cd6d0e7270
toolx/nixops: new keys
2019-05-17 18:10:23 +02:00
4a024bbd6a
WORKSPACE: fix for newer bazel versions
2019-05-17 18:10:02 +02:00
36cc4fb61a
bazel-cache: deploy, add waw-hdd-yolo-1 ceph pool
2019-05-17 18:09:39 +02:00
a4b3767455
tools/nixops.sh: add
2019-05-15 19:23:38 +02:00
e986728648
gcp: init, add service account
2019-05-15 19:19:19 +02:00
bb77892924
tools/install.sh: soft requirement on nix
2019-05-15 19:13:11 +02:00
1e6b52a194
tools/: add nixops
...
This now means we require Nix to be installed globally. This shouldn't
be the case in the long run, but will be until
https://github.com/tweag/rules_nixpkgs/issues/75 gets fixed or we maybe
move from rules_nixpkgs to nix-bundle or something similar.
2019-05-15 19:08:25 +02:00
b7e4bd4fa1
nix/cluster-configuration: pin nixpkgs for k8s
...
We pin nixpkgs for k8s and also bypass some issues with the new k8s
startup sequencing.
We also pin the kernel to 5.1.
Next step is to also pin nixpkgs for the rest of the system, I think we
can do it from within cluster-configuration.nix.
2019-05-14 01:45:48 +02:00
fc514a9b52
cluster/kube/cert-manager: don't add APIService when webhooks are disabled
2019-05-05 12:12:13 +02:00
b187bf5b2c
cluster/kube/metallb: downgrade to 0.7.3
2019-05-05 12:11:14 +02:00
ac140b3427
go/svc/invoice: statusz cleanups
...
- Remove internal ID
- Sort by time
2019-05-01 17:11:47 +02:00
3976e3cee8
go/svc/invoice: refactor
...
We unify calculation logic, move the existing Invoice proto message into
InvoiceData, and create other messages/fields around it to hold
denormalized data.
2019-05-01 15:27:49 +02:00
57ef6b0d7f
go/svc/invoice: add statusz
2019-05-01 14:08:29 +02:00
c2d322c504
go/svc/invoice: polishify
2019-05-01 13:14:32 +02:00
fb18c99df3
go/svc/invoice: import from code.hackerspace.pl/q3k/inboice
2019-05-01 12:27:43 +02:00
258686cf9a
WORKSPACE: bump gazelle for go 1.12
2019-05-01 12:26:43 +02:00
a9bb1d5b5b
tools/secretstore: fix decryption of updated secrets
2019-04-28 17:13:12 +02:00
4232c8b733
nix: bump to new k8s
2019-04-28 17:12:54 +02:00
b245865087
app/registry: allow anonymous pull access and temporary vms/ push access
2019-04-19 14:41:10 +02:00
3e59718d3a
WORKSPACE: add bazel docker rules
2019-04-19 14:40:47 +02:00
321fad9865
cluster/kube/rook: lower debug
2019-04-19 14:14:36 +02:00
ed2e670c8b
cluster/kube/rook: bump to ceph v14 fully
2019-04-19 13:27:20 +02:00
56918237ed
cluster: update ceph README
2019-04-09 23:48:33 +02:00
2c5391b6e6
tools/rook-s3cmd-config: tool to generate s3cmd config from rook.io secrets
2019-04-09 23:30:38 +02:00
7adc0eb998
app/registry: migrate to ceph object storage
2019-04-09 22:39:42 +02:00
5ac85c6e73
cluster/kube: refactor rook.io object store configuration
2019-04-09 21:45:32 +02:00
6da3b288dc
WIP: app/registry: ceph object storage
2019-04-09 13:48:21 +02:00
e24ccd678c
clustercfg: fix broken admincreds generation
2019-04-09 13:43:54 +02:00
dc1e5f0cb4
README: update according to new bazel paradigm(tm)
2019-04-09 13:30:28 +02:00
c10f00b7da
tools/secretstore: decrypt secrets when requesting plaintext path
2019-04-09 13:29:33 +02:00
598a079f57
clustercfg: extract cfssl handling to separate function
2019-04-09 13:29:33 +02:00
acd001bf83
tools: add cfssl
2019-04-09 13:17:06 +02:00
73cef11c85
*: rejigger tls certs and more
...
This pretty large change does the following:
- moves nix from bootstrap.hswaw.net to nix/
- changes clustercfg to use cfssl and moves it to cluster/clustercfg
- changes clustercfg to source information about target location of
certs from nix
- changes clustercfg to push nix config
- changes tls certs to have more than one CA
- recalculates all TLS certs
(it keeps the old serviceaccoutns key, otherwise we end up with
invalid serviceaccounts - the cert doesn't match, but who cares,
it's not used anyway)
2019-04-07 00:06:23 +02:00
208f005830
go/svc/leasifier: sort returned leases
2019-04-06 01:28:04 +02:00
a9a266c08c
go/svc/leasifier: fixes, add statusz table
2019-04-06 01:21:25 +02:00
1affad42e7
go/statusz: factor out load avg to separate file
2019-04-06 01:21:04 +02:00
3a2a693e0c
WORKSPACE: bump go
2019-04-06 01:20:19 +02:00
9dc4b68f24
go: add bazel buildfiles, implement leasifier
2019-04-05 23:53:25 +02:00
efc7928a73
go/vendor: nuke
2019-04-05 23:50:28 +02:00
6916f7e244
app/toot: start implementing redis
2019-04-04 16:54:00 +02:00
242152f65e
cluster/kube/lib/metallb: bump memory hoping to prevent crashes
2019-04-04 16:54:00 +02:00
ac38d5aeb1
app/registry: oauth2 authentication
2019-04-03 08:41:20 +02:00
6dc4839d74
app/registry: initial docker registry setup
2019-04-02 18:59:37 +02:00
0f78cea802
Merge branch 'master' of hackerspace.pl:hscloud
2019-04-02 14:45:23 +02:00
2fd5861d24
cluster: some doc updates
2019-04-02 14:45:17 +02:00
3187c59a86
cluster/kube: ceph dashboard tls certificates
2019-04-02 14:44:04 +02:00
2afe604595
cluster/kube: minor cert-manager cleanups, disable webhooks by default
2019-04-02 14:43:34 +02:00
79ddbc57d9
cluster/kube: initial cert-manager implementation
2019-04-02 13:20:15 +02:00
5f2dc8530d
toot: wip
2019-04-02 02:36:22 +02:00
65f3b1d8ab
cluster/kube: add waw-hdd-redundant-1 pool/storageclass
2019-04-02 01:05:38 +02:00