blob: 035637a3ce0ae764267463056199ea6561bca8e0 [file] [log] [blame]
# Deploy prodvider (prodaccess server) in cluster.
local kube = import "../../../kube/kube.libsonnet";
{
Environment: {
local env = self,
local cfg = env.cfg,
cfg:: {
namespace: "prodvider",
image: "registry.k0.hswaw.net/q3k/prodvider:1680303245",
apiEndpoint: error "API endpoint must be set",
pki: {
intermediate: {
cert: importstr "../../certs/ca-kube-prodvider.cert",
key: importstr "../../secrets/plain/ca-kube-prodvider.key",
},
kube: {
cert: importstr "../../certs/ca-kube.crt",
},
}
},
namespace: kube.Namespace(cfg.namespace),
metadata(component):: {
namespace: cfg.namespace,
labels: {
"app.kubernetes.io/name": "prodvider",
"app.kubernetes.io/managed-by": "kubecfg",
"app.kubernetes.io/component": component,
},
},
secret: kube.Secret("ca") {
metadata+: env.metadata("prodvider"),
data_: {
"intermediate-ca.crt": cfg.pki.intermediate.cert,
"intermediate-ca.key": cfg.pki.intermediate.key,
"ca.crt": cfg.pki.kube.cert,
},
},
deployment: kube.Deployment("prodvider") {
metadata+: env.metadata("prodvider"),
spec+: {
replicas: 3,
template+: {
spec+: {
volumes_: {
ca: kube.SecretVolume(env.secret),
},
containers_: {
prodvider: kube.Container("prodvider") {
image: cfg.image,
args: [
"/cluster/prodvider/prodvider",
"-listen_address", "0.0.0.0:8080",
"-ca_key_path", "/opt/ca/intermediate-ca.key",
"-ca_certificate_path", "/opt/ca/intermediate-ca.crt",
"-kube_ca_certificate_path", "/opt/ca/ca.crt",
"-kubernetes_host", cfg.apiEndpoint,
],
volumeMounts_: {
ca: { mountPath: "/opt/ca" },
}
},
},
},
},
},
},
svc: kube.Service("prodvider") {
metadata+: env.metadata("prodvider"),
target:: env.deployment,
spec+: {
type: "LoadBalancer",
ports: [
{ name: "public", port: 443, targetPort: 8080, protocol: "TCP" },
],
},
},
},
}