hswaw
/
hscloud
mirror of https://gerrit.hackerspace.pl/hscloud
4
0
Fork 2
Code Actions
1,346 Commits
2 Branches
0 Tags
55 MiB
Commit Graph

191 Commits (fd505b8154e307ca23a0cb9eef8574c40e1f6bd3)

Author SHA1 Message Date
radex fd505b8154 cluster/kube: add labelmaker namespace and dns 
Change-Id: I3f2651e2c9528db50f81abb4d3876fa79c6ef3a0
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1896
Reviewed-by: informatic <informatic@hackerspace.pl>
 2024-02-02 18:23:52 +00:00
radex 1dd60c3fbd cluster/kube: add printservant namespace 
Change-Id: I514a41ffe52c42377370b1b3b43c8679edf23cc6
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1889
Reviewed-by: informatic <informatic@hackerspace.pl>
 2024-01-31 19:24:11 +00:00
informatic 3a3b425ddf app/codehosting: forgejo deployment 
Change-Id: Icfe6e0b17932a3248e1bdb807f431c59c48430de
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1685
Reviewed-by: q3k <q3k@hackerspace.pl>
 2024-01-30 21:16:33 +00:00
patryk 86d9b23743 cluster/kube/k0.libsonnet: add s3 bucket for inventory 
Change-Id: I44f3ab787e751abd7558e6e91eccb25fc0e5101b
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1844
Reviewed-by: q3k <q3k@hackerspace.pl>
 2024-01-24 18:51:09 +00:00
informatic 4e46d5017a cluster/kube: fix common missing namespace-admin permissions 
Change-Id: I6ee4ede0b4e9db80559c009a1e86fbd2721f3d05
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1841
Reviewed-by: radex <radex@hackerspace.pl>
 2024-01-18 23:47:20 +00:00
viq 3727b27339 cluster/kube/cluster.libsonnet: allow users to list RoleBindings 
Change-Id: Ifa4289ea8c4d48171bc8ce61150a0c9f736b0fe5
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1835
Reviewed-by: q3k <q3k@hackerspace.pl>
 2024-01-08 20:35:59 +00:00
viq d693a60dc0 cluster/kube/k0.libsonnet: access for viq to monitoring-global-k0 
Since `ops/monitoring` operates on both `monitoring-cluster` and
`monitoring-global-k0` namespaces, working properly using the tooling
requires access to both.
While there, add access to `monitoring-external-k0` for potential
working with external targets.

Change-Id: I5f37ed306f064ffcced705609aa919b684a46235
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1834
Reviewed-by: informatic <informatic@hackerspace.pl>
 2024-01-08 20:35:38 +00:00
viq bb72db8b86 cluster/kube/k0.libsonnet: allow viq to mess with prometheus 
This gives viq admin access to monitoring-cluster namespace to be able
to inspect what's already there and try to extend it.

Change-Id: I48eaba8db6cd6868879da33abd93607ed5de2008
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1829
Reviewed-by: q3k <q3k@hackerspace.pl>
 2024-01-03 16:42:25 +00:00
radex 304515b58b bgpwtf/internet: clean up, use unprivileged nginx 
Change-Id: I6f1291c2facf35f4871283c28a4e6f771a3b5102
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1813
Reviewed-by: q3k <q3k@hackerspace.pl>
 2023-12-04 20:33:56 +00:00
radex 4ffc64d97d kube: add .volume field on PVCs and ConfigMaps 
Change-Id: I93eec44bd6df4ecb0044a4797faa9bf6fd26802d
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1811
Reviewed-by: q3k <q3k@hackerspace.pl>
 2023-12-04 20:33:37 +00:00
radex 7a4c27d28c kube: clean up (various) 
Change-Id: Idc11cf70fa7fd0360f63438270748ef1d9bad989
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1810
Reviewed-by: q3k <q3k@hackerspace.pl>
 2023-12-04 20:33:31 +00:00
radex d45584aa6d kube: clean up SimpleIngress 
Rename `target_service` to `target` to mirror Service's `target`; rename `extra_paths` to `extraPaths` to follow the camelCase convention used everywhere except for a few places in kube.upstream (assumed to be a mistake)

Change-Id: Icfcb70ef889e3359bf0391c465034817f4b70cce
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1809
Reviewed-by: q3k <q3k@hackerspace.pl>
 2023-12-04 20:33:10 +00:00
radex 9da9df6b7a cluster/kube: admitomatic, admins, owners changes 
Change-Id: Ia2f167d84cff999c9ab273db16609d1dec740f25
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1801
Reviewed-by: informatic <informatic@hackerspace.pl>
 2023-11-26 15:50:57 +00:00
radex 03365c6de1 cluster/kube: group admitomatic, admins entries by category 
Change-Id: I0405fd894c775314059e382a804994184afb0f64
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1800
Reviewed-by: informatic <informatic@hackerspace.pl>
 2023-11-26 15:49:37 +00:00
radex 36964dca3b kube: clean up PersistentVolumeClaims 
There's no difference as far as jsonnet is concerned, but it may confuse newbies, as Service and SimpleIngress use double colon for its top-level kube helpers. This also removes any ambiguity as to whether this is manifested in final JSON. So we can make that a convention.

Change-Id: I01ad4ea63f4d5d8ee6e5d41c79637ba186548c6f
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1803
Reviewed-by: q3k <q3k@hackerspace.pl>
 2023-11-24 20:37:53 +00:00
radex 8b8f3876a9 kube: add target:: convenience field to Service 
Change-Id: If69116d93b6074136a36d98973e1aa997e2ebbef
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1802
Reviewed-by: q3k <q3k@hackerspace.pl>
 2023-11-24 20:37:48 +00:00
radex f28cd62c0e *: Simplify kube.PersistentVolumeClaims 
Change-Id: I0a3e44de9f1c4db146fd1e493741f5fe381da3ae
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1768
Reviewed-by: q3k <q3k@hackerspace.pl>
 2023-11-18 12:36:00 +00:00
q3k 18c27aedca k0: add dcr03s16 OSDs 
Change-Id: I654ea780b53970732b735a9f62c7e3ca4d87c088
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1725
Reviewed-by: implr <implr@hackerspace.pl>
 2023-11-11 13:55:34 +00:00
radex 934f7d3626 cluster/kube: configure k0 for sourcegraph 
Change-Id: I8ac3ca1269527faa98ce6949da066eb74f299c2c
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1770
Reviewed-by: implr <implr@hackerspace.pl>
 2023-11-03 18:17:08 +00:00
implr 6f1fda4329 cluster/k/l/cockroach: make publicService select *all* nodes 
Change-Id: I705b89057f9c191eb62771e3683224376b2207a1
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1762
Reviewed-by: q3k <q3k@hackerspace.pl>
 2023-11-01 23:30:52 +00:00
q3k ab2e470bd3 cluster/kube: generate namespaces in NamespaceAdmins 
Change-Id: I37981a4d8d7cf9b85b9b9ab8cfdfc6c66eaa4453
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1760
Reviewed-by: radex <radex@hackerspace.pl>
 2023-10-31 10:52:01 +00:00
radex a6592b845c cluster: grant radex access to more namespaces 
Change-Id: I4f3df51fbc200f1a69ec1225244621e0c724f95b
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1759
Reviewed-by: q3k <q3k@hackerspace.pl>
 2023-10-30 21:35:46 +00:00
radex 3fdda9c9a3 hswaw/walne: initial deployment 
Co-authored-by: Palid <palid@hackerspace.pl>
Change-Id: I7c5ef8a1d310821937c49598c4bd983f80a8fbcb
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1741
Reviewed-by: q3k <q3k@hackerspace.pl>
 2023-10-30 21:35:29 +00:00
radex caf65fcaaf *: Kill frab, smsgw, toot, covid-formity, voucherchecker 
Change-Id: I763c758994008db38b47a7e61d3f1b503685aba6
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1750
Reviewed-by: q3k <q3k@hackerspace.pl>
 2023-10-30 19:08:23 +00:00
q3k 633fb2e8ce cluster/admitomatic: deploy 
Change-Id: Id08c4b428a9c01b310b69396890083f999090928
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1749
Reviewed-by: radex <radex@hackerspace.pl>
 2023-10-28 20:12:30 +00:00
radex f5844311eb */kube: Add kube.SimpleIngress 
Change-Id: Iddcac629b9938f228dd93b32e58bb14606d5c6e5
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1745
Reviewed-by: q3k <q3k@hackerspace.pl>
 2023-10-28 17:55:48 +00:00
radex e36beba34c cluster/admitomatic: Regexp-based admission rules 
Change-Id: Ic2b1d6a952dc194c0ee2fa1673ceb91c43799308
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1723
Reviewed-by: q3k <q3k@hackerspace.pl>
 2023-10-14 12:21:46 +00:00
radex 0776a79df3 cluster/kube: Centralize namespace admin RoleBindings 
Change-Id: Iec3505b2f4a1647e67cf47cf189c77534b5be6ac
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1696
Reviewed-by: q3k <q3k@hackerspace.pl>
 2023-10-10 17:34:22 +00:00
q3k 63ce423ebb hswaw/site: post-deploy changes 
This deploys the changes in Id64cccadcd1e109035ed09f62086772fa615dd72
and I34163bbb62ba792d359a5f5e72de1024c0109eab .

Turns out the site actually serves at new.hackerspace.pl and is being
proxy-passed from boston-packets, as that for legacy reasons still has
to live at hackerspace.pl.

Change-Id: Ieaa3e8b6f9c4ced14db83c121e30c9cbaa416b00
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1700
Reviewed-by: radex <radex@hackerspace.pl>
 2023-10-10 06:06:06 +00:00
q3k 6534969549 k0: crdb: remove bc01n02, add dcr03s16 
Change-Id: I75da414cee50dcdf951cb8968dc56a4873a023fd
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1694
Reviewed-by: implr <implr@hackerspace.pl>
 2023-10-09 23:32:17 +00:00
radex 3ca8454555 hswaw/capacifier: migrate deployment away from mirko 
Change-Id: Ic15945ae0489cfc3026f4cb11123b8e6b575d471
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1688
Reviewed-by: q3k <q3k@hackerspace.pl>
 2023-10-09 21:22:55 +00:00
radex a364934d33 hswaw/site: migrate away from mirko 
Change-Id: I34163bbb62ba792d359a5f5e72de1024c0109eab
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1631
Reviewed-by: q3k <q3k@hackerspace.pl>
 2023-10-09 21:10:10 +00:00
q3k 6e10e46f96 gerrit-qa: deploy 
A little QA environment, currently without any data populated.

Change-Id: Ifbe5e97f312376ca64222a3754fe6fa29d7fda79
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1643
Reviewed-by: q3k <q3k@hackerspace.pl>
 2023-10-09 19:11:02 +00:00
informatic e4519b1419 cluster-k0/admitomatic: add codehosting-prod 
Change-Id: If6cd75e2fce73bdc92a3f313f39603616a343fd0
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1684
Reviewed-by: informatic <informatic@hackerspace.pl>
 2023-10-08 21:16:39 +00:00
informatic ba81655145 cluster: cleanup CephObjectStoreUser creation, add codehosting bucket 
Change-Id: I6f41ef3d4775b52c43953f1133e56e69c4c462b8
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1683
Reviewed-by: informatic <informatic@hackerspace.pl>
 2023-10-08 21:16:39 +00:00
radex b8d4a8a902 ldapweb: migrate from mirko to standalone 
Change-Id: I169598232b39b99bfd2d4ff3799b44083ba77e84
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1623
Reviewed-by: q3k <q3k@hackerspace.pl>
 2023-09-22 21:54:20 +00:00
radex c2c66bf770 cluster/kube: update admitomatic settings for inventory 
Change-Id: I62279519f93da338591b1b164878e33027b8f851
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1576
Reviewed-by: q3k <q3k@hackerspace.pl>
 2023-08-17 12:39:56 +00:00
q3k 03c2d996a0 cluster: fix prodvider deploy (after new CA) 
Change-Id: Icbdb5e3ac592e9eac3a033ba50af401b706c3e78
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1541
Reviewed-by: q3k <q3k@hackerspace.pl>
 2023-07-24 14:15:46 +00:00
informatic 10384cd394 cluster/registry: fix common namespaces 
Public pull ACL in the middle had priority over our more specific rules
- moving these to the top fixes common registry namespace ACLs.

Change-Id: Ia6f05cef09c0db4eb71155d2c0e2d9944b81f903
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1522
Reviewed-by: q3k <q3k@hackerspace.pl>
 2023-06-19 23:15:37 +00:00
q3k c1f372561a cluster/admitomatic: implement opt-out namespaces 
Change-Id: I32d4b019211fa755e2b3b103b88ea3f4c14e500f
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1521
Reviewed-by: informatic <informatic@hackerspace.pl>
 2023-06-19 22:54:33 +00:00
informatic 7e841065b0 *: post-certmanager manifests update 
Change-Id: I745c850268c31777c5722a9833c8152a55615aed
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1512
Reviewed-by: q3k <q3k@hackerspace.pl>
 2023-06-19 21:20:44 +00:00
q3k 3dd3ff5dcd cluster/cert-manager: update to v1.5.0 
Change-Id: I7a4cdadc9956141292302bc004d09d6e9e22855e
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1497
Reviewed-by: informatic <informatic@hackerspace.pl>
 2023-05-26 10:38:16 +00:00
q3k 57df027f28 cluster/kube: add k0-cert-manager.jsonnet view 
Change-Id: I4d008839f6d6190d0d88fd3fff44974c4f2db2c0
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1499
Reviewed-by: implr <implr@hackerspace.pl>
 2023-04-01 14:58:50 +00:00
q3k 989dfa3183 cluster/kube: add k0-prodvider.jsonnet view 
Change-Id: I170fbef3008f906c26ed79387858c3c1e4e2e10c
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1496
Reviewed-by: implr <implr@hackerspace.pl>
 2023-04-01 13:54:49 +00:00
q3k 7572f0790c k0: add disks 
Already deployed, now rebalancing.

Change-Id: I536a063bc346effd07a1700aeffe598cc35f6f7a
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1493
Reviewed-by: q3k <q3k@hackerspace.pl>
 2023-04-01 11:21:54 +00:00
q3k 073d850a95 cluster/prodvider: redeploy 
Change-Id: I7a6cce06bb7c2f495d5354d3a2bebef64e307e42
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1491
Reviewed-by: q3k <q3k@hackerspace.pl>
 2023-04-01 11:18:25 +00:00
q3k 3a6d67e0c4 cluster/prodvider: rewrite against x509 lib for ed25519 support 
This gets rid of cfssl for the kubernetes bits of prodvider, instead
using plain crypto/x509. This also allows to support our new fancy
ED25519 CA.

Change-Id: If677b3f4523014f56ea802b87499d1c0eb6d92e9
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1489
Reviewed-by: q3k <q3k@hackerspace.pl>
 2023-03-31 22:53:59 +00:00
q3k 712a5dc3e3 cluster: add bc01n05.hswaw.net 
This will be our postgres pet machine.

Change-Id: Ifff6648394ca6407fb5b5daa853f4abc42541703
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1467
Reviewed-by: q3k <q3k@hackerspace.pl>
 2023-03-04 22:26:46 +00:00
implr 0156ab24ca cluster/kube/k0: remove implr-spark bucket, add implr bucket 
the spark one has been an abandoned experiment from years ago, and
I could use a personal one right now

Change-Id: I78a706c3371d441b2f8460fd796d0cfd9a198cc6
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1464
Reviewed-by: q3k <q3k@hackerspace.pl>
 2023-02-26 16:41:23 +00:00
implr 0173f501d7 cockroach: v20.2 -> v21.1 
Following https://www.cockroachlabs.com/docs/v21.1/upgrade-cockroach-version?filters=linux
--logtostderr is deprecated/removed, but AFAICT from the default config
it will still log there: https://www.cockroachlabs.com/docs/v21.1/configure-logs#default-logging-configuration

Change-Id: I7fb3f835693f955b37de24dc581140ea34b11630
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1461
Reviewed-by: q3k <q3k@hackerspace.pl>
 2023-01-30 21:16:42 +00:00