Draw the actual rest of the fucking owl.
Change-Id: Ia04fb49ebbe3a5afccc57e62f6335e35b45192fe
diff --git a/bgpwtf/cccampix/kube/ix.libsonnet b/bgpwtf/cccampix/kube/ix.libsonnet
index 297fd34..ff74f2b 100644
--- a/bgpwtf/cccampix/kube/ix.libsonnet
+++ b/bgpwtf/cccampix/kube/ix.libsonnet
@@ -5,11 +5,12 @@
local ix = self,
local cfg = ix.cfg,
cfg:: {
- image: "registry.k0.hswaw.net/bgpwtf/cccampix:1565803250-3a1811e363502c697ea337c15d653698bd662dae",
+ image: "registry.k0.hswaw.net/bgpwtf/cccampix:1566475793-53f188c8fe83781ac057a3442830c6aa3dce5269",
domain: "ix-status.bgp.wtf",
+ grpcDomain: "ix-grpc.bgp.wtf",
octorpki: {
- image: "registry.k0.hswaw.net/bgpwtf/cccampix:1565469898-95928eecd7e35e8582fa011d1457643ca398c310",
+ image: cfg.image,
storageClassName: "waw-hdd-redundant-2",
resources: {
requests: { cpu: "200m", memory: "1Gi" },
@@ -218,6 +219,7 @@
"-peeringdb=" + ix.peeringdb.address,
"-irr=" + ix.irr.address,
"-octorpki=" + ix.octorpki.address,
+ "-pgpencryptor=" + ix.pgpencryptor.address,
] + ix.crdb.args(cfg.verifier.db),
},
@@ -299,5 +301,33 @@
],
},
},
+
+ grpcIngress: kube.Ingress("grpc") {
+ metadata+: ix.metadata("grpc") {
+ annotations+: {
+ "kubernetes.io/tls-acme": "true",
+ "certmanager.k8s.io/cluster-issuer": "letsencrypt-prod",
+ "kubernetes.io/ingress.class": "nginx",
+ "nginx.ingress.kubernetes.io/ssl-redirect": "true",
+ "nginx.ingress.kubernetes.io/backend-protocol": "GRPC",
+ "nginx.ingress.kubernetes.io/whitelist-source-range": "185.236.240.34/32",
+ },
+ },
+ spec+: {
+ tls: [
+ { hosts: [cfg.grpcDomain], secretName: "grpc-tls"}
+ ],
+ rules: [
+ {
+ host: cfg.grpcDomain,
+ http: {
+ paths: [
+ { path: "/", backend: ix.verifier.svc.name_port },
+ ],
+ },
+ },
+ ],
+ },
+ },
},
}