4
0
Fork 2
mirror of https://gerrit.hackerspace.pl/hscloud synced 2025-01-15 19:43:53 +00:00
Commit graph

222 commits

Author SHA1 Message Date
53f4a7dfc3 cluster/kube: move pki imports to cluster.libsonnet
This will allow affected libsonnets to be reused for k1

Change-Id: I30e7dfd6c391e479270c78f8a245d6f330e65027
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/2124
Reviewed-by: informatic <informatic@hackerspace.pl>
2025-01-14 17:47:32 +00:00
52ab741686 *: bump prodimage to noble, deploy
Change-Id: I3f4cce02eb6bb34c2fd66062b122464daeaae7bb
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/2120
Reviewed-by: pl <pl@hackerspace.pl>
Reviewed-by: q3k <q3k@hackerspace.pl>
2025-01-14 16:31:16 +00:00
eabf2104dc kube: standardize on omitting replicas: 1
Across the hscloud, few deployments have number of replicas other than 1. And not every app is even built to support more than 1 replica (notably, nothing with waw-hdd-redundant-3 mounts will work). Also, replicas=1 is the default. Therefore, it doesn't make sense to explicitly say `replicas: 1` unless other value is needed.

Change-Id: I12250ceb053d2041c06ecfe685fe7f8f10d20679
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/2084
Reviewed-by: pl <pl@hackerspace.pl>
Reviewed-by: krnlexception <krnlexception@hackerspace.pl>
Reviewed-by: informatic <informatic@hackerspace.pl>
2025-01-11 16:45:33 +00:00
45bf1472a9 kube: rename SimpleIngress to TLSIngress & split up
The abstraction and name of SimpleIngress didn't feel right to me. I realized it's actually a few related things. One is just the simplified syntax to point `target` to `hosts`, and that should live in the (upstream-able) kube.libsonnet (similar to what we do with Service, PVC). Second is k0-specific default for all ingresses of proxy-body-size=0. Third is TLS-specific stuff, which includes the (standard) spec.tls, and k0-specific acme/cert-manager annotations.

In the end, for cluster users this is basically just a rename of SimpleIngress to TLSIngress. But it's a bit better encapsulated I think, and if someone wants a non-TLS Ingress or if we ever upstream kube.libsonnet, this may be helpful

Change-Id: I4587549699c40fe71c4fff358faac8748ecc44ef
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/2085
Reviewed-by: q3k <q3k@hackerspace.pl>
2025-01-11 16:45:22 +00:00
0565af617a cluster/prodvider: deploy & modernize jsonnet
Change-Id: I4de71cb7770a16fd4bfdcd171f01c0af2808f4e7
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/2103
Reviewed-by: q3k <q3k@hackerspace.pl>
2025-01-11 15:18:54 +00:00
krnlexception
d112420352 hswaw/wiki: dokuwiki deployment
Change-Id: I2807f333033ac23b6503632349f7a7379b459da8
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/2063
Reviewed-by: radex <radex@hackerspace.pl>
2025-01-08 18:12:25 +00:00
59ebe3c42a cluster/registry: migrate to oidc_auth
Change-Id: I384b8a21450e46a93ce55062fb66b3569a764030
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/2081
Reviewed-by: radex <radex@hackerspace.pl>
2025-01-06 16:06:41 +00:00
434f6feae8 cluster/nginx: block traffic from misbehaving bots
Change-Id: I527fb1b2fc9152ad551db5fef42dc458c182cf16
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/2018
Reviewed-by: q3k <q3k@hackerspace.pl>
2025-01-06 12:19:08 +00:00
148240c0c0 cluster/nginx: reuse upstream yaml
Change-Id: I46dad9b791005b86ddfafd7167843d9527ea3d97
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/2017
Reviewed-by: krnlexception <krnlexception@hackerspace.pl>
Reviewed-by: informatic <informatic@hackerspace.pl>
2025-01-06 12:19:08 +00:00
dce0b4c495 hswaw/roundcube: created roundcube deployment
Change-Id: I0a965b804ecb4c199b7203adde8c8b16b666ebcf
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/2053
Reviewed-by: informatic <informatic@hackerspace.pl>
2025-01-06 11:46:05 +00:00
1d16ae9b56 hswaw: add zhp-site
Change-Id: I3b9132c47c1bbf11e71a38cbb327aca07f2c3df3
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/2064
Reviewed-by: krnlexception <krnlexception@hackerspace.pl>
2025-01-06 11:17:03 +00:00
682e9cf507 cluster/kube: adjust admitomatic's personal namespaces
Change-Id: I4d40a3281ea63dedd665ca0850cbd9968f6e50ac
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/2077
Reviewed-by: radex <radex@hackerspace.pl>
2025-01-06 09:58:38 +00:00
a6c9d3b6ad cluster/kube: remove admitomatic references to dead namespaces
Change-Id: Ifc9d64a9f756673583a9e5620bc16c67a1cf6559
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/2076
Reviewed-by: radex <radex@hackerspace.pl>
2025-01-06 09:58:38 +00:00
4189ebc639 cluster/kube: remove radex ns admins
radex is a cluster admin, so per-namespace admin rbs are unnecessary clutter

Change-Id: Ib6cfbdf6fc0b90420cd20a5ee3e9fa1d74666e9b
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/2075
Reviewed-by: radex <radex@hackerspace.pl>
2025-01-06 09:27:12 +00:00
804c20353a cluster/kube: add arsenicum admin to paperless
Change-Id: I45eeef6117cd8a1eb63c9ef3e11169dfedd12f29
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/2074
Reviewed-by: radex <radex@hackerspace.pl>
2025-01-06 09:26:55 +00:00
e9e7469568 *: clean up palid
no longer a member (invalid user); palworld killed by request from palid

Change-Id: I42176c21d0b2eefadabfc66542537bf2843d3741
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/2073
Reviewed-by: radex <radex@hackerspace.pl>
2025-01-06 09:22:04 +00:00
krnlexception
1a7194422c hswaw/gallery: gallery deployment
Change-Id: I082aca47fbaab8797856359c4b21249a5d0c1185
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/2066
Reviewed-by: radex <radex@hackerspace.pl>
2025-01-05 21:08:09 +00:00
rheya
71c6a04887 add rheya to 0x3c admins
Change-Id: I50c37b123713103e5c713d897eeea58bd146ad0e
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/2069
Reviewed-by: q3k <q3k@hackerspace.pl>
2025-01-05 20:47:35 +00:00
7a835b54e8 kube: add restarter
Change-Id: I672a2c60a6f7b8b1b4f7eb643a7f12307d94eedb
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/2044
Reviewed-by: krnlexception <krnlexception@hackerspace.pl>
Reviewed-by: informatic <informatic@hackerspace.pl>
2024-12-15 23:56:03 +00:00
7fb6a3478e hswaw/printservant: add web app
Change-Id: I31ded5c084d778b4a049e17519305165831db383
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/2046
Reviewed-by: krnlexception <krnlexception@hackerspace.pl>
Reviewed-by: informatic <informatic@hackerspace.pl>
2024-12-15 23:55:41 +00:00
41d9a55603 hswaw: add home
Change-Id: Iaf6eae93ce753a1ccb0caf32f22987398ea789ff
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/2045
Reviewed-by: informatic <informatic@hackerspace.pl>
Reviewed-by: krnlexception <krnlexception@hackerspace.pl>
2024-12-15 23:55:33 +00:00
krnlexception
85204f6d5b hswaw/blog: added blog prod.jsonnet
Change-Id: I095d47ef84f4eeace52e8ec9dc831a59db94685a
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/2042
Reviewed-by: informatic <informatic@hackerspace.pl>
Reviewed-by: radex <radex@hackerspace.pl>
2024-12-09 19:35:24 +00:00
87f6a9d1c3 cluster/registry: bump registry to v2.8.3 (latest)
Change-Id: I16958556db3b11456184da1c80f2c2faf1c2f9b7
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/2014
Reviewed-by: informatic <informatic@hackerspace.pl>
2024-11-02 08:15:02 +00:00
93b5080a4d cluster/registry: clean up jsonnet
Refactoring registry to use newer syntax/jsonnet helpers/conventions, in line with the rest of the codebase.

Change-Id: I20508c8f6ef9a2d0e8faa7de3d3b9efcf2c91af3
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/2013
Reviewed-by: q3k <q3k@hackerspace.pl>
2024-11-01 17:32:43 +00:00
5c0e878266 cluster/k0: fix birb/metallb bgp mess
This fixes cluster routing, which broke for some reason at some point.
It ensures cluster routes get propagated correctly across nodes.

This is a mess. We should replace this.

Change-Id: Ic749a529da620fa201ec9cd71a6a8eed664e2d0f
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/2012
Reviewed-by: radex <radex@hackerspace.pl>
2024-10-31 21:02:41 +00:00
bd48de1e12 cluster/kube: bump coredns, metallb
These changes were already live but were not committed

Change-Id: Ib0590964ad8521d06ad2219b51751e65b6f9742f
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/2011
Reviewed-by: q3k <q3k@hackerspace.pl>
2024-10-31 21:02:26 +00:00
80e3003542 cluster/metrics: reuse vendored manifests yaml
Change-Id: I83592266d5af39307af2774eb24a0b08229864cb
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/2010
Reviewed-by: q3k <q3k@hackerspace.pl>
2024-10-31 21:02:20 +00:00
cf8032a636 cluster/metrics: update to v0.5.1
This brings the code up to date with what was already deployed

Change-Id: I8e47787df8d421857f8a011ce3d6ab29488f980a
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/2009
Reviewed-by: q3k <q3k@hackerspace.pl>
2024-10-31 21:01:55 +00:00
6da7d2b75f cluster/nginx: bump to v0.51.0
Forked Dockerfile is no longer necessary, as 0.51.0 has a newer openssl

This is the newest version of n-i-c we can use with current k8s version. v1.0.0 requires k8s at least v1.19

Change-Id: Ibb244482cef2624274817ea6c62f190587a03f97
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/2006
Reviewed-by: q3k <q3k@hackerspace.pl>
2024-10-26 15:17:07 +00:00
85060c5fa6 cluster/k0: give radex cluster-admin
TODO: emergency/admin credentials

Change-Id: I89d55b14a5aacbd01dc00c36be7076014cfb0b56
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/2005
Reviewed-by: informatic <informatic@hackerspace.pl>
Reviewed-by: radex <radex@hackerspace.pl>
2024-10-26 08:08:04 +00:00
2f93220889 hswaw: add kasownik
Change-Id: I48739f9d4ecb8244a2baff5d38a308f7612940eb
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1990
Reviewed-by: informatic <informatic@hackerspace.pl>
2024-07-25 07:50:29 +00:00
fd505b8154 cluster/kube: add labelmaker namespace and dns
Change-Id: I3f2651e2c9528db50f81abb4d3876fa79c6ef3a0
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1896
Reviewed-by: informatic <informatic@hackerspace.pl>
2024-02-02 18:23:52 +00:00
1dd60c3fbd cluster/kube: add printservant namespace
Change-Id: I514a41ffe52c42377370b1b3b43c8679edf23cc6
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1889
Reviewed-by: informatic <informatic@hackerspace.pl>
2024-01-31 19:24:11 +00:00
3a3b425ddf app/codehosting: forgejo deployment
Change-Id: Icfe6e0b17932a3248e1bdb807f431c59c48430de
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1685
Reviewed-by: q3k <q3k@hackerspace.pl>
2024-01-30 21:16:33 +00:00
86d9b23743 cluster/kube/k0.libsonnet: add s3 bucket for inventory
Change-Id: I44f3ab787e751abd7558e6e91eccb25fc0e5101b
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1844
Reviewed-by: q3k <q3k@hackerspace.pl>
2024-01-24 18:51:09 +00:00
4e46d5017a cluster/kube: fix common missing namespace-admin permissions
Change-Id: I6ee4ede0b4e9db80559c009a1e86fbd2721f3d05
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1841
Reviewed-by: radex <radex@hackerspace.pl>
2024-01-18 23:47:20 +00:00
viq
3727b27339 cluster/kube/cluster.libsonnet: allow users to list RoleBindings
Change-Id: Ifa4289ea8c4d48171bc8ce61150a0c9f736b0fe5
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1835
Reviewed-by: q3k <q3k@hackerspace.pl>
2024-01-08 20:35:59 +00:00
viq
d693a60dc0 cluster/kube/k0.libsonnet: access for viq to monitoring-global-k0
Since `ops/monitoring` operates on both `monitoring-cluster` and
`monitoring-global-k0` namespaces, working properly using the tooling
requires access to both.
While there, add access to `monitoring-external-k0` for potential
working with external targets.

Change-Id: I5f37ed306f064ffcced705609aa919b684a46235
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1834
Reviewed-by: informatic <informatic@hackerspace.pl>
2024-01-08 20:35:38 +00:00
viq
bb72db8b86 cluster/kube/k0.libsonnet: allow viq to mess with prometheus
This gives viq admin access to monitoring-cluster namespace to be able
to inspect what's already there and try to extend it.

Change-Id: I48eaba8db6cd6868879da33abd93607ed5de2008
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1829
Reviewed-by: q3k <q3k@hackerspace.pl>
2024-01-03 16:42:25 +00:00
304515b58b bgpwtf/internet: clean up, use unprivileged nginx
Change-Id: I6f1291c2facf35f4871283c28a4e6f771a3b5102
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1813
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-12-04 20:33:56 +00:00
4ffc64d97d kube: add .volume field on PVCs and ConfigMaps
Change-Id: I93eec44bd6df4ecb0044a4797faa9bf6fd26802d
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1811
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-12-04 20:33:37 +00:00
7a4c27d28c kube: clean up (various)
Change-Id: Idc11cf70fa7fd0360f63438270748ef1d9bad989
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1810
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-12-04 20:33:31 +00:00
d45584aa6d kube: clean up SimpleIngress
Rename `target_service` to `target` to mirror Service's `target`; rename `extra_paths` to `extraPaths` to follow the camelCase convention used everywhere except for a few places in kube.upstream (assumed to be a mistake)

Change-Id: Icfcb70ef889e3359bf0391c465034817f4b70cce
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1809
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-12-04 20:33:10 +00:00
9da9df6b7a cluster/kube: admitomatic, admins, owners changes
Change-Id: Ia2f167d84cff999c9ab273db16609d1dec740f25
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1801
Reviewed-by: informatic <informatic@hackerspace.pl>
2023-11-26 15:50:57 +00:00
03365c6de1 cluster/kube: group admitomatic, admins entries by category
Change-Id: I0405fd894c775314059e382a804994184afb0f64
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1800
Reviewed-by: informatic <informatic@hackerspace.pl>
2023-11-26 15:49:37 +00:00
36964dca3b kube: clean up PersistentVolumeClaims
There's no difference as far as jsonnet is concerned, but it may confuse newbies, as Service and SimpleIngress use double colon for its top-level kube helpers. This also removes any ambiguity as to whether this is manifested in final JSON. So we can make that a convention.

Change-Id: I01ad4ea63f4d5d8ee6e5d41c79637ba186548c6f
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1803
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-11-24 20:37:53 +00:00
8b8f3876a9 kube: add target:: convenience field to Service
Change-Id: If69116d93b6074136a36d98973e1aa997e2ebbef
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1802
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-11-24 20:37:48 +00:00
f28cd62c0e *: Simplify kube.PersistentVolumeClaims
Change-Id: I0a3e44de9f1c4db146fd1e493741f5fe381da3ae
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1768
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-11-18 12:36:00 +00:00
18c27aedca k0: add dcr03s16 OSDs
Change-Id: I654ea780b53970732b735a9f62c7e3ca4d87c088
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1725
Reviewed-by: implr <implr@hackerspace.pl>
2023-11-11 13:55:34 +00:00
934f7d3626 cluster/kube: configure k0 for sourcegraph
Change-Id: I8ac3ca1269527faa98ce6949da066eb74f299c2c
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1770
Reviewed-by: implr <implr@hackerspace.pl>
2023-11-03 18:17:08 +00:00