radex
fd505b8154
cluster/kube: add labelmaker namespace and dns
...
Change-Id: I3f2651e2c9528db50f81abb4d3876fa79c6ef3a0
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1896
Reviewed-by: informatic <informatic@hackerspace.pl>
2024-02-02 18:23:52 +00:00
radex
1dd60c3fbd
cluster/kube: add printservant namespace
...
Change-Id: I514a41ffe52c42377370b1b3b43c8679edf23cc6
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1889
Reviewed-by: informatic <informatic@hackerspace.pl>
2024-01-31 19:24:11 +00:00
informatic
3a3b425ddf
app/codehosting: forgejo deployment
...
Change-Id: Icfe6e0b17932a3248e1bdb807f431c59c48430de
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1685
Reviewed-by: q3k <q3k@hackerspace.pl>
2024-01-30 21:16:33 +00:00
patryk
86d9b23743
cluster/kube/k0.libsonnet: add s3 bucket for inventory
...
Change-Id: I44f3ab787e751abd7558e6e91eccb25fc0e5101b
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1844
Reviewed-by: q3k <q3k@hackerspace.pl>
2024-01-24 18:51:09 +00:00
informatic
4e46d5017a
cluster/kube: fix common missing namespace-admin permissions
...
Change-Id: I6ee4ede0b4e9db80559c009a1e86fbd2721f3d05
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1841
Reviewed-by: radex <radex@hackerspace.pl>
2024-01-18 23:47:20 +00:00
viq
3727b27339
cluster/kube/cluster.libsonnet: allow users to list RoleBindings
...
Change-Id: Ifa4289ea8c4d48171bc8ce61150a0c9f736b0fe5
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1835
Reviewed-by: q3k <q3k@hackerspace.pl>
2024-01-08 20:35:59 +00:00
viq
d693a60dc0
cluster/kube/k0.libsonnet: access for viq to monitoring-global-k0
...
Since `ops/monitoring` operates on both `monitoring-cluster` and
`monitoring-global-k0` namespaces, working properly using the tooling
requires access to both.
While there, add access to `monitoring-external-k0` for potential
working with external targets.
Change-Id: I5f37ed306f064ffcced705609aa919b684a46235
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1834
Reviewed-by: informatic <informatic@hackerspace.pl>
2024-01-08 20:35:38 +00:00
viq
bb72db8b86
cluster/kube/k0.libsonnet: allow viq to mess with prometheus
...
This gives viq admin access to monitoring-cluster namespace to be able
to inspect what's already there and try to extend it.
Change-Id: I48eaba8db6cd6868879da33abd93607ed5de2008
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1829
Reviewed-by: q3k <q3k@hackerspace.pl>
2024-01-03 16:42:25 +00:00
radex
304515b58b
bgpwtf/internet: clean up, use unprivileged nginx
...
Change-Id: I6f1291c2facf35f4871283c28a4e6f771a3b5102
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1813
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-12-04 20:33:56 +00:00
radex
4ffc64d97d
kube: add .volume field on PVCs and ConfigMaps
...
Change-Id: I93eec44bd6df4ecb0044a4797faa9bf6fd26802d
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1811
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-12-04 20:33:37 +00:00
radex
7a4c27d28c
kube: clean up (various)
...
Change-Id: Idc11cf70fa7fd0360f63438270748ef1d9bad989
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1810
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-12-04 20:33:31 +00:00
radex
d45584aa6d
kube: clean up SimpleIngress
...
Rename `target_service` to `target` to mirror Service's `target`; rename `extra_paths` to `extraPaths` to follow the camelCase convention used everywhere except for a few places in kube.upstream (assumed to be a mistake)
Change-Id: Icfcb70ef889e3359bf0391c465034817f4b70cce
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1809
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-12-04 20:33:10 +00:00
radex
9da9df6b7a
cluster/kube: admitomatic, admins, owners changes
...
Change-Id: Ia2f167d84cff999c9ab273db16609d1dec740f25
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1801
Reviewed-by: informatic <informatic@hackerspace.pl>
2023-11-26 15:50:57 +00:00
radex
03365c6de1
cluster/kube: group admitomatic, admins entries by category
...
Change-Id: I0405fd894c775314059e382a804994184afb0f64
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1800
Reviewed-by: informatic <informatic@hackerspace.pl>
2023-11-26 15:49:37 +00:00
radex
36964dca3b
kube: clean up PersistentVolumeClaims
...
There's no difference as far as jsonnet is concerned, but it may confuse newbies, as Service and SimpleIngress use double colon for its top-level kube helpers. This also removes any ambiguity as to whether this is manifested in final JSON. So we can make that a convention.
Change-Id: I01ad4ea63f4d5d8ee6e5d41c79637ba186548c6f
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1803
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-11-24 20:37:53 +00:00
radex
8b8f3876a9
kube: add target:: convenience field to Service
...
Change-Id: If69116d93b6074136a36d98973e1aa997e2ebbef
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1802
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-11-24 20:37:48 +00:00
radex
f28cd62c0e
*: Simplify kube.PersistentVolumeClaims
...
Change-Id: I0a3e44de9f1c4db146fd1e493741f5fe381da3ae
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1768
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-11-18 12:36:00 +00:00
q3k
18c27aedca
k0: add dcr03s16 OSDs
...
Change-Id: I654ea780b53970732b735a9f62c7e3ca4d87c088
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1725
Reviewed-by: implr <implr@hackerspace.pl>
2023-11-11 13:55:34 +00:00
radex
934f7d3626
cluster/kube: configure k0 for sourcegraph
...
Change-Id: I8ac3ca1269527faa98ce6949da066eb74f299c2c
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1770
Reviewed-by: implr <implr@hackerspace.pl>
2023-11-03 18:17:08 +00:00
implr
6f1fda4329
cluster/k/l/cockroach: make publicService select *all* nodes
...
Change-Id: I705b89057f9c191eb62771e3683224376b2207a1
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1762
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-11-01 23:30:52 +00:00
q3k
ab2e470bd3
cluster/kube: generate namespaces in NamespaceAdmins
...
Change-Id: I37981a4d8d7cf9b85b9b9ab8cfdfc6c66eaa4453
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1760
Reviewed-by: radex <radex@hackerspace.pl>
2023-10-31 10:52:01 +00:00
radex
a6592b845c
cluster: grant radex access to more namespaces
...
Change-Id: I4f3df51fbc200f1a69ec1225244621e0c724f95b
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1759
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-10-30 21:35:46 +00:00
radex
3fdda9c9a3
hswaw/walne: initial deployment
...
Co-authored-by: Palid <palid@hackerspace.pl>
Change-Id: I7c5ef8a1d310821937c49598c4bd983f80a8fbcb
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1741
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-10-30 21:35:29 +00:00
radex
caf65fcaaf
*: Kill frab, smsgw, toot, covid-formity, voucherchecker
...
Change-Id: I763c758994008db38b47a7e61d3f1b503685aba6
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1750
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-10-30 19:08:23 +00:00
q3k
633fb2e8ce
cluster/admitomatic: deploy
...
Change-Id: Id08c4b428a9c01b310b69396890083f999090928
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1749
Reviewed-by: radex <radex@hackerspace.pl>
2023-10-28 20:12:30 +00:00
radex
f5844311eb
*/kube: Add kube.SimpleIngress
...
Change-Id: Iddcac629b9938f228dd93b32e58bb14606d5c6e5
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1745
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-10-28 17:55:48 +00:00
radex
e36beba34c
cluster/admitomatic: Regexp-based admission rules
...
Change-Id: Ic2b1d6a952dc194c0ee2fa1673ceb91c43799308
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1723
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-10-14 12:21:46 +00:00
radex
0776a79df3
cluster/kube: Centralize namespace admin RoleBindings
...
Change-Id: Iec3505b2f4a1647e67cf47cf189c77534b5be6ac
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1696
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-10-10 17:34:22 +00:00
q3k
63ce423ebb
hswaw/site: post-deploy changes
...
This deploys the changes in Id64cccadcd1e109035ed09f62086772fa615dd72
and I34163bbb62ba792d359a5f5e72de1024c0109eab .
Turns out the site actually serves at new.hackerspace.pl and is being
proxy-passed from boston-packets, as that for legacy reasons still has
to live at hackerspace.pl.
Change-Id: Ieaa3e8b6f9c4ced14db83c121e30c9cbaa416b00
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1700
Reviewed-by: radex <radex@hackerspace.pl>
2023-10-10 06:06:06 +00:00
q3k
6534969549
k0: crdb: remove bc01n02, add dcr03s16
...
Change-Id: I75da414cee50dcdf951cb8968dc56a4873a023fd
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1694
Reviewed-by: implr <implr@hackerspace.pl>
2023-10-09 23:32:17 +00:00
radex
3ca8454555
hswaw/capacifier: migrate deployment away from mirko
...
Change-Id: Ic15945ae0489cfc3026f4cb11123b8e6b575d471
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1688
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-10-09 21:22:55 +00:00
radex
a364934d33
hswaw/site: migrate away from mirko
...
Change-Id: I34163bbb62ba792d359a5f5e72de1024c0109eab
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1631
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-10-09 21:10:10 +00:00
q3k
6e10e46f96
gerrit-qa: deploy
...
A little QA environment, currently without any data populated.
Change-Id: Ifbe5e97f312376ca64222a3754fe6fa29d7fda79
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1643
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-10-09 19:11:02 +00:00
informatic
e4519b1419
cluster-k0/admitomatic: add codehosting-prod
...
Change-Id: If6cd75e2fce73bdc92a3f313f39603616a343fd0
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1684
Reviewed-by: informatic <informatic@hackerspace.pl>
2023-10-08 21:16:39 +00:00
informatic
ba81655145
cluster: cleanup CephObjectStoreUser creation, add codehosting bucket
...
Change-Id: I6f41ef3d4775b52c43953f1133e56e69c4c462b8
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1683
Reviewed-by: informatic <informatic@hackerspace.pl>
2023-10-08 21:16:39 +00:00
radex
b8d4a8a902
ldapweb: migrate from mirko to standalone
...
Change-Id: I169598232b39b99bfd2d4ff3799b44083ba77e84
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1623
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-09-22 21:54:20 +00:00
radex
c2c66bf770
cluster/kube: update admitomatic settings for inventory
...
Change-Id: I62279519f93da338591b1b164878e33027b8f851
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1576
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-08-17 12:39:56 +00:00
q3k
03c2d996a0
cluster: fix prodvider deploy (after new CA)
...
Change-Id: Icbdb5e3ac592e9eac3a033ba50af401b706c3e78
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1541
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-07-24 14:15:46 +00:00
informatic
10384cd394
cluster/registry: fix common namespaces
...
Public pull ACL in the middle had priority over our more specific rules
- moving these to the top fixes common registry namespace ACLs.
Change-Id: Ia6f05cef09c0db4eb71155d2c0e2d9944b81f903
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1522
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-06-19 23:15:37 +00:00
q3k
c1f372561a
cluster/admitomatic: implement opt-out namespaces
...
Change-Id: I32d4b019211fa755e2b3b103b88ea3f4c14e500f
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1521
Reviewed-by: informatic <informatic@hackerspace.pl>
2023-06-19 22:54:33 +00:00
informatic
7e841065b0
*: post-certmanager manifests update
...
Change-Id: I745c850268c31777c5722a9833c8152a55615aed
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1512
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-06-19 21:20:44 +00:00
q3k
3dd3ff5dcd
cluster/cert-manager: update to v1.5.0
...
Change-Id: I7a4cdadc9956141292302bc004d09d6e9e22855e
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1497
Reviewed-by: informatic <informatic@hackerspace.pl>
2023-05-26 10:38:16 +00:00
q3k
57df027f28
cluster/kube: add k0-cert-manager.jsonnet view
...
Change-Id: I4d008839f6d6190d0d88fd3fff44974c4f2db2c0
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1499
Reviewed-by: implr <implr@hackerspace.pl>
2023-04-01 14:58:50 +00:00
q3k
989dfa3183
cluster/kube: add k0-prodvider.jsonnet view
...
Change-Id: I170fbef3008f906c26ed79387858c3c1e4e2e10c
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1496
Reviewed-by: implr <implr@hackerspace.pl>
2023-04-01 13:54:49 +00:00
q3k
7572f0790c
k0: add disks
...
Already deployed, now rebalancing.
Change-Id: I536a063bc346effd07a1700aeffe598cc35f6f7a
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1493
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-04-01 11:21:54 +00:00
q3k
073d850a95
cluster/prodvider: redeploy
...
Change-Id: I7a6cce06bb7c2f495d5354d3a2bebef64e307e42
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1491
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-04-01 11:18:25 +00:00
q3k
3a6d67e0c4
cluster/prodvider: rewrite against x509 lib for ed25519 support
...
This gets rid of cfssl for the kubernetes bits of prodvider, instead
using plain crypto/x509. This also allows to support our new fancy
ED25519 CA.
Change-Id: If677b3f4523014f56ea802b87499d1c0eb6d92e9
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1489
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-03-31 22:53:59 +00:00
q3k
712a5dc3e3
cluster: add bc01n05.hswaw.net
...
This will be our postgres pet machine.
Change-Id: Ifff6648394ca6407fb5b5daa853f4abc42541703
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1467
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-03-04 22:26:46 +00:00
implr
0156ab24ca
cluster/kube/k0: remove implr-spark bucket, add implr bucket
...
the spark one has been an abandoned experiment from years ago, and
I could use a personal one right now
Change-Id: I78a706c3371d441b2f8460fd796d0cfd9a198cc6
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1464
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-02-26 16:41:23 +00:00
implr
0173f501d7
cockroach: v20.2 -> v21.1
...
Following https://www.cockroachlabs.com/docs/v21.1/upgrade-cockroach-version?filters=linux
--logtostderr is deprecated/removed, but AFAICT from the default config
it will still log there: https://www.cockroachlabs.com/docs/v21.1/configure-logs#default-logging-configuration
Change-Id: I7fb3f835693f955b37de24dc581140ea34b11630
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1461
Reviewed-by: q3k <q3k@hackerspace.pl>
2023-01-30 21:16:42 +00:00