q3k
1e6b52a194
tools/: add nixops
...
This now means we require Nix to be installed globally. This shouldn't
be the case in the long run, but will be until
https://github.com/tweag/rules_nixpkgs/issues/75 gets fixed or we maybe
move from rules_nixpkgs to nix-bundle or something similar.
2019-05-15 19:08:25 +02:00
informatic
4b4231d900
app/matrix: disable piwik & 3pid auth, allow guest login, fix roomDirectory
2019-05-15 11:41:32 +02:00
informatic
a222691ca5
app/matrix: initial matrix test deployment WIP
2019-05-14 18:49:29 +02:00
q3k
b7e4bd4fa1
nix/cluster-configuration: pin nixpkgs for k8s
...
We pin nixpkgs for k8s and also bypass some issues with the new k8s
startup sequencing.
We also pin the kernel to 5.1.
Next step is to also pin nixpkgs for the rest of the system, I think we
can do it from within cluster-configuration.nix.
2019-05-14 01:45:48 +02:00
informatic
fc514a9b52
cluster/kube/cert-manager: don't add APIService when webhooks are disabled
2019-05-05 12:12:13 +02:00
informatic
b187bf5b2c
cluster/kube/metallb: downgrade to 0.7.3
2019-05-05 12:11:14 +02:00
q3k
ac140b3427
go/svc/invoice: statusz cleanups
...
- Remove internal ID
- Sort by time
2019-05-01 17:11:47 +02:00
q3k
3976e3cee8
go/svc/invoice: refactor
...
We unify calculation logic, move the existing Invoice proto message into
InvoiceData, and create other messages/fields around it to hold
denormalized data.
2019-05-01 15:27:49 +02:00
q3k
57ef6b0d7f
go/svc/invoice: add statusz
2019-05-01 14:08:29 +02:00
q3k
c2d322c504
go/svc/invoice: polishify
2019-05-01 13:14:32 +02:00
q3k
fb18c99df3
go/svc/invoice: import from code.hackerspace.pl/q3k/inboice
2019-05-01 12:27:43 +02:00
q3k
258686cf9a
WORKSPACE: bump gazelle for go 1.12
2019-05-01 12:26:43 +02:00
q3k
a9bb1d5b5b
tools/secretstore: fix decryption of updated secrets
2019-04-28 17:13:12 +02:00
q3k
4232c8b733
nix: bump to new k8s
2019-04-28 17:12:54 +02:00
q3k
b245865087
app/registry: allow anonymous pull access and temporary vms/ push access
2019-04-19 14:41:10 +02:00
q3k
3e59718d3a
WORKSPACE: add bazel docker rules
2019-04-19 14:40:47 +02:00
q3k
321fad9865
cluster/kube/rook: lower debug
2019-04-19 14:14:36 +02:00
q3k
ed2e670c8b
cluster/kube/rook: bump to ceph v14 fully
2019-04-19 13:27:20 +02:00
informatic
56918237ed
cluster: update ceph README
2019-04-09 23:48:33 +02:00
informatic
2c5391b6e6
tools/rook-s3cmd-config: tool to generate s3cmd config from rook.io secrets
2019-04-09 23:30:38 +02:00
informatic
7adc0eb998
app/registry: migrate to ceph object storage
2019-04-09 22:39:42 +02:00
informatic
5ac85c6e73
cluster/kube: refactor rook.io object store configuration
2019-04-09 21:45:32 +02:00
informatic
6da3b288dc
WIP: app/registry: ceph object storage
2019-04-09 13:48:21 +02:00
informatic
e24ccd678c
clustercfg: fix broken admincreds generation
2019-04-09 13:43:54 +02:00
informatic
dc1e5f0cb4
README: update according to new bazel paradigm(tm)
2019-04-09 13:30:28 +02:00
informatic
c10f00b7da
tools/secretstore: decrypt secrets when requesting plaintext path
2019-04-09 13:29:33 +02:00
informatic
598a079f57
clustercfg: extract cfssl handling to separate function
2019-04-09 13:29:33 +02:00
q3k
acd001bf83
tools: add cfssl
2019-04-09 13:17:06 +02:00
q3k
73cef11c85
*: rejigger tls certs and more
...
This pretty large change does the following:
- moves nix from bootstrap.hswaw.net to nix/
- changes clustercfg to use cfssl and moves it to cluster/clustercfg
- changes clustercfg to source information about target location of
certs from nix
- changes clustercfg to push nix config
- changes tls certs to have more than one CA
- recalculates all TLS certs
(it keeps the old serviceaccoutns key, otherwise we end up with
invalid serviceaccounts - the cert doesn't match, but who cares,
it's not used anyway)
2019-04-07 00:06:23 +02:00
q3k
208f005830
go/svc/leasifier: sort returned leases
2019-04-06 01:28:04 +02:00
q3k
a9a266c08c
go/svc/leasifier: fixes, add statusz table
2019-04-06 01:21:25 +02:00
q3k
1affad42e7
go/statusz: factor out load avg to separate file
2019-04-06 01:21:04 +02:00
q3k
3a2a693e0c
WORKSPACE: bump go
2019-04-06 01:20:19 +02:00
q3k
9dc4b68f24
go: add bazel buildfiles, implement leasifier
2019-04-05 23:53:25 +02:00
q3k
efc7928a73
go/vendor: nuke
2019-04-05 23:50:28 +02:00
q3k
6916f7e244
app/toot: start implementing redis
2019-04-04 16:54:00 +02:00
q3k
242152f65e
cluster/kube/lib/metallb: bump memory hoping to prevent crashes
2019-04-04 16:54:00 +02:00
informatic
ac38d5aeb1
app/registry: oauth2 authentication
2019-04-03 08:41:20 +02:00
informatic
6dc4839d74
app/registry: initial docker registry setup
2019-04-02 18:59:37 +02:00
q3k
0f78cea802
Merge branch 'master' of hackerspace.pl:hscloud
2019-04-02 14:45:23 +02:00
q3k
2fd5861d24
cluster: some doc updates
2019-04-02 14:45:17 +02:00
informatic
3187c59a86
cluster/kube: ceph dashboard tls certificates
2019-04-02 14:44:04 +02:00
informatic
2afe604595
cluster/kube: minor cert-manager cleanups, disable webhooks by default
2019-04-02 14:43:34 +02:00
informatic
79ddbc57d9
cluster/kube: initial cert-manager implementation
2019-04-02 13:20:15 +02:00
q3k
5f2dc8530d
toot: wip
2019-04-02 02:36:22 +02:00
q3k
65f3b1d8ab
cluster/kube: add waw-hdd-redundant-1 pool/storageclass
2019-04-02 01:05:38 +02:00
q3k
c6da127d3f
cluster/kube: ceph-waw1 up
2019-04-02 00:06:13 +02:00
q3k
cdfafaf91e
cluster/kube: finish rook operator
2019-04-01 19:16:18 +02:00
q3k
b7fcc67f42
cluster/kube: start implementing rook
2019-04-01 18:40:50 +02:00
q3k
14cbacb81a
cluster/kube/metallb: parametrize address pools
2019-04-01 18:00:44 +02:00