A convention is introduced to specify `local top = self` declaration at the top of an app/service/component's jsonnet, representing the top-level object. Reasoning is as following:
- `top` is more universal/unambiguous than `app`
- `top` is usually shorter than $NAME
- a conventional `top` instead of $NAME (coupled with other conventions introduced) makes app jsonnets wonderfully copy-paste'able, aiding in learning and quickly building
Change-Id: I7ece83ce7e97021ad98a6abb3500fb9839936811
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1805
Reviewed-by: q3k <q3k@hackerspace.pl>
A convention is introduced to specify the kube.Namespace object in a deployment as a `local ns` instead of an `ns:` or a `namespace:` for these reasons:
- non-cluster admins cannot create new namespaces, and we've been moving in the direction of specifying objects that require cluster admin permissions to apply (policies, role bindings) in //cluster/kube/k0 instead of in the app jsonnet
- namespace admins CAN delete the namespace, making `kubecfg delete` unexpectedly dangerous (especially if a namespace contains more than just the contents of the file being applied - common with personal namespaces)
- `.Contain()` is a common operation, and it shows up in lines that are pretty long, so `ns.Contain()` is preferable to `app.ns.Contain()` or `service.namespace.Contain()`
Change-Id: Ie4ea825376dbf6faa175179054f3ee3de2253ae0
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1804
Reviewed-by: q3k <q3k@hackerspace.pl>
There's no difference as far as jsonnet is concerned, but it may confuse newbies, as Service and SimpleIngress use double colon for its top-level kube helpers. This also removes any ambiguity as to whether this is manifested in final JSON. So we can make that a convention.
Change-Id: I01ad4ea63f4d5d8ee6e5d41c79637ba186548c6f
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1803
Reviewed-by: q3k <q3k@hackerspace.pl>
This is a mega-change, but attempting to split this up further is
probably not worth the effort.
Summary:
1. Bump up bazel, rules_go, and others.
2. Switch to new go target naming (bye bye go_default_library)
3. Move go deps to go.mod/go.sum, use make gazelle generate from that
4. Bump up Python deps a bit
And also whatever was required to actually get things to work - loads of
small useless changes.
Tested to work on NixOS and Ubuntu 20.04:
$ bazel build //...
$ bazel test //...
Change-Id: I8364bdaa1406b9ae4d0385a6b607f3e7989f98a9
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1583
Reviewed-by: q3k <q3k@hackerspace.pl>
q3k uses this to give access to someone who plays on the valheim server
so that they can get logs / restart things / etc.
Change-Id: If205709142d386c460eeb835829888957d28a654
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1442
Reviewed-by: patryk <patryk@hackerspace.pl>
This makes the server fully configurable, and adds the contents of
example JSON configs as the defaults for all servers.
Change-Id: I8ff3e66a586a9db3acb9721810c8c5aa13072b4b
This moves all the proxy Kube resources to proxy.libsonnet.
Effect is a zero diff against prod:
$ kubecfg diff --diff-strategy=subset prod.jsonnet
[...]
namespaces factorio unchanged
[...]
deployments factorio.proxy unchanged
[...]
services factorio.proxy unchanged
[...]
persistentvolumeclaims factorio.proxy-cas unchanged
Change-Id: I9c6281e836f7b78373aad21120340994e801f8b4
This will create the following:
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
annotations: {}
labels:
name: sso-admins
name: sso:admins
namespace: valheim
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:admin-namespace
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: User
name: patryk@hackerspace.pl
- apiGroup: rbac.authorization.k8s.io
kind: User
name: palid@hackerspace.pl
It's not enough to allow palid to use kubecfg (as we use a secretstore
secret in this jsonnet), but at least to manually restart the server via
kubectl, which is needed to update the game.
Change-Id: I6cb42ca87c9a78bbe34957f2c5e23acd2efe3423
This creates a valheim game server, using a public image but slightly
nerfing it to be able to run it unprivileged.
We also deploy our first server. The password is Well Known To Those
Versed In Hackerspace Lore.
Change-Id: Ic24262a3b02d3c17d2f00aa2967e240ea4eee7fb
This adds a mod proxy system, called, well, modproxy.
It sits between Factorio server instances and the Factorio mod portal,
allowing for arbitrary mod download without needing the servers to know
Factorio credentials.
Change-Id: I7bc405a25b6f9559cae1f23295249f186761f212