# Deploy prodvider (prodaccess server) in cluster. local kube = import "../../../kube/kube.libsonnet"; { Environment: { local env = self, local cfg = env.cfg, cfg:: { namespace: "prodvider", image: "registry.k0.hswaw.net/q3k/prodvider:315532800-21bacc96d76e4f2074e769dfc65ab43702f52d10", apiEndpoint: error "API endpoint must be set", pki: { intermediate: { cert: importstr "../../certs/ca-kube-prodvider.cert", key: importstr "../../secrets/plain/ca-kube-prodvider.key", }, kube: { cert: importstr "../../certs/ca-kube.crt", }, } }, namespace: kube.Namespace(cfg.namespace), metadata(component):: { namespace: cfg.namespace, labels: { "app.kubernetes.io/name": "prodvider", "app.kubernetes.io/managed-by": "kubecfg", "app.kubernetes.io/component": component, }, }, secret: kube.Secret("ca") { metadata+: env.metadata("prodvider"), data_: { "intermediate-ca.crt": cfg.pki.intermediate.cert, "intermediate-ca.key": cfg.pki.intermediate.key, "ca.crt": cfg.pki.kube.cert, }, }, deployment: kube.Deployment("prodvider") { metadata+: env.metadata("prodvider"), spec+: { replicas: 3, template+: { spec+: { volumes_: { ca: kube.SecretVolume(env.secret), }, containers_: { prodvider: kube.Container("prodvider") { image: cfg.image, args: [ "/cluster/prodvider/prodvider", "-listen_address", "0.0.0.0:8080", "-ca_key_path", "/opt/ca/intermediate-ca.key", "-ca_certificate_path", "/opt/ca/intermediate-ca.crt", "-kube_ca_certificate_path", "/opt/ca/ca.crt", "-kubernetes_host", cfg.apiEndpoint, ], volumeMounts_: { ca: { mountPath: "/opt/ca" }, } }, }, }, }, }, }, svc: kube.Service("prodvider") { metadata+: env.metadata("prodvider"), target_pod:: env.deployment.spec.template, spec+: { type: "LoadBalancer", ports: [ { name: "public", port: 443, targetPort: 8080, protocol: "TCP" }, ], }, }, }, }