| commit | 9f0e1e88f18a98c734902e3e9f1d79069893bce6 | [log] [tgz] |
|---|---|---|
| author | Serge Bazanski <q3k@hackerspace.pl> | Fri Mar 31 22:36:54 2023 +0000 |
| committer | q3k <q3k@hackerspace.pl> | Mon Jun 19 22:23:52 2023 +0000 |
| tree | e17324558be92f8004059a5853c35e3885493704 | |
| parent | a03b60b3109aab2435d193304599e791c818a8ad [diff] |
cluster/clustercfg: rewrite it in Go
This replaces the old clustercfg script with a brand spanking new
mostly-equivalent Go reimplementation. But it's not exactly the same,
here are the differences:
1. No cluster deployment logic anymore - we expect everyone to use ops/
machine at this point.
2. All certs/keys are Ed25519 and do not expire by default - but
support for short-lived certificates is there, and is actually more
generic and reusable. Currently it's only used for admincreds.
3. Speaking of admincreds: the new admincreds automatically figure out
your username.
4. admincreds also doesn't shell out to kubectl anymore, and doesn't
override your default context. The generated creds can live
peacefully alongside your normal prodaccess creds.
5. gencerts (the new nodestrap without deployment support) now
automatically generates certs for all nodes, based on local Nix
modules in ops/.
6. No secretstore support. This will be changed once we rebuild
secretstore in Go. For now users are expected to manually run
secretstore sync on cluster/secrets.
Change-Id: Ida935f44e04fd933df125905eee10121ac078495
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1498
Reviewed-by: q3k <q3k@hackerspace.pl>
- cluster/clustercfg/BUILD[diff]
- cluster/clustercfg/ca.py[Deleted - diff]
- cluster/clustercfg/certs/BUILD.bazel[Added - diff]
- cluster/clustercfg/certs/certs.go[Added - diff]
- cluster/clustercfg/certs/generator.go[Added - diff]
- cluster/clustercfg/certs/x509.go[Added - diff]
- cluster/clustercfg/clustercfg.py[Deleted - diff]
- cluster/clustercfg/cmd_admincreds.go[Added - diff]
- cluster/clustercfg/cmd_gencerts.go[Added - diff]
- cluster/clustercfg/main.go[Added - diff]
- cluster/doc/admin.md[diff]
- ops/exports.nix[Added - diff]
- ops/monitoring/lib/cluster.libsonnet[diff]
13 files changed
tree: e17324558be92f8004059a5853c35e3885493704
- app/
- bgpwtf/
- bzl/
- cluster/
- dc/
- devtools/
- doc/
- games/
- gcp/
- go/
- hswaw/
- kube/
- nix/
- ops/
- personal/
- third_party/
- tools/
- .bazelrc
- .gitignore
- BUILD
- ci_presubmit.sh
- COPYING
- default.nix
- env.fish
- env.sh
- hackdoc.toml
- OWNERS
- README.md
- shell.nix
- WORKSPACE
README.md
hscloud is the main monorepo of the Warsaw Hackerspace infrastructure code.
Getting started
See //doc/codelabs for tutorials on how to use hscloud.
If you want to browse the source of hscloud in a web browser, use cs.hackerspace.pl.
If you want some other help, talk to q3k, informatic or your therapist.
Directory Structure
Directories you should care about:
- app: external services that we host that are somewhat universal: matrix, covid-formity, etc.
- bgpwtf: code related to our little ISP
- cluster: code related to our Kubernetes cluster (
k0.hswaw.net) - dc: code related to datacenter automation
- devtools: code related to developer tooling, like gerrit or hackdoc
- doc: high-level documentation that doesn't fit anywhere else, ie. codelabs
- hswaw: Warsaw Hackerspace specific/internal services. The line between this and app is unfortunately blurry.
- personal: user's personal (experimental) directories
- kube, go: code specific to languages but general to the whole of hscloud
Licensing
Unless noted otherwise, code in hscloud is licensed under the BSD 0-clause license - see COPYING.