Gitiles
Code Review Sign In
gerrit-dev.monogon.dev / monogon / 9411f7c2ed0afbbf617075ab37901addc76fadfb
commit9411f7c2ed0afbbf617075ab37901addc76fadfb[log] [tgz]
authorSerge Bazanski <serge@nexantic.com>Wed Mar 10 13:12:53 2021 +0100
committerSerge Bazanski <serge@nexantic.com>Wed Mar 10 13:12:53 2021 +0100
treef1f62aa538ba3c2265815d2dbe942377264850a5
parent0de189355c6afad6f677029d90fa40dee824141b [diff]
m/node/kubernetes/pki: refactor out CA functionality

This factors out all non-k8s-specific CA functionality from
metropolis/node/kubernetes/pki into metropolis/pkg/pki.

This will allow us to re-use the same PKI-in-CA system to issue
certificates for the Metropolis cluster and nodes.

We also drive-by change some Kubernetes/PKI interactions to make things
cleaner. Notably, this implements Certificate.Mount to return a
fileargs.FileArgs containing all the files neede to use this
Certificate.

Test Plan: covered by current e2e tests. An etcd harness to test this independently would be nice, though.

X-Origin-Diff: phab/D709
GitOrigin-RevId: bdc9ff215b94c9192f65c6da8935fe2818fd14ad
16 files changed
tree: f1f62aa538ba3c2265815d2dbe942377264850a5
  1. build/
  2. intellij/
  3. metropolis/
  4. scripts/
  5. third_party/
  6. .bazelignore
  7. .bazelproject
  8. .bazelrc
  9. BUILD
  10. nogo_config.json
  11. README.md
  12. WORKSPACE
README.md

Monogon Source Monorepo

This is the main repository containing Monogon's public source code, including Metropolis.

Environment

We assume a Fedora host system provisioned using rW, and IntelliJ as the IDE.

For better reproducibility, all builds are executed in containers.

Usage

Spinning up: scripts/create_container.sh

Spinning down: scripts/destroy_container.sh

Running commands: scripts/run_in_container.sh <...>

Using bazel using a wrapper script: scripts/bin/bazel <...> (add to your local $PATH for convenience)

IntelliJ

This repository is compatible with the IntelliJ Bazel plugin. All commands run inside the container, and necessary paths are mapped into the container.

The following steps are necessary:

  • Install Google's Bazel plugin in IntelliJ.

  • Add the absolute path to your ~/.cache/bazel-nxt folder to your idea64.vmoptions (Help → Edit Custom VM Options) and restart IntelliJ:

    -Dbazel.bep.path=/home/leopold/.cache/bazel-nxt

  • Set "Bazel Binary Location" in Other Settings → Bazel Settings to the absolute path of scripts/bin/bazel. This is a wrapper that will execute Bazel inside the container.

  • Use File → Import Bazel project... to create a new project from .bazelproject.

After running the first sync, everything should now resolve in the IDE, including generated code.

It's strongly recommend to use our project presets for file watchers and other IDE features. Run this command and re-open the project in order to install them:

bazel run intellij/localconfig $(pwd)

Metropolis

Run a single node cluster

Launch the node:

bazel run //:launch

Run a kubectl command:

bazel run //metropolis/cli/dbg -- kubectl describe