about summary refs log tree commit diff
path: root/ops/infra/kubernetes
diff options
context:
space:
mode:
Diffstat (limited to 'ops/infra/kubernetes')
-rw-r--r--ops/infra/kubernetes/cgit/config.yaml80
-rw-r--r--ops/infra/kubernetes/gemma/config.lisp19
-rw-r--r--ops/infra/kubernetes/https-cert/cert.yaml8
-rw-r--r--ops/infra/kubernetes/https-lb/ingress.yaml43
-rw-r--r--ops/infra/kubernetes/nginx/nginx.conf59
-rw-r--r--ops/infra/kubernetes/nginx/nginx.yaml60
-rw-r--r--ops/infra/kubernetes/nixery/config.yaml67
-rw-r--r--ops/infra/kubernetes/nixery/id_nixery.pub1
-rw-r--r--ops/infra/kubernetes/nixery/known_hosts3
-rw-r--r--ops/infra/kubernetes/nixery/secrets.yaml18
-rw-r--r--ops/infra/kubernetes/nixery/ssh_config4
-rw-r--r--ops/infra/kubernetes/primary-cluster.yaml38
-rw-r--r--ops/infra/kubernetes/website/config.yaml37
13 files changed, 0 insertions, 437 deletions
diff --git a/ops/infra/kubernetes/cgit/config.yaml b/ops/infra/kubernetes/cgit/config.yaml
deleted file mode 100644
index 73392adaad81..000000000000
--- a/ops/infra/kubernetes/cgit/config.yaml
+++ /dev/null
@@ -1,80 +0,0 @@
----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: gcsr-secrets
-type: Opaque
-data:
-  username: "Z2l0LXRhemppbi5nbWFpbC5jb20="
-  # This credential is a GCSR 'gitcookie' token.
-  password: '{{ passLookup "gcsr-tazjin-password" | b64enc }}'
-  # This credential is an OAuth token for builds.sr.ht
-  sourcehut: '{{ passLookup "sr.ht-token" | b64enc }}'
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: cgit
-  labels:
-    app: cgit
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: cgit
-  template:
-    metadata:
-      labels:
-        app: cgit
-    spec:
-      securityContext:
-        runAsUser: 1000
-        runAsGroup: 1000
-        fsGroup: 1000
-      containers:
-      - name: cgit
-        image: nixery.local/shell/web.cgit-taz:{{ gitHEAD }}
-        command: [ "cgit-launch" ]
-        env:
-          - name: HOME
-            value: /git
-        volumeMounts:
-          - name: git-volume
-            mountPath: /git
-      - name: sync-gcsr
-        image: nixery.local/shell/ops.sync-gcsr:{{ gitHEAD }}
-        command: [ "sync-gcsr" ]
-        env:
-          - name: SYNC_USER
-            valueFrom:
-              secretKeyRef:
-                name: gcsr-secrets
-                key: username
-          - name: SYNC_PASS
-            valueFrom:
-              secretKeyRef:
-                name: gcsr-secrets
-                key: password
-          - name: SRHT_TOKEN
-            valueFrom:
-              secretKeyRef:
-                name: gcsr-secrets
-                key: sourcehut
-        volumeMounts:
-          - name: git-volume
-            mountPath: /git
-      volumes:
-        - name: git-volume
-          emptyDir: {}
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: cgit
-spec:
-  selector:
-    app: cgit
-  ports:
-    - protocol: TCP
-      port: 80
-      targetPort: 8080
diff --git a/ops/infra/kubernetes/gemma/config.lisp b/ops/infra/kubernetes/gemma/config.lisp
deleted file mode 100644
index 517a658cf150..000000000000
--- a/ops/infra/kubernetes/gemma/config.lisp
+++ /dev/null
@@ -1,19 +0,0 @@
-(config :port 4242
-        :data-dir "/var/lib/gemma/")
-
-(deftask bathroom/wipe-mirror 7)
-(deftask bathroom/wipe-counter 7)
-
-;; Bedroom tasks
-(deftask bedroom/change-sheets 7)
-(deftask bedroom/vacuum 10)
-
-;; Kitchen tasks
-(deftask kitchen/normal-trash 3)
-(deftask kitchen/green-trash 5)
-(deftask kitchen/blue-trash 5)
-(deftask kitchen/wipe-counters 3)
-(deftask kitchen/vacuum 5 "Kitchen has more crumbs and such!")
-
-;; Entire place
-(deftask clean-windows 60)
diff --git a/ops/infra/kubernetes/https-cert/cert.yaml b/ops/infra/kubernetes/https-cert/cert.yaml
deleted file mode 100644
index c7a85275ae67..000000000000
--- a/ops/infra/kubernetes/https-cert/cert.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-apiVersion: networking.gke.io/v1beta1
-kind: ManagedCertificate
-metadata:
-  name: {{ .domain | replace "." "-" }}
-spec:
-  domains:
-    - {{ .domain }}
diff --git a/ops/infra/kubernetes/https-lb/ingress.yaml b/ops/infra/kubernetes/https-lb/ingress.yaml
deleted file mode 100644
index 930affec7a15..000000000000
--- a/ops/infra/kubernetes/https-lb/ingress.yaml
+++ /dev/null
@@ -1,43 +0,0 @@
-# This resource configures the HTTPS load balancer that is used as the
-# entrypoint to all HTTPS services running in the cluster.
----
-apiVersion: extensions/v1beta1
-kind: Ingress
-metadata:
-  name: https-ingress
-  annotations:
-    networking.gke.io/managed-certificates: tazj-in, git-tazj-in, www-tazj-in, oslo-pub
-spec:
-  rules:
-    # Route website to, well, the website ...
-    - host: tazj.in
-      http:
-        paths:
-          - path: /*
-            backend:
-              serviceName: website
-              servicePort: 8080
-    # Same for www.* (the redirect is handled by the website nginx)
-    - host: www.tazj.in
-      http:
-        paths:
-          - path: /*
-            backend:
-              serviceName: website
-              servicePort: 8080
-    # Route git.tazj.in to the cgit pods
-    - host: git.tazj.in
-      http:
-        paths:
-          - path: /*
-            backend:
-              serviceName: nginx
-              servicePort: 6756
-    # Route oslo.pub to the nginx instance which serves redirects
-    - host: oslo.pub
-      http:
-        paths:
-          - path: /
-            backend:
-              serviceName: nginx
-              servicePort: 6756
diff --git a/ops/infra/kubernetes/nginx/nginx.conf b/ops/infra/kubernetes/nginx/nginx.conf
deleted file mode 100644
index 918aa6067806..000000000000
--- a/ops/infra/kubernetes/nginx/nginx.conf
+++ /dev/null
@@ -1,59 +0,0 @@
-daemon off;
-worker_processes  1;
-error_log stderr;
-pid /run/nginx.pid;
-
-events {
-    worker_connections  1024;
-}
-
-http {
-    log_format json_combined escape=json
-    '{'
-        '"time_local":"$time_local",'
-        '"remote_addr":"$remote_addr",'
-        '"remote_user":"$remote_user",'
-        '"request":"$request",'
-        '"status": "$status",'
-        '"body_bytes_sent":"$body_bytes_sent",'
-        '"request_time":"$request_time",'
-        '"http_referrer":"$http_referer",'
-        '"http_user_agent":"$http_user_agent"'
-        '}';
-
-    access_log /dev/stdout json_combined;
-
-    sendfile        on;
-    keepalive_timeout  65;
-
-    server {
-        listen 80 default_server;
-        location / {
-            return 200 "ok";
-        }
-    }
-
-    server {
-        listen       80;
-        server_name  oslo.pub;
-
-        location / {
-            return 302 https://www.google.com/maps/d/viewer?mid=1pJIYY9cuEdt9DuMTbb4etBVq7hs;
-        }
-    }
-
-    server {
-        listen       80;
-        server_name  git.tazj.in;
-
-        # Static assets must always hit the root.
-        location ~ ^/(favicon\.ico|cgit\.(css|png))$ {
-           proxy_pass http://cgit;
-        }
-
-        # Everything else hits the depot directly.
-        location / {
-            proxy_pass http://cgit/cgit.cgi/depot/;
-        }
-    }
-}
diff --git a/ops/infra/kubernetes/nginx/nginx.yaml b/ops/infra/kubernetes/nginx/nginx.yaml
deleted file mode 100644
index 61678a85bca0..000000000000
--- a/ops/infra/kubernetes/nginx/nginx.yaml
+++ /dev/null
@@ -1,60 +0,0 @@
-# Deploy an nginx instance which serves ... redirects.
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: nginx-conf
-data:
-  nginx.conf: {{ insertFile "nginx.conf" | toJson }}
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: nginx
-  labels:
-    app: nginx
-spec:
-  replicas: 2
-  selector:
-    matchLabels:
-      app: nginx
-  template:
-    metadata:
-      labels:
-        app: nginx
-        config: {{ insertFile "nginx.conf" | sha1sum }}
-    spec:
-      containers:
-        - name: nginx
-          image: nixery.local/shell/third_party.nginx:{{ .version }}
-          command: ["/bin/bash", "-c"]
-          args:
-            - |
-              cd /run
-              echo 'nogroup:x:30000:nobody' >> /etc/group
-              echo 'nobody:x:30000:30000:nobody:/tmp:/bin/bash' >> /etc/passwd
-              exec nginx -c /etc/nginx/nginx.conf
-          volumeMounts:
-            - name: nginx-conf
-              mountPath: /etc/nginx
-            - name: nginx-rundir
-              mountPath: /run
-      volumes:
-        - name: nginx-conf
-          configMap:
-            name: nginx-conf
-        - name: nginx-rundir
-          emptyDir: {}
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: nginx
-spec:
-  type: NodePort
-  selector:
-    app: nginx
-  ports:
-    - protocol: TCP
-      port: 6756
-      targetPort: 80
diff --git a/ops/infra/kubernetes/nixery/config.yaml b/ops/infra/kubernetes/nixery/config.yaml
deleted file mode 100644
index 0775e79b5843..000000000000
--- a/ops/infra/kubernetes/nixery/config.yaml
+++ /dev/null
@@ -1,67 +0,0 @@
-# Deploys an instance of Nixery into the cluster.
-#
-# The service via which Nixery is exposed has a private DNS entry
-# pointing to it, which makes it possible to resolve `nixery.local`
-# in-cluster without things getting nasty.
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: nixery
-  namespace: kube-public
-  labels:
-    app: nixery
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: nixery
-  template:
-    metadata:
-      labels:
-        app: nixery
-    spec:
-      containers:
-      - name: nixery
-        image: eu.gcr.io/tazjins-infrastructure/nixery:{{ .version }}
-        volumeMounts:
-          - name: nixery-secrets
-            mountPath: /var/nixery
-        env:
-          - name: BUCKET
-            value: {{ .bucket}}
-          - name: PORT
-            value: "{{ .port }}"
-          - name: GOOGLE_APPLICATION_CREDENTIALS
-            value: /var/nixery/gcs-key.json
-          - name: GCS_SIGNING_KEY
-            value: /var/nixery/gcs-key.pem
-          - name: GCS_SIGNING_ACCOUNT
-            value: {{ .account }}
-          - name: GIT_SSH_COMMAND
-            value: 'ssh -F /var/nixery/ssh_config'
-          - name: NIXERY_PKGS_REPO
-            value: {{ .repo }}
-          - name: NIX_POPULARITY_URL
-            value: 'https://storage.googleapis.com/nixery-layers/popularity/{{ .popularity }}'
-      volumes:
-        - name: nixery-secrets
-          secret:
-            secretName: nixery-secrets
-            defaultMode: 256
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: nixery
-  namespace: kube-public
-  annotations:
-    cloud.google.com/load-balancer-type: "Internal"
-spec:
-  selector:
-    app: nixery
-  type: LoadBalancer
-  ports:
-  - protocol: TCP
-    port: 80
-    targetPort: 8080
diff --git a/ops/infra/kubernetes/nixery/id_nixery.pub b/ops/infra/kubernetes/nixery/id_nixery.pub
deleted file mode 100644
index dc3fd617d0a1..000000000000
--- a/ops/infra/kubernetes/nixery/id_nixery.pub
+++ /dev/null
@@ -1 +0,0 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCzBM6ydst77jDHNcTFWKD9Fw4SReqyNEEp2MtQBk2wt94U4yLp8MQIuNeOEn1GaDEX4RGCxqai/2UVF1w9ZNdU+v2fXcKWfkKuGQH2XcNfXor2cVNObd40H78++iZiv3nmM/NaEdkTbTBbi925cRy9u5FgItDgsJlyKNRglCb0fr6KlgpvWjL20dp/eeZ8a/gLniHK8PnEsgERQSvJnsyFpxxVhxtoUiyLWpXDl4npf/rQr0eRDf4Q5sN/nbTwksapPHfze8dKcaoA7A2NqT3bJ6DPGrwVCzGRtGw/SXJwFwmmtAl9O6BklpeReyiknSxc+KOtrjDW6O0r6yvymD5Z nixery
diff --git a/ops/infra/kubernetes/nixery/known_hosts b/ops/infra/kubernetes/nixery/known_hosts
deleted file mode 100644
index 7faf21f69bf8..000000000000
--- a/ops/infra/kubernetes/nixery/known_hosts
+++ /dev/null
@@ -1,3 +0,0 @@
-github.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==
-140.82.118.4 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==
-[source.developers.google.com]:2022,[172.253.120.82]:2022 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBB5Iy4/cq/gt/fPqe3uyMy4jwv1Alc94yVPxmnwNhBzJqEV5gRPiRk5u4/JJMbbu9QUVAguBABxL7sBZa5PH/xY=
diff --git a/ops/infra/kubernetes/nixery/secrets.yaml b/ops/infra/kubernetes/nixery/secrets.yaml
deleted file mode 100644
index d9a674d2c9fc..000000000000
--- a/ops/infra/kubernetes/nixery/secrets.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-# The secrets below are encrypted using keys stored in Cloud KMS and
-# templated in by kontemplate when deploying.
-#
-# Not all of the values are actually secret (see the matching)
----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: nixery-secrets
-  namespace: kube-public
-type: Opaque
-data:
-  gcs-key.json: {{ passLookup "nixery-gcs-json" | b64enc }}
-  gcs-key.pem: {{ passLookup "nixery-gcs-pem" | b64enc }}
-  id_nixery: {{ printf "%s\n" (passLookup "nixery-ssh-private") | b64enc }}
-  id_nixery.pub: {{ insertFile "id_nixery.pub" | b64enc }}
-  known_hosts: {{ insertFile "known_hosts" | b64enc }}
-  ssh_config: {{ insertFile "ssh_config" | b64enc }}
diff --git a/ops/infra/kubernetes/nixery/ssh_config b/ops/infra/kubernetes/nixery/ssh_config
deleted file mode 100644
index 78afbb0b039d..000000000000
--- a/ops/infra/kubernetes/nixery/ssh_config
+++ /dev/null
@@ -1,4 +0,0 @@
-Match host *
-      User tazjin@google.com
-      IdentityFile /var/nixery/id_nixery
-      UserKnownHostsFile /var/nixery/known_hosts
diff --git a/ops/infra/kubernetes/primary-cluster.yaml b/ops/infra/kubernetes/primary-cluster.yaml
deleted file mode 100644
index 3d601b80cd01..000000000000
--- a/ops/infra/kubernetes/primary-cluster.yaml
+++ /dev/null
@@ -1,38 +0,0 @@
-# Kontemplate configuration for the primary GKE cluster in the project
-# 'tazjins-infrastructure'.
----
-context: gke_tazjins-infrastructure_europe-north1_tazjin-cluster
-include:
-  # SSL certificates (provisioned by Google)
-  - name: tazj-in-cert
-    path: https-cert
-    values:
-      domain: tazj.in
-  - name: www-tazj-in-cert
-    path: https-cert
-    values:
-      domain: www.tazj.in
-  - name: git-tazj-in-cert
-    path: https-cert
-    values:
-      domain: git.tazj.in
-  - name: oslo-pub-cert
-    path: https-cert
-    values:
-      domain: oslo.pub
-
-  # Services
-  - name: nixery
-    values:
-      port: 8080
-      version: xkm36vrbcnzxdccybzdrx4qzfcfqfrhg
-      bucket: tazjins-data
-      account: nixery@tazjins-infrastructure.iam.gserviceaccount.com
-      repo: ssh://tazjin@gmail.com@source.developers.google.com:2022/p/tazjins-infrastructure/r/depot
-      popularity: 'popularity-nixos-unstable-3140fa89c51233397f496f49014f6b23216667c2.json'
-  - name: website
-  - name: cgit
-  - name: https-lb
-  - name: nginx
-    values:
-      version: a349d5e9145ae9a6c89f62ec631f01fb180de546
diff --git a/ops/infra/kubernetes/website/config.yaml b/ops/infra/kubernetes/website/config.yaml
deleted file mode 100644
index 02de735b05d0..000000000000
--- a/ops/infra/kubernetes/website/config.yaml
+++ /dev/null
@@ -1,37 +0,0 @@
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: website
-  labels:
-    app: website
-spec:
-  replicas: 3
-  selector:
-    matchLabels:
-      app: website
-  template:
-    metadata:
-      labels:
-        app: website
-    spec:
-      containers:
-      - name: website
-        image: nixery.local/shell/web.homepage:{{ gitHEAD }}
-        env:
-          - name: CONTAINER_SETUP
-            value: "true"
-        command: [ "homepage" ]
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: website
-spec:
-  type: NodePort
-  selector:
-    app: website
-  ports:
-    - protocol: TCP
-      port: 8080
-      targetPort: 8080