bgpwtf/cccampix: add and deploy octorpki
Change-Id: I8d5de697925b65d8f0e762b2f2acad3a7e560fe6
diff --git a/WORKSPACE b/WORKSPACE
index 0a7a532..5d0d981 100644
--- a/WORKSPACE
+++ b/WORKSPACE
@@ -534,3 +534,68 @@
importpath = "gopkg.in/inf.v0",
)
+go_repository(
+ name = "com_github_cloudflare_cfrpki",
+ commit = "adece784464315db69299ba75e9287c60cd95c69",
+ importpath = "github.com/cloudflare/cfrpki",
+)
+
+go_repository(
+ name = "com_github_prometheus_client_golang",
+ commit = "bb9b00a86ebaaa691ba43af1f9ba9d16156cc545",
+ importpath = "github.com/prometheus/client_golang",
+)
+
+go_repository(
+ name = "com_github_rs_cors",
+ commit = "db0fe48135e83b5812a5a31be0eea66984b1b521",
+ importpath = "github.com/rs/cors",
+)
+
+go_repository(
+ name = "com_github_cloudflare_gortr",
+ commit = "95270606e8853d9b93f5be46d656d08ec0a4ef09",
+ importpath = "github.com/cloudflare/gortr",
+)
+
+go_repository(
+ name = "com_github_gorilla_mux",
+ commit = "e67b3c02c7195c052acff13261f0c9fd1ba53011",
+ importpath = "github.com/gorilla/mux",
+)
+
+go_repository(
+ name = "com_github_sirupsen_logrus",
+ commit = "07a84ee7412e7a28663d92930a1d46f81b124ee1",
+ importpath = "github.com/sirupsen/logrus",
+)
+
+go_repository(
+ name = "com_github_prometheus_common",
+ commit = "33bc620f956eb70fbb8355e87df6a97891657ed5",
+ importpath = "github.com/prometheus/common",
+)
+
+go_repository(
+ name = "com_github_beorn7_perks",
+ commit = "4b2b341e8d7715fae06375aa633dbb6e91b3fb46",
+ importpath = "github.com/beorn7/perks",
+)
+
+go_repository(
+ name = "com_github_prometheus_client_model",
+ commit = "fd36f4220a901265f90734c3183c5f0c91daa0b8",
+ importpath = "github.com/prometheus/client_model",
+)
+
+go_repository(
+ name = "com_github_prometheus_procfs",
+ commit = "8f55e607908ea781ad9d08521730d73e047d9ac4",
+ importpath = "github.com/prometheus/procfs",
+)
+
+go_repository(
+ name = "com_github_matttproud_golang_protobuf_extensions",
+ commit = "c182affec369e30f25d3eb8cd8a478dee585ae7d",
+ importpath = "github.com/matttproud/golang_protobuf_extensions",
+)
diff --git a/bgpwtf/cccampix/kube/camp.jsonnet b/bgpwtf/cccampix/kube/camp.jsonnet
new file mode 100644
index 0000000..c059401
--- /dev/null
+++ b/bgpwtf/cccampix/kube/camp.jsonnet
@@ -0,0 +1,9 @@
+local ix = import "ix.libsonnet";
+
+{
+ camp: ix.IX {
+ cfg+: {
+ namespace: "cccamp-ix",
+ },
+ },
+}
diff --git a/bgpwtf/cccampix/kube/ix.libsonnet b/bgpwtf/cccampix/kube/ix.libsonnet
new file mode 100644
index 0000000..def1d79
--- /dev/null
+++ b/bgpwtf/cccampix/kube/ix.libsonnet
@@ -0,0 +1,84 @@
+local kube = import "../../../kube/kube.libsonnet";
+
+{
+ IX: {
+ local ix = self,
+ local cfg = ix.cfg,
+ cfg:: {
+ octorpki: {
+ image: "registry.k0.hswaw.net/q3k/octorpki:1564072856-3bfb2ef7fd180e774f74bbc9eebf6d97b9d80003",
+ storageClassName: "waw-hdd-redundant-1",
+ resources: {
+ requests: { cpu: "100m", memory: "500Mi" },
+ limits: { cpu: "500m", memory: "1Gi" },
+ },
+ },
+
+ appName: "ix",
+ namespace: error "namespace must be defined",
+ prefix: "",
+ },
+
+ namespace: kube.Namespace(cfg.namespace),
+ name(component):: cfg.prefix + component,
+ metadata(component):: {
+ namespace: cfg.namespace,
+ labels: {
+ "app.kubernetes.io/name": cfg.appName,
+ "app.kubernetes.io/managed-by": "kubecfg",
+ "app.kubernetes.io/component": component,
+ },
+ },
+
+ octorpki: {
+ cache: kube.PersistentVolumeClaim(ix.name("octorpki")) {
+ metadata+: ix.metadata("octorpki"),
+ spec+: {
+ storageClassName: cfg.octorpki.storageClassName,
+ accessModes: [ "ReadWriteOnce" ],
+ resources: {
+ requests: {
+ storage: "2Gi",
+ },
+ },
+ },
+ },
+ deployment: kube.Deployment(ix.name("octorpki")) {
+ metadata+: ix.metadata("octorpki"),
+ spec+: {
+ template+: {
+ spec+: {
+ volumes_: {
+ cache: kube.PersistentVolumeClaimVolume(ix.octorpki.cache),
+ },
+ containers_: {
+ octorpki: kube.Container(ix.name("octorpki")){
+ image: cfg.octorpki.image,
+ args: [
+ "/octorpki/entrypoint.sh",
+ ],
+ ports_: {
+ client: { containerPort: 8080 },
+ },
+ volumeMounts_: {
+ cache: { mountPath: "/cache" },
+ },
+ resources: cfg.octorpki.resources,
+ },
+ },
+ },
+ },
+ },
+ },
+ svc: kube.Service(ix.name("octorpki")) {
+ metadata+: ix.metadata("octorpki"),
+ target_pod:: ix.octorpki.deployment.spec.template,
+ spec+: {
+ ports: [
+ { name: "client", port: 8080, targetPort: 8080, protocol: "TCP" },
+ ],
+ },
+ },
+ },
+ },
+}
diff --git a/bgpwtf/cccampix/octorpki/BUILD.bazel b/bgpwtf/cccampix/octorpki/BUILD.bazel
new file mode 100644
index 0000000..d9fc491
--- /dev/null
+++ b/bgpwtf/cccampix/octorpki/BUILD.bazel
@@ -0,0 +1,35 @@
+load("@io_bazel_rules_docker//container:container.bzl", "container_image", "container_layer", "container_push")
+
+container_layer(
+ name = "layer_bin",
+ files = [
+ "@com_github_cloudflare_cfrpki//cmd/octorpki:octorpki",
+ "entrypoint.sh",
+ ],
+ directory = "/octorpki/",
+)
+
+container_layer(
+ name = "layer_tals",
+ files = glob(["tals/*"]),
+ directory = "/octorpki/tals/",
+)
+
+container_image(
+ name = "octorpki",
+ base = "@prodimage-bionic//image",
+ entrypoint = "/octorpki/entrypoint.sh",
+ layers = [
+ ":layer_bin",
+ ":layer_tals",
+ ],
+)
+
+container_push(
+ name = "push",
+ image = ":octorpki",
+ format = "Docker",
+ registry = "registry.k0.hswaw.net",
+ repository = "q3k/octorpki",
+ tag = "{BUILD_TIMESTAMP}-{STABLE_GIT_COMMIT}",
+)
diff --git a/bgpwtf/cccampix/octorpki/entrypoint.sh b/bgpwtf/cccampix/octorpki/entrypoint.sh
new file mode 100644
index 0000000..62c59b1
--- /dev/null
+++ b/bgpwtf/cccampix/octorpki/entrypoint.sh
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+set -e
+
+cd /octorpki
+
+./octorpki -cache /cache/ -output.sign=false "$@"
diff --git a/bgpwtf/cccampix/octorpki/tals/afrinic.tal b/bgpwtf/cccampix/octorpki/tals/afrinic.tal
new file mode 100644
index 0000000..fc7639f
--- /dev/null
+++ b/bgpwtf/cccampix/octorpki/tals/afrinic.tal
@@ -0,0 +1,9 @@
+rsync://rpki.afrinic.net/repository/AfriNIC.cer
+
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxsAqAhWIO+ON2Ef9oRDM
+pKxv+AfmSLIdLWJtjrvUyDxJPBjgR+kVrOHUeTaujygFUp49tuN5H2C1rUuQavTH
+vve6xNF5fU3OkTcqEzMOZy+ctkbde2SRMVdvbO22+TH9gNhKDc9l7Vu01qU4LeJH
+k3X0f5uu5346YrGAOSv6AaYBXVgXxa0s9ZvgqFpim50pReQe/WI3QwFKNgpPzfQL
+6Y7fDPYdYaVOXPXSKtx7P4s4KLA/ZWmRL/bobw/i2fFviAGhDrjqqqum+/9w1hEl
+L/vqihVnV18saKTnLvkItA/Bf5i11Yhw2K7qv573YWxyuqCknO/iYLTR1DToBZcZ
+UQIDAQAB
diff --git a/bgpwtf/cccampix/octorpki/tals/apnic.tal b/bgpwtf/cccampix/octorpki/tals/apnic.tal
new file mode 100644
index 0000000..fc781ee
--- /dev/null
+++ b/bgpwtf/cccampix/octorpki/tals/apnic.tal
@@ -0,0 +1,9 @@
+rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
+
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx9RWSL61YAAYumEiU8z8
+qH2ETVIL01ilxZlzIL9JYSORMN5Cmtf8V2JblIealSqgOTGjvSjEsiV73s67zYQI
+7C/iSOb96uf3/s86NqbxDiFQGN8qG7RNcdgVuUlAidl8WxvLNI8VhqbAB5uSg/Mr
+LeSOvXRja041VptAxIhcGzDMvlAJRwkrYK/Mo8P4E2rSQgwqCgae0ebY1CsJ3Cjf
+i67C1nw7oXqJJovvXJ4apGmEv8az23OLC6Ki54Ul/E6xk227BFttqFV3YMtKx42H
+cCcDVZZy01n7JjzvO8ccaXmHIgR7utnqhBRNNq5Xc5ZhbkrUsNtiJmrZzVlgU6Ou
+0wIDAQAB
diff --git a/bgpwtf/cccampix/octorpki/tals/arin.tal b/bgpwtf/cccampix/octorpki/tals/arin.tal
new file mode 100644
index 0000000..92f84bf
--- /dev/null
+++ b/bgpwtf/cccampix/octorpki/tals/arin.tal
@@ -0,0 +1,7 @@
+rsync://rpki.arin.net/repository/arin-rpki-ta.cer
+
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3lZPjbHvMRV5sDDqfLc/685th5FnreHMJjg8
+pEZUbG8Y8TQxSBsDebbsDpl3Ov3Cj1WtdrJ3CIfQODCPrrJdOBSrMATeUbPC+JlNf2SRP3UB+VJFgtTj
+0RN8cEYIuhBW5t6AxQbHhdNQH+A1F/OJdw0q9da2U29Lx85nfFxvnC1EpK9CbLJS4m37+RlpNbT1cba+
+b+loXpx0Qcb1C4UpJCGDy7uNf5w6/+l7RpATAHqqsX4qCtwwDYlbHzp2xk9owF3mkCxzl0HwncO+sEHH
+eaL3OjtwdIGrRGeHi2Mpt+mvWHhtQqVG+51MHTyg+nIjWFKKGx1Q9+KDx4wJStwveQIDAQAB
diff --git a/bgpwtf/cccampix/octorpki/tals/lacnic.tal b/bgpwtf/cccampix/octorpki/tals/lacnic.tal
new file mode 100644
index 0000000..55bbf31
--- /dev/null
+++ b/bgpwtf/cccampix/octorpki/tals/lacnic.tal
@@ -0,0 +1,9 @@
+rsync://repository.lacnic.net/rpki/lacnic/rta-lacnic-rpki.cer
+
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqZEzhYK0+PtDOPfub/KR
+c3MeWx3neXx4/wbnJWGbNAtbYqXg3uU5J4HFzPgk/VIppgSKAhlO0H60DRP48by9
+gr5/yDHu2KXhOmnMg46sYsUIpfgtBS9+VtrqWziJfb+pkGtuOWeTnj6zBmBNZKK+
+5AlMCW1WPhrylIcB+XSZx8tk9GS/3SMQ+YfMVwwAyYjsex14Uzto4GjONALE5oh1
+M3+glRQduD6vzSwOD+WahMbc9vCOTED+2McLHRKgNaQf0YJ9a1jG9oJIvDkKXEqd
+fqDRktwyoD74cV57bW3tBAexB7GglITbInyQAsmdngtfg2LUMrcROHHP86QPZINj
+DQIDAQAB
diff --git a/bgpwtf/cccampix/octorpki/tals/ripe.tal b/bgpwtf/cccampix/octorpki/tals/ripe.tal
new file mode 100644
index 0000000..acdb173
--- /dev/null
+++ b/bgpwtf/cccampix/octorpki/tals/ripe.tal
@@ -0,0 +1,9 @@
+rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
+
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0URYSGqUz2myBsOzeW1j
+Q6NsxNvlLMyhWknvnl8NiBCs/T/S2XuNKQNZ+wBZxIgPPV2pFBFeQAvoH/WK83Hw
+A26V2siwm/MY2nKZ+Olw+wlpzlZ1p3Ipj2eNcKrmit8BwBC8xImzuCGaV0jkRB0G
+Z0hoH6Ml03umLprRsn6v0xOP0+l6Qc1ZHMFVFb385IQ7FQQTcVIxrdeMsoyJq9eM
+kE6DoclHhF/NlSllXubASQ9KUWqJ0+Ot3QCXr4LXECMfkpkVR2TZT+v5v658bHVs
+6ZxRD1b6Uk1uQKAyHUbn/tXvP8lrjAibGzVsXDT2L0x4Edx+QdixPgOji3gBMyL2
+VwIDAQAB