local mirko = import "../../kube/mirko.libsonnet"; local kube = import "../../kube/kube.libsonnet"; { cfg:: { secret: { twilio_token: error "twilio_token must be set", }, image: "registry.k0.hswaw.net/q3k/smsgs:1570049853-05c5b491c45de6d960979d4aee8635768f3178e9", webhookFQDN: error "webhookFQDN must be set", }, component(cfg, env):: mirko.Component(env, "smsgw") { local smsgw = self, cfg+: { image: cfg.image, container: smsgw.GoContainer("main", "/smsgw/smsgw") { env_: { TWILIO_TOKEN: kube.SecretKeyRef(smsgw.secret, "twilio_token"), }, command+: [ "-twilio_friendly_phone", "48732168371", "-twilio_sid", "AC806ed4bf4b6c80c8f8ea686379b69518", "-twilio_token", "$(TWILIO_TOKEN)", "-webhook_listen", "0.0.0.0:5000", "-webhook_public", "https://%s/" % [ cfg.webhookFQDN ], ], }, ports+: { publicHTTP: { webhook: { port: 5000, dns: cfg.webhookFQDN, } }, }, }, secret: kube.Secret("smsgw") { metadata+: smsgw.metadata, data: cfg.secret, }, // Temporary machinery to access gRPC from outsite. // In the future, this will be handled by a proxy/API gateway. // For now, we need this running. // TODO(q3k): remove this when we have an API GW or proxy. stopgap: { local stopgap = self, rpcLB: kube.Service("smsgw-tcp-rpc") { metadata+: smsgw.metadata, target_pod: smsgw.deployment.spec.template, spec+: { type: "LoadBalancer", ports: [ { name: "grpc-external", port: 443, targetPort: 4200 }, ], }, }, mkClientCert(name, cn):: kube.Certificate(name) { metadata+: smsgw.metadata, spec: { secretName: name, duration: "35040h0m0s", // 4 years issuerRef: { // Contract with cluster/lib/pki.libsonnet. // Copied over. name: "pki-ca", kind: "ClusterIssuer", }, commonName: cn, }, }, kasownikCert: stopgap.mkClientCert("smsgw-tcp-rpc-consumer", "kasownik.external.hswaw.net"), piorekfCert: stopgap.mkClientCert("smsgw-tcp-rpc-piorekf", "piorekf.person.hswaw.net"), } }, }