bgpwtf/cccampix: deploy pgpencryptor
Change-Id: I3714c81b663781d9b449695760d83c1b8841d0e0
diff --git a/bgpwtf/cccampix/kube/ix.libsonnet b/bgpwtf/cccampix/kube/ix.libsonnet
index 597252d..297fd34 100644
--- a/bgpwtf/cccampix/kube/ix.libsonnet
+++ b/bgpwtf/cccampix/kube/ix.libsonnet
@@ -5,7 +5,7 @@
local ix = self,
local cfg = ix.cfg,
cfg:: {
- image: "registry.k0.hswaw.net/bgpwtf/cccampix:1565566961-49bf87f8e1ff80e35acd8eb9fc699c4ae0bf250e",
+ image: "registry.k0.hswaw.net/bgpwtf/cccampix:1565803250-3a1811e363502c697ea337c15d653698bd662dae",
domain: "ix-status.bgp.wtf",
octorpki: {
@@ -28,6 +28,17 @@
},
},
+ pgpencryptor: {
+ image: cfg.image,
+ db: {
+ host: "public.crdb-waw1.svc.cluster.local",
+ port: 26257,
+ username: "cccampix",
+ name: "cccampix-pgpencryptor",
+ tlsSecret: "client-cccampix-certificate",
+ },
+ },
+
irr: {
image: cfg.image,
},
@@ -170,7 +181,7 @@
],
},
- verifier: ix.component("verifier") {
+ crdb:: {
volumes: {
tls: {
secret: {
@@ -184,23 +195,40 @@
mountPath: "/tls",
},
},
- args: [
- "/ix/verifier",
- "-hspki_disable",
+ args(dbconf): [
"-dsn", "postgres://%s@%s:%d/%s?sslmode=require&sslrootcert=%s&sslcert=%s&sslkey=%s" % [
- cfg.verifier.db.username,
- cfg.verifier.db.host,
- cfg.verifier.db.port,
- cfg.verifier.db.name,
+ dbconf.username,
+ dbconf.host,
+ dbconf.port,
+ dbconf.name,
"/tls/ca.crt",
"/tls/tls.crt",
"/tls/tls.key",
],
+ ]
+ },
+
+ verifier: ix.component("verifier") {
+ volumes: ix.crdb.volumes,
+ volumeMounts: ix.crdb.volumeMounts,
+ args: [
+ "/ix/verifier",
+ "-hspki_disable",
+ "-listen_address=0.0.0.0:4200",
"-peeringdb=" + ix.peeringdb.address,
"-irr=" + ix.irr.address,
- "-listen_address=0.0.0.0:4200",
"-octorpki=" + ix.octorpki.address,
- ],
+ ] + ix.crdb.args(cfg.verifier.db),
+ },
+
+ pgpencryptor: ix.component("pgpencryptor") {
+ volumes: ix.crdb.volumes,
+ volumeMounts: ix.crdb.volumeMounts,
+ args: [
+ "/ix/pgpencryptor",
+ "-hspki_disable",
+ "-listen_address=0.0.0.0:4200",
+ ] + ix.crdb.args(cfg.pgpencryptor.db),
},
frontend: ix.component("frontend") {