Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2019-12-20 | r/232 chore(infra/k8s): Run 2 copies of the cgit server | Vincent Ambo | 1 | -1/+1 | |
It's stateless - yay! Redundancy makes it less likely that downtime occurs during rollouts. | |||||
2019-12-20 | r/229 feat(infra/k8s): Rewrite cgit URLs by routing them through nginx | Vincent Ambo | 3 | -10/+27 | |
Configures nginx to rewrite all requests to cgit, except for those retrieving static files, to `/depot/`. In combination with the previous commits that apply patches to cgit itself, this effectively means that the depot is rendered on the site root. This is pretty cool: It lets people do stuff like `git clone https://git.tazj.in` and get the depot! | |||||
2019-12-20 | r/221 feat(infra/k8s): Add cgit to Ingress load balancer | Vincent Ambo | 2 | -2/+11 | |
Apart from the fact that TLS certificate provisioning is very wonky, it seems to be working now. AFAICT the L7 LBs still don't support path rewriting, which means that this is likely not the final configuration and it will move behind nginx instead. | |||||
2019-12-20 | r/220 fix(infra/k8s): Workaround for nginx crash on pidfile write | Vincent Ambo | 3 | -2/+8 | |
Newer versions of nginx apparently hard-crash if they can't write a PID file in the current directory. To work around this, some writeable scratch space is created for the nginx daemon to write its PID to. | |||||
2019-12-20 | r/217 feat(infra/k8s): Deploy sync-gcsr container into cgit pod | Vincent Ambo | 1 | -5/+18 | |
This actually works - who would have thought! | |||||
2019-12-20 | r/210 feat(infra/k8s): Add git cookie secret for repository sync | Vincent Ambo | 1 | -0/+10 | |
2019-12-19 | r/207 feat(infra/k8s): Add deployment configuration for cgit | Vincent Ambo | 2 | -0/+51 | |
This is not yet done because repository cloning doesn't work at all, in any way whatsoever. | |||||
2019-12-18 | r/187 chore(infra/k8s): Bump Nixery popularity URL | Vincent Ambo | 1 | -1/+1 | |
2019-12-18 | r/186 chore(infra/k8s): Point Nixery at the depot on GCSR | Vincent Ambo | 1 | -2/+2 | |
2019-12-18 | r/182 feat(infra/k8s): Provision certificate for git.tazj.in | Vincent Ambo | 1 | -0/+4 | |
2019-11-15 | fix(k8s): Adjust blog image name to match new repo layout | Vincent Ambo | 1 | -1/+1 | |
2019-10-26 | r/92 chore(k8s): Bump deployed Nixery version | Vincent Ambo | 1 | -1/+1 | |
2019-10-25 | chore: Bump Nixery version & package set configuration | Vincent Ambo | 2 | -0/+3 | |
2019-09-21 | r/86 chore(k8s): Bump deployed Nixery version | Vincent Ambo | 1 | -1/+1 | |
2019-09-21 | r/83 refactor(k8s): Parameterise the nginx version | Vincent Ambo | 2 | -1/+3 | |
2019-09-04 | r/82 fix(k8s): Reinsert passLookup newline after kontemplate trims it | Vincent Ambo | 2 | -1/+2 | |
SSH can not read the key without the trailing newline. Ideally kontemplate would expose a toggle for this. | |||||
2019-09-04 | fix(k8s): Move nixery-secrets to the correct namespace | Vincent Ambo | 1 | -6/+5 | |
2019-09-03 | feat(k8s): Insert Nixery's secrets via kontemplate | Vincent Ambo | 5 | -4/+25 | |
Instead of having a manually prepared secret, use Cloud KMS (as per the previous commits) to decrypt the in-repo secrets and template them into the Secret resource in Kubernetes. Not all of the values are actually secret, it has thus become a bit easier to edit the known hosts, SSH config and such now. | |||||
2019-09-03 | r/78 chore(k8s): Update deployed Nixery version | Vincent Ambo | 1 | -1/+1 | |
2019-09-02 | r/75 fix(k8s): Add nginx route for load-balancer health checks | Vincent Ambo | 3 | -3/+11 | |
2019-09-02 | fix(k8s): nginx does not need to be pinned to gitHEAD | Vincent Ambo | 1 | -1/+1 | |
2019-09-02 | chore(k8s): Point Nixery at public depot URL | Vincent Ambo | 1 | -2/+1 | |
2019-09-02 | feat(k8s): Route oslo.pub to nginx in ingress | Vincent Ambo | 1 | -1/+9 | |
2019-09-02 | feat(k8s): Add nginx instance for oslo.pub redirect | Vincent Ambo | 3 | -0/+92 | |
The redirect is currently all that this instance does. It is required because HTTP load balancers in GCP don't support URL rewriting. | |||||
2019-09-02 | chore(k8s): Provision certificate for oslo.pub | Vincent Ambo | 1 | -0/+5 | |
2019-09-02 | chore(infra): Remove NixOS configuration for servers | Vincent Ambo | 1 | -0/+19 | |
This configuration is no longer in use. The Gemma configuration file has been moved over to the k8s folder from where it will be templated into the actual configuration. | |||||
2019-08-27 | r/67 feat(k8s): Configure HTTPS ingress for the blog | Vincent Ambo | 3 | -0/+29 | |
Uses Google-managed certificates and an Ingress resource to set up an HTTPS load-balancer. This probably won't be the final version as the GKE Ingress is very limited and can not do things like redirect URLs, which I need to decommission the old setup. | |||||
2019-08-27 | r/66 feat(k8s): Add Google managed TLS certificates | Vincent Ambo | 2 | -0/+19 | |
Introduces certificates for tazj.in & www.tazj.in. | |||||
2019-08-23 | r/56 chore(k8s): More tazblog replicas | Vincent Ambo | 1 | -1/+1 | |
2019-08-19 | r/40 feat(infra/k8s): Add in-cluster tazblog deployment via Nixery | Vincent Ambo | 2 | -0/+22 | |
First deployment actually using a Nixery image and `gitHEAD`. This does not actually serve a working blog for various reasons. The current storage mechanism (acid-state) isn't really appropriate anymore and I'll need to change that soon. | |||||
2019-08-19 | r/39 chore(infra/k8s): Bump Nixery image to Cachix-enabled one | Vincent Ambo | 2 | -2/+2 | |
2019-08-16 | r/37 fix(infra/k8s): Always pull a Nixery image | Vincent Ambo | 1 | -0/+1 | |
2019-08-16 | r/36 feat(infra/k8s): Deploy Nixery instance to cluster | Vincent Ambo | 2 | -0/+80 | |