cheshire
/
hscloud
forked from hswaw/hscloud
1
0
Fork 0
Code Pull Requests Activity
1,234 Commits
1 Branch
0 Tags
55 MiB
Commit Graph

1234 Commits (924d0035fdb64b7652f534d05ee67867b764c4d3)

Author SHA1 Message Date
q3k 0ef497e461 Merge "app/registry: abstract away pushers" 2019-07-09 10:39:40 +00:00
q3k c292410d15 app/factorio: update to 0.17.52 
Change-Id: I70230b1f83a40cc70015e135e25319116c6e15e8
 2019-06-30 17:35:57 +02:00
q3k 92be486f39 Revert "cluster/kube/lib/nginx: use Local traffic policy" 
This reverts commit 09a0f06d2a.

Reason for revert: prevents registry from being accessible on nodes:

q3k@anathema ~/Software/hscloud $ curl registry.k0.hswaw.net
<html>
[..., ok]

[root@bc01n03:~]# curl registry.k0.hswaw.net
^C

Change-Id: I0da97aaf7a8791ea3f62c70b6c1502f4a48a300f
 2019-06-29 22:58:19 +00:00
q3k 1c825949c4 app/registry: abstract away pushers 
Another change I lost somewhere in the process of remembering how to
gerrit.

I rewrote it (lost the original commit), and also added the (upcoming)
egressifier service.

Change-Id: I1647bc3b1e504a192150ab76f4c6d1709e608f0a
 2019-06-30 00:37:34 +02:00
q3k 09a0f06d2a cluster/kube/lib/nginx: use Local traffic policy 
Diff against prod:

  - live services nginx-system.ingress-nginx
  + config services nginx-system.ingress-nginx
    {
      "apiVersion": "v1",
      "kind": "Service",
      "metadata": {
        "annotations": {},
        "labels": {
          "app.kubernetes.io/name": "ingress-nginx",
          "app.kubernetes.io/part-of": "ingress-nginx"
        },
        "name": "ingress-nginx",
        "namespace": "nginx-system"
      },
      "spec": {
  -     "externalTrafficPolicy": "Cluster",
  +     "externalTrafficPolicy": "Local",
        "ports": [
          {
            "name": "ssh",
            "port": 22,
            "protocol": "TCP",
            "targetPort": 22
          },
          {
            "name": "http",
            "port": 80,
            "protocol": "TCP",
            "targetPort": 80
          },
          {
            "name": "https",
            "port": 443,
            "protocol": "TCP",
            "targetPort": 443
          }
        ],
        "selector": {
          "app.kubernetes.io/name": "ingress-nginx",
          "app.kubernetes.io/part-of": "ingress-nginx"
        },
        "type": "LoadBalancer"
      }
    }

Change-Id: I0dd66e3f1643efa975d6180cc163a265d4b484ef
 2019-06-29 22:44:53 +02:00
q3k 543b412a65 cluster/kube/lib/nginx: add gerrit forwarding 
This is already running in production since gerrit was deployed - it
just got lost during submit.

Change-Id: I8a1580b1ca3ec3142a8fa4320dc9f51a599a914f
 2019-06-29 22:42:39 +02:00
q3k 59f5fd315c cluster/openssl.cnf: remove 
This was used in the old openssl-based TLS certificate generation code.

Change-Id: I5da8c5b012b6af8c2f8b990237b3c4933b90a349
 2019-06-25 15:02:45 +02:00
q3k 1e5e81227a Merge changes I4ef1f6ed,I20b0ecbb,Ida9dff72,I92e70536 
* changes:
  cluster/cube/lib/cockroachdb: clean up topology
  cluster/kube/lib/cockroach: move client to deployment
  app/gerrit/kube: implement
  app/gerrit: import OAuth provider and add SSO support
 2019-06-25 00:49:10 +00:00
q3k 184678b0f4 cluster/cube/lib/cockroachdb: clean up topology 
IP addresses are not necessary in the topology definitions of a
cockroach cluster.

They were mis-commited leftovers from trying to run the cluster on
DaemonSets with hostNetworking: true.

Change-Id: I4ef1f6ed9a745efc6b05846bc13aba9d1f8dc7c8
 2019-06-22 21:18:29 +00:00
q3k dec401c7dd cluster/kube/lib/cockroach: move client to deployment 
This prevents a bug where kubecfg fails to update the client pod when
running a cluster/kube/cluster.jsonnet update. The pod update is
attempted because of runtime/intent differences at serviceAccounts
specification, which causes kubecfg to see a diff, which causes it to
attempt and update, which causes kube-apiserver to reject the change
(because pods are immutable), which causes kubecfg to fail.

Change-Id: I20b0ecbb264213a2eb483d475c7683b4965c82be
 2019-06-22 23:14:25 +02:00
q3k b094f08744 tools/: add __pycache__ to gitignore 
Change-Id: Iaddfe140df1e82611df8e2594b7560e3bdafd896
 2019-06-21 22:14:41 +02:00
q3k a7e26ccfe1 app/gerrit/kube: implement 
This change impelements the k8s machinery for Gerrit.

This might look somewhat complex at first, but the gist of it is:

 - k8s mounts etc, git, cache, db, index as RW PVs
 - k8s mounts a configmap containing gerrit.conf into an external
   directory
 - k8s mounts a secret containing secure.conf into an external directory
 - on startup, gerrit's entrypoint will copy over {gerrit,secure}.conf
   and start a small updater script that copies over gerrit.conf if
   there's any change. This should, in theory, make gerrit reload its
   config.

This is already running on production. You're probably looking at this
change through the instance deployed by itself :)

Change-Id: Ida9dff721c17cf4da7fb6ccbb54d2c4024672572
 2019-06-21 20:47:53 +02:00
q3k 573da78859 app/gerrit: import OAuth provider and add SSO support 
This change:

 - imports gerrit-oauth-provider from upstream
 - adds sso.hackerspae.pl support to it

Change-Id: I92e7053614a9297bf1ced3aac044c0002acd836a
 2019-06-21 20:09:01 +02:00
q3k c7258f4644 cluster/kube: refactor, add crdb-waw1 2019-06-21 00:24:09 +02:00
q3k e53e39a8be cluster/kube/lib/cockroachdb: use manual node pinning 
We move away from the StatefulSet based deployment to manually starting
a deployment per intended node. This allows us to pin indivisual
instances of Cockroach to particular nodes, so that they state
co-located with their data.
 2019-06-20 23:36:35 +02:00
q3k 662a3cdcca cluster/kube/lib/cockroachdb: refactor 
We refactor this library to:

 - support multiple databases, but with a strong suggestion of having
   one per k8s cluster
 - drop the database creation logic
 - redo naming (allowing for two options: multiple clusters per
   namespace or an exclusive namespace for the cluster)
 - unhardcode dns names
 2019-06-20 19:45:03 +02:00
q3k 224a50bbfe cluster/kube/lib/cockroach: fix imports 2019-06-20 16:43:01 +02:00
q3k 3c117fa841 make cockroachdb into a cluster service 2019-06-20 16:43:01 +02:00
Patryk Jakuszew fae3a9d514 add grace period for client pod, rename volume mounts 2019-06-20 16:43:01 +02:00
Patryk Jakuszew 5dfd4cc799 initial commit of cockroachdb.libsonnet 2019-06-20 16:43:01 +02:00
q3k c3b0f7627c cluster/kube: set operator replicas to 0 2019-06-20 16:42:19 +02:00
q3k c0fc3ee442 cluster/clustercfg: add clustercfg-nocerts 2019-06-20 16:11:38 +02:00
q3k bc27e64692 go/svc/invoice: template changes for EU VAT invoices, restore FV/ numbering 2019-06-20 16:11:07 +02:00
q3k 0de4368f5c nix/cluster-configuration: mention CNI plugin issue 2019-06-20 12:55:02 +02:00
q3k 9d6929f7c0 app/radio: fix fallback mounts, fix admin login 2019-06-20 12:52:38 +02:00
q3k f970a7ef0f nix/cluster-configuration: fix CNI plugins being deleted on kubelet restart 2019-06-20 12:51:51 +02:00
q3k c807f86b6a app/radio: lower resource requests and limits 2019-06-19 16:18:28 +02:00
q3k f9281d844f app/radio: add standby 2019-06-19 14:55:11 +02:00
q3k 610bec40a2 app/radio: init 2019-06-19 14:31:19 +02:00
q3k 4b1d4ca257 app/registry: allow app/radio to q3k 2019-06-19 14:09:31 +02:00
q3k a818ef2c16 go/svc/invoice: add shitty multilanguage support 2019-06-07 10:37:22 +02:00
informatic 77c0162a6f Merge branch 'feature/matrix' 2019-05-23 16:35:42 +02:00
informatic 3ea979dab5 app/matrix: forward IP to synapse 2019-05-23 16:11:52 +02:00
Bartosz Stebel caa770ae59 cluster-configuration.nix: add key for implr@thonk 2019-05-20 04:26:34 +02:00
q3k f81f7d462a cluster/clustercfg: gitignore __pycache__ 2019-05-19 03:11:18 +02:00
q3k 1264220329 nix: add sample node configuration 2019-05-19 03:10:56 +02:00
q3k 29afb4cc51 secretstore: restore implr 2019-05-19 03:10:25 +02:00
q3k cb5c321f80 app/factorio: implement kube 2019-05-19 03:10:17 +02:00
q3k 644f9ff57e app/factorio: multiple versions 2019-05-19 03:09:47 +02:00
q3k 44116eae1e WORKSPACE: fix indentation 2019-05-18 16:26:56 +02:00
q3k a103f060a8 go/svc/invoice: tiny template fixes 2019-05-18 16:23:58 +02:00
q3k 6586533bb3 app/factorio: build docker image 2019-05-18 16:23:45 +02:00
q3k aa68f3fdd8 secretstore: add implr 2019-05-18 00:15:25 +02:00
q3k cd6d0e7270 toolx/nixops: new keys 2019-05-17 18:10:23 +02:00
q3k 4a024bbd6a WORKSPACE: fix for newer bazel versions 2019-05-17 18:10:02 +02:00
q3k 36cc4fb61a bazel-cache: deploy, add waw-hdd-yolo-1 ceph pool 2019-05-17 18:09:39 +02:00
informatic aa0e755389 app/matrix: bump oauth2-cas-proxy for service_url security 2019-05-17 12:55:48 +02:00
informatic 9ab9f61a67 app/matrix: bump riot-web version to fix broken SSO 2019-05-17 09:53:13 +02:00
informatic c39fb04451 app/matrix: initial oauth2/casproxy setup 2019-05-17 09:13:56 +02:00
informatic fef4c12ca1 app/matrix: appservice-irc 2019-05-16 21:05:02 +02:00