1
0
Fork 0
Commit Graph

185 Commits (aa68f3fdd810ef0e69056071e2c841529a91cc67)

Author SHA1 Message Date
q3k aa68f3fdd8 secretstore: add implr 2019-05-18 00:15:25 +02:00
q3k cd6d0e7270 toolx/nixops: new keys 2019-05-17 18:10:23 +02:00
q3k 4a024bbd6a WORKSPACE: fix for newer bazel versions 2019-05-17 18:10:02 +02:00
q3k 36cc4fb61a bazel-cache: deploy, add waw-hdd-yolo-1 ceph pool 2019-05-17 18:09:39 +02:00
q3k a4b3767455 tools/nixops.sh: add 2019-05-15 19:23:38 +02:00
q3k e986728648 gcp: init, add service account 2019-05-15 19:19:19 +02:00
q3k bb77892924 tools/install.sh: soft requirement on nix 2019-05-15 19:13:11 +02:00
q3k 1e6b52a194 tools/: add nixops
This now means we require Nix to be installed globally. This shouldn't
be the case in the long run, but will be until
https://github.com/tweag/rules_nixpkgs/issues/75 gets fixed or we maybe
move from rules_nixpkgs to nix-bundle or something similar.
2019-05-15 19:08:25 +02:00
q3k b7e4bd4fa1 nix/cluster-configuration: pin nixpkgs for k8s
We pin nixpkgs for k8s and also bypass some issues with the new k8s
startup sequencing.

We also pin the kernel to 5.1.

Next step is to also pin nixpkgs for the rest of the system, I think we
can do it from within cluster-configuration.nix.
2019-05-14 01:45:48 +02:00
informatic fc514a9b52 cluster/kube/cert-manager: don't add APIService when webhooks are disabled 2019-05-05 12:12:13 +02:00
informatic b187bf5b2c cluster/kube/metallb: downgrade to 0.7.3 2019-05-05 12:11:14 +02:00
q3k ac140b3427 go/svc/invoice: statusz cleanups
- Remove internal ID
 - Sort by time
2019-05-01 17:11:47 +02:00
q3k 3976e3cee8 go/svc/invoice: refactor
We unify calculation logic, move the existing Invoice proto message into
InvoiceData, and create other messages/fields around it to hold
denormalized data.
2019-05-01 15:27:49 +02:00
q3k 57ef6b0d7f go/svc/invoice: add statusz 2019-05-01 14:08:29 +02:00
q3k c2d322c504 go/svc/invoice: polishify 2019-05-01 13:14:32 +02:00
q3k fb18c99df3 go/svc/invoice: import from code.hackerspace.pl/q3k/inboice 2019-05-01 12:27:43 +02:00
q3k 258686cf9a WORKSPACE: bump gazelle for go 1.12 2019-05-01 12:26:43 +02:00
q3k a9bb1d5b5b tools/secretstore: fix decryption of updated secrets 2019-04-28 17:13:12 +02:00
q3k 4232c8b733 nix: bump to new k8s 2019-04-28 17:12:54 +02:00
q3k b245865087 app/registry: allow anonymous pull access and temporary vms/ push access 2019-04-19 14:41:10 +02:00
q3k 3e59718d3a WORKSPACE: add bazel docker rules 2019-04-19 14:40:47 +02:00
q3k 321fad9865 cluster/kube/rook: lower debug 2019-04-19 14:14:36 +02:00
q3k ed2e670c8b cluster/kube/rook: bump to ceph v14 fully 2019-04-19 13:27:20 +02:00
informatic 56918237ed cluster: update ceph README 2019-04-09 23:48:33 +02:00
informatic 2c5391b6e6 tools/rook-s3cmd-config: tool to generate s3cmd config from rook.io secrets 2019-04-09 23:30:38 +02:00
informatic 7adc0eb998 app/registry: migrate to ceph object storage 2019-04-09 22:39:42 +02:00
informatic 5ac85c6e73 cluster/kube: refactor rook.io object store configuration 2019-04-09 21:45:32 +02:00
informatic 6da3b288dc WIP: app/registry: ceph object storage 2019-04-09 13:48:21 +02:00
informatic e24ccd678c clustercfg: fix broken admincreds generation 2019-04-09 13:43:54 +02:00
informatic dc1e5f0cb4 README: update according to new bazel paradigm(tm) 2019-04-09 13:30:28 +02:00
informatic c10f00b7da tools/secretstore: decrypt secrets when requesting plaintext path 2019-04-09 13:29:33 +02:00
informatic 598a079f57 clustercfg: extract cfssl handling to separate function 2019-04-09 13:29:33 +02:00
q3k acd001bf83 tools: add cfssl 2019-04-09 13:17:06 +02:00
q3k 73cef11c85 *: rejigger tls certs and more
This pretty large change does the following:

 - moves nix from bootstrap.hswaw.net to nix/
 - changes clustercfg to use cfssl and moves it to cluster/clustercfg
 - changes clustercfg to source information about target location of
   certs from nix
 - changes clustercfg to push nix config
 - changes tls certs to have more than one CA
 - recalculates all TLS certs
   (it keeps the old serviceaccoutns key, otherwise we end up with
   invalid serviceaccounts - the cert doesn't match, but who cares,
   it's not used anyway)
2019-04-07 00:06:23 +02:00
q3k 208f005830 go/svc/leasifier: sort returned leases 2019-04-06 01:28:04 +02:00
q3k a9a266c08c go/svc/leasifier: fixes, add statusz table 2019-04-06 01:21:25 +02:00
q3k 1affad42e7 go/statusz: factor out load avg to separate file 2019-04-06 01:21:04 +02:00
q3k 3a2a693e0c WORKSPACE: bump go 2019-04-06 01:20:19 +02:00
q3k 9dc4b68f24 go: add bazel buildfiles, implement leasifier 2019-04-05 23:53:25 +02:00
q3k efc7928a73 go/vendor: nuke 2019-04-05 23:50:28 +02:00
q3k 6916f7e244 app/toot: start implementing redis 2019-04-04 16:54:00 +02:00
q3k 242152f65e cluster/kube/lib/metallb: bump memory hoping to prevent crashes 2019-04-04 16:54:00 +02:00
informatic ac38d5aeb1 app/registry: oauth2 authentication 2019-04-03 08:41:20 +02:00
informatic 6dc4839d74 app/registry: initial docker registry setup 2019-04-02 18:59:37 +02:00
q3k 0f78cea802 Merge branch 'master' of hackerspace.pl:hscloud 2019-04-02 14:45:23 +02:00
q3k 2fd5861d24 cluster: some doc updates 2019-04-02 14:45:17 +02:00
informatic 3187c59a86 cluster/kube: ceph dashboard tls certificates 2019-04-02 14:44:04 +02:00
informatic 2afe604595 cluster/kube: minor cert-manager cleanups, disable webhooks by default 2019-04-02 14:43:34 +02:00
informatic 79ddbc57d9 cluster/kube: initial cert-manager implementation 2019-04-02 13:20:15 +02:00
q3k 5f2dc8530d toot: wip 2019-04-02 02:36:22 +02:00