This is in preparation for spinning up a staging/QA matrix instance,
where the MXID domain is under control by hscloud machinery (and not a
top-level organizational domain).
Change-Id: I10505615ebb407b3b2eac0c1b87ad5625e2009c0
This is in prepration for bringing up a Matrix server for hsp.sh.
Verified to cause no diff on prod.
Change-Id: Ied2de210692e3ddfdb1d3f37b12893b214c34b0b
This is an amalgamation of a handful of small changes to Go deps.
Notably:
- we remove our opencensus-proto fork, use upstream, use exclude=src to
fix the build
- unvendorify some deps
- bump io_rules_go to fix WKT resolution
Notably, we now do not have the 'protoc-gen-go' error when running
kubecfg/kubectl anymore.
Change-Id: I34fb9e78b2b12e4543142183d601d01987076f32
This can happen if a binary is built statically and fails to load
libgcc/nsd libraries at runtime.
Change-Id: Ia76645471b83a6cc75fe6552e70e6a251b50129c
This adds Bazel/hscloud integration to gostatic, via gostatic_tarball.
A sample is provided in //tools/gostatic/example, it can be built using:
bazel build //tools/gostatic/example
The resulting tarball can then be extracted and viewed in a web
browser.
Change-Id: Idf8d4a8e0ee3a5ae07f7449a25909478c2d8b105
A customer was missing a static v6 route via their router. Since we
don't want to add them to networking.interfaces.routes.* (as this
restarts the whole scripted network stack in NixOS), we add them to
bird. This requires implementing hscloud.routing.static.
Change-Id: I0a205ed1e1f17a86de43aaf72ab6c2694a069112
If set, this enables internal redis authentication scheme. Supports
secretRefs, as well as values passed directly.
Change-Id: Ie902b8d79fdc4aa83ad8ad123e79f0bc80c1251f
We want to be able to scrape controller-manager and scheduler metrics
into Prometheus. For that, each of them needs to:
1) listen on a secure port
2) have authn enabled
With this, any k8s user with the right permissions (and a bearer token
or TLS certificate) can come in and access metrics over a node's public
IP address. Access without a certificate/token gets thrown into the
system:anonymous user, which as no access to any API.
Change-Id: I267680f92f748ba63b6762e6aaba3c417446e50b
This allows us to use rules_docker from NixOS. However, the built
binaries are broken because of the Docker base image not being NixOS
based.
Change-Id: I29b93f1bae1575b04f97265c67497081d11a1910