Sergiusz Bazanski | b13b7ff | 2019-08-29 20:12:24 +0200 | [diff] [blame] | 1 | # Deploy prodvider (prodaccess server) in cluster. |
| 2 | |
| 3 | local kube = import "../../../kube/kube.libsonnet"; |
| 4 | |
| 5 | { |
| 6 | Environment: { |
| 7 | local env = self, |
| 8 | local cfg = env.cfg, |
| 9 | |
| 10 | cfg:: { |
| 11 | namespace: "prodvider", |
Serge Bazanski | f0acf16 | 2020-10-03 16:49:51 +0200 | [diff] [blame] | 12 | image: "registry.k0.hswaw.net/q3k/prodvider:1601735780-d6c072a90e70b467a77039daebe602c77b4a84a1", |
Sergiusz Bazanski | b13b7ff | 2019-08-29 20:12:24 +0200 | [diff] [blame] | 13 | |
Sergiusz Bazanski | d186e94 | 2019-10-04 13:46:39 +0200 | [diff] [blame] | 14 | apiEndpoint: error "API endpoint must be set", |
| 15 | |
Sergiusz Bazanski | b13b7ff | 2019-08-29 20:12:24 +0200 | [diff] [blame] | 16 | pki: { |
| 17 | intermediate: { |
| 18 | cert: importstr "../../certs/ca-kube-prodvider.cert", |
| 19 | key: importstr "../../secrets/plain/ca-kube-prodvider.key", |
| 20 | }, |
| 21 | kube: { |
| 22 | cert: importstr "../../certs/ca-kube.crt", |
| 23 | }, |
| 24 | } |
| 25 | }, |
| 26 | |
| 27 | namespace: kube.Namespace(cfg.namespace), |
| 28 | |
| 29 | metadata(component):: { |
| 30 | namespace: cfg.namespace, |
| 31 | labels: { |
| 32 | "app.kubernetes.io/name": "prodvider", |
| 33 | "app.kubernetes.io/managed-by": "kubecfg", |
| 34 | "app.kubernetes.io/component": component, |
| 35 | }, |
| 36 | }, |
| 37 | |
| 38 | secret: kube.Secret("ca") { |
| 39 | metadata+: env.metadata("prodvider"), |
| 40 | data_: { |
| 41 | "intermediate-ca.crt": cfg.pki.intermediate.cert, |
| 42 | "intermediate-ca.key": cfg.pki.intermediate.key, |
| 43 | "ca.crt": cfg.pki.kube.cert, |
| 44 | }, |
| 45 | }, |
| 46 | |
| 47 | deployment: kube.Deployment("prodvider") { |
| 48 | metadata+: env.metadata("prodvider"), |
| 49 | spec+: { |
| 50 | replicas: 3, |
| 51 | template+: { |
| 52 | spec+: { |
| 53 | volumes_: { |
| 54 | ca: kube.SecretVolume(env.secret), |
| 55 | }, |
| 56 | containers_: { |
| 57 | prodvider: kube.Container("prodvider") { |
| 58 | image: cfg.image, |
| 59 | args: [ |
| 60 | "/cluster/prodvider/prodvider", |
| 61 | "-listen_address", "0.0.0.0:8080", |
| 62 | "-ca_key_path", "/opt/ca/intermediate-ca.key", |
| 63 | "-ca_certificate_path", "/opt/ca/intermediate-ca.crt", |
| 64 | "-kube_ca_certificate_path", "/opt/ca/ca.crt", |
Sergiusz Bazanski | d186e94 | 2019-10-04 13:46:39 +0200 | [diff] [blame] | 65 | "-kubernetes_host", cfg.apiEndpoint, |
Sergiusz Bazanski | b13b7ff | 2019-08-29 20:12:24 +0200 | [diff] [blame] | 66 | ], |
| 67 | volumeMounts_: { |
| 68 | ca: { mountPath: "/opt/ca" }, |
| 69 | } |
| 70 | }, |
| 71 | }, |
| 72 | }, |
| 73 | }, |
| 74 | }, |
| 75 | }, |
| 76 | |
| 77 | svc: kube.Service("prodvider") { |
| 78 | metadata+: env.metadata("prodvider"), |
| 79 | target_pod:: env.deployment.spec.template, |
| 80 | spec+: { |
| 81 | type: "LoadBalancer", |
| 82 | ports: [ |
| 83 | { name: "public", port: 443, targetPort: 8080, protocol: "TCP" }, |
| 84 | ], |
| 85 | }, |
| 86 | }, |
| 87 | }, |
| 88 | } |