ov3Cj1WtdrJ3CIfQODCPrrJdOBSrMATeUbPC+JlNf2SRP3UB+VJFgtTj +0RN8cEYIuhBW5t6AxQbHhdNQH+A1F/OJdw0q9da2U29Lx85nfFxvnC1EpK9CbLJS4m37+RlpNbT1cba+ +b+loXpx0Qcb1C4UpJCGDy7uNf5w6/+l7RpATAHqqsX4qCtwwDYlbHzp2xk9owF3mkCxzl0HwncO+sEHH +eaL3OjtwdIGrRGeHi2Mpt+mvWHhtQqVG+51MHTyg+nIjWFKKGx1Q9+KDx4wJStwveQIDAQAB diff --git a/bgpwtf/cccampix/octorpki/tals/lacnic.tal b/bgpwtf/cccampix/octorpki/tals/lacnic.tal new file mode 100644 index 00000000..55bbf319 --- /dev/null +++ b/bgpwtf/cccampix/octorpki/tals/lacnic.tal @@ -0,0 +1,9 @@ +rsync://repository.lacnic.net/rpki/lacnic/rta-lacnic-rpki.cer + +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqZEzhYK0+PtDOPfub/KR +c3MeWx3neXx4/wbnJWGbNAtbYqXg3uU5J4HFzPgk/VIppgSKAhlO0H60DRP48by9 +gr5/yDHu2KXhOmnMg46sYsUIpfgtBS9+VtrqWziJfb+pkGtuOWeTnj6zBmBNZKK+ +5AlMCW1WPhrylIcB+XSZx8tk9GS/3SMQ+YfMVwwAyYjsex14Uzto4GjONALE5oh1 +M3+glRQduD6vzSwOD+WahMbc9vCOTED+2McLHRKgNaQf0YJ9a1jG9oJIvDkKXEqd +fqDRktwyoD74cV57bW3tBAexB7GglITbInyQAsmdngtfg2LUMrcROHHP86QPZINj +DQIDAQAB diff --git a/bgpwtf/cccampix/octorpki/tals/ripe.tal b/bgpwtf/cccampix/octorpki/tals/ripe.tal new file mode 100644 index 00000000..acdb1731 --- /dev/null +++ b/bgpwtf/cccampix/octorpki/tals/ripe.tal @@ -0,0 +1,9 @@ +rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer + +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0URYSGqUz2myBsOzeW1j +Q6NsxNvlLMyhWknvnl8NiBCs/T/S2XuNKQNZ+wBZxIgPPV2pFBFeQAvoH/WK83Hw +A26V2siwm/MY2nKZ+Olw+wlpzlZ1p3Ipj2eNcKrmit8BwBC8xImzuCGaV0jkRB0G +Z0hoH6Ml03umLprRsn6v0xOP0+l6Qc1ZHMFVFb385IQ7FQQTcVIxrdeMsoyJq9eM +kE6DoclHhF/NlSllXubASQ9KUWqJ0+Ot3QCXr4LXECMfkpkVR2TZT+v5v658bHVs +6ZxRD1b6Uk1uQKAyHUbn/tXvP8lrjAibGzVsXDT2L0x4Edx+QdixPgOji3gBMyL2 +VwIDAQAB