hswaw/kube: refactor
This breaks up hswaw.jsonnet into a component-per-file pattern.
Change-Id: I1b83d44146ae6c3d3f7c5d02abc2c9b764cc0e8e
diff --git a/hswaw/kube/smsgw.libsonnet b/hswaw/kube/smsgw.libsonnet
new file mode 100644
index 0000000..a35b892
--- /dev/null
+++ b/hswaw/kube/smsgw.libsonnet
@@ -0,0 +1,81 @@
+local mirko = import "../../kube/mirko.libsonnet";
+local kube = import "../../kube/kube.libsonnet";
+
+{
+ cfg:: {
+ secret: {
+ twilio_token: error "twilio_token must be set",
+ },
+ image: "registry.k0.hswaw.net/q3k/smsgs:1570049853-05c5b491c45de6d960979d4aee8635768f3178e9",
+ webhookFQDN: error "webhookFQDN must be set",
+ },
+
+ component(cfg, env):: mirko.Component(env, "smsgw") {
+ local smsgw = self,
+ cfg+: {
+ image: cfg.image,
+ container: smsgw.GoContainer("main", "/smsgw/smsgw") {
+ env_: {
+ TWILIO_TOKEN: kube.SecretKeyRef(smsgw.secret, "twilio_token"),
+ },
+ command+: [
+ "-twilio_friendly_phone", "48732168371",
+ "-twilio_sid", "AC806ed4bf4b6c80c8f8ea686379b69518",
+ "-twilio_token", "$(TWILIO_TOKEN)",
+ "-webhook_listen", "0.0.0.0:5000",
+ "-webhook_public", "https://%s/" % [ cfg.webhookFQDN ],
+ ],
+ },
+ ports+: {
+ publicHTTP: {
+ webhook: {
+ port: 5000,
+ dns: cfg.webhookFQDN,
+ }
+ },
+ },
+ },
+
+ secret: kube.Secret("smsgw") {
+ metadata+: smsgw.metadata,
+ data: cfg.secret,
+ },
+
+ // Temporary machinery to access gRPC from outsite.
+ // In the future, this will be handled by a proxy/API gateway.
+ // For now, we need this running.
+ // TODO(q3k): remove this when we have an API GW or proxy.
+ stopgap: {
+ local stopgap = self,
+
+ rpcLB: kube.Service("smsgw-tcp-rpc") {
+ metadata+: smsgw.metadata,
+ target_pod: smsgw.deployment.spec.template,
+ spec+: {
+ type: "LoadBalancer",
+ ports: [
+ { name: "grpc-external", port: 443, targetPort: 4200 },
+ ],
+ },
+ },
+
+ mkClientCert(name, cn):: kube.Certificate(name) {
+ metadata+: smsgw.metadata,
+ spec: {
+ secretName: name,
+ duration: "35040h0m0s", // 4 years
+ issuerRef: {
+ // Contract with cluster/lib/pki.libsonnet.
+ // Copied over.
+ name: "pki-ca",
+ kind: "ClusterIssuer",
+ },
+ commonName: cn,
+ },
+ },
+
+ kasownikCert: stopgap.mkClientCert("smsgw-tcp-rpc-consumer", "kasownik.external.hswaw.net"),
+ piorekfCert: stopgap.mkClientCert("smsgw-tcp-rpc-piorekf", "piorekf.person.hswaw.net"),
+ }
+ },
+}