forked from hswaw/hscloud
Merge "bgpwtf/cccampix: add and deploy octorpki"
commit
9ed8b9606d
65
WORKSPACE
65
WORKSPACE
|
@ -534,3 +534,68 @@ go_repository(
|
||||||
importpath = "gopkg.in/inf.v0",
|
importpath = "gopkg.in/inf.v0",
|
||||||
)
|
)
|
||||||
|
|
||||||
|
go_repository(
|
||||||
|
name = "com_github_cloudflare_cfrpki",
|
||||||
|
commit = "adece784464315db69299ba75e9287c60cd95c69",
|
||||||
|
importpath = "github.com/cloudflare/cfrpki",
|
||||||
|
)
|
||||||
|
|
||||||
|
go_repository(
|
||||||
|
name = "com_github_prometheus_client_golang",
|
||||||
|
commit = "bb9b00a86ebaaa691ba43af1f9ba9d16156cc545",
|
||||||
|
importpath = "github.com/prometheus/client_golang",
|
||||||
|
)
|
||||||
|
|
||||||
|
go_repository(
|
||||||
|
name = "com_github_rs_cors",
|
||||||
|
commit = "db0fe48135e83b5812a5a31be0eea66984b1b521",
|
||||||
|
importpath = "github.com/rs/cors",
|
||||||
|
)
|
||||||
|
|
||||||
|
go_repository(
|
||||||
|
name = "com_github_cloudflare_gortr",
|
||||||
|
commit = "95270606e8853d9b93f5be46d656d08ec0a4ef09",
|
||||||
|
importpath = "github.com/cloudflare/gortr",
|
||||||
|
)
|
||||||
|
|
||||||
|
go_repository(
|
||||||
|
name = "com_github_gorilla_mux",
|
||||||
|
commit = "e67b3c02c7195c052acff13261f0c9fd1ba53011",
|
||||||
|
importpath = "github.com/gorilla/mux",
|
||||||
|
)
|
||||||
|
|
||||||
|
go_repository(
|
||||||
|
name = "com_github_sirupsen_logrus",
|
||||||
|
commit = "07a84ee7412e7a28663d92930a1d46f81b124ee1",
|
||||||
|
importpath = "github.com/sirupsen/logrus",
|
||||||
|
)
|
||||||
|
|
||||||
|
go_repository(
|
||||||
|
name = "com_github_prometheus_common",
|
||||||
|
commit = "33bc620f956eb70fbb8355e87df6a97891657ed5",
|
||||||
|
importpath = "github.com/prometheus/common",
|
||||||
|
)
|
||||||
|
|
||||||
|
go_repository(
|
||||||
|
name = "com_github_beorn7_perks",
|
||||||
|
commit = "4b2b341e8d7715fae06375aa633dbb6e91b3fb46",
|
||||||
|
importpath = "github.com/beorn7/perks",
|
||||||
|
)
|
||||||
|
|
||||||
|
go_repository(
|
||||||
|
name = "com_github_prometheus_client_model",
|
||||||
|
commit = "fd36f4220a901265f90734c3183c5f0c91daa0b8",
|
||||||
|
importpath = "github.com/prometheus/client_model",
|
||||||
|
)
|
||||||
|
|
||||||
|
go_repository(
|
||||||
|
name = "com_github_prometheus_procfs",
|
||||||
|
commit = "8f55e607908ea781ad9d08521730d73e047d9ac4",
|
||||||
|
importpath = "github.com/prometheus/procfs",
|
||||||
|
)
|
||||||
|
|
||||||
|
go_repository(
|
||||||
|
name = "com_github_matttproud_golang_protobuf_extensions",
|
||||||
|
commit = "c182affec369e30f25d3eb8cd8a478dee585ae7d",
|
||||||
|
importpath = "github.com/matttproud/golang_protobuf_extensions",
|
||||||
|
)
|
||||||
|
|
|
@ -0,0 +1,9 @@
|
||||||
|
local ix = import "ix.libsonnet";
|
||||||
|
|
||||||
|
{
|
||||||
|
camp: ix.IX {
|
||||||
|
cfg+: {
|
||||||
|
namespace: "cccamp-ix",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}
|
|
@ -0,0 +1,84 @@
|
||||||
|
local kube = import "../../../kube/kube.libsonnet";
|
||||||
|
|
||||||
|
{
|
||||||
|
IX: {
|
||||||
|
local ix = self,
|
||||||
|
local cfg = ix.cfg,
|
||||||
|
cfg:: {
|
||||||
|
octorpki: {
|
||||||
|
image: "registry.k0.hswaw.net/q3k/octorpki:1564072856-3bfb2ef7fd180e774f74bbc9eebf6d97b9d80003",
|
||||||
|
storageClassName: "waw-hdd-redundant-1",
|
||||||
|
resources: {
|
||||||
|
requests: { cpu: "100m", memory: "500Mi" },
|
||||||
|
limits: { cpu: "500m", memory: "1Gi" },
|
||||||
|
},
|
||||||
|
},
|
||||||
|
|
||||||
|
appName: "ix",
|
||||||
|
namespace: error "namespace must be defined",
|
||||||
|
prefix: "",
|
||||||
|
},
|
||||||
|
|
||||||
|
namespace: kube.Namespace(cfg.namespace),
|
||||||
|
name(component):: cfg.prefix + component,
|
||||||
|
metadata(component):: {
|
||||||
|
namespace: cfg.namespace,
|
||||||
|
labels: {
|
||||||
|
"app.kubernetes.io/name": cfg.appName,
|
||||||
|
"app.kubernetes.io/managed-by": "kubecfg",
|
||||||
|
"app.kubernetes.io/component": component,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
|
||||||
|
octorpki: {
|
||||||
|
cache: kube.PersistentVolumeClaim(ix.name("octorpki")) {
|
||||||
|
metadata+: ix.metadata("octorpki"),
|
||||||
|
spec+: {
|
||||||
|
storageClassName: cfg.octorpki.storageClassName,
|
||||||
|
accessModes: [ "ReadWriteOnce" ],
|
||||||
|
resources: {
|
||||||
|
requests: {
|
||||||
|
storage: "2Gi",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
deployment: kube.Deployment(ix.name("octorpki")) {
|
||||||
|
metadata+: ix.metadata("octorpki"),
|
||||||
|
spec+: {
|
||||||
|
template+: {
|
||||||
|
spec+: {
|
||||||
|
volumes_: {
|
||||||
|
cache: kube.PersistentVolumeClaimVolume(ix.octorpki.cache),
|
||||||
|
},
|
||||||
|
containers_: {
|
||||||
|
octorpki: kube.Container(ix.name("octorpki")){
|
||||||
|
image: cfg.octorpki.image,
|
||||||
|
args: [
|
||||||
|
"/octorpki/entrypoint.sh",
|
||||||
|
],
|
||||||
|
ports_: {
|
||||||
|
client: { containerPort: 8080 },
|
||||||
|
},
|
||||||
|
volumeMounts_: {
|
||||||
|
cache: { mountPath: "/cache" },
|
||||||
|
},
|
||||||
|
resources: cfg.octorpki.resources,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
svc: kube.Service(ix.name("octorpki")) {
|
||||||
|
metadata+: ix.metadata("octorpki"),
|
||||||
|
target_pod:: ix.octorpki.deployment.spec.template,
|
||||||
|
spec+: {
|
||||||
|
ports: [
|
||||||
|
{ name: "client", port: 8080, targetPort: 8080, protocol: "TCP" },
|
||||||
|
],
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}
|
|
@ -0,0 +1,35 @@
|
||||||
|
load("@io_bazel_rules_docker//container:container.bzl", "container_image", "container_layer", "container_push")
|
||||||
|
|
||||||
|
container_layer(
|
||||||
|
name = "layer_bin",
|
||||||
|
files = [
|
||||||
|
"@com_github_cloudflare_cfrpki//cmd/octorpki:octorpki",
|
||||||
|
"entrypoint.sh",
|
||||||
|
],
|
||||||
|
directory = "/octorpki/",
|
||||||
|
)
|
||||||
|
|
||||||
|
container_layer(
|
||||||
|
name = "layer_tals",
|
||||||
|
files = glob(["tals/*"]),
|
||||||
|
directory = "/octorpki/tals/",
|
||||||
|
)
|
||||||
|
|
||||||
|
container_image(
|
||||||
|
name = "octorpki",
|
||||||
|
base = "@prodimage-bionic//image",
|
||||||
|
entrypoint = "/octorpki/entrypoint.sh",
|
||||||
|
layers = [
|
||||||
|
":layer_bin",
|
||||||
|
":layer_tals",
|
||||||
|
],
|
||||||
|
)
|
||||||
|
|
||||||
|
container_push(
|
||||||
|
name = "push",
|
||||||
|
image = ":octorpki",
|
||||||
|
format = "Docker",
|
||||||
|
registry = "registry.k0.hswaw.net",
|
||||||
|
repository = "q3k/octorpki",
|
||||||
|
tag = "{BUILD_TIMESTAMP}-{STABLE_GIT_COMMIT}",
|
||||||
|
)
|
|
@ -0,0 +1,7 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
set -e
|
||||||
|
|
||||||
|
cd /octorpki
|
||||||
|
|
||||||
|
./octorpki -cache /cache/ -output.sign=false "$@"
|
|
@ -0,0 +1,9 @@
|
||||||
|
rsync://rpki.afrinic.net/repository/AfriNIC.cer
|
||||||
|
|
||||||
|
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxsAqAhWIO+ON2Ef9oRDM
|
||||||
|
pKxv+AfmSLIdLWJtjrvUyDxJPBjgR+kVrOHUeTaujygFUp49tuN5H2C1rUuQavTH
|
||||||
|
vve6xNF5fU3OkTcqEzMOZy+ctkbde2SRMVdvbO22+TH9gNhKDc9l7Vu01qU4LeJH
|
||||||
|
k3X0f5uu5346YrGAOSv6AaYBXVgXxa0s9ZvgqFpim50pReQe/WI3QwFKNgpPzfQL
|
||||||
|
6Y7fDPYdYaVOXPXSKtx7P4s4KLA/ZWmRL/bobw/i2fFviAGhDrjqqqum+/9w1hEl
|
||||||
|
L/vqihVnV18saKTnLvkItA/Bf5i11Yhw2K7qv573YWxyuqCknO/iYLTR1DToBZcZ
|
||||||
|
UQIDAQAB
|
|
@ -0,0 +1,9 @@
|
||||||
|
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
|
||||||
|
|
||||||
|
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx9RWSL61YAAYumEiU8z8
|
||||||
|
qH2ETVIL01ilxZlzIL9JYSORMN5Cmtf8V2JblIealSqgOTGjvSjEsiV73s67zYQI
|
||||||
|
7C/iSOb96uf3/s86NqbxDiFQGN8qG7RNcdgVuUlAidl8WxvLNI8VhqbAB5uSg/Mr
|
||||||
|
LeSOvXRja041VptAxIhcGzDMvlAJRwkrYK/Mo8P4E2rSQgwqCgae0ebY1CsJ3Cjf
|
||||||
|
i67C1nw7oXqJJovvXJ4apGmEv8az23OLC6Ki54Ul/E6xk227BFttqFV3YMtKx42H
|
||||||
|
cCcDVZZy01n7JjzvO8ccaXmHIgR7utnqhBRNNq5Xc5ZhbkrUsNtiJmrZzVlgU6Ou
|
||||||
|
0wIDAQAB
|
|
@ -0,0 +1,7 @@
|
||||||
|
rsync://rpki.arin.net/repository/arin-rpki-ta.cer
|
||||||
|
|
||||||
|
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3lZPjbHvMRV5sDDqfLc/685th5FnreHMJjg8
|
||||||
|
pEZUbG8Y8TQxSBsDebbsDpl3Ov3Cj1WtdrJ3CIfQODCPrrJdOBSrMATeUbPC+JlNf2SRP3UB+VJFgtTj
|
||||||
|
0RN8cEYIuhBW5t6AxQbHhdNQH+A1F/OJdw0q9da2U29Lx85nfFxvnC1EpK9CbLJS4m37+RlpNbT1cba+
|
||||||
|
b+loXpx0Qcb1C4UpJCGDy7uNf5w6/+l7RpATAHqqsX4qCtwwDYlbHzp2xk9owF3mkCxzl0HwncO+sEHH
|
||||||
|
eaL3OjtwdIGrRGeHi2Mpt+mvWHhtQqVG+51MHTyg+nIjWFKKGx1Q9+KDx4wJStwveQIDAQAB
|
|
@ -0,0 +1,9 @@
|
||||||
|
rsync://repository.lacnic.net/rpki/lacnic/rta-lacnic-rpki.cer
|
||||||
|
|
||||||
|
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqZEzhYK0+PtDOPfub/KR
|
||||||
|
c3MeWx3neXx4/wbnJWGbNAtbYqXg3uU5J4HFzPgk/VIppgSKAhlO0H60DRP48by9
|
||||||
|
gr5/yDHu2KXhOmnMg46sYsUIpfgtBS9+VtrqWziJfb+pkGtuOWeTnj6zBmBNZKK+
|
||||||
|
5AlMCW1WPhrylIcB+XSZx8tk9GS/3SMQ+YfMVwwAyYjsex14Uzto4GjONALE5oh1
|
||||||
|
M3+glRQduD6vzSwOD+WahMbc9vCOTED+2McLHRKgNaQf0YJ9a1jG9oJIvDkKXEqd
|
||||||
|
fqDRktwyoD74cV57bW3tBAexB7GglITbInyQAsmdngtfg2LUMrcROHHP86QPZINj
|
||||||
|
DQIDAQAB
|
|
@ -0,0 +1,9 @@
|
||||||
|
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
|
||||||
|
|
||||||
|
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0URYSGqUz2myBsOzeW1j
|
||||||
|
Q6NsxNvlLMyhWknvnl8NiBCs/T/S2XuNKQNZ+wBZxIgPPV2pFBFeQAvoH/WK83Hw
|
||||||
|
A26V2siwm/MY2nKZ+Olw+wlpzlZ1p3Ipj2eNcKrmit8BwBC8xImzuCGaV0jkRB0G
|
||||||
|
Z0hoH6Ml03umLprRsn6v0xOP0+l6Qc1ZHMFVFb385IQ7FQQTcVIxrdeMsoyJq9eM
|
||||||
|
kE6DoclHhF/NlSllXubASQ9KUWqJ0+Ot3QCXr4LXECMfkpkVR2TZT+v5v658bHVs
|
||||||
|
6ZxRD1b6Uk1uQKAyHUbn/tXvP8lrjAibGzVsXDT2L0x4Edx+QdixPgOji3gBMyL2
|
||||||
|
VwIDAQAB
|
Loading…
Reference in New Issue