smsgw: productionize, implement kube/mirko
This productionizes smsgw.
We also add some jsonnet machinery to provide a unified service for Go
micro/mirkoservices.
This machinery provides all the nice stuff:
- a deployment
- a service for all your types of pots
- TLS certificates for HSPKI
We also update and test hspki for a new name scheme.
Change-Id: I292d00f858144903cbc8fe0c1c26eb1180d636bc
diff --git a/cluster/kube/cluster.jsonnet b/cluster/kube/cluster.jsonnet
index 60cbaaa..e89a801 100644
--- a/cluster/kube/cluster.jsonnet
+++ b/cluster/kube/cluster.jsonnet
@@ -13,11 +13,16 @@
local prodvider = import "lib/prodvider.libsonnet";
local registry = import "lib/registry.libsonnet";
local rook = import "lib/rook.libsonnet";
+local pki = import "lib/pki.libsonnet";
-local Cluster(fqdn) = {
+local Cluster(short, realm) = {
local cluster = self,
local cfg = cluster.cfg,
+ short:: short,
+ realm:: realm,
+ fqdn:: "%s.%s" % [cluster.short, cluster.realm],
+
cfg:: {
// Storage class used for internal services (like registry). This must
// be set to a valid storage class. This can either be a cloud provider class
@@ -54,7 +59,7 @@
apiGroup: "rbac.authorization.k8s.io",
kind: "User",
# A cluster API Server authenticates with a certificate whose CN is == to the FQDN of the cluster.
- name: fqdn,
+ name: cluster.fqdn,
},
],
},
@@ -159,7 +164,7 @@
cfg+: {
cluster_domains: [
"cluster.local",
- fqdn,
+ cluster.fqdn,
],
},
},
@@ -203,12 +208,15 @@
// Docker registry
registry: registry.Environment {
cfg+: {
- domain: "registry.%s" % [fqdn],
+ domain: "registry.%s" % [cluster.fqdn],
storageClassName: cfg.storageClassNameParanoid,
objectStorageName: "waw-hdd-redundant-2-object",
},
},
+ // TLS PKI machinery
+ pki: pki.Environment(cluster.short, cluster.realm),
+
// Prodvider
prodvider: prodvider.Environment {
cfg+: {
@@ -221,7 +229,7 @@
{
k0: {
local k0 = self,
- cluster: Cluster("k0.hswaw.net") {
+ cluster: Cluster("k0", "hswaw.net") {
cfg+: {
storageClassNameParanoid: k0.ceph.blockParanoid.name,
},