This is purely for consistency. While it's objectively more "magic" than the previous convention, newcomers may be asking themselves how come namespace is passed to kube objects using ns.Contain(), but to these custom objects via cfg.namespace.
Change-Id: I061c27c74213d5481b2c7e0afd5f316e84335786
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1808
Reviewed-by: q3k <q3k@hackerspace.pl>
Declare options when creating postgres {}, then pass env by taking from postgres's cfg and svc. This is both to reduce chance of making a mistake, and to improve copy-pasteability of jsonnets
Change-Id: Ief16a6825af64795f3b10e1e617b96c3d1c2a578
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1807
Reviewed-by: q3k <q3k@hackerspace.pl>
Introduce a convention of declaring a secretsRefs:: object below cfg:: for containing all secretKeyRefs. The goal is to self-document all secrets that need to be created in order to deploy a service
Change-Id: I3a990d54f65a288f5e748262c576d2a120efd815
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1806
Reviewed-by: q3k <q3k@hackerspace.pl>
A convention is introduced to specify `local top = self` declaration at the top of an app/service/component's jsonnet, representing the top-level object. Reasoning is as following:
- `top` is more universal/unambiguous than `app`
- `top` is usually shorter than $NAME
- a conventional `top` instead of $NAME (coupled with other conventions introduced) makes app jsonnets wonderfully copy-paste'able, aiding in learning and quickly building
Change-Id: I7ece83ce7e97021ad98a6abb3500fb9839936811
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1805
Reviewed-by: q3k <q3k@hackerspace.pl>
A convention is introduced to specify the kube.Namespace object in a deployment as a `local ns` instead of an `ns:` or a `namespace:` for these reasons:
- non-cluster admins cannot create new namespaces, and we've been moving in the direction of specifying objects that require cluster admin permissions to apply (policies, role bindings) in //cluster/kube/k0 instead of in the app jsonnet
- namespace admins CAN delete the namespace, making `kubecfg delete` unexpectedly dangerous (especially if a namespace contains more than just the contents of the file being applied - common with personal namespaces)
- `.Contain()` is a common operation, and it shows up in lines that are pretty long, so `ns.Contain()` is preferable to `app.ns.Contain()` or `service.namespace.Contain()`
Change-Id: Ie4ea825376dbf6faa175179054f3ee3de2253ae0
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1804
Reviewed-by: q3k <q3k@hackerspace.pl>
There's no difference as far as jsonnet is concerned, but it may confuse newbies, as Service and SimpleIngress use double colon for its top-level kube helpers. This also removes any ambiguity as to whether this is manifested in final JSON. So we can make that a convention.
Change-Id: I01ad4ea63f4d5d8ee6e5d41c79637ba186548c6f
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1803
Reviewed-by: q3k <q3k@hackerspace.pl>
A little QA environment, currently without any data populated.
Change-Id: Ifbe5e97f312376ca64222a3754fe6fa29d7fda79
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1643
Reviewed-by: q3k <q3k@hackerspace.pl>
This involved messing with both of our source-built plugins (owners and
oauth).
The main issue seems to have been the desync between Jackson as
requested by different plugins. Jackson is split into multiple Maven
packages, and they all have to be the same version to work together. The
oauth plugin was requesting only part of it, and these parts were
incompatible with the parts that the owners plugin requested.
In addition, we have to make the owners plugin include more bits of
Jackson.
Without these changes, we would get runtime
`java.lang.NoClassDefFoundError: com/fasterxml/jackson/...` errors,
which were a symptom of Jackson either not being included fully into the
plugin's JAR, or a mixup between Jackson component/package versions.
While we're at it, we remove the broken theming attempt.
Change-Id: I26531818a395de2a8bb6054d2583881fd1d5b806
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1642
Reviewed-by: q3k <q3k@hackerspace.pl>
This has been deployed already.
Technically depends on I26531818a395de2a8bb6054d2583881fd1d5b806 as this
has been deployed on top of that.
Change-Id: I1b8d453d04f3a9a5435ae0dd6575f82d9ca10db7
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1681
Reviewed-by: informatic <informatic@hackerspace.pl>
This should somewhat temporarily fix gerrit outright dying (ie. refusing
to accept any new http connections) for no reason once in a while.
Change-Id: Ie0dfcab020945d17010c012ecfae19f4c8c5c374
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1601
Reviewed-by: q3k <q3k@hackerspace.pl>
This is a mega-change, but attempting to split this up further is
probably not worth the effort.
Summary:
1. Bump up bazel, rules_go, and others.
2. Switch to new go target naming (bye bye go_default_library)
3. Move go deps to go.mod/go.sum, use make gazelle generate from that
4. Bump up Python deps a bit
And also whatever was required to actually get things to work - loads of
small useless changes.
Tested to work on NixOS and Ubuntu 20.04:
$ bazel build //...
$ bazel test //...
Change-Id: I8364bdaa1406b9ae4d0385a6b607f3e7989f98a9
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1583
Reviewed-by: q3k <q3k@hackerspace.pl>
This is a first pass at a Bazel remote cache. It notably does not yet do
any authentication, upload limits or garbage collection.
We won't be deploying it to prod until these are done.
Change-Id: I70a89dbe8b3ec933b2ce82e234a969e8337ba1d9
Gerrit 3.3.1 seems to have introduced a bug which makes the reviewers
column in the dashboard entry: https://bugs.chromium.org/p/gerrit/issues/detail?id=13899
This adds an override of gerrit.war to our Docker containers. The .war
is pulled over HTTP. It has been manually built by q3k from a source
checkout. The details on how this was done are in the WORKSPACE
http_file archive.
Once 3.3.3 lands we should get rid of it.
Change-Id: I8b64103cb87d8b185ff35165695a18cb19fea523
It used to be at 128Mi, which is a bit small considering this clones
hscloud into memory.
This is a quick fix, a better thing to do would be to have some storage
for depotview to clone into, instead of serving fully from RAM.
Change-Id: I619d39a0d61f5de9bdeef1f46262c78ea33a19fc
It reached the stage of being crapped out so much that the OSDs spurious
IOPS killed the performance of disks colocated on the same M610 RAID
controllers. This made etcd _very_ slow, to the point of churning
through re-elections due to timeouts.
etcd/apiserver latencies, observe the difference at ~15:38:
https://object.ceph-waw3.hswaw.net/q3k-personal/4fbe8d4cfc8193cad307d487371b4e44358b931a7494aa88aff50b13fae9983c.png
I moved gerrit/* and matrix/appservice-irc-freenode PVCs to ceph-waw3 by
hand. The rest were non-critical so I removed them, they can be
recovered from benji backups if needed.
Change-Id: Iffbe87aefc06d8324a82b958a579143b7dd9914c
There's an issue with the registry that forbids me from pushing into
anything but my personal namespace - might have been introduced by
0697e01144 . For now, I move the hackdoc
image to my personal namespace, as at some point in the future I want to
revamp the registry system, anyway.
We also drive-by fix a mirko.libsonnet typo that, for some reason,
hasn't manifested itself yet.
Change-Id: I8544e4a52610fb84c5c9d8b0de449f785248f60f