cccampix: updates from camp
Change-Id: I77e6d9fb6e91b0b7e2d1f89e80164ee8116b5d50
diff --git a/bgpwtf/cccampix/kube/ix.libsonnet b/bgpwtf/cccampix/kube/ix.libsonnet
index ff74f2b..7496dad 100644
--- a/bgpwtf/cccampix/kube/ix.libsonnet
+++ b/bgpwtf/cccampix/kube/ix.libsonnet
@@ -5,10 +5,9 @@
local ix = self,
local cfg = ix.cfg,
cfg:: {
- image: "registry.k0.hswaw.net/bgpwtf/cccampix:1566475793-53f188c8fe83781ac057a3442830c6aa3dce5269",
+ image: "registry.k0.hswaw.net/bgpwtf/cccampix:1566584484-a2960f526c36de0dbcd911f05ee9db587e63eb9b",
- domain: "ix-status.bgp.wtf",
- grpcDomain: "ix-grpc.bgp.wtf",
+
octorpki: {
image: cfg.image,
storageClassName: "waw-hdd-redundant-2",
@@ -20,6 +19,7 @@
verifier: {
image: cfg.image,
+ domain: "ix-grpc.bgp.wtf",
db: {
host: "public.crdb-waw1.svc.cluster.local",
port: 26257,
@@ -49,9 +49,15 @@
},
frontend: {
+ domain: "ix-status.bgp.wtf",
image: cfg.image,
},
+ alice: {
+ domain: "ix-lg.bgp.wtf",
+ image: "registry.k0.hswaw.net/q3k/alice-lg:20190823-1557",
+ },
+
appName: "ix",
namespace: error "namespace must be defined",
prefix: "",
@@ -243,6 +249,148 @@
],
},
+ alice: ix.component("alice") {
+ port: 7340,
+ volumes: {
+ config: kube.ConfigMapVolume(ix.alice.configMap),
+ theme: kube.ConfigMapVolume(ix.alice.themeMap),
+ },
+ volumeMounts: {
+ config: {
+ mountPath: "/etc/alice",
+ },
+ theme: {
+ mountPath: "/etc/alice-theme",
+ },
+ },
+ args: [
+ "/usr/bin/alice-lg",
+ "-config", "/etc/alice/alice",
+ ],
+
+ themeMap: kube.ConfigMap(ix.name("alice-theme")) {
+ metadata+: ix.metadata("alice-theme"),
+ data: {
+ "content.js": |||
+ Alice.updateContent({
+ header: {
+ title: "CCCampIX Looking Glass",
+ tagline: "powered by alice-lg"
+ },
+ welcome: {
+ title: "CCCampIX Looking Glass",
+ tagline: "BGP to the tent."
+ }
+ });
+ |||,
+ },
+ },
+ configMap: kube.ConfigMap(ix.name("alice")) {
+ metadata+: ix.metadata("alice"),
+ data: {
+ config: |||
+ [server]
+ listen_http = 0.0.0.0:7340
+ enable_neighbors_status_refresh = false
+ asn = 208521
+
+ [housekeeping]
+ interval = 5
+ force_release_memory = true
+
+ [theme]
+ path = /etc/alice-theme
+
+ [pagination]
+ routes_filtered_page_size = 250
+ routes_accepted_page_size = 250
+ routes_not_exported_page_size = 250
+
+ [rejection_reasons]
+ 208521:65666:1 = An IP Bogon was detected
+ 208521:65666:2 = Prefix is longer than 64
+ 208521:65666:3 = Prefix is longer than 24
+ 208521:65666:4 = AS path contains a bogon AS
+ 208521:65666:5 = AS path length is longer than 64
+ 208521:65666:6 = BGP Path invalid (must be only peer)
+ 208521:65666:9 = Prefix not found in RPKI for Origin AS
+
+ [neighbours_columns]
+ Description = Description
+ address = Neighbour
+ asn = ASN
+ state = State
+ Uptime = Uptime
+ routes_received = Routes Received
+ routes_filtered = Filtered
+
+ [routes_columns]
+ network = Network
+ gateway = Gateway
+ interface = Interface
+ metric = Metric
+ bgp.as_path = AS Path
+
+ [lookup_columns]
+ network = Network
+ gateway = Gateway
+ neighbour.asn = ASN
+ neighbour.description = Description
+ bgp.as_path = AS Path
+ routeserver.name = RS
+
+ [source.rs1-camp-v4]
+ name = rs1.camp.bgp.wtf (IPv4)
+ group = Camp
+ [source.rs1-camp-v4.birdwatcher]
+ timezone = UTC
+ api = http://isw01.camp.bgp.wtf:3000/
+ type = single_table
+ neighbors_refresh_timeout = 2
+ servertime = 2006-01-02T15:04:05Z
+ servertime_short = 2006-01-02 15:04:05
+ servertime_ext = 2006-01-02 15:04:05
+
+ [source.rs1-camp-v6]
+ name = rs1.camp.bgp.wtf (IPv6)
+ group = Camp
+ [source.rs1-camp-v6.birdwatcher]
+ timezone = UTC
+ api = http://isw01.camp.bgp.wtf:3001/
+ type = single_table
+ neighbors_refresh_timeout = 2
+ servertime = 2006-01-02T15:04:05Z
+ servertime_short = 2006-01-02 15:04:05
+ servertime_ext = 2006-01-02 15:04:05
+
+ [source.rs2-camp-v4]
+ name = rs2.camp.bgp.wtf (IPv4)
+ group = Camp
+ [source.rs2-camp-v4.birdwatcher]
+ timezone = UTC
+ api = http://isw01.camp.bgp.wtf:3002/
+ type = single_table
+ neighbors_refresh_timeout = 2
+ servertime = 2006-01-02T15:04:05Z
+ servertime_short = 2006-01-02 15:04:05
+ servertime_ext = 2006-01-02 15:04:05
+
+ [source.rs2-camp-v6]
+ name = rs2.camp.bgp.wtf (IPv6)
+ group = Camp
+ [source.rs2-camp-v6.birdwatcher]
+ timezone = UTC
+ api = http://isw01.camp.bgp.wtf:3003/
+ type = single_table
+ neighbors_refresh_timeout = 2
+ servertime = 2006-01-02T15:04:05Z
+ servertime_short = 2006-01-02 15:04:05
+ servertime_ext = 2006-01-02 15:04:05
+ |||,
+ },
+ },
+ },
+
ripeSync: kube.CronJob(ix.name("ripe-sync")) {
metadata+: ix.metadata("ripe-sync"),
spec+: {
@@ -287,11 +435,11 @@
},
spec+: {
tls: [
- { hosts: [cfg.domain], secretName: "public-tls"}
+ { hosts: [cfg.frontend.domain], secretName: "public-tls"}
],
rules: [
{
- host: cfg.domain,
+ host: cfg.frontend.domain,
http: {
paths: [
{ path: "/", backend: ix.frontend.svc.name_port },
@@ -302,6 +450,31 @@
},
},
+ aliceIngress: kube.Ingress("alice") {
+ metadata+: ix.metadata("alice") {
+ annotations+: {
+ "kubernetes.io/tls-acme": "true",
+ "certmanager.k8s.io/cluster-issuer": "letsencrypt-prod",
+ "nginx.ingress.kubernetes.io/proxy-body-size": "0",
+ },
+ },
+ spec+: {
+ tls: [
+ { hosts: [cfg.alice.domain], secretName: "alice-tls"}
+ ],
+ rules: [
+ {
+ host: cfg.alice.domain,
+ http: {
+ paths: [
+ { path: "/", backend: ix.alice.svc.name_port },
+ ],
+ },
+ },
+ ],
+ },
+ },
+
grpcIngress: kube.Ingress("grpc") {
metadata+: ix.metadata("grpc") {
annotations+: {
@@ -310,16 +483,15 @@
"kubernetes.io/ingress.class": "nginx",
"nginx.ingress.kubernetes.io/ssl-redirect": "true",
"nginx.ingress.kubernetes.io/backend-protocol": "GRPC",
- "nginx.ingress.kubernetes.io/whitelist-source-range": "185.236.240.34/32",
},
},
spec+: {
tls: [
- { hosts: [cfg.grpcDomain], secretName: "grpc-tls"}
+ { hosts: [cfg.verifier.domain], secretName: "grpc-tls"}
],
rules: [
{
- host: cfg.grpcDomain,
+ host: cfg.verifier.domain,
http: {
paths: [
{ path: "/", backend: ix.verifier.svc.name_port },