Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2019-12-18 | r/186 chore(infra/k8s): Point Nixery at the depot on GCSR | Vincent Ambo | 1 | -2/+2 | |
2019-12-18 | r/182 feat(infra/k8s): Provision certificate for git.tazj.in | Vincent Ambo | 1 | -0/+4 | |
2019-11-15 | fix(k8s): Adjust blog image name to match new repo layout | Vincent Ambo | 1 | -1/+1 | |
2019-10-26 | r/92 chore(k8s): Bump deployed Nixery version | Vincent Ambo | 1 | -1/+1 | |
2019-10-25 | chore: Bump Nixery version & package set configuration | Vincent Ambo | 2 | -0/+3 | |
2019-09-21 | r/86 chore(k8s): Bump deployed Nixery version | Vincent Ambo | 1 | -1/+1 | |
2019-09-21 | r/83 refactor(k8s): Parameterise the nginx version | Vincent Ambo | 2 | -1/+3 | |
2019-09-04 | r/82 fix(k8s): Reinsert passLookup newline after kontemplate trims it | Vincent Ambo | 2 | -1/+2 | |
SSH can not read the key without the trailing newline. Ideally kontemplate would expose a toggle for this. | |||||
2019-09-04 | fix(k8s): Move nixery-secrets to the correct namespace | Vincent Ambo | 1 | -6/+5 | |
2019-09-03 | feat(k8s): Insert Nixery's secrets via kontemplate | Vincent Ambo | 5 | -4/+25 | |
Instead of having a manually prepared secret, use Cloud KMS (as per the previous commits) to decrypt the in-repo secrets and template them into the Secret resource in Kubernetes. Not all of the values are actually secret, it has thus become a bit easier to edit the known hosts, SSH config and such now. | |||||
2019-09-03 | r/78 chore(k8s): Update deployed Nixery version | Vincent Ambo | 1 | -1/+1 | |
2019-09-02 | r/75 fix(k8s): Add nginx route for load-balancer health checks | Vincent Ambo | 3 | -3/+11 | |
2019-09-02 | fix(k8s): nginx does not need to be pinned to gitHEAD | Vincent Ambo | 1 | -1/+1 | |
2019-09-02 | chore(k8s): Point Nixery at public depot URL | Vincent Ambo | 1 | -2/+1 | |
2019-09-02 | feat(k8s): Route oslo.pub to nginx in ingress | Vincent Ambo | 1 | -1/+9 | |
2019-09-02 | feat(k8s): Add nginx instance for oslo.pub redirect | Vincent Ambo | 3 | -0/+92 | |
The redirect is currently all that this instance does. It is required because HTTP load balancers in GCP don't support URL rewriting. | |||||
2019-09-02 | chore(k8s): Provision certificate for oslo.pub | Vincent Ambo | 1 | -0/+5 | |
2019-09-02 | chore(infra): Remove NixOS configuration for servers | Vincent Ambo | 1 | -0/+19 | |
This configuration is no longer in use. The Gemma configuration file has been moved over to the k8s folder from where it will be templated into the actual configuration. | |||||
2019-08-27 | r/67 feat(k8s): Configure HTTPS ingress for the blog | Vincent Ambo | 3 | -0/+29 | |
Uses Google-managed certificates and an Ingress resource to set up an HTTPS load-balancer. This probably won't be the final version as the GKE Ingress is very limited and can not do things like redirect URLs, which I need to decommission the old setup. | |||||
2019-08-27 | r/66 feat(k8s): Add Google managed TLS certificates | Vincent Ambo | 2 | -0/+19 | |
Introduces certificates for tazj.in & www.tazj.in. | |||||
2019-08-23 | r/56 chore(k8s): More tazblog replicas | Vincent Ambo | 1 | -1/+1 | |
2019-08-19 | r/40 feat(infra/k8s): Add in-cluster tazblog deployment via Nixery | Vincent Ambo | 2 | -0/+22 | |
First deployment actually using a Nixery image and `gitHEAD`. This does not actually serve a working blog for various reasons. The current storage mechanism (acid-state) isn't really appropriate anymore and I'll need to change that soon. | |||||
2019-08-19 | r/39 chore(infra/k8s): Bump Nixery image to Cachix-enabled one | Vincent Ambo | 2 | -2/+2 | |
2019-08-16 | r/37 fix(infra/k8s): Always pull a Nixery image | Vincent Ambo | 1 | -0/+1 | |
2019-08-16 | r/36 feat(infra/k8s): Deploy Nixery instance to cluster | Vincent Ambo | 2 | -0/+80 | |