hswaw/kube: refactor This breaks up hswaw.jsonnet into a component-per-file pattern. Change-Id: I1b83d44146ae6c3d3f7c5d02abc2c9b764cc0e8e

commit: d0ec2c6ac74ad1fd20c7b92c1c3913a2c482e982 [log] [tgz]
author: Sergiusz Bazanski <q3k@hackerspace.pl> Thu Nov 21 00:08:52 2019 +0100
committer: Sergiusz Bazanski <q3k@hackerspace.pl> Thu Nov 21 00:08:52 2019 +0100
tree: 4f839f12af36eb56797278d96112ebeffc8a0a5f
parent: e5a956a1c844770b6d2912d366d81adc0e59d343 [diff] [blame]
diff --git a/hswaw/kube/smsgw.libsonnet b/hswaw/kube/smsgw.libsonnet
new file mode 100644
index 0000000..a35b892
--- /dev/null
+++ b/hswaw/kube/smsgw.libsonnet

@@ -0,0 +1,81 @@
+local mirko = import "../../kube/mirko.libsonnet";
+local kube = import "../../kube/kube.libsonnet";
+
+{
+    cfg:: {
+        secret: {
+            twilio_token: error "twilio_token must be set",
+        },
+        image: "registry.k0.hswaw.net/q3k/smsgs:1570049853-05c5b491c45de6d960979d4aee8635768f3178e9",
+        webhookFQDN: error "webhookFQDN must be set",
+    },
+
+    component(cfg, env):: mirko.Component(env, "smsgw") {
+        local smsgw = self,
+        cfg+: {
+            image: cfg.image,
+            container: smsgw.GoContainer("main", "/smsgw/smsgw") {
+                env_: {
+                    TWILIO_TOKEN: kube.SecretKeyRef(smsgw.secret, "twilio_token"),
+                },
+                command+: [
+                    "-twilio_friendly_phone", "48732168371",
+                    "-twilio_sid", "AC806ed4bf4b6c80c8f8ea686379b69518",
+                    "-twilio_token", "$(TWILIO_TOKEN)",
+                    "-webhook_listen", "0.0.0.0:5000",
+                    "-webhook_public", "https://%s/" % [ cfg.webhookFQDN ],
+                ],
+            },
+            ports+: {
+                publicHTTP: {
+                    webhook: {
+                        port: 5000,
+                        dns: cfg.webhookFQDN,
+                    }
+                },
+            },
+        },
+
+        secret: kube.Secret("smsgw") {
+            metadata+: smsgw.metadata,
+            data: cfg.secret,
+        },
+
+        // Temporary machinery to access gRPC from outsite.
+        // In the future, this will be handled by a proxy/API gateway.
+        // For now, we need this running.
+        // TODO(q3k): remove this when we have an API GW or proxy.
+        stopgap: {
+            local stopgap = self,
+
+            rpcLB: kube.Service("smsgw-tcp-rpc") {
+                metadata+: smsgw.metadata,
+                target_pod: smsgw.deployment.spec.template,
+                spec+: {
+                    type: "LoadBalancer",
+                    ports: [
+                        { name: "grpc-external", port: 443, targetPort: 4200 },
+                    ],
+                },
+            },
+
+            mkClientCert(name, cn):: kube.Certificate(name) {
+                metadata+: smsgw.metadata,
+                spec: {
+                    secretName: name,
+                    duration: "35040h0m0s", // 4 years
+                    issuerRef: {
+                        // Contract with cluster/lib/pki.libsonnet.
+                        // Copied over.
+                        name: "pki-ca",
+                        kind: "ClusterIssuer",
+                    },
+                    commonName: cn,
+                },
+            },
+
+            kasownikCert: stopgap.mkClientCert("smsgw-tcp-rpc-consumer", "kasownik.external.hswaw.net"),
+            piorekfCert: stopgap.mkClientCert("smsgw-tcp-rpc-piorekf", "piorekf.person.hswaw.net"),
+        }
+    },
+}
commit	d0ec2c6ac74ad1fd20c7b92c1c3913a2c482e982	[log] [tgz]
author	Sergiusz Bazanski <q3k@hackerspace.pl>	Thu Nov 21 00:08:52 2019 +0100
committer	Sergiusz Bazanski <q3k@hackerspace.pl>	Thu Nov 21 00:08:52 2019 +0100
tree	4f839f12af36eb56797278d96112ebeffc8a0a5f
parent	e5a956a1c844770b6d2912d366d81adc0e59d343 [diff] [blame]