about summary refs log tree commit diff
path: root/infra/kubernetes
AgeCommit message (Collapse)AuthorFilesLines
2019-12-18 r/186 chore(infra/k8s): Point Nixery at the depot on GCSRVincent Ambo1-2/+2
2019-12-18 r/182 feat(infra/k8s): Provision certificate for git.tazj.inVincent Ambo1-0/+4
2019-11-15 fix(k8s): Adjust blog image name to match new repo layoutVincent Ambo1-1/+1
2019-10-26 r/92 chore(k8s): Bump deployed Nixery versionVincent Ambo1-1/+1
2019-10-25 chore: Bump Nixery version & package set configurationVincent Ambo2-0/+3
2019-09-21 r/86 chore(k8s): Bump deployed Nixery versionVincent Ambo1-1/+1
2019-09-21 r/83 refactor(k8s): Parameterise the nginx versionVincent Ambo2-1/+3
2019-09-04 r/82 fix(k8s): Reinsert passLookup newline after kontemplate trims itVincent Ambo2-1/+2
SSH can not read the key without the trailing newline. Ideally kontemplate would expose a toggle for this.
2019-09-04 fix(k8s): Move nixery-secrets to the correct namespaceVincent Ambo1-6/+5
2019-09-03 feat(k8s): Insert Nixery's secrets via kontemplateVincent Ambo5-4/+25
Instead of having a manually prepared secret, use Cloud KMS (as per the previous commits) to decrypt the in-repo secrets and template them into the Secret resource in Kubernetes. Not all of the values are actually secret, it has thus become a bit easier to edit the known hosts, SSH config and such now.
2019-09-03 r/78 chore(k8s): Update deployed Nixery versionVincent Ambo1-1/+1
2019-09-02 r/75 fix(k8s): Add nginx route for load-balancer health checksVincent Ambo3-3/+11
2019-09-02 fix(k8s): nginx does not need to be pinned to gitHEADVincent Ambo1-1/+1
2019-09-02 chore(k8s): Point Nixery at public depot URLVincent Ambo1-2/+1
2019-09-02 feat(k8s): Route oslo.pub to nginx in ingressVincent Ambo1-1/+9
2019-09-02 feat(k8s): Add nginx instance for oslo.pub redirectVincent Ambo3-0/+92
The redirect is currently all that this instance does. It is required because HTTP load balancers in GCP don't support URL rewriting.
2019-09-02 chore(k8s): Provision certificate for oslo.pubVincent Ambo1-0/+5
2019-09-02 chore(infra): Remove NixOS configuration for serversVincent Ambo1-0/+19
This configuration is no longer in use. The Gemma configuration file has been moved over to the k8s folder from where it will be templated into the actual configuration.
2019-08-27 r/67 feat(k8s): Configure HTTPS ingress for the blogVincent Ambo3-0/+29
Uses Google-managed certificates and an Ingress resource to set up an HTTPS load-balancer. This probably won't be the final version as the GKE Ingress is very limited and can not do things like redirect URLs, which I need to decommission the old setup.
2019-08-27 r/66 feat(k8s): Add Google managed TLS certificatesVincent Ambo2-0/+19
Introduces certificates for tazj.in & www.tazj.in.
2019-08-23 r/56 chore(k8s): More tazblog replicasVincent Ambo1-1/+1
2019-08-19 r/40 feat(infra/k8s): Add in-cluster tazblog deployment via NixeryVincent Ambo2-0/+22
First deployment actually using a Nixery image and `gitHEAD`. This does not actually serve a working blog for various reasons. The current storage mechanism (acid-state) isn't really appropriate anymore and I'll need to change that soon.
2019-08-19 r/39 chore(infra/k8s): Bump Nixery image to Cachix-enabled oneVincent Ambo2-2/+2
2019-08-16 r/37 fix(infra/k8s): Always pull a Nixery imageVincent Ambo1-0/+1
2019-08-16 r/36 feat(infra/k8s): Deploy Nixery instance to clusterVincent Ambo2-0/+80