blob: a4cb43820411c3da7436e6821e5e17922a846590 [file] [log] [blame]
Sergiusz Bazanskib13b7ff2019-08-29 20:12:24 +02001# Deploy prodvider (prodaccess server) in cluster.
2
3local kube = import "../../../kube/kube.libsonnet";
4
5{
6 Environment: {
7 local env = self,
8 local cfg = env.cfg,
9
10 cfg:: {
11 namespace: "prodvider",
Serge Bazanskif0acf162020-10-03 16:49:51 +020012 image: "registry.k0.hswaw.net/q3k/prodvider:1601735780-d6c072a90e70b467a77039daebe602c77b4a84a1",
Sergiusz Bazanskib13b7ff2019-08-29 20:12:24 +020013
Sergiusz Bazanskid186e942019-10-04 13:46:39 +020014 apiEndpoint: error "API endpoint must be set",
15
Sergiusz Bazanskib13b7ff2019-08-29 20:12:24 +020016 pki: {
17 intermediate: {
18 cert: importstr "../../certs/ca-kube-prodvider.cert",
19 key: importstr "../../secrets/plain/ca-kube-prodvider.key",
20 },
21 kube: {
22 cert: importstr "../../certs/ca-kube.crt",
23 },
24 }
25 },
26
27 namespace: kube.Namespace(cfg.namespace),
28
29 metadata(component):: {
30 namespace: cfg.namespace,
31 labels: {
32 "app.kubernetes.io/name": "prodvider",
33 "app.kubernetes.io/managed-by": "kubecfg",
34 "app.kubernetes.io/component": component,
35 },
36 },
37
38 secret: kube.Secret("ca") {
39 metadata+: env.metadata("prodvider"),
40 data_: {
41 "intermediate-ca.crt": cfg.pki.intermediate.cert,
42 "intermediate-ca.key": cfg.pki.intermediate.key,
43 "ca.crt": cfg.pki.kube.cert,
44 },
45 },
46
47 deployment: kube.Deployment("prodvider") {
48 metadata+: env.metadata("prodvider"),
49 spec+: {
50 replicas: 3,
51 template+: {
52 spec+: {
53 volumes_: {
54 ca: kube.SecretVolume(env.secret),
55 },
56 containers_: {
57 prodvider: kube.Container("prodvider") {
58 image: cfg.image,
59 args: [
60 "/cluster/prodvider/prodvider",
61 "-listen_address", "0.0.0.0:8080",
62 "-ca_key_path", "/opt/ca/intermediate-ca.key",
63 "-ca_certificate_path", "/opt/ca/intermediate-ca.crt",
64 "-kube_ca_certificate_path", "/opt/ca/ca.crt",
Sergiusz Bazanskid186e942019-10-04 13:46:39 +020065 "-kubernetes_host", cfg.apiEndpoint,
Sergiusz Bazanskib13b7ff2019-08-29 20:12:24 +020066 ],
67 volumeMounts_: {
68 ca: { mountPath: "/opt/ca" },
69 }
70 },
71 },
72 },
73 },
74 },
75 },
76
77 svc: kube.Service("prodvider") {
78 metadata+: env.metadata("prodvider"),
79 target_pod:: env.deployment.spec.template,
80 spec+: {
81 type: "LoadBalancer",
82 ports: [
83 { name: "public", port: 443, targetPort: 8080, protocol: "TCP" },
84 ],
85 },
86 },
87 },
88}