cheshire
/
hscloud
forked from hswaw/hscloud
1
0
Fork 0
Code Pull Requests Activity
1,255 Commits
1 Branch
0 Tags
55 MiB
Commit Graph

1255 Commits (master)

Author SHA1 Message Date
informatic c10f00b7da tools/secretstore: decrypt secrets when requesting plaintext path 2019-04-09 13:29:33 +02:00
informatic 598a079f57 clustercfg: extract cfssl handling to separate function 2019-04-09 13:29:33 +02:00
q3k acd001bf83 tools: add cfssl 2019-04-09 13:17:06 +02:00
q3k 73cef11c85 *: rejigger tls certs and more 
This pretty large change does the following:

 - moves nix from bootstrap.hswaw.net to nix/
 - changes clustercfg to use cfssl and moves it to cluster/clustercfg
 - changes clustercfg to source information about target location of
   certs from nix
 - changes clustercfg to push nix config
 - changes tls certs to have more than one CA
 - recalculates all TLS certs
   (it keeps the old serviceaccoutns key, otherwise we end up with
   invalid serviceaccounts - the cert doesn't match, but who cares,
   it's not used anyway)
 2019-04-07 00:06:23 +02:00
q3k 208f005830 go/svc/leasifier: sort returned leases 2019-04-06 01:28:04 +02:00
q3k a9a266c08c go/svc/leasifier: fixes, add statusz table 2019-04-06 01:21:25 +02:00
q3k 1affad42e7 go/statusz: factor out load avg to separate file 2019-04-06 01:21:04 +02:00
q3k 3a2a693e0c WORKSPACE: bump go 2019-04-06 01:20:19 +02:00
q3k 9dc4b68f24 go: add bazel buildfiles, implement leasifier 2019-04-05 23:53:25 +02:00
q3k efc7928a73 go/vendor: nuke 2019-04-05 23:50:28 +02:00
q3k 6916f7e244 app/toot: start implementing redis 2019-04-04 16:54:00 +02:00
q3k 242152f65e cluster/kube/lib/metallb: bump memory hoping to prevent crashes 2019-04-04 16:54:00 +02:00
informatic ac38d5aeb1 app/registry: oauth2 authentication 2019-04-03 08:41:20 +02:00
informatic 6dc4839d74 app/registry: initial docker registry setup 2019-04-02 18:59:37 +02:00
q3k 0f78cea802 Merge branch 'master' of hackerspace.pl:hscloud 2019-04-02 14:45:23 +02:00
q3k 2fd5861d24 cluster: some doc updates 2019-04-02 14:45:17 +02:00
informatic 3187c59a86 cluster/kube: ceph dashboard tls certificates 2019-04-02 14:44:04 +02:00
informatic 2afe604595 cluster/kube: minor cert-manager cleanups, disable webhooks by default 2019-04-02 14:43:34 +02:00
informatic 79ddbc57d9 cluster/kube: initial cert-manager implementation 2019-04-02 13:20:15 +02:00
q3k 5f2dc8530d toot: wip 2019-04-02 02:36:22 +02:00
q3k 65f3b1d8ab cluster/kube: add waw-hdd-redundant-1 pool/storageclass 2019-04-02 01:05:38 +02:00
q3k c6da127d3f cluster/kube: ceph-waw1 up 2019-04-02 00:06:13 +02:00
q3k cdfafaf91e cluster/kube: finish rook operator 2019-04-01 19:16:18 +02:00
q3k b7fcc67f42 cluster/kube: start implementing rook 2019-04-01 18:40:50 +02:00
q3k 14cbacb81a cluster/kube/metallb: parametrize address pools 2019-04-01 18:00:44 +02:00
q3k a9c7e86687 cluster: fix metallb, add nginx ingress controller 2019-04-01 17:56:28 +02:00
q3k eeed6fb6da recertify all certs 2019-04-01 16:19:28 +02:00
informatic 11603cb9fd cmc-proxy: logout properly to prevent session exhaustion 
Multiple calls to GetKVMData in a short timespan would make iDRAC refuse
all authentications because of dangling sessions... (and 5 concurrent
sessions limit)
 2019-02-10 15:34:01 +01:00
q3k 1e565dc4a5 cluster: start implementing metallb 2019-01-18 09:40:59 +01:00
q3k e3af1eb852 cluster: autodetect IP address 
This is so that Calico starts with the proper subnet. Feeding it just an
IP from the node status will mean it parses it as /32 and uses IPIP
tunnels for all connectivity.
 2019-01-18 09:39:57 +01:00
q3k 2afe3e46fd tool/calicoctl: add secretstore to data 2019-01-18 01:37:45 +01:00
q3k a305bc9fb5 tool: add calicoctl wrapper 2019-01-18 01:34:20 +01:00
q3k 0752971f8a tools: add calicoctl 2019-01-18 01:24:38 +01:00
q3k 74d278384e README: mention purpose of k0 2019-01-18 00:28:28 +01:00
q3k 144f92160d README: mention k0 API host 2019-01-18 00:24:13 +01:00
q3k 98691e9e5e tools: add python future module 2019-01-18 00:22:50 +01:00
q3k 41bd2b52c2 cluster/secrets: add implr 2019-01-17 23:37:36 +01:00
q3k ed4675004c README: add admincreds invocation 2019-01-17 21:38:15 +01:00
q3k 117a43c955 .: remove old README 2019-01-17 21:36:28 +01:00
q3k f3010ee1cb cluster/secrets: add cz2 2019-01-17 21:35:52 +01:00
q3k dc9c29ac90 cluster: add calico key 2019-01-17 21:35:28 +01:00
q3k 5c75574464 cluster/coredns: allow resolving via <svc>.<namespace>.svc.k0.hswaw.net 2019-01-17 21:35:10 +01:00
q3k af3be426ad cluster: deploy calico and metrics service 2019-01-17 18:57:19 +01:00
q3k 49b9a13d28 cluster: deploy coredns 2019-01-14 00:02:59 +01:00
q3k 5bebbebe3e cluster/kube: fix typo 2019-01-13 22:08:05 +01:00
q3k 4d9e72cb8c cluster/kube: init 2019-01-13 22:06:33 +01:00
q3k d89e1203d9 ca: bump srl 2019-01-13 22:06:11 +01:00
q3k 4c186db2c1 clustercfg: do not use SAN section if no SAN names 2019-01-13 21:48:47 +01:00
q3k ae56b6a6a5 clustercfg: create .kubectl 2019-01-13 21:39:16 +01:00
q3k cd23740185 cluster/secrets: keep plain/ dir for scripting 2019-01-13 21:37:35 +01:00