Gitiles
Code Review Sign In
gerrit.hackerspace.pl / hscloud / 5a12c4048f58897033b7f6911ead00c8da89e0aa / . / bgpwtf / cccampix / kube / ix.libsonnet
blob: 295cc3d42d8642e9c4695d1ab976a8ad9790c4a6 [file] [log] [blame]
Radek Pietruszewskif5844312023-10-27 22:41:18 +0200[diff] [blame]1local kube = import "../../../kube/hscloud.libsonnet";
Serge Bazanskibeefe442019-07-30 13:03:03 +0200[diff] [blame]2
3{
4 IX: {
5 local ix = self,
6 local cfg = ix.cfg,
7 cfg:: {
Serge Bazanskief937472019-08-29 14:53:18 +0200[diff] [blame]8 image: "registry.k0.hswaw.net/bgpwtf/cccampix:1566584484-a2960f526c36de0dbcd911f05ee9db587e63eb9b",
Sergiusz Bazanski1fad2e52019-08-01 20:16:27 +0200[diff] [blame]9
Serge Bazanskief937472019-08-29 14:53:18 +0200[diff] [blame]10
Serge Bazanskibeefe442019-07-30 13:03:03 +0200[diff] [blame]11 octorpki: {
Serge Bazanskiec71cb52019-08-22 18:13:13 +0200[diff] [blame]12 image: cfg.image,
Sergiusz Bazanskiddfd6592019-08-09 18:24:00 +0200[diff] [blame]13 storageClassName: "waw-hdd-redundant-2",
Serge Bazanskibeefe442019-07-30 13:03:03 +0200[diff] [blame]14 resources: {
Sergiusz Bazanski1fad2e52019-08-01 20:16:27 +0200[diff] [blame]15 requests: { cpu: "200m", memory: "1Gi" },
16 limits: { cpu: "1", memory: "2Gi" },
Serge Bazanskibeefe442019-07-30 13:03:03 +0200[diff] [blame]17 },
18 },
19
Sergiusz Bazanski1fad2e52019-08-01 20:16:27 +0200[diff] [blame]20 verifier: {
21 image: cfg.image,
Serge Bazanskief937472019-08-29 14:53:18 +0200[diff] [blame]22 domain: "ix-grpc.bgp.wtf",
Sergiusz Bazanski1fad2e52019-08-01 20:16:27 +0200[diff] [blame]23 db: {
24 host: "public.crdb-waw1.svc.cluster.local",
25 port: 26257,
26 username: "cccampix",
27 name: "cccampix",
28 tlsSecret: "client-cccampix-certificate",
29 },
30 },
31
Serge Bazanski915b2652019-08-14 18:50:10 +0200[diff] [blame]32 pgpencryptor: {
33 image: cfg.image,
34 db: {
35 host: "public.crdb-waw1.svc.cluster.local",
36 port: 26257,
37 username: "cccampix",
38 name: "cccampix-pgpencryptor",
39 tlsSecret: "client-cccampix-certificate",
40 },
41 },
42
Sergiusz Bazanski1fad2e52019-08-01 20:16:27 +0200[diff] [blame]43 irr: {
44 image: cfg.image,
45 },
46
47 peeringdb: {
48 image: cfg.image,
49 },
50
51 frontend: {
Serge Bazanskief937472019-08-29 14:53:18 +0200[diff] [blame]52 domain: "ix-status.bgp.wtf",
Sergiusz Bazanski1fad2e52019-08-01 20:16:27 +0200[diff] [blame]53 image: cfg.image,
54 },
55
Serge Bazanskief937472019-08-29 14:53:18 +0200[diff] [blame]56 alice: {
57 domain: "ix-lg.bgp.wtf",
58 image: "registry.k0.hswaw.net/q3k/alice-lg:20190823-1557",
59 },
60
Serge Bazanskibeefe442019-07-30 13:03:03 +0200[diff] [blame]61 appName: "ix",
62 namespace: error "namespace must be defined",
63 prefix: "",
64 },
65
radex99ed6a72023-11-24 11:42:55 +0100[diff] [blame]66 local ns = kube.Namespace(cfg.namespace),
67
Serge Bazanskibeefe442019-07-30 13:03:03 +0200[diff] [blame]68 name(component):: cfg.prefix + component,
69 metadata(component):: {
70 namespace: cfg.namespace,
71 labels: {
72 "app.kubernetes.io/name": cfg.appName,
73 "app.kubernetes.io/managed-by": "kubecfg",
74 "app.kubernetes.io/component": component,
75 },
76 },
77
78 octorpki: {
Sergiusz Bazanski1fad2e52019-08-01 20:16:27 +0200[diff] [blame]79 address:: "%s.%s.svc.cluster.local:%d" % [
80 "octorpki",
81 ix.cfg.namespace,
82 8080,
83 ],
Serge Bazanskibeefe442019-07-30 13:03:03 +0200[diff] [blame]84 cache: kube.PersistentVolumeClaim(ix.name("octorpki")) {
85 metadata+: ix.metadata("octorpki"),
radex36964dc2023-11-24 11:19:46 +0100[diff] [blame]86 storage:: "2Gi",
87 storageClass:: cfg.octorpki.storageClassName,
Serge Bazanskibeefe442019-07-30 13:03:03 +0200[diff] [blame]88 },
89 deployment: kube.Deployment(ix.name("octorpki")) {
90 metadata+: ix.metadata("octorpki"),
91 spec+: {
92 template+: {
93 spec+: {
94 volumes_: {
radex4ffc64d2023-11-24 13:28:57 +0100[diff] [blame]95 cache: ix.octorpki.cache.volume,
Serge Bazanskibeefe442019-07-30 13:03:03 +0200[diff] [blame]96 },
97 containers_: {
98 octorpki: kube.Container(ix.name("octorpki")){
99 image: cfg.octorpki.image,
100 args: [
101 "/octorpki/entrypoint.sh",
102 ],
103 ports_: {
104 client: { containerPort: 8080 },
105 },
106 volumeMounts_: {
107 cache: { mountPath: "/cache" },
108 },
109 resources: cfg.octorpki.resources,
110 },
111 },
112 },
113 },
114 },
115 },
116 svc: kube.Service(ix.name("octorpki")) {
117 metadata+: ix.metadata("octorpki"),
radex8b8f3872023-11-24 11:09:46 +0100[diff] [blame]118 target:: ix.octorpki.deployment,
Serge Bazanskibeefe442019-07-30 13:03:03 +0200[diff] [blame]119 },
120 },
Sergiusz Bazanski1fad2e52019-08-01 20:16:27 +0200[diff] [blame]121
122 component(name):: {
123 local component = self,
124 args:: error "args must be set",
125 name:: name,
126 port:: 4200,
127 volumes:: {},
128 volumeMounts:: {},
129
130 deployment: kube.Deployment(ix.name(name)) {
131 metadata+: ix.metadata(name),
132 spec+: {
133 template+: {
134 spec+: {
135 volumes_: component.volumes,
136 containers_: {
137 [name]: kube.Container(ix.name(name)) {
138 image: cfg[name].image,
139 args: component.args,
140 volumeMounts_: component.volumeMounts,
141 },
142 },
143 },
144 },
145 },
146 },
147 svc: kube.Service(ix.name(name)) {
148 metadata+: ix.metadata(name),
radex8b8f3872023-11-24 11:09:46 +0100[diff] [blame]149 target:: component.deployment,
Sergiusz Bazanski1fad2e52019-08-01 20:16:27 +0200[diff] [blame]150 spec+: {
151 ports: [
152 { name: "client", port: component.port, targetPort: component.port, protocol: "TCP" },
153 ],
154 },
155 },
156
157 address:: "%s.%s.svc.cluster.local:%d" % [
158 component.name,
159 ix.cfg.namespace,
160 component.port,
161 ],
162 },
163
164 irr: ix.component("irr") {
165 args: [
166 "/ix/irr",
167 "-hspki_disable",
168 "-listen_address=0.0.0.0:4200",
169 ],
170 },
171
172 peeringdb: ix.component("peeringdb") {
173 args: [
174 "/ix/peeringdb",
175 "-hspki_disable",
176 "-listen_address=0.0.0.0:4200",
177 ],
178 },
179
Serge Bazanski915b2652019-08-14 18:50:10 +0200[diff] [blame]180 crdb:: {
Sergiusz Bazanski1fad2e52019-08-01 20:16:27 +0200[diff] [blame]181 volumes: {
182 tls: {
183 secret: {
184 secretName: cfg.verifier.db.tlsSecret,
185 defaultMode: kube.parseOctal("0400"),
186 },
187 },
188 },
189 volumeMounts: {
190 tls: {
191 mountPath: "/tls",
192 },
193 },
Serge Bazanski915b2652019-08-14 18:50:10 +0200[diff] [blame]194 args(dbconf): [
Sergiusz Bazanski1fad2e52019-08-01 20:16:27 +0200[diff] [blame]195 "-dsn", "postgres://%s@%s:%d/%s?sslmode=require&sslrootcert=%s&sslcert=%s&sslkey=%s" % [
Serge Bazanski915b2652019-08-14 18:50:10 +0200[diff] [blame]196 dbconf.username,
197 dbconf.host,
198 dbconf.port,
199 dbconf.name,
Sergiusz Bazanski1fad2e52019-08-01 20:16:27 +0200[diff] [blame]200 "/tls/ca.crt",
201 "/tls/tls.crt",
202 "/tls/tls.key",
203 ],
Serge Bazanski915b2652019-08-14 18:50:10 +0200[diff] [blame]204 ]
205 },
206
207 verifier: ix.component("verifier") {
208 volumes: ix.crdb.volumes,
209 volumeMounts: ix.crdb.volumeMounts,
210 args: [
211 "/ix/verifier",
212 "-hspki_disable",
213 "-listen_address=0.0.0.0:4200",
Sergiusz Bazanski1fad2e52019-08-01 20:16:27 +0200[diff] [blame]214 "-peeringdb=" + ix.peeringdb.address,
215 "-irr=" + ix.irr.address,
Sergiusz Bazanski1fad2e52019-08-01 20:16:27 +0200[diff] [blame]216 "-octorpki=" + ix.octorpki.address,
Serge Bazanskiec71cb52019-08-22 18:13:13 +0200[diff] [blame]217 "-pgpencryptor=" + ix.pgpencryptor.address,
Serge Bazanski915b2652019-08-14 18:50:10 +0200[diff] [blame]218 ] + ix.crdb.args(cfg.verifier.db),
219 },
220
221 pgpencryptor: ix.component("pgpencryptor") {
222 volumes: ix.crdb.volumes,
223 volumeMounts: ix.crdb.volumeMounts,
224 args: [
225 "/ix/pgpencryptor",
226 "-hspki_disable",
227 "-listen_address=0.0.0.0:4200",
228 ] + ix.crdb.args(cfg.pgpencryptor.db),
Sergiusz Bazanski1fad2e52019-08-01 20:16:27 +0200[diff] [blame]229 },
230
231 frontend: ix.component("frontend") {
232 port: 8080,
233 args: [
234 "/ix/frontend.par",
235 "--flask_secret=dupa",
236 "--listen=0.0.0.0:8080",
237 "--verifier=" + ix.verifier.address,
238 ],
239 },
240
Serge Bazanskief937472019-08-29 14:53:18 +0200[diff] [blame]241 alice: ix.component("alice") {
242 port: 7340,
243 volumes: {
radex4ffc64d2023-11-24 13:28:57 +0100[diff] [blame]244 config: ix.alice.configMap.volume,
245 theme: ix.alice.themeMap.volume,
Serge Bazanskief937472019-08-29 14:53:18 +0200[diff] [blame]246 },
247 volumeMounts: {
248 config: {
249 mountPath: "/etc/alice",
250 },
251 theme: {
252 mountPath: "/etc/alice-theme",
253 },
254 },
255 args: [
256 "/usr/bin/alice-lg",
257 "-config", "/etc/alice/alice",
258 ],
259
260 themeMap: kube.ConfigMap(ix.name("alice-theme")) {
261 metadata+: ix.metadata("alice-theme"),
262 data: {
263 "content.js": |||
264 Alice.updateContent({
265 header: {
266 title: "CCCampIX Looking Glass",
267 tagline: "powered by alice-lg"
268 },
269 welcome: {
270 title: "CCCampIX Looking Glass",
271 tagline: "BGP to the tent."
272 }
273 });
274 |||,
275 },
276 },
277 configMap: kube.ConfigMap(ix.name("alice")) {
278 metadata+: ix.metadata("alice"),
279 data: {
280 config: |||
281 [server]
282 listen_http = 0.0.0.0:7340
283 enable_neighbors_status_refresh = false
284 asn = 208521
285
286 [housekeeping]
287 interval = 5
288 force_release_memory = true
289
290 [theme]
291 path = /etc/alice-theme
292
293 [pagination]
294 routes_filtered_page_size = 250
295 routes_accepted_page_size = 250
296 routes_not_exported_page_size = 250
297
298 [rejection_reasons]
299 208521:65666:1 = An IP Bogon was detected
300 208521:65666:2 = Prefix is longer than 64
301 208521:65666:3 = Prefix is longer than 24
302 208521:65666:4 = AS path contains a bogon AS
303 208521:65666:5 = AS path length is longer than 64
304 208521:65666:6 = BGP Path invalid (must be only peer)
305 208521:65666:9 = Prefix not found in RPKI for Origin AS
306
307 [neighbours_columns]
308 Description = Description
309 address = Neighbour
310 asn = ASN
311 state = State
312 Uptime = Uptime
313 routes_received = Routes Received
314 routes_filtered = Filtered
315
316 [routes_columns]
317 network = Network
318 gateway = Gateway
319 interface = Interface
320 metric = Metric
321 bgp.as_path = AS Path
322
323 [lookup_columns]
324 network = Network
325 gateway = Gateway
326 neighbour.asn = ASN
327 neighbour.description = Description
328 bgp.as_path = AS Path
329 routeserver.name = RS
330
331 [source.rs1-camp-v4]
332 name = rs1.camp.bgp.wtf (IPv4)
333 group = Camp
334 [source.rs1-camp-v4.birdwatcher]
335 timezone = UTC
336 api = http://isw01.camp.bgp.wtf:3000/
337 type = single_table
338 neighbors_refresh_timeout = 2
339 servertime = 2006-01-02T15:04:05Z
340 servertime_short = 2006-01-02 15:04:05
341 servertime_ext = 2006-01-02 15:04:05
Radek Pietruszewskif28cd622023-11-03 17:30:10 +0100[diff] [blame]342
Serge Bazanskief937472019-08-29 14:53:18 +0200[diff] [blame]343 [source.rs1-camp-v6]
344 name = rs1.camp.bgp.wtf (IPv6)
345 group = Camp
346 [source.rs1-camp-v6.birdwatcher]
347 timezone = UTC
348 api = http://isw01.camp.bgp.wtf:3001/
349 type = single_table
350 neighbors_refresh_timeout = 2
351 servertime = 2006-01-02T15:04:05Z
352 servertime_short = 2006-01-02 15:04:05
353 servertime_ext = 2006-01-02 15:04:05
Radek Pietruszewskif28cd622023-11-03 17:30:10 +0100[diff] [blame]354
Serge Bazanskief937472019-08-29 14:53:18 +0200[diff] [blame]355 [source.rs2-camp-v4]
356 name = rs2.camp.bgp.wtf (IPv4)
357 group = Camp
358 [source.rs2-camp-v4.birdwatcher]
359 timezone = UTC
360 api = http://isw01.camp.bgp.wtf:3002/
361 type = single_table
362 neighbors_refresh_timeout = 2
363 servertime = 2006-01-02T15:04:05Z
364 servertime_short = 2006-01-02 15:04:05
365 servertime_ext = 2006-01-02 15:04:05
Radek Pietruszewskif28cd622023-11-03 17:30:10 +0100[diff] [blame]366
Serge Bazanskief937472019-08-29 14:53:18 +0200[diff] [blame]367 [source.rs2-camp-v6]
368 name = rs2.camp.bgp.wtf (IPv6)
369 group = Camp
370 [source.rs2-camp-v6.birdwatcher]
371 timezone = UTC
372 api = http://isw01.camp.bgp.wtf:3003/
373 type = single_table
374 neighbors_refresh_timeout = 2
375 servertime = 2006-01-02T15:04:05Z
376 servertime_short = 2006-01-02 15:04:05
377 servertime_ext = 2006-01-02 15:04:05
378 |||,
379 },
380 },
381 },
382
Serge Bazanski821fa5f2019-08-14 14:33:30 +0200[diff] [blame]383 ripeSync: kube.CronJob(ix.name("ripe-sync")) {
384 metadata+: ix.metadata("ripe-sync"),
385 spec+: {
386 schedule: "*/5 * * * *",
387 jobTemplate+: {
388 spec+: {
389 selector:: null,
390 template+: {
391 spec+: {
392 containers_: {
393 "ripe-sync": kube.Container(ix.name("ripe-sync")) {
394 image: cfg.image,
395 args: [
396 "/ix/ripe-sync.par",
397 "$(PASSWORD)",
398 ix.verifier.address,
399 ],
400 env_: {
401 PASSWORD: {
402 secretKeyRef: {
403 name: ix.name("ripe-sync"),
404 key: "password",
405 },
406 },
407 },
408 },
409 },
410 },
411 },
412 },
413 },
414 },
415 },
416
Radek Pietruszewskif5844312023-10-27 22:41:18 +0200[diff] [blame]417 ingress: kube.SimpleIngress("ingress") {
418 hosts:: [cfg.frontend.domain],
radexd45584a2023-11-24 12:51:57 +0100[diff] [blame]419 target:: ix.frontend.svc,
Radek Pietruszewskif5844312023-10-27 22:41:18 +0200[diff] [blame]420 metadata+: ix.metadata("public"),
Sergiusz Bazanski1fad2e52019-08-01 20:16:27 +0200[diff] [blame]421 },
Serge Bazanskiec71cb52019-08-22 18:13:13 +0200[diff] [blame]422
Radek Pietruszewskif5844312023-10-27 22:41:18 +0200[diff] [blame]423 aliceIngress: kube.SimpleIngress("alice") {
424 hosts:: [cfg.alice.domain],
radexd45584a2023-11-24 12:51:57 +0100[diff] [blame]425 target:: ix.alice.svc,
Radek Pietruszewskif5844312023-10-27 22:41:18 +0200[diff] [blame]426 metadata+: ix.metadata("alice"),
427 },
428
429 grpcIngress: kube.SimpleIngress("grpc") {
430 hosts:: [cfg.verifier.domain],
radexd45584a2023-11-24 12:51:57 +0100[diff] [blame]431 target:: ix.verifier.svc,
Serge Bazanskief937472019-08-29 14:53:18 +0200[diff] [blame]432 metadata+: ix.metadata("alice") {
433 annotations+: {
Serge Bazanskiec71cb52019-08-22 18:13:13 +0200[diff] [blame]434 "kubernetes.io/ingress.class": "nginx",
435 "nginx.ingress.kubernetes.io/ssl-redirect": "true",
436 "nginx.ingress.kubernetes.io/backend-protocol": "GRPC",
Serge Bazanskiec71cb52019-08-22 18:13:13 +0200[diff] [blame]437 },
438 },
Serge Bazanskiec71cb52019-08-22 18:13:13 +0200[diff] [blame]439 },
Serge Bazanskibeefe442019-07-30 13:03:03 +0200[diff] [blame]440 },
441}