diff options
Diffstat (limited to 'ops/infra/kubernetes/nixery')
| -rw-r--r-- | ops/infra/kubernetes/nixery/config.yaml | 67 | ||||
| -rw-r--r-- | ops/infra/kubernetes/nixery/id_nixery.pub | 1 | ||||
| -rw-r--r-- | ops/infra/kubernetes/nixery/known_hosts | 3 | ||||
| -rw-r--r-- | ops/infra/kubernetes/nixery/secrets.yaml | 18 | ||||
| -rw-r--r-- | ops/infra/kubernetes/nixery/ssh_config | 4 |
5 files changed, 0 insertions, 93 deletions
diff --git a/ops/infra/kubernetes/nixery/config.yaml b/ops/infra/kubernetes/nixery/config.yaml deleted file mode 100644 index 0775e79b5843..000000000000 --- a/ops/infra/kubernetes/nixery/config.yaml +++ /dev/null @@ -1,67 +0,0 @@ -# Deploys an instance of Nixery into the cluster. -# -# The service via which Nixery is exposed has a private DNS entry -# pointing to it, which makes it possible to resolve `nixery.local` -# in-cluster without things getting nasty. ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: nixery - namespace: kube-public - labels: - app: nixery -spec: - replicas: 1 - selector: - matchLabels: - app: nixery - template: - metadata: - labels: - app: nixery - spec: - containers: - - name: nixery - image: eu.gcr.io/tazjins-infrastructure/nixery:{{ .version }} - volumeMounts: - - name: nixery-secrets - mountPath: /var/nixery - env: - - name: BUCKET - value: {{ .bucket}} - - name: PORT - value: "{{ .port }}" - - name: GOOGLE_APPLICATION_CREDENTIALS - value: /var/nixery/gcs-key.json - - name: GCS_SIGNING_KEY - value: /var/nixery/gcs-key.pem - - name: GCS_SIGNING_ACCOUNT - value: {{ .account }} - - name: GIT_SSH_COMMAND - value: 'ssh -F /var/nixery/ssh_config' - - name: NIXERY_PKGS_REPO - value: {{ .repo }} - - name: NIX_POPULARITY_URL - value: 'https://storage.googleapis.com/nixery-layers/popularity/{{ .popularity }}' - volumes: - - name: nixery-secrets - secret: - secretName: nixery-secrets - defaultMode: 256 ---- -apiVersion: v1 -kind: Service -metadata: - name: nixery - namespace: kube-public - annotations: - cloud.google.com/load-balancer-type: "Internal" -spec: - selector: - app: nixery - type: LoadBalancer - ports: - - protocol: TCP - port: 80 - targetPort: 8080 diff --git a/ops/infra/kubernetes/nixery/id_nixery.pub b/ops/infra/kubernetes/nixery/id_nixery.pub deleted file mode 100644 index dc3fd617d0a1..000000000000 --- a/ops/infra/kubernetes/nixery/id_nixery.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCzBM6ydst77jDHNcTFWKD9Fw4SReqyNEEp2MtQBk2wt94U4yLp8MQIuNeOEn1GaDEX4RGCxqai/2UVF1w9ZNdU+v2fXcKWfkKuGQH2XcNfXor2cVNObd40H78++iZiv3nmM/NaEdkTbTBbi925cRy9u5FgItDgsJlyKNRglCb0fr6KlgpvWjL20dp/eeZ8a/gLniHK8PnEsgERQSvJnsyFpxxVhxtoUiyLWpXDl4npf/rQr0eRDf4Q5sN/nbTwksapPHfze8dKcaoA7A2NqT3bJ6DPGrwVCzGRtGw/SXJwFwmmtAl9O6BklpeReyiknSxc+KOtrjDW6O0r6yvymD5Z nixery diff --git a/ops/infra/kubernetes/nixery/known_hosts b/ops/infra/kubernetes/nixery/known_hosts deleted file mode 100644 index 7faf21f69bf8..000000000000 --- a/ops/infra/kubernetes/nixery/known_hosts +++ /dev/null @@ -1,3 +0,0 @@ -github.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ== -140.82.118.4 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ== -[source.developers.google.com]:2022,[172.253.120.82]:2022 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBB5Iy4/cq/gt/fPqe3uyMy4jwv1Alc94yVPxmnwNhBzJqEV5gRPiRk5u4/JJMbbu9QUVAguBABxL7sBZa5PH/xY= diff --git a/ops/infra/kubernetes/nixery/secrets.yaml b/ops/infra/kubernetes/nixery/secrets.yaml deleted file mode 100644 index d9a674d2c9fc..000000000000 --- a/ops/infra/kubernetes/nixery/secrets.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# The secrets below are encrypted using keys stored in Cloud KMS and -# templated in by kontemplate when deploying. -# -# Not all of the values are actually secret (see the matching) ---- -apiVersion: v1 -kind: Secret -metadata: - name: nixery-secrets - namespace: kube-public -type: Opaque -data: - gcs-key.json: {{ passLookup "nixery-gcs-json" | b64enc }} - gcs-key.pem: {{ passLookup "nixery-gcs-pem" | b64enc }} - id_nixery: {{ printf "%s\n" (passLookup "nixery-ssh-private") | b64enc }} - id_nixery.pub: {{ insertFile "id_nixery.pub" | b64enc }} - known_hosts: {{ insertFile "known_hosts" | b64enc }} - ssh_config: {{ insertFile "ssh_config" | b64enc }} diff --git a/ops/infra/kubernetes/nixery/ssh_config b/ops/infra/kubernetes/nixery/ssh_config deleted file mode 100644 index 78afbb0b039d..000000000000 --- a/ops/infra/kubernetes/nixery/ssh_config +++ /dev/null @@ -1,4 +0,0 @@ -Match host * - User tazjin@google.com - IdentityFile /var/nixery/id_nixery - UserKnownHostsFile /var/nixery/known_hosts |