Radek Pietruszewski | f584431 | 2023-10-27 22:41:18 +0200 | [diff] [blame] | 1 | local kube = import "../../../kube/hscloud.libsonnet"; |
Serge Bazanski | beefe44 | 2019-07-30 13:03:03 +0200 | [diff] [blame] | 2 | |
| 3 | { |
| 4 | IX: { |
| 5 | local ix = self, |
| 6 | local cfg = ix.cfg, |
| 7 | cfg:: { |
Serge Bazanski | ef93747 | 2019-08-29 14:53:18 +0200 | [diff] [blame] | 8 | image: "registry.k0.hswaw.net/bgpwtf/cccampix:1566584484-a2960f526c36de0dbcd911f05ee9db587e63eb9b", |
Sergiusz Bazanski | 1fad2e5 | 2019-08-01 20:16:27 +0200 | [diff] [blame] | 9 | |
Serge Bazanski | ef93747 | 2019-08-29 14:53:18 +0200 | [diff] [blame] | 10 | |
Serge Bazanski | beefe44 | 2019-07-30 13:03:03 +0200 | [diff] [blame] | 11 | octorpki: { |
Serge Bazanski | ec71cb5 | 2019-08-22 18:13:13 +0200 | [diff] [blame] | 12 | image: cfg.image, |
Sergiusz Bazanski | ddfd659 | 2019-08-09 18:24:00 +0200 | [diff] [blame] | 13 | storageClassName: "waw-hdd-redundant-2", |
Serge Bazanski | beefe44 | 2019-07-30 13:03:03 +0200 | [diff] [blame] | 14 | resources: { |
Sergiusz Bazanski | 1fad2e5 | 2019-08-01 20:16:27 +0200 | [diff] [blame] | 15 | requests: { cpu: "200m", memory: "1Gi" }, |
| 16 | limits: { cpu: "1", memory: "2Gi" }, |
Serge Bazanski | beefe44 | 2019-07-30 13:03:03 +0200 | [diff] [blame] | 17 | }, |
| 18 | }, |
| 19 | |
Sergiusz Bazanski | 1fad2e5 | 2019-08-01 20:16:27 +0200 | [diff] [blame] | 20 | verifier: { |
| 21 | image: cfg.image, |
Serge Bazanski | ef93747 | 2019-08-29 14:53:18 +0200 | [diff] [blame] | 22 | domain: "ix-grpc.bgp.wtf", |
Sergiusz Bazanski | 1fad2e5 | 2019-08-01 20:16:27 +0200 | [diff] [blame] | 23 | db: { |
| 24 | host: "public.crdb-waw1.svc.cluster.local", |
| 25 | port: 26257, |
| 26 | username: "cccampix", |
| 27 | name: "cccampix", |
| 28 | tlsSecret: "client-cccampix-certificate", |
| 29 | }, |
| 30 | }, |
| 31 | |
Serge Bazanski | 915b265 | 2019-08-14 18:50:10 +0200 | [diff] [blame] | 32 | pgpencryptor: { |
| 33 | image: cfg.image, |
| 34 | db: { |
| 35 | host: "public.crdb-waw1.svc.cluster.local", |
| 36 | port: 26257, |
| 37 | username: "cccampix", |
| 38 | name: "cccampix-pgpencryptor", |
| 39 | tlsSecret: "client-cccampix-certificate", |
| 40 | }, |
| 41 | }, |
| 42 | |
Sergiusz Bazanski | 1fad2e5 | 2019-08-01 20:16:27 +0200 | [diff] [blame] | 43 | irr: { |
| 44 | image: cfg.image, |
| 45 | }, |
| 46 | |
| 47 | peeringdb: { |
| 48 | image: cfg.image, |
| 49 | }, |
| 50 | |
| 51 | frontend: { |
Serge Bazanski | ef93747 | 2019-08-29 14:53:18 +0200 | [diff] [blame] | 52 | domain: "ix-status.bgp.wtf", |
Sergiusz Bazanski | 1fad2e5 | 2019-08-01 20:16:27 +0200 | [diff] [blame] | 53 | image: cfg.image, |
| 54 | }, |
| 55 | |
Serge Bazanski | ef93747 | 2019-08-29 14:53:18 +0200 | [diff] [blame] | 56 | alice: { |
| 57 | domain: "ix-lg.bgp.wtf", |
| 58 | image: "registry.k0.hswaw.net/q3k/alice-lg:20190823-1557", |
| 59 | }, |
| 60 | |
Serge Bazanski | beefe44 | 2019-07-30 13:03:03 +0200 | [diff] [blame] | 61 | appName: "ix", |
| 62 | namespace: error "namespace must be defined", |
| 63 | prefix: "", |
| 64 | }, |
| 65 | |
| 66 | namespace: kube.Namespace(cfg.namespace), |
| 67 | name(component):: cfg.prefix + component, |
| 68 | metadata(component):: { |
| 69 | namespace: cfg.namespace, |
| 70 | labels: { |
| 71 | "app.kubernetes.io/name": cfg.appName, |
| 72 | "app.kubernetes.io/managed-by": "kubecfg", |
| 73 | "app.kubernetes.io/component": component, |
| 74 | }, |
| 75 | }, |
| 76 | |
| 77 | octorpki: { |
Sergiusz Bazanski | 1fad2e5 | 2019-08-01 20:16:27 +0200 | [diff] [blame] | 78 | address:: "%s.%s.svc.cluster.local:%d" % [ |
| 79 | "octorpki", |
| 80 | ix.cfg.namespace, |
| 81 | 8080, |
| 82 | ], |
Serge Bazanski | beefe44 | 2019-07-30 13:03:03 +0200 | [diff] [blame] | 83 | cache: kube.PersistentVolumeClaim(ix.name("octorpki")) { |
| 84 | metadata+: ix.metadata("octorpki"), |
Radek Pietruszewski | f28cd62 | 2023-11-03 17:30:10 +0100 | [diff] [blame] | 85 | storage: "2Gi", |
| 86 | storageClass: cfg.octorpki.storageClassName, |
Serge Bazanski | beefe44 | 2019-07-30 13:03:03 +0200 | [diff] [blame] | 87 | }, |
| 88 | deployment: kube.Deployment(ix.name("octorpki")) { |
| 89 | metadata+: ix.metadata("octorpki"), |
| 90 | spec+: { |
| 91 | template+: { |
| 92 | spec+: { |
| 93 | volumes_: { |
| 94 | cache: kube.PersistentVolumeClaimVolume(ix.octorpki.cache), |
| 95 | }, |
| 96 | containers_: { |
| 97 | octorpki: kube.Container(ix.name("octorpki")){ |
| 98 | image: cfg.octorpki.image, |
| 99 | args: [ |
| 100 | "/octorpki/entrypoint.sh", |
| 101 | ], |
| 102 | ports_: { |
| 103 | client: { containerPort: 8080 }, |
| 104 | }, |
| 105 | volumeMounts_: { |
| 106 | cache: { mountPath: "/cache" }, |
| 107 | }, |
| 108 | resources: cfg.octorpki.resources, |
| 109 | }, |
| 110 | }, |
| 111 | }, |
| 112 | }, |
| 113 | }, |
| 114 | }, |
| 115 | svc: kube.Service(ix.name("octorpki")) { |
| 116 | metadata+: ix.metadata("octorpki"), |
radex | 8b8f387 | 2023-11-24 11:09:46 +0100 | [diff] [blame^] | 117 | target:: ix.octorpki.deployment, |
Serge Bazanski | beefe44 | 2019-07-30 13:03:03 +0200 | [diff] [blame] | 118 | spec+: { |
| 119 | ports: [ |
| 120 | { name: "client", port: 8080, targetPort: 8080, protocol: "TCP" }, |
| 121 | ], |
| 122 | }, |
| 123 | }, |
| 124 | }, |
Sergiusz Bazanski | 1fad2e5 | 2019-08-01 20:16:27 +0200 | [diff] [blame] | 125 | |
| 126 | component(name):: { |
| 127 | local component = self, |
| 128 | args:: error "args must be set", |
| 129 | name:: name, |
| 130 | port:: 4200, |
| 131 | volumes:: {}, |
| 132 | volumeMounts:: {}, |
| 133 | |
| 134 | deployment: kube.Deployment(ix.name(name)) { |
| 135 | metadata+: ix.metadata(name), |
| 136 | spec+: { |
| 137 | template+: { |
| 138 | spec+: { |
| 139 | volumes_: component.volumes, |
| 140 | containers_: { |
| 141 | [name]: kube.Container(ix.name(name)) { |
| 142 | image: cfg[name].image, |
| 143 | args: component.args, |
| 144 | volumeMounts_: component.volumeMounts, |
| 145 | }, |
| 146 | }, |
| 147 | }, |
| 148 | }, |
| 149 | }, |
| 150 | }, |
| 151 | svc: kube.Service(ix.name(name)) { |
| 152 | metadata+: ix.metadata(name), |
radex | 8b8f387 | 2023-11-24 11:09:46 +0100 | [diff] [blame^] | 153 | target:: component.deployment, |
Sergiusz Bazanski | 1fad2e5 | 2019-08-01 20:16:27 +0200 | [diff] [blame] | 154 | spec+: { |
| 155 | ports: [ |
| 156 | { name: "client", port: component.port, targetPort: component.port, protocol: "TCP" }, |
| 157 | ], |
| 158 | }, |
| 159 | }, |
| 160 | |
| 161 | address:: "%s.%s.svc.cluster.local:%d" % [ |
| 162 | component.name, |
| 163 | ix.cfg.namespace, |
| 164 | component.port, |
| 165 | ], |
| 166 | }, |
| 167 | |
| 168 | irr: ix.component("irr") { |
| 169 | args: [ |
| 170 | "/ix/irr", |
| 171 | "-hspki_disable", |
| 172 | "-listen_address=0.0.0.0:4200", |
| 173 | ], |
| 174 | }, |
| 175 | |
| 176 | peeringdb: ix.component("peeringdb") { |
| 177 | args: [ |
| 178 | "/ix/peeringdb", |
| 179 | "-hspki_disable", |
| 180 | "-listen_address=0.0.0.0:4200", |
| 181 | ], |
| 182 | }, |
| 183 | |
Serge Bazanski | 915b265 | 2019-08-14 18:50:10 +0200 | [diff] [blame] | 184 | crdb:: { |
Sergiusz Bazanski | 1fad2e5 | 2019-08-01 20:16:27 +0200 | [diff] [blame] | 185 | volumes: { |
| 186 | tls: { |
| 187 | secret: { |
| 188 | secretName: cfg.verifier.db.tlsSecret, |
| 189 | defaultMode: kube.parseOctal("0400"), |
| 190 | }, |
| 191 | }, |
| 192 | }, |
| 193 | volumeMounts: { |
| 194 | tls: { |
| 195 | mountPath: "/tls", |
| 196 | }, |
| 197 | }, |
Serge Bazanski | 915b265 | 2019-08-14 18:50:10 +0200 | [diff] [blame] | 198 | args(dbconf): [ |
Sergiusz Bazanski | 1fad2e5 | 2019-08-01 20:16:27 +0200 | [diff] [blame] | 199 | "-dsn", "postgres://%s@%s:%d/%s?sslmode=require&sslrootcert=%s&sslcert=%s&sslkey=%s" % [ |
Serge Bazanski | 915b265 | 2019-08-14 18:50:10 +0200 | [diff] [blame] | 200 | dbconf.username, |
| 201 | dbconf.host, |
| 202 | dbconf.port, |
| 203 | dbconf.name, |
Sergiusz Bazanski | 1fad2e5 | 2019-08-01 20:16:27 +0200 | [diff] [blame] | 204 | "/tls/ca.crt", |
| 205 | "/tls/tls.crt", |
| 206 | "/tls/tls.key", |
| 207 | ], |
Serge Bazanski | 915b265 | 2019-08-14 18:50:10 +0200 | [diff] [blame] | 208 | ] |
| 209 | }, |
| 210 | |
| 211 | verifier: ix.component("verifier") { |
| 212 | volumes: ix.crdb.volumes, |
| 213 | volumeMounts: ix.crdb.volumeMounts, |
| 214 | args: [ |
| 215 | "/ix/verifier", |
| 216 | "-hspki_disable", |
| 217 | "-listen_address=0.0.0.0:4200", |
Sergiusz Bazanski | 1fad2e5 | 2019-08-01 20:16:27 +0200 | [diff] [blame] | 218 | "-peeringdb=" + ix.peeringdb.address, |
| 219 | "-irr=" + ix.irr.address, |
Sergiusz Bazanski | 1fad2e5 | 2019-08-01 20:16:27 +0200 | [diff] [blame] | 220 | "-octorpki=" + ix.octorpki.address, |
Serge Bazanski | ec71cb5 | 2019-08-22 18:13:13 +0200 | [diff] [blame] | 221 | "-pgpencryptor=" + ix.pgpencryptor.address, |
Serge Bazanski | 915b265 | 2019-08-14 18:50:10 +0200 | [diff] [blame] | 222 | ] + ix.crdb.args(cfg.verifier.db), |
| 223 | }, |
| 224 | |
| 225 | pgpencryptor: ix.component("pgpencryptor") { |
| 226 | volumes: ix.crdb.volumes, |
| 227 | volumeMounts: ix.crdb.volumeMounts, |
| 228 | args: [ |
| 229 | "/ix/pgpencryptor", |
| 230 | "-hspki_disable", |
| 231 | "-listen_address=0.0.0.0:4200", |
| 232 | ] + ix.crdb.args(cfg.pgpencryptor.db), |
Sergiusz Bazanski | 1fad2e5 | 2019-08-01 20:16:27 +0200 | [diff] [blame] | 233 | }, |
| 234 | |
| 235 | frontend: ix.component("frontend") { |
| 236 | port: 8080, |
| 237 | args: [ |
| 238 | "/ix/frontend.par", |
| 239 | "--flask_secret=dupa", |
| 240 | "--listen=0.0.0.0:8080", |
| 241 | "--verifier=" + ix.verifier.address, |
| 242 | ], |
| 243 | }, |
| 244 | |
Serge Bazanski | ef93747 | 2019-08-29 14:53:18 +0200 | [diff] [blame] | 245 | alice: ix.component("alice") { |
| 246 | port: 7340, |
| 247 | volumes: { |
| 248 | config: kube.ConfigMapVolume(ix.alice.configMap), |
| 249 | theme: kube.ConfigMapVolume(ix.alice.themeMap), |
| 250 | }, |
| 251 | volumeMounts: { |
| 252 | config: { |
| 253 | mountPath: "/etc/alice", |
| 254 | }, |
| 255 | theme: { |
| 256 | mountPath: "/etc/alice-theme", |
| 257 | }, |
| 258 | }, |
| 259 | args: [ |
| 260 | "/usr/bin/alice-lg", |
| 261 | "-config", "/etc/alice/alice", |
| 262 | ], |
| 263 | |
| 264 | themeMap: kube.ConfigMap(ix.name("alice-theme")) { |
| 265 | metadata+: ix.metadata("alice-theme"), |
| 266 | data: { |
| 267 | "content.js": ||| |
| 268 | Alice.updateContent({ |
| 269 | header: { |
| 270 | title: "CCCampIX Looking Glass", |
| 271 | tagline: "powered by alice-lg" |
| 272 | }, |
| 273 | welcome: { |
| 274 | title: "CCCampIX Looking Glass", |
| 275 | tagline: "BGP to the tent." |
| 276 | } |
| 277 | }); |
| 278 | |||, |
| 279 | }, |
| 280 | }, |
| 281 | configMap: kube.ConfigMap(ix.name("alice")) { |
| 282 | metadata+: ix.metadata("alice"), |
| 283 | data: { |
| 284 | config: ||| |
| 285 | [server] |
| 286 | listen_http = 0.0.0.0:7340 |
| 287 | enable_neighbors_status_refresh = false |
| 288 | asn = 208521 |
| 289 | |
| 290 | [housekeeping] |
| 291 | interval = 5 |
| 292 | force_release_memory = true |
| 293 | |
| 294 | [theme] |
| 295 | path = /etc/alice-theme |
| 296 | |
| 297 | [pagination] |
| 298 | routes_filtered_page_size = 250 |
| 299 | routes_accepted_page_size = 250 |
| 300 | routes_not_exported_page_size = 250 |
| 301 | |
| 302 | [rejection_reasons] |
| 303 | 208521:65666:1 = An IP Bogon was detected |
| 304 | 208521:65666:2 = Prefix is longer than 64 |
| 305 | 208521:65666:3 = Prefix is longer than 24 |
| 306 | 208521:65666:4 = AS path contains a bogon AS |
| 307 | 208521:65666:5 = AS path length is longer than 64 |
| 308 | 208521:65666:6 = BGP Path invalid (must be only peer) |
| 309 | 208521:65666:9 = Prefix not found in RPKI for Origin AS |
| 310 | |
| 311 | [neighbours_columns] |
| 312 | Description = Description |
| 313 | address = Neighbour |
| 314 | asn = ASN |
| 315 | state = State |
| 316 | Uptime = Uptime |
| 317 | routes_received = Routes Received |
| 318 | routes_filtered = Filtered |
| 319 | |
| 320 | [routes_columns] |
| 321 | network = Network |
| 322 | gateway = Gateway |
| 323 | interface = Interface |
| 324 | metric = Metric |
| 325 | bgp.as_path = AS Path |
| 326 | |
| 327 | [lookup_columns] |
| 328 | network = Network |
| 329 | gateway = Gateway |
| 330 | neighbour.asn = ASN |
| 331 | neighbour.description = Description |
| 332 | bgp.as_path = AS Path |
| 333 | routeserver.name = RS |
| 334 | |
| 335 | [source.rs1-camp-v4] |
| 336 | name = rs1.camp.bgp.wtf (IPv4) |
| 337 | group = Camp |
| 338 | [source.rs1-camp-v4.birdwatcher] |
| 339 | timezone = UTC |
| 340 | api = http://isw01.camp.bgp.wtf:3000/ |
| 341 | type = single_table |
| 342 | neighbors_refresh_timeout = 2 |
| 343 | servertime = 2006-01-02T15:04:05Z |
| 344 | servertime_short = 2006-01-02 15:04:05 |
| 345 | servertime_ext = 2006-01-02 15:04:05 |
Radek Pietruszewski | f28cd62 | 2023-11-03 17:30:10 +0100 | [diff] [blame] | 346 | |
Serge Bazanski | ef93747 | 2019-08-29 14:53:18 +0200 | [diff] [blame] | 347 | [source.rs1-camp-v6] |
| 348 | name = rs1.camp.bgp.wtf (IPv6) |
| 349 | group = Camp |
| 350 | [source.rs1-camp-v6.birdwatcher] |
| 351 | timezone = UTC |
| 352 | api = http://isw01.camp.bgp.wtf:3001/ |
| 353 | type = single_table |
| 354 | neighbors_refresh_timeout = 2 |
| 355 | servertime = 2006-01-02T15:04:05Z |
| 356 | servertime_short = 2006-01-02 15:04:05 |
| 357 | servertime_ext = 2006-01-02 15:04:05 |
Radek Pietruszewski | f28cd62 | 2023-11-03 17:30:10 +0100 | [diff] [blame] | 358 | |
Serge Bazanski | ef93747 | 2019-08-29 14:53:18 +0200 | [diff] [blame] | 359 | [source.rs2-camp-v4] |
| 360 | name = rs2.camp.bgp.wtf (IPv4) |
| 361 | group = Camp |
| 362 | [source.rs2-camp-v4.birdwatcher] |
| 363 | timezone = UTC |
| 364 | api = http://isw01.camp.bgp.wtf:3002/ |
| 365 | type = single_table |
| 366 | neighbors_refresh_timeout = 2 |
| 367 | servertime = 2006-01-02T15:04:05Z |
| 368 | servertime_short = 2006-01-02 15:04:05 |
| 369 | servertime_ext = 2006-01-02 15:04:05 |
Radek Pietruszewski | f28cd62 | 2023-11-03 17:30:10 +0100 | [diff] [blame] | 370 | |
Serge Bazanski | ef93747 | 2019-08-29 14:53:18 +0200 | [diff] [blame] | 371 | [source.rs2-camp-v6] |
| 372 | name = rs2.camp.bgp.wtf (IPv6) |
| 373 | group = Camp |
| 374 | [source.rs2-camp-v6.birdwatcher] |
| 375 | timezone = UTC |
| 376 | api = http://isw01.camp.bgp.wtf:3003/ |
| 377 | type = single_table |
| 378 | neighbors_refresh_timeout = 2 |
| 379 | servertime = 2006-01-02T15:04:05Z |
| 380 | servertime_short = 2006-01-02 15:04:05 |
| 381 | servertime_ext = 2006-01-02 15:04:05 |
| 382 | |||, |
| 383 | }, |
| 384 | }, |
| 385 | }, |
| 386 | |
Serge Bazanski | 821fa5f | 2019-08-14 14:33:30 +0200 | [diff] [blame] | 387 | ripeSync: kube.CronJob(ix.name("ripe-sync")) { |
| 388 | metadata+: ix.metadata("ripe-sync"), |
| 389 | spec+: { |
| 390 | schedule: "*/5 * * * *", |
| 391 | jobTemplate+: { |
| 392 | spec+: { |
| 393 | selector:: null, |
| 394 | template+: { |
| 395 | spec+: { |
| 396 | containers_: { |
| 397 | "ripe-sync": kube.Container(ix.name("ripe-sync")) { |
| 398 | image: cfg.image, |
| 399 | args: [ |
| 400 | "/ix/ripe-sync.par", |
| 401 | "$(PASSWORD)", |
| 402 | ix.verifier.address, |
| 403 | ], |
| 404 | env_: { |
| 405 | PASSWORD: { |
| 406 | secretKeyRef: { |
| 407 | name: ix.name("ripe-sync"), |
| 408 | key: "password", |
| 409 | }, |
| 410 | }, |
| 411 | }, |
| 412 | }, |
| 413 | }, |
| 414 | }, |
| 415 | }, |
| 416 | }, |
| 417 | }, |
| 418 | }, |
| 419 | }, |
| 420 | |
Radek Pietruszewski | f584431 | 2023-10-27 22:41:18 +0200 | [diff] [blame] | 421 | ingress: kube.SimpleIngress("ingress") { |
| 422 | hosts:: [cfg.frontend.domain], |
| 423 | target_service:: ix.frontend.svc, |
| 424 | metadata+: ix.metadata("public"), |
Sergiusz Bazanski | 1fad2e5 | 2019-08-01 20:16:27 +0200 | [diff] [blame] | 425 | }, |
Serge Bazanski | ec71cb5 | 2019-08-22 18:13:13 +0200 | [diff] [blame] | 426 | |
Radek Pietruszewski | f584431 | 2023-10-27 22:41:18 +0200 | [diff] [blame] | 427 | aliceIngress: kube.SimpleIngress("alice") { |
| 428 | hosts:: [cfg.alice.domain], |
| 429 | target_service:: ix.alice.svc, |
| 430 | metadata+: ix.metadata("alice"), |
| 431 | }, |
| 432 | |
| 433 | grpcIngress: kube.SimpleIngress("grpc") { |
| 434 | hosts:: [cfg.verifier.domain], |
| 435 | target_service:: ix.verifier.svc, |
Serge Bazanski | ef93747 | 2019-08-29 14:53:18 +0200 | [diff] [blame] | 436 | metadata+: ix.metadata("alice") { |
| 437 | annotations+: { |
Serge Bazanski | ec71cb5 | 2019-08-22 18:13:13 +0200 | [diff] [blame] | 438 | "kubernetes.io/ingress.class": "nginx", |
| 439 | "nginx.ingress.kubernetes.io/ssl-redirect": "true", |
| 440 | "nginx.ingress.kubernetes.io/backend-protocol": "GRPC", |
Serge Bazanski | ec71cb5 | 2019-08-22 18:13:13 +0200 | [diff] [blame] | 441 | }, |
| 442 | }, |
Serge Bazanski | ec71cb5 | 2019-08-22 18:13:13 +0200 | [diff] [blame] | 443 | }, |
Serge Bazanski | beefe44 | 2019-07-30 13:03:03 +0200 | [diff] [blame] | 444 | }, |
| 445 | } |