| # Deploy prodvider (prodaccess server) in cluster. |
| |
| local kube = import "../../../kube/kube.libsonnet"; |
| |
| { |
| Environment: { |
| local env = self, |
| local cfg = env.cfg, |
| |
| cfg:: { |
| namespace: "prodvider", |
| image: "registry.k0.hswaw.net/q3k/prodvider:1680303245", |
| |
| apiEndpoint: error "API endpoint must be set", |
| |
| pki: { |
| intermediate: { |
| cert: importstr "../../certs/ca-kube-prodvider.cert", |
| key: importstr "../../secrets/plain/ca-kube-prodvider.key", |
| }, |
| kube: { |
| cert: importstr "../../certs/ca-kube.crt", |
| }, |
| } |
| }, |
| |
| namespace: kube.Namespace(cfg.namespace), |
| |
| metadata(component):: { |
| namespace: cfg.namespace, |
| labels: { |
| "app.kubernetes.io/name": "prodvider", |
| "app.kubernetes.io/managed-by": "kubecfg", |
| "app.kubernetes.io/component": component, |
| }, |
| }, |
| |
| secret: kube.Secret("ca") { |
| metadata+: env.metadata("prodvider"), |
| data_: { |
| "intermediate-ca.crt": cfg.pki.intermediate.cert, |
| "intermediate-ca.key": cfg.pki.intermediate.key, |
| "ca.crt": cfg.pki.kube.cert, |
| }, |
| }, |
| |
| deployment: kube.Deployment("prodvider") { |
| metadata+: env.metadata("prodvider"), |
| spec+: { |
| replicas: 3, |
| template+: { |
| spec+: { |
| volumes_: { |
| ca: kube.SecretVolume(env.secret), |
| }, |
| containers_: { |
| prodvider: kube.Container("prodvider") { |
| image: cfg.image, |
| args: [ |
| "/cluster/prodvider/prodvider", |
| "-listen_address", "0.0.0.0:8080", |
| "-ca_key_path", "/opt/ca/intermediate-ca.key", |
| "-ca_certificate_path", "/opt/ca/intermediate-ca.crt", |
| "-kube_ca_certificate_path", "/opt/ca/ca.crt", |
| "-kubernetes_host", cfg.apiEndpoint, |
| ], |
| volumeMounts_: { |
| ca: { mountPath: "/opt/ca" }, |
| } |
| }, |
| }, |
| }, |
| }, |
| }, |
| }, |
| |
| svc: kube.Service("prodvider") { |
| metadata+: env.metadata("prodvider"), |
| target_pod:: env.deployment.spec.template, |
| spec+: { |
| type: "LoadBalancer", |
| ports: [ |
| { name: "public", port: 443, targetPort: 8080, protocol: "TCP" }, |
| ], |
| }, |
| }, |
| }, |
| } |