This is hackdoc, a documentation rendering tool for monorepos.
This is the first code iteration, that can only serve from a local git
checkout.
The code is incomplete, and is WIP.
Change-Id: I68ef7a991191c1bb1b0fdd2a8d8353aba642e28f
This makes clustercfg ensure certificates are valid for at least 30
days, and renew them otherwise.
We use this to bump all the certs that were about to expire in a week.
They are now valid until 2021.
There's still some certs that expire in 2020. We need to figure out a
better story for this, especially as the next expiry is 2021 - todays
prod rollout was somewhat disruptive (basically this was done by a full
cluster upgrade-like rollout flow, via clustercfg).
We also drive-by bump the number of mons in ceph-waw3 to 3, as it shouls
be (this gets rid of a nasty SPOF that would've bitten us during this
upgrade otherwise).
Change-Id: Iee050b1b9cba4222bc0f3c7bce9e4cf9b25c8bdc
In preparation for updating to 1.1.0, which will be much more involved.
Also fix a typo in registry.libsonnet, whoops.
Change-Id: I7668bf53c7580f99fdf56fe6227f04a468f8de50
For us this manifests when doing
kubecfg update cluster/kube/cluster.libsonnet
To be precise: when hitting the Ceph/Rook CRD definition.
This is a weird bug. I've seen it manifest earlier on NixOS, but I am
now also seeing it on Gentoo. I've thought that it was because of Go API
breakage, but I've quickly tried to specify older toolchain versions,
but that didn't seem to help? :/
Regardless, I've applied a patch by rnb [1] that seems to fix this. I
also have a suspicion that updating to a newer k8s version might just
fix this, that's why I'm not not too concerned about this for now.
[1] - a32521024f
Change-Id: Id66e3c0bd56e84d785e1baeca86373aa2d0eb6f9
cz2's key has expired. Removing it for now as there's no easy way to
force gpg to encrypt content for expired keys.
Change-Id: Ib27b9a09385fcead1ba2d48ebf45426038d8b647
This reflects current production. This needs to get bumped up to 3 at some point as otherwise we lose HA for this cluster.
Change-Id: Ie5937e6a216b635ecbc4c82ecd182a410167c3f8
We change the existing behaviour (copy files & run nixos-rebuild switch)
to something closer to nixops-style. This now means that provisioning
admin machines need Nix installed locally, but that's probably an okay
choice to make.
The upside of this approach is that it's easier to debug and test
derivations, as all data is local to the repo and the workstation, and
deploying just means copying a configuration closure and switching the
system to it. At some point we should even be able to run the entire
cluster within a set of test VMs.
We also bump the kubernetes control plane to 1.14. Kubelets are still at
1.13 and their upgrade is comint up today too.
Change-Id: Ia9832c47f258ee223d93893d27946d1161cc4bbd
This doesn't automatically bump generated numbers - however, new users
will at least have sensible IDs now :).
To bump an existing deployment, you will have to do some mild surgery:
- edit the touched query to once generate a new, appropriate serial
(eg. 20001)
- run and seal one invoice
- restore original code (now with the new 20000 default)
In the future we should have an RPC override for the new sealed final
UID with some basic sanity checks.
Change-Id: Idd8187618869f6ea76f1b187acfbdd2f1c94005b
Only these nodes (and bc01n03( are #blesed by freenode.
In the future we should fix this by having custom node labels for
blessed nodes. But this will do for now.
Change-Id: Ia5d7cfcb9329da0de8d596ed40b20b0e0f286f43