4
0
Fork 2
mirror of https://gerrit.hackerspace.pl/hscloud synced 2024-12-14 15:40:21 +00:00
Commit graph

345 commits

Author SHA1 Message Date
krnlexception
85204f6d5b hswaw/blog: added blog prod.jsonnet
Change-Id: I095d47ef84f4eeace52e8ec9dc831a59db94685a
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/2042
Reviewed-by: informatic <informatic@hackerspace.pl>
Reviewed-by: radex <radex@hackerspace.pl>
2024-12-09 19:35:24 +00:00
87f6a9d1c3 cluster/registry: bump registry to v2.8.3 (latest)
Change-Id: I16958556db3b11456184da1c80f2c2faf1c2f9b7
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/2014
Reviewed-by: informatic <informatic@hackerspace.pl>
2024-11-02 08:15:02 +00:00
93b5080a4d cluster/registry: clean up jsonnet
Refactoring registry to use newer syntax/jsonnet helpers/conventions, in line with the rest of the codebase.

Change-Id: I20508c8f6ef9a2d0e8faa7de3d3b9efcf2c91af3
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/2013
Reviewed-by: q3k <q3k@hackerspace.pl>
2024-11-01 17:32:43 +00:00
5c0e878266 cluster/k0: fix birb/metallb bgp mess
This fixes cluster routing, which broke for some reason at some point.
It ensures cluster routes get propagated correctly across nodes.

This is a mess. We should replace this.

Change-Id: Ic749a529da620fa201ec9cd71a6a8eed664e2d0f
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/2012
Reviewed-by: radex <radex@hackerspace.pl>
2024-10-31 21:02:41 +00:00
bd48de1e12 cluster/kube: bump coredns, metallb
These changes were already live but were not committed

Change-Id: Ib0590964ad8521d06ad2219b51751e65b6f9742f
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/2011
Reviewed-by: q3k <q3k@hackerspace.pl>
2024-10-31 21:02:26 +00:00
80e3003542 cluster/metrics: reuse vendored manifests yaml
Change-Id: I83592266d5af39307af2774eb24a0b08229864cb
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/2010
Reviewed-by: q3k <q3k@hackerspace.pl>
2024-10-31 21:02:20 +00:00
cf8032a636 cluster/metrics: update to v0.5.1
This brings the code up to date with what was already deployed

Change-Id: I8e47787df8d421857f8a011ce3d6ab29488f980a
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/2009
Reviewed-by: q3k <q3k@hackerspace.pl>
2024-10-31 21:01:55 +00:00
6da7d2b75f cluster/nginx: bump to v0.51.0
Forked Dockerfile is no longer necessary, as 0.51.0 has a newer openssl

This is the newest version of n-i-c we can use with current k8s version. v1.0.0 requires k8s at least v1.19

Change-Id: Ibb244482cef2624274817ea6c62f190587a03f97
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/2006
Reviewed-by: q3k <q3k@hackerspace.pl>
2024-10-26 15:17:07 +00:00
85060c5fa6 cluster/k0: give radex cluster-admin
TODO: emergency/admin credentials

Change-Id: I89d55b14a5aacbd01dc00c36be7076014cfb0b56
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/2005
Reviewed-by: informatic <informatic@hackerspace.pl>
Reviewed-by: radex <radex@hackerspace.pl>
2024-10-26 08:08:04 +00:00
e433c3c929 cluster/machines/dcr03s16: tapes and tape accessories
Change-Id: Ib93fd85d0b09177d6e29bc3b4d68b999a1db3eaa
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1994
Reviewed-by: q3k <q3k@hackerspace.pl>
2024-10-19 08:43:50 +00:00
2f93220889 hswaw: add kasownik
Change-Id: I48739f9d4ecb8244a2baff5d38a308f7612940eb
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1990
Reviewed-by: informatic <informatic@hackerspace.pl>
2024-07-25 07:50:29 +00:00
15e7348a0b cluster: remove dead machines
Change-Id: I3ff6680bc7212341ca626b0f560e1fe93efe3a35
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1987
Reviewed-by: ar <ar@hackerspace.pl>
2024-07-20 12:18:00 +00:00
6bb11a98ed cluster/admittomatic: admit additional annotations
Change-Id: Ic80a97d6969c46335a83ca0bcfc7833b74cf578a
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1960
Reviewed-by: q3k <q3k@hackerspace.pl>
2024-05-28 13:49:27 +00:00
fd505b8154 cluster/kube: add labelmaker namespace and dns
Change-Id: I3f2651e2c9528db50f81abb4d3876fa79c6ef3a0
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1896
Reviewed-by: informatic <informatic@hackerspace.pl>
2024-02-02 18:23:52 +00:00
1dd60c3fbd cluster/kube: add printservant namespace
Change-Id: I514a41ffe52c42377370b1b3b43c8679edf23cc6
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1889
Reviewed-by: informatic <informatic@hackerspace.pl>
2024-01-31 19:24:11 +00:00
3a3b425ddf app/codehosting: forgejo deployment
Change-Id: Icfe6e0b17932a3248e1bdb807f431c59c48430de
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1685
Reviewed-by: q3k <q3k@hackerspace.pl>
2024-01-30 21:16:33 +00:00
de83f4904f cluster/machines: replace disk in dcr01s22
Change-Id: I22fefc9ff68295e33ab0a1f26ab2aeb02fb75210
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1854
Reviewed-by: q3k <q3k@hackerspace.pl>
Reviewed-by: implr <implr@hackerspace.pl>
2024-01-24 18:51:09 +00:00
a84e9bb884 cluster/machines: replace disk in dcr01s24
Change-Id: I144f23c571267543568a1bd132aea5a8a75db8f2
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1853
Reviewed-by: q3k <q3k@hackerspace.pl>
Reviewed-by: implr <implr@hackerspace.pl>
2024-01-24 18:51:09 +00:00
86d9b23743 cluster/kube/k0.libsonnet: add s3 bucket for inventory
Change-Id: I44f3ab787e751abd7558e6e91eccb25fc0e5101b
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1844
Reviewed-by: q3k <q3k@hackerspace.pl>
2024-01-24 18:51:09 +00:00
4e46d5017a cluster/kube: fix common missing namespace-admin permissions
Change-Id: I6ee4ede0b4e9db80559c009a1e86fbd2721f3d05
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1841
Reviewed-by: radex <radex@hackerspace.pl>
2024-01-18 23:47:20 +00:00
viq
3727b27339 cluster/kube/cluster.libsonnet: allow users to list RoleBindings
Change-Id: Ifa4289ea8c4d48171bc8ce61150a0c9f736b0fe5
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1835
Reviewed-by: q3k <q3k@hackerspace.pl>
2024-01-08 20:35:59 +00:00
viq
d693a60dc0 cluster/kube/k0.libsonnet: access for viq to monitoring-global-k0
Since `ops/monitoring` operates on both `monitoring-cluster` and
`monitoring-global-k0` namespaces, working properly using the tooling
requires access to both.
While there, add access to `monitoring-external-k0` for potential
working with external targets.

Change-Id: I5f37ed306f064ffcced705609aa919b684a46235
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1834
Reviewed-by: informatic <informatic@hackerspace.pl>
2024-01-08 20:35:38 +00:00
viq
bb72db8b86 cluster/kube/k0.libsonnet: allow viq to mess with prometheus
This gives viq admin access to monitoring-cluster namespace to be able
to inspect what's already there and try to extend it.

Change-Id: I48eaba8db6cd6868879da33abd93607ed5de2008
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1829
Reviewed-by: q3k <q3k@hackerspace.pl>
2024-01-03 16:42:25 +00:00
304515b58b bgpwtf/internet: clean up, use unprivileged nginx
Change-Id: I6f1291c2facf35f4871283c28a4e6f771a3b5102
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1813
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-12-04 20:33:56 +00:00
4ffc64d97d kube: add .volume field on PVCs and ConfigMaps
Change-Id: I93eec44bd6df4ecb0044a4797faa9bf6fd26802d
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1811
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-12-04 20:33:37 +00:00
7a4c27d28c kube: clean up (various)
Change-Id: Idc11cf70fa7fd0360f63438270748ef1d9bad989
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1810
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-12-04 20:33:31 +00:00
d45584aa6d kube: clean up SimpleIngress
Rename `target_service` to `target` to mirror Service's `target`; rename `extra_paths` to `extraPaths` to follow the camelCase convention used everywhere except for a few places in kube.upstream (assumed to be a mistake)

Change-Id: Icfcb70ef889e3359bf0391c465034817f4b70cce
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1809
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-12-04 20:33:10 +00:00
9da9df6b7a cluster/kube: admitomatic, admins, owners changes
Change-Id: Ia2f167d84cff999c9ab273db16609d1dec740f25
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1801
Reviewed-by: informatic <informatic@hackerspace.pl>
2023-11-26 15:50:57 +00:00
03365c6de1 cluster/kube: group admitomatic, admins entries by category
Change-Id: I0405fd894c775314059e382a804994184afb0f64
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1800
Reviewed-by: informatic <informatic@hackerspace.pl>
2023-11-26 15:49:37 +00:00
36964dca3b kube: clean up PersistentVolumeClaims
There's no difference as far as jsonnet is concerned, but it may confuse newbies, as Service and SimpleIngress use double colon for its top-level kube helpers. This also removes any ambiguity as to whether this is manifested in final JSON. So we can make that a convention.

Change-Id: I01ad4ea63f4d5d8ee6e5d41c79637ba186548c6f
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1803
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-11-24 20:37:53 +00:00
8b8f3876a9 kube: add target:: convenience field to Service
Change-Id: If69116d93b6074136a36d98973e1aa997e2ebbef
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1802
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-11-24 20:37:48 +00:00
f28cd62c0e *: Simplify kube.PersistentVolumeClaims
Change-Id: I0a3e44de9f1c4db146fd1e493741f5fe381da3ae
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1768
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-11-18 12:36:00 +00:00
ac4f99e2e1 cluster/machines/dcr01s24: pivot to lvm root and efi boot
Change-Id: I2df08a0ff7366607781421e6fe8c0ddce86e57a5
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1781
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-11-12 19:36:25 +00:00
f47d359a28 cluster/machines/dcr01s22: pivot to mirrored efi boot
Change-Id: I673bad18915ee76e0f35c56e689345f360d295dc
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1771
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-11-12 19:36:25 +00:00
b8ccfa8459 cluster/machines: move common LVM support bits into base.nix
Change-Id: I13e5653241a8245bae67cc7e660312484f1dcaca
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1767
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-11-12 01:31:39 +00:00
8edc52e619 c/m/dcr01s22: pivot to lvm root
The bootloader is *not* moved yet, machine still boots off the old disk

Change-Id: I8cc92489bb06bfe9581d68503237e08fa8082c7c
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1766
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-11-12 01:30:42 +00:00
b37b70cbd4 cluster/m/m/base: chronyd: enable rtc sync, aggresively step
Change-Id: I61827ec2c77e79ce3e394eb2574372d3c21394d8
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1765
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-11-12 01:30:42 +00:00
18c27aedca k0: add dcr03s16 OSDs
Change-Id: I654ea780b53970732b735a9f62c7e3ca4d87c088
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1725
Reviewed-by: implr <implr@hackerspace.pl>
2023-11-11 13:55:34 +00:00
4d3a0cc123 cluster/kube-common: avoid full nixpkgs checkouts
fetchGit was unnecessarily fetching full nixpkgs repository during
evaluation.

Change-Id: Ia22a234938014659d4c33e16c5028a63884d476c
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1728
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-11-06 21:55:24 +00:00
934f7d3626 cluster/kube: configure k0 for sourcegraph
Change-Id: I8ac3ca1269527faa98ce6949da066eb74f299c2c
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1770
Reviewed-by: implr <implr@hackerspace.pl>
2023-11-03 18:17:08 +00:00
6f1fda4329 cluster/k/l/cockroach: make publicService select *all* nodes
Change-Id: I705b89057f9c191eb62771e3683224376b2207a1
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1762
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-11-01 23:30:52 +00:00
c783390cf5 cluster/m/m/base: add a bunch of utilities to systemPackages
Change-Id: I8ad61f925011d019b8ef868013fcb266947a9c94
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1755
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-11-01 23:12:07 +00:00
ab2e470bd3 cluster/kube: generate namespaces in NamespaceAdmins
Change-Id: I37981a4d8d7cf9b85b9b9ab8cfdfc6c66eaa4453
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1760
Reviewed-by: radex <radex@hackerspace.pl>
2023-10-31 10:52:01 +00:00
a6592b845c cluster: grant radex access to more namespaces
Change-Id: I4f3df51fbc200f1a69ec1225244621e0c724f95b
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1759
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-10-30 21:35:46 +00:00
3fdda9c9a3 hswaw/walne: initial deployment
Co-authored-by: Palid <palid@hackerspace.pl>
Change-Id: I7c5ef8a1d310821937c49598c4bd983f80a8fbcb
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1741
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-10-30 21:35:29 +00:00
caf65fcaaf *: Kill frab, smsgw, toot, covid-formity, voucherchecker
Change-Id: I763c758994008db38b47a7e61d3f1b503685aba6
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1750
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-10-30 19:08:23 +00:00
633fb2e8ce cluster/admitomatic: deploy
Change-Id: Id08c4b428a9c01b310b69396890083f999090928
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1749
Reviewed-by: radex <radex@hackerspace.pl>
2023-10-28 20:12:30 +00:00
f5844311eb */kube: Add kube.SimpleIngress
Change-Id: Iddcac629b9938f228dd93b32e58bb14606d5c6e5
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1745
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-10-28 17:55:48 +00:00
e36beba34c cluster/admitomatic: Regexp-based admission rules
Change-Id: Ic2b1d6a952dc194c0ee2fa1673ceb91c43799308
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1723
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-10-14 12:21:46 +00:00
a5ba554446 k0: enable fstrim, lower gc thresh for kubelet
fstrim is nice as it might prevent us from killing SSDs so fast.

A lower GC threshold for kubelet is nice as we run non-kubelet services
on these nodes, and they need their space. Notably, Ceph's mons tend to
be extremely claustrophobic, firing alerts at 70% disk usage or so.

Change-Id: I94c1787e62f82a02f107d04a87575327d3d79c01
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1724
Reviewed-by: implr <implr@hackerspace.pl>
2023-10-13 11:47:36 +00:00