q3k
09a0f06d2a
cluster/kube/lib/nginx: use Local traffic policy
...
Diff against prod:
- live services nginx-system.ingress-nginx
+ config services nginx-system.ingress-nginx
{
"apiVersion": "v1",
"kind": "Service",
"metadata": {
"annotations": {},
"labels": {
"app.kubernetes.io/name": "ingress-nginx",
"app.kubernetes.io/part-of": "ingress-nginx"
},
"name": "ingress-nginx",
"namespace": "nginx-system"
},
"spec": {
- "externalTrafficPolicy": "Cluster",
+ "externalTrafficPolicy": "Local",
"ports": [
{
"name": "ssh",
"port": 22,
"protocol": "TCP",
"targetPort": 22
},
{
"name": "http",
"port": 80,
"protocol": "TCP",
"targetPort": 80
},
{
"name": "https",
"port": 443,
"protocol": "TCP",
"targetPort": 443
}
],
"selector": {
"app.kubernetes.io/name": "ingress-nginx",
"app.kubernetes.io/part-of": "ingress-nginx"
},
"type": "LoadBalancer"
}
}
Change-Id: I0dd66e3f1643efa975d6180cc163a265d4b484ef
2019-06-29 22:44:53 +02:00
q3k
543b412a65
cluster/kube/lib/nginx: add gerrit forwarding
...
This is already running in production since gerrit was deployed - it
just got lost during submit.
Change-Id: I8a1580b1ca3ec3142a8fa4320dc9f51a599a914f
2019-06-29 22:42:39 +02:00
q3k
59f5fd315c
cluster/openssl.cnf: remove
...
This was used in the old openssl-based TLS certificate generation code.
Change-Id: I5da8c5b012b6af8c2f8b990237b3c4933b90a349
2019-06-25 15:02:45 +02:00
q3k
1e5e81227a
Merge changes I4ef1f6ed,I20b0ecbb,Ida9dff72,I92e70536
...
* changes:
cluster/cube/lib/cockroachdb: clean up topology
cluster/kube/lib/cockroach: move client to deployment
app/gerrit/kube: implement
app/gerrit: import OAuth provider and add SSO support
2019-06-25 00:49:10 +00:00
q3k
184678b0f4
cluster/cube/lib/cockroachdb: clean up topology
...
IP addresses are not necessary in the topology definitions of a
cockroach cluster.
They were mis-commited leftovers from trying to run the cluster on
DaemonSets with hostNetworking: true.
Change-Id: I4ef1f6ed9a745efc6b05846bc13aba9d1f8dc7c8
2019-06-22 21:18:29 +00:00
q3k
dec401c7dd
cluster/kube/lib/cockroach: move client to deployment
...
This prevents a bug where kubecfg fails to update the client pod when
running a cluster/kube/cluster.jsonnet update. The pod update is
attempted because of runtime/intent differences at serviceAccounts
specification, which causes kubecfg to see a diff, which causes it to
attempt and update, which causes kube-apiserver to reject the change
(because pods are immutable), which causes kubecfg to fail.
Change-Id: I20b0ecbb264213a2eb483d475c7683b4965c82be
2019-06-22 23:14:25 +02:00
q3k
b094f08744
tools/: add __pycache__ to gitignore
...
Change-Id: Iaddfe140df1e82611df8e2594b7560e3bdafd896
2019-06-21 22:14:41 +02:00
q3k
a7e26ccfe1
app/gerrit/kube: implement
...
This change impelements the k8s machinery for Gerrit.
This might look somewhat complex at first, but the gist of it is:
- k8s mounts etc, git, cache, db, index as RW PVs
- k8s mounts a configmap containing gerrit.conf into an external
directory
- k8s mounts a secret containing secure.conf into an external directory
- on startup, gerrit's entrypoint will copy over {gerrit,secure}.conf
and start a small updater script that copies over gerrit.conf if
there's any change. This should, in theory, make gerrit reload its
config.
This is already running on production. You're probably looking at this
change through the instance deployed by itself :)
Change-Id: Ida9dff721c17cf4da7fb6ccbb54d2c4024672572
2019-06-21 20:47:53 +02:00
q3k
573da78859
app/gerrit: import OAuth provider and add SSO support
...
This change:
- imports gerrit-oauth-provider from upstream
- adds sso.hackerspae.pl support to it
Change-Id: I92e7053614a9297bf1ced3aac044c0002acd836a
2019-06-21 20:09:01 +02:00
q3k
c7258f4644
cluster/kube: refactor, add crdb-waw1
2019-06-21 00:24:09 +02:00
q3k
e53e39a8be
cluster/kube/lib/cockroachdb: use manual node pinning
...
We move away from the StatefulSet based deployment to manually starting
a deployment per intended node. This allows us to pin indivisual
instances of Cockroach to particular nodes, so that they state
co-located with their data.
2019-06-20 23:36:35 +02:00
q3k
662a3cdcca
cluster/kube/lib/cockroachdb: refactor
...
We refactor this library to:
- support multiple databases, but with a strong suggestion of having
one per k8s cluster
- drop the database creation logic
- redo naming (allowing for two options: multiple clusters per
namespace or an exclusive namespace for the cluster)
- unhardcode dns names
2019-06-20 19:45:03 +02:00
q3k
224a50bbfe
cluster/kube/lib/cockroach: fix imports
2019-06-20 16:43:01 +02:00
q3k
3c117fa841
make cockroachdb into a cluster service
2019-06-20 16:43:01 +02:00
Patryk Jakuszew
fae3a9d514
add grace period for client pod, rename volume mounts
2019-06-20 16:43:01 +02:00
Patryk Jakuszew
5dfd4cc799
initial commit of cockroachdb.libsonnet
2019-06-20 16:43:01 +02:00
q3k
c3b0f7627c
cluster/kube: set operator replicas to 0
2019-06-20 16:42:19 +02:00
q3k
c0fc3ee442
cluster/clustercfg: add clustercfg-nocerts
2019-06-20 16:11:38 +02:00
q3k
bc27e64692
go/svc/invoice: template changes for EU VAT invoices, restore FV/ numbering
2019-06-20 16:11:07 +02:00
q3k
0de4368f5c
nix/cluster-configuration: mention CNI plugin issue
2019-06-20 12:55:02 +02:00
q3k
9d6929f7c0
app/radio: fix fallback mounts, fix admin login
2019-06-20 12:52:38 +02:00
q3k
f970a7ef0f
nix/cluster-configuration: fix CNI plugins being deleted on kubelet restart
2019-06-20 12:51:51 +02:00
q3k
c807f86b6a
app/radio: lower resource requests and limits
2019-06-19 16:18:28 +02:00
q3k
f9281d844f
app/radio: add standby
2019-06-19 14:55:11 +02:00
q3k
610bec40a2
app/radio: init
2019-06-19 14:31:19 +02:00
q3k
4b1d4ca257
app/registry: allow app/radio to q3k
2019-06-19 14:09:31 +02:00
q3k
a818ef2c16
go/svc/invoice: add shitty multilanguage support
2019-06-07 10:37:22 +02:00
informatic
77c0162a6f
Merge branch 'feature/matrix'
2019-05-23 16:35:42 +02:00
informatic
3ea979dab5
app/matrix: forward IP to synapse
2019-05-23 16:11:52 +02:00
Bartosz Stebel
caa770ae59
cluster-configuration.nix: add key for implr@thonk
2019-05-20 04:26:34 +02:00
q3k
f81f7d462a
cluster/clustercfg: gitignore __pycache__
2019-05-19 03:11:18 +02:00
q3k
1264220329
nix: add sample node configuration
2019-05-19 03:10:56 +02:00
q3k
29afb4cc51
secretstore: restore implr
2019-05-19 03:10:25 +02:00
q3k
cb5c321f80
app/factorio: implement kube
2019-05-19 03:10:17 +02:00
q3k
644f9ff57e
app/factorio: multiple versions
2019-05-19 03:09:47 +02:00
q3k
44116eae1e
WORKSPACE: fix indentation
2019-05-18 16:26:56 +02:00
q3k
a103f060a8
go/svc/invoice: tiny template fixes
2019-05-18 16:23:58 +02:00
q3k
6586533bb3
app/factorio: build docker image
2019-05-18 16:23:45 +02:00
q3k
aa68f3fdd8
secretstore: add implr
2019-05-18 00:15:25 +02:00
q3k
cd6d0e7270
toolx/nixops: new keys
2019-05-17 18:10:23 +02:00
q3k
4a024bbd6a
WORKSPACE: fix for newer bazel versions
2019-05-17 18:10:02 +02:00
q3k
36cc4fb61a
bazel-cache: deploy, add waw-hdd-yolo-1 ceph pool
2019-05-17 18:09:39 +02:00
informatic
aa0e755389
app/matrix: bump oauth2-cas-proxy for service_url security
2019-05-17 12:55:48 +02:00
informatic
9ab9f61a67
app/matrix: bump riot-web version to fix broken SSO
2019-05-17 09:53:13 +02:00
informatic
c39fb04451
app/matrix: initial oauth2/casproxy setup
2019-05-17 09:13:56 +02:00
informatic
fef4c12ca1
app/matrix: appservice-irc
2019-05-16 21:05:02 +02:00
informatic
ffbb47c2b3
app/matrix: svc usage cleanup
2019-05-16 12:18:39 +02:00
q3k
a4b3767455
tools/nixops.sh: add
2019-05-15 19:23:38 +02:00
q3k
e986728648
gcp: init, add service account
2019-05-15 19:19:19 +02:00
q3k
bb77892924
tools/install.sh: soft requirement on nix
2019-05-15 19:13:11 +02:00