Radek Pietruszewski | f584431 | 2023-10-27 22:41:18 +0200 | [diff] [blame] | 1 | local kube = import "../../../kube/hscloud.libsonnet"; |
Serge Bazanski | beefe44 | 2019-07-30 13:03:03 +0200 | [diff] [blame] | 2 | |
| 3 | { |
| 4 | IX: { |
| 5 | local ix = self, |
| 6 | local cfg = ix.cfg, |
| 7 | cfg:: { |
Serge Bazanski | ef93747 | 2019-08-29 14:53:18 +0200 | [diff] [blame] | 8 | image: "registry.k0.hswaw.net/bgpwtf/cccampix:1566584484-a2960f526c36de0dbcd911f05ee9db587e63eb9b", |
Sergiusz Bazanski | 1fad2e5 | 2019-08-01 20:16:27 +0200 | [diff] [blame] | 9 | |
Serge Bazanski | ef93747 | 2019-08-29 14:53:18 +0200 | [diff] [blame] | 10 | |
Serge Bazanski | beefe44 | 2019-07-30 13:03:03 +0200 | [diff] [blame] | 11 | octorpki: { |
Serge Bazanski | ec71cb5 | 2019-08-22 18:13:13 +0200 | [diff] [blame] | 12 | image: cfg.image, |
Sergiusz Bazanski | ddfd659 | 2019-08-09 18:24:00 +0200 | [diff] [blame] | 13 | storageClassName: "waw-hdd-redundant-2", |
Serge Bazanski | beefe44 | 2019-07-30 13:03:03 +0200 | [diff] [blame] | 14 | resources: { |
Sergiusz Bazanski | 1fad2e5 | 2019-08-01 20:16:27 +0200 | [diff] [blame] | 15 | requests: { cpu: "200m", memory: "1Gi" }, |
| 16 | limits: { cpu: "1", memory: "2Gi" }, |
Serge Bazanski | beefe44 | 2019-07-30 13:03:03 +0200 | [diff] [blame] | 17 | }, |
| 18 | }, |
| 19 | |
Sergiusz Bazanski | 1fad2e5 | 2019-08-01 20:16:27 +0200 | [diff] [blame] | 20 | verifier: { |
| 21 | image: cfg.image, |
Serge Bazanski | ef93747 | 2019-08-29 14:53:18 +0200 | [diff] [blame] | 22 | domain: "ix-grpc.bgp.wtf", |
Sergiusz Bazanski | 1fad2e5 | 2019-08-01 20:16:27 +0200 | [diff] [blame] | 23 | db: { |
| 24 | host: "public.crdb-waw1.svc.cluster.local", |
| 25 | port: 26257, |
| 26 | username: "cccampix", |
| 27 | name: "cccampix", |
| 28 | tlsSecret: "client-cccampix-certificate", |
| 29 | }, |
| 30 | }, |
| 31 | |
Serge Bazanski | 915b265 | 2019-08-14 18:50:10 +0200 | [diff] [blame] | 32 | pgpencryptor: { |
| 33 | image: cfg.image, |
| 34 | db: { |
| 35 | host: "public.crdb-waw1.svc.cluster.local", |
| 36 | port: 26257, |
| 37 | username: "cccampix", |
| 38 | name: "cccampix-pgpencryptor", |
| 39 | tlsSecret: "client-cccampix-certificate", |
| 40 | }, |
| 41 | }, |
| 42 | |
Sergiusz Bazanski | 1fad2e5 | 2019-08-01 20:16:27 +0200 | [diff] [blame] | 43 | irr: { |
| 44 | image: cfg.image, |
| 45 | }, |
| 46 | |
| 47 | peeringdb: { |
| 48 | image: cfg.image, |
| 49 | }, |
| 50 | |
| 51 | frontend: { |
Serge Bazanski | ef93747 | 2019-08-29 14:53:18 +0200 | [diff] [blame] | 52 | domain: "ix-status.bgp.wtf", |
Sergiusz Bazanski | 1fad2e5 | 2019-08-01 20:16:27 +0200 | [diff] [blame] | 53 | image: cfg.image, |
| 54 | }, |
| 55 | |
Serge Bazanski | ef93747 | 2019-08-29 14:53:18 +0200 | [diff] [blame] | 56 | alice: { |
| 57 | domain: "ix-lg.bgp.wtf", |
| 58 | image: "registry.k0.hswaw.net/q3k/alice-lg:20190823-1557", |
| 59 | }, |
| 60 | |
Serge Bazanski | beefe44 | 2019-07-30 13:03:03 +0200 | [diff] [blame] | 61 | appName: "ix", |
| 62 | namespace: error "namespace must be defined", |
| 63 | prefix: "", |
| 64 | }, |
| 65 | |
radex | 99ed6a7 | 2023-11-24 11:42:55 +0100 | [diff] [blame] | 66 | local ns = kube.Namespace(cfg.namespace), |
| 67 | |
Serge Bazanski | beefe44 | 2019-07-30 13:03:03 +0200 | [diff] [blame] | 68 | name(component):: cfg.prefix + component, |
| 69 | metadata(component):: { |
| 70 | namespace: cfg.namespace, |
| 71 | labels: { |
| 72 | "app.kubernetes.io/name": cfg.appName, |
| 73 | "app.kubernetes.io/managed-by": "kubecfg", |
| 74 | "app.kubernetes.io/component": component, |
| 75 | }, |
| 76 | }, |
| 77 | |
| 78 | octorpki: { |
Sergiusz Bazanski | 1fad2e5 | 2019-08-01 20:16:27 +0200 | [diff] [blame] | 79 | address:: "%s.%s.svc.cluster.local:%d" % [ |
| 80 | "octorpki", |
| 81 | ix.cfg.namespace, |
| 82 | 8080, |
| 83 | ], |
Serge Bazanski | beefe44 | 2019-07-30 13:03:03 +0200 | [diff] [blame] | 84 | cache: kube.PersistentVolumeClaim(ix.name("octorpki")) { |
| 85 | metadata+: ix.metadata("octorpki"), |
radex | 36964dc | 2023-11-24 11:19:46 +0100 | [diff] [blame] | 86 | storage:: "2Gi", |
| 87 | storageClass:: cfg.octorpki.storageClassName, |
Serge Bazanski | beefe44 | 2019-07-30 13:03:03 +0200 | [diff] [blame] | 88 | }, |
| 89 | deployment: kube.Deployment(ix.name("octorpki")) { |
| 90 | metadata+: ix.metadata("octorpki"), |
| 91 | spec+: { |
| 92 | template+: { |
| 93 | spec+: { |
| 94 | volumes_: { |
| 95 | cache: kube.PersistentVolumeClaimVolume(ix.octorpki.cache), |
| 96 | }, |
| 97 | containers_: { |
| 98 | octorpki: kube.Container(ix.name("octorpki")){ |
| 99 | image: cfg.octorpki.image, |
| 100 | args: [ |
| 101 | "/octorpki/entrypoint.sh", |
| 102 | ], |
| 103 | ports_: { |
| 104 | client: { containerPort: 8080 }, |
| 105 | }, |
| 106 | volumeMounts_: { |
| 107 | cache: { mountPath: "/cache" }, |
| 108 | }, |
| 109 | resources: cfg.octorpki.resources, |
| 110 | }, |
| 111 | }, |
| 112 | }, |
| 113 | }, |
| 114 | }, |
| 115 | }, |
| 116 | svc: kube.Service(ix.name("octorpki")) { |
| 117 | metadata+: ix.metadata("octorpki"), |
radex | 8b8f387 | 2023-11-24 11:09:46 +0100 | [diff] [blame] | 118 | target:: ix.octorpki.deployment, |
Serge Bazanski | beefe44 | 2019-07-30 13:03:03 +0200 | [diff] [blame] | 119 | spec+: { |
| 120 | ports: [ |
| 121 | { name: "client", port: 8080, targetPort: 8080, protocol: "TCP" }, |
| 122 | ], |
| 123 | }, |
| 124 | }, |
| 125 | }, |
Sergiusz Bazanski | 1fad2e5 | 2019-08-01 20:16:27 +0200 | [diff] [blame] | 126 | |
| 127 | component(name):: { |
| 128 | local component = self, |
| 129 | args:: error "args must be set", |
| 130 | name:: name, |
| 131 | port:: 4200, |
| 132 | volumes:: {}, |
| 133 | volumeMounts:: {}, |
| 134 | |
| 135 | deployment: kube.Deployment(ix.name(name)) { |
| 136 | metadata+: ix.metadata(name), |
| 137 | spec+: { |
| 138 | template+: { |
| 139 | spec+: { |
| 140 | volumes_: component.volumes, |
| 141 | containers_: { |
| 142 | [name]: kube.Container(ix.name(name)) { |
| 143 | image: cfg[name].image, |
| 144 | args: component.args, |
| 145 | volumeMounts_: component.volumeMounts, |
| 146 | }, |
| 147 | }, |
| 148 | }, |
| 149 | }, |
| 150 | }, |
| 151 | }, |
| 152 | svc: kube.Service(ix.name(name)) { |
| 153 | metadata+: ix.metadata(name), |
radex | 8b8f387 | 2023-11-24 11:09:46 +0100 | [diff] [blame] | 154 | target:: component.deployment, |
Sergiusz Bazanski | 1fad2e5 | 2019-08-01 20:16:27 +0200 | [diff] [blame] | 155 | spec+: { |
| 156 | ports: [ |
| 157 | { name: "client", port: component.port, targetPort: component.port, protocol: "TCP" }, |
| 158 | ], |
| 159 | }, |
| 160 | }, |
| 161 | |
| 162 | address:: "%s.%s.svc.cluster.local:%d" % [ |
| 163 | component.name, |
| 164 | ix.cfg.namespace, |
| 165 | component.port, |
| 166 | ], |
| 167 | }, |
| 168 | |
| 169 | irr: ix.component("irr") { |
| 170 | args: [ |
| 171 | "/ix/irr", |
| 172 | "-hspki_disable", |
| 173 | "-listen_address=0.0.0.0:4200", |
| 174 | ], |
| 175 | }, |
| 176 | |
| 177 | peeringdb: ix.component("peeringdb") { |
| 178 | args: [ |
| 179 | "/ix/peeringdb", |
| 180 | "-hspki_disable", |
| 181 | "-listen_address=0.0.0.0:4200", |
| 182 | ], |
| 183 | }, |
| 184 | |
Serge Bazanski | 915b265 | 2019-08-14 18:50:10 +0200 | [diff] [blame] | 185 | crdb:: { |
Sergiusz Bazanski | 1fad2e5 | 2019-08-01 20:16:27 +0200 | [diff] [blame] | 186 | volumes: { |
| 187 | tls: { |
| 188 | secret: { |
| 189 | secretName: cfg.verifier.db.tlsSecret, |
| 190 | defaultMode: kube.parseOctal("0400"), |
| 191 | }, |
| 192 | }, |
| 193 | }, |
| 194 | volumeMounts: { |
| 195 | tls: { |
| 196 | mountPath: "/tls", |
| 197 | }, |
| 198 | }, |
Serge Bazanski | 915b265 | 2019-08-14 18:50:10 +0200 | [diff] [blame] | 199 | args(dbconf): [ |
Sergiusz Bazanski | 1fad2e5 | 2019-08-01 20:16:27 +0200 | [diff] [blame] | 200 | "-dsn", "postgres://%s@%s:%d/%s?sslmode=require&sslrootcert=%s&sslcert=%s&sslkey=%s" % [ |
Serge Bazanski | 915b265 | 2019-08-14 18:50:10 +0200 | [diff] [blame] | 201 | dbconf.username, |
| 202 | dbconf.host, |
| 203 | dbconf.port, |
| 204 | dbconf.name, |
Sergiusz Bazanski | 1fad2e5 | 2019-08-01 20:16:27 +0200 | [diff] [blame] | 205 | "/tls/ca.crt", |
| 206 | "/tls/tls.crt", |
| 207 | "/tls/tls.key", |
| 208 | ], |
Serge Bazanski | 915b265 | 2019-08-14 18:50:10 +0200 | [diff] [blame] | 209 | ] |
| 210 | }, |
| 211 | |
| 212 | verifier: ix.component("verifier") { |
| 213 | volumes: ix.crdb.volumes, |
| 214 | volumeMounts: ix.crdb.volumeMounts, |
| 215 | args: [ |
| 216 | "/ix/verifier", |
| 217 | "-hspki_disable", |
| 218 | "-listen_address=0.0.0.0:4200", |
Sergiusz Bazanski | 1fad2e5 | 2019-08-01 20:16:27 +0200 | [diff] [blame] | 219 | "-peeringdb=" + ix.peeringdb.address, |
| 220 | "-irr=" + ix.irr.address, |
Sergiusz Bazanski | 1fad2e5 | 2019-08-01 20:16:27 +0200 | [diff] [blame] | 221 | "-octorpki=" + ix.octorpki.address, |
Serge Bazanski | ec71cb5 | 2019-08-22 18:13:13 +0200 | [diff] [blame] | 222 | "-pgpencryptor=" + ix.pgpencryptor.address, |
Serge Bazanski | 915b265 | 2019-08-14 18:50:10 +0200 | [diff] [blame] | 223 | ] + ix.crdb.args(cfg.verifier.db), |
| 224 | }, |
| 225 | |
| 226 | pgpencryptor: ix.component("pgpencryptor") { |
| 227 | volumes: ix.crdb.volumes, |
| 228 | volumeMounts: ix.crdb.volumeMounts, |
| 229 | args: [ |
| 230 | "/ix/pgpencryptor", |
| 231 | "-hspki_disable", |
| 232 | "-listen_address=0.0.0.0:4200", |
| 233 | ] + ix.crdb.args(cfg.pgpencryptor.db), |
Sergiusz Bazanski | 1fad2e5 | 2019-08-01 20:16:27 +0200 | [diff] [blame] | 234 | }, |
| 235 | |
| 236 | frontend: ix.component("frontend") { |
| 237 | port: 8080, |
| 238 | args: [ |
| 239 | "/ix/frontend.par", |
| 240 | "--flask_secret=dupa", |
| 241 | "--listen=0.0.0.0:8080", |
| 242 | "--verifier=" + ix.verifier.address, |
| 243 | ], |
| 244 | }, |
| 245 | |
Serge Bazanski | ef93747 | 2019-08-29 14:53:18 +0200 | [diff] [blame] | 246 | alice: ix.component("alice") { |
| 247 | port: 7340, |
| 248 | volumes: { |
| 249 | config: kube.ConfigMapVolume(ix.alice.configMap), |
| 250 | theme: kube.ConfigMapVolume(ix.alice.themeMap), |
| 251 | }, |
| 252 | volumeMounts: { |
| 253 | config: { |
| 254 | mountPath: "/etc/alice", |
| 255 | }, |
| 256 | theme: { |
| 257 | mountPath: "/etc/alice-theme", |
| 258 | }, |
| 259 | }, |
| 260 | args: [ |
| 261 | "/usr/bin/alice-lg", |
| 262 | "-config", "/etc/alice/alice", |
| 263 | ], |
| 264 | |
| 265 | themeMap: kube.ConfigMap(ix.name("alice-theme")) { |
| 266 | metadata+: ix.metadata("alice-theme"), |
| 267 | data: { |
| 268 | "content.js": ||| |
| 269 | Alice.updateContent({ |
| 270 | header: { |
| 271 | title: "CCCampIX Looking Glass", |
| 272 | tagline: "powered by alice-lg" |
| 273 | }, |
| 274 | welcome: { |
| 275 | title: "CCCampIX Looking Glass", |
| 276 | tagline: "BGP to the tent." |
| 277 | } |
| 278 | }); |
| 279 | |||, |
| 280 | }, |
| 281 | }, |
| 282 | configMap: kube.ConfigMap(ix.name("alice")) { |
| 283 | metadata+: ix.metadata("alice"), |
| 284 | data: { |
| 285 | config: ||| |
| 286 | [server] |
| 287 | listen_http = 0.0.0.0:7340 |
| 288 | enable_neighbors_status_refresh = false |
| 289 | asn = 208521 |
| 290 | |
| 291 | [housekeeping] |
| 292 | interval = 5 |
| 293 | force_release_memory = true |
| 294 | |
| 295 | [theme] |
| 296 | path = /etc/alice-theme |
| 297 | |
| 298 | [pagination] |
| 299 | routes_filtered_page_size = 250 |
| 300 | routes_accepted_page_size = 250 |
| 301 | routes_not_exported_page_size = 250 |
| 302 | |
| 303 | [rejection_reasons] |
| 304 | 208521:65666:1 = An IP Bogon was detected |
| 305 | 208521:65666:2 = Prefix is longer than 64 |
| 306 | 208521:65666:3 = Prefix is longer than 24 |
| 307 | 208521:65666:4 = AS path contains a bogon AS |
| 308 | 208521:65666:5 = AS path length is longer than 64 |
| 309 | 208521:65666:6 = BGP Path invalid (must be only peer) |
| 310 | 208521:65666:9 = Prefix not found in RPKI for Origin AS |
| 311 | |
| 312 | [neighbours_columns] |
| 313 | Description = Description |
| 314 | address = Neighbour |
| 315 | asn = ASN |
| 316 | state = State |
| 317 | Uptime = Uptime |
| 318 | routes_received = Routes Received |
| 319 | routes_filtered = Filtered |
| 320 | |
| 321 | [routes_columns] |
| 322 | network = Network |
| 323 | gateway = Gateway |
| 324 | interface = Interface |
| 325 | metric = Metric |
| 326 | bgp.as_path = AS Path |
| 327 | |
| 328 | [lookup_columns] |
| 329 | network = Network |
| 330 | gateway = Gateway |
| 331 | neighbour.asn = ASN |
| 332 | neighbour.description = Description |
| 333 | bgp.as_path = AS Path |
| 334 | routeserver.name = RS |
| 335 | |
| 336 | [source.rs1-camp-v4] |
| 337 | name = rs1.camp.bgp.wtf (IPv4) |
| 338 | group = Camp |
| 339 | [source.rs1-camp-v4.birdwatcher] |
| 340 | timezone = UTC |
| 341 | api = http://isw01.camp.bgp.wtf:3000/ |
| 342 | type = single_table |
| 343 | neighbors_refresh_timeout = 2 |
| 344 | servertime = 2006-01-02T15:04:05Z |
| 345 | servertime_short = 2006-01-02 15:04:05 |
| 346 | servertime_ext = 2006-01-02 15:04:05 |
Radek Pietruszewski | f28cd62 | 2023-11-03 17:30:10 +0100 | [diff] [blame] | 347 | |
Serge Bazanski | ef93747 | 2019-08-29 14:53:18 +0200 | [diff] [blame] | 348 | [source.rs1-camp-v6] |
| 349 | name = rs1.camp.bgp.wtf (IPv6) |
| 350 | group = Camp |
| 351 | [source.rs1-camp-v6.birdwatcher] |
| 352 | timezone = UTC |
| 353 | api = http://isw01.camp.bgp.wtf:3001/ |
| 354 | type = single_table |
| 355 | neighbors_refresh_timeout = 2 |
| 356 | servertime = 2006-01-02T15:04:05Z |
| 357 | servertime_short = 2006-01-02 15:04:05 |
| 358 | servertime_ext = 2006-01-02 15:04:05 |
Radek Pietruszewski | f28cd62 | 2023-11-03 17:30:10 +0100 | [diff] [blame] | 359 | |
Serge Bazanski | ef93747 | 2019-08-29 14:53:18 +0200 | [diff] [blame] | 360 | [source.rs2-camp-v4] |
| 361 | name = rs2.camp.bgp.wtf (IPv4) |
| 362 | group = Camp |
| 363 | [source.rs2-camp-v4.birdwatcher] |
| 364 | timezone = UTC |
| 365 | api = http://isw01.camp.bgp.wtf:3002/ |
| 366 | type = single_table |
| 367 | neighbors_refresh_timeout = 2 |
| 368 | servertime = 2006-01-02T15:04:05Z |
| 369 | servertime_short = 2006-01-02 15:04:05 |
| 370 | servertime_ext = 2006-01-02 15:04:05 |
Radek Pietruszewski | f28cd62 | 2023-11-03 17:30:10 +0100 | [diff] [blame] | 371 | |
Serge Bazanski | ef93747 | 2019-08-29 14:53:18 +0200 | [diff] [blame] | 372 | [source.rs2-camp-v6] |
| 373 | name = rs2.camp.bgp.wtf (IPv6) |
| 374 | group = Camp |
| 375 | [source.rs2-camp-v6.birdwatcher] |
| 376 | timezone = UTC |
| 377 | api = http://isw01.camp.bgp.wtf:3003/ |
| 378 | type = single_table |
| 379 | neighbors_refresh_timeout = 2 |
| 380 | servertime = 2006-01-02T15:04:05Z |
| 381 | servertime_short = 2006-01-02 15:04:05 |
| 382 | servertime_ext = 2006-01-02 15:04:05 |
| 383 | |||, |
| 384 | }, |
| 385 | }, |
| 386 | }, |
| 387 | |
Serge Bazanski | 821fa5f | 2019-08-14 14:33:30 +0200 | [diff] [blame] | 388 | ripeSync: kube.CronJob(ix.name("ripe-sync")) { |
| 389 | metadata+: ix.metadata("ripe-sync"), |
| 390 | spec+: { |
| 391 | schedule: "*/5 * * * *", |
| 392 | jobTemplate+: { |
| 393 | spec+: { |
| 394 | selector:: null, |
| 395 | template+: { |
| 396 | spec+: { |
| 397 | containers_: { |
| 398 | "ripe-sync": kube.Container(ix.name("ripe-sync")) { |
| 399 | image: cfg.image, |
| 400 | args: [ |
| 401 | "/ix/ripe-sync.par", |
| 402 | "$(PASSWORD)", |
| 403 | ix.verifier.address, |
| 404 | ], |
| 405 | env_: { |
| 406 | PASSWORD: { |
| 407 | secretKeyRef: { |
| 408 | name: ix.name("ripe-sync"), |
| 409 | key: "password", |
| 410 | }, |
| 411 | }, |
| 412 | }, |
| 413 | }, |
| 414 | }, |
| 415 | }, |
| 416 | }, |
| 417 | }, |
| 418 | }, |
| 419 | }, |
| 420 | }, |
| 421 | |
Radek Pietruszewski | f584431 | 2023-10-27 22:41:18 +0200 | [diff] [blame] | 422 | ingress: kube.SimpleIngress("ingress") { |
| 423 | hosts:: [cfg.frontend.domain], |
| 424 | target_service:: ix.frontend.svc, |
| 425 | metadata+: ix.metadata("public"), |
Sergiusz Bazanski | 1fad2e5 | 2019-08-01 20:16:27 +0200 | [diff] [blame] | 426 | }, |
Serge Bazanski | ec71cb5 | 2019-08-22 18:13:13 +0200 | [diff] [blame] | 427 | |
Radek Pietruszewski | f584431 | 2023-10-27 22:41:18 +0200 | [diff] [blame] | 428 | aliceIngress: kube.SimpleIngress("alice") { |
| 429 | hosts:: [cfg.alice.domain], |
| 430 | target_service:: ix.alice.svc, |
| 431 | metadata+: ix.metadata("alice"), |
| 432 | }, |
| 433 | |
| 434 | grpcIngress: kube.SimpleIngress("grpc") { |
| 435 | hosts:: [cfg.verifier.domain], |
| 436 | target_service:: ix.verifier.svc, |
Serge Bazanski | ef93747 | 2019-08-29 14:53:18 +0200 | [diff] [blame] | 437 | metadata+: ix.metadata("alice") { |
| 438 | annotations+: { |
Serge Bazanski | ec71cb5 | 2019-08-22 18:13:13 +0200 | [diff] [blame] | 439 | "kubernetes.io/ingress.class": "nginx", |
| 440 | "nginx.ingress.kubernetes.io/ssl-redirect": "true", |
| 441 | "nginx.ingress.kubernetes.io/backend-protocol": "GRPC", |
Serge Bazanski | ec71cb5 | 2019-08-22 18:13:13 +0200 | [diff] [blame] | 442 | }, |
| 443 | }, |
Serge Bazanski | ec71cb5 | 2019-08-22 18:13:13 +0200 | [diff] [blame] | 444 | }, |
Serge Bazanski | beefe44 | 2019-07-30 13:03:03 +0200 | [diff] [blame] | 445 | }, |
| 446 | } |