local kube = import "../../../kube/kube.libsonnet";

{
    IX: {
        local ix = self,
        local cfg = ix.cfg,
        cfg:: {
            image: "registry.k0.hswaw.net/bgpwtf/cccampix:1565566961-49bf87f8e1ff80e35acd8eb9fc699c4ae0bf250e",

            domain: "ix-status.bgp.wtf",
            octorpki: {
                image: "registry.k0.hswaw.net/bgpwtf/cccampix:1565469898-95928eecd7e35e8582fa011d1457643ca398c310",
                storageClassName: "waw-hdd-redundant-2",
                resources: {
                    requests: { cpu: "200m", memory: "1Gi" },
                    limits: { cpu: "1", memory: "2Gi" },
                },
            },

            verifier: {
                image: cfg.image,
                db: {
                    host: "public.crdb-waw1.svc.cluster.local",
                    port: 26257,
                    username: "cccampix",
                    name: "cccampix",
                    tlsSecret: "client-cccampix-certificate",
                },
            },

            irr: {
                image: cfg.image,
            },

            peeringdb: {
                image: cfg.image,
            },

            frontend: {
                image: cfg.image,
            },

            appName: "ix",
            namespace: error "namespace must be defined",
            prefix: "",
        },

        namespace: kube.Namespace(cfg.namespace),
        name(component):: cfg.prefix + component,
        metadata(component):: {
            namespace: cfg.namespace,
            labels: {
                "app.kubernetes.io/name": cfg.appName,
                "app.kubernetes.io/managed-by": "kubecfg",
                "app.kubernetes.io/component": component,
            },
        },

        octorpki: {
            address:: "%s.%s.svc.cluster.local:%d" % [
                "octorpki",
                ix.cfg.namespace,
                8080,
            ],
            cache: kube.PersistentVolumeClaim(ix.name("octorpki")) {
                metadata+: ix.metadata("octorpki"),
                spec+: {
                    storageClassName: cfg.octorpki.storageClassName,
                    accessModes: [ "ReadWriteOnce" ],
                    resources: {
                        requests: {
                            storage: "2Gi",
                        },
                    },
                },
            },
            deployment: kube.Deployment(ix.name("octorpki")) {
                metadata+: ix.metadata("octorpki"),
                spec+: {
                    template+: {
                        spec+: {
                            volumes_: {
                                cache: kube.PersistentVolumeClaimVolume(ix.octorpki.cache),
                            },
                            containers_: {
                                octorpki: kube.Container(ix.name("octorpki")){
                                    image: cfg.octorpki.image,
                                    args: [
                                        "/octorpki/entrypoint.sh",
                                    ],
                                    ports_: {
                                        client: { containerPort: 8080 },
                                    },
                                    volumeMounts_: {
                                        cache: { mountPath: "/cache" },
                                    },
                                    resources: cfg.octorpki.resources,
                                },
                            },
                        },
                    },
                },
            },
            svc: kube.Service(ix.name("octorpki")) {
                metadata+: ix.metadata("octorpki"),
                target_pod:: ix.octorpki.deployment.spec.template,
                spec+: {
                    ports: [
                        { name: "client", port: 8080, targetPort: 8080, protocol: "TCP" },
                    ],
                },
            },
        },

        component(name):: {
            local component = self,
            args:: error "args must be set",
            name:: name,
            port:: 4200,
            volumes:: {},
            volumeMounts:: {},

            deployment: kube.Deployment(ix.name(name)) {
                metadata+: ix.metadata(name),
                spec+: {
                    template+: {
                        spec+: {
                            volumes_: component.volumes,
                            containers_: {
                                [name]: kube.Container(ix.name(name)) {
                                    image: cfg[name].image,
                                    args: component.args,
                                    volumeMounts_: component.volumeMounts,
                                },
                            },
                        },
                    },
                },
            },
            svc: kube.Service(ix.name(name)) {
                metadata+: ix.metadata(name),
                target_pod:: component.deployment.spec.template,
                spec+: {
                    ports: [
                        { name: "client", port: component.port, targetPort: component.port, protocol: "TCP" },
                    ],
                },
            },

            address:: "%s.%s.svc.cluster.local:%d" % [
                component.name,
                ix.cfg.namespace,
                component.port,
            ],
        },

        irr: ix.component("irr") {
            args: [
                "/ix/irr",
                "-hspki_disable",
                "-listen_address=0.0.0.0:4200",
            ],
        },

        peeringdb: ix.component("peeringdb") {
            args: [
                "/ix/peeringdb",
                "-hspki_disable",
                "-listen_address=0.0.0.0:4200",
            ],
        },

        verifier: ix.component("verifier") {
            volumes: {
                tls: {
                    secret: {
                        secretName: cfg.verifier.db.tlsSecret,
                        defaultMode: kube.parseOctal("0400"),
                    },
                },
            },
            volumeMounts: {
                tls: {
                    mountPath: "/tls",
                },
            },
            args: [
                "/ix/verifier",
                "-hspki_disable",
                "-dsn", "postgres://%s@%s:%d/%s?sslmode=require&sslrootcert=%s&sslcert=%s&sslkey=%s" % [
                    cfg.verifier.db.username,
                    cfg.verifier.db.host,
                    cfg.verifier.db.port,
                    cfg.verifier.db.name,
                    "/tls/ca.crt",
                    "/tls/tls.crt",
                    "/tls/tls.key",
                ],
                "-peeringdb=" + ix.peeringdb.address,
                "-irr=" + ix.irr.address,
                "-listen_address=0.0.0.0:4200",
                "-octorpki=" + ix.octorpki.address,
            ],
        },

        frontend: ix.component("frontend") {
            port: 8080,
            args: [
                "/ix/frontend.par",
                "--flask_secret=dupa",
                "--listen=0.0.0.0:8080",
                "--verifier=" + ix.verifier.address,
            ],
        },

        ripeSync: kube.CronJob(ix.name("ripe-sync")) {
            metadata+: ix.metadata("ripe-sync"),
            spec+: {
                schedule: "*/5 * * * *",
                jobTemplate+: {
                    spec+: {
                        selector:: null,
                        template+: {
                            spec+: {
                                containers_: {
                                    "ripe-sync": kube.Container(ix.name("ripe-sync")) {
                                        image: cfg.image,
                                        args: [
                                            "/ix/ripe-sync.par",
                                            "$(PASSWORD)",
                                            ix.verifier.address,
                                        ],
                                        env_: {
                                            PASSWORD: {
                                                secretKeyRef: {
                                                    name: ix.name("ripe-sync"),
                                                    key: "password",
                                                },
                                            },
                                        },
                                    },
                                },
                            },
                        },
                    },
                },
            },
        },

        ingress: kube.Ingress("ingress") {
            metadata+: ix.metadata("public") {
                annotations+: {
                    "kubernetes.io/tls-acme": "true",
                    "certmanager.k8s.io/cluster-issuer": "letsencrypt-prod",
                    "nginx.ingress.kubernetes.io/proxy-body-size": "0",
                },
            },
            spec+: {
                tls: [
                    { hosts: [cfg.domain], secretName: "public-tls"}
                ],
                rules: [
                    {
                        host: cfg.domain,
                        http: {
                            paths: [
                                { path: "/", backend: ix.frontend.svc.name_port },
                            ],
                        },
                    },
                ],
            },
        },
    },
}