Gitiles
Code Review Sign In
gerrit-dev.monogon.dev / monogon / ad86a55c9c507478e2c4989f50912d7869164066
commitad86a55c9c507478e2c4989f50912d7869164066[log] [tgz]
authorSerge Bazanski <serge@monogon.tech>Wed Jan 31 17:46:47 2024 +0100
committerSerge Bazanski <serge@monogon.tech>Thu Feb 08 11:10:07 2024 +0000
tree214d48bcad4ede5909af88ce7deaadedd2d9fbe0
parent7dbf18c1932b5c7945a2ba53d7580a6857cda5d3 [diff]
m/n/kubernetes: serve authproxy with node certificate

We are currently serving authproxy with the Kubernetes node certificate,
which is somewhat useless, considering that this certificate isn't even
issued by the same CA that the client certificates (which are Metropolis
certificates) presented.

This changes the authproxy to serve with Metropolis node certificates
instead.

Change-Id: I03ff19c919c6a9fa72c98997432cc06a59e9958e
Reviewed-on: https://review.monogon.dev/c/monogon/+/2740
Tested-by: Jenkins CI
Reviewed-by: Lorenz Brun <lorenz@monogon.tech>
3 files changed
tree: 214d48bcad4ede5909af88ce7deaadedd2d9fbe0
  1. .github/
  2. build/
  3. cloud/
  4. go/
  5. intellij/
  6. metropolis/
  7. net/
  8. third_party/
  9. tools/
  10. version/
  11. .bazelignore
  12. .bazelproject
  13. .bazelrc
  14. .bazelrc.sandboxroot
  15. .bazelversion
  16. .git-ignore-revs
  17. .gitignore
  18. BUILD.bazel
  19. CODING_STANDARDS.md
  20. go.mod
  21. go.sum
  22. LICENSE
  23. MODULE.bazel
  24. MODULE.bazel.lock
  25. README.md
  26. SETUP.md
  27. shell.nix
  28. WORKSPACE
README.md

Monogon Monorepo

This is the main repository containing the source code for the Monogon Platform.

This is pre-release software - take a look, and check back later!

Environment

Our build environment is self-contained and requires only minimal host dependencies:

  • A Linux machine or VM.
  • Bazelisk >= v1.15.0 (or a working Nix environment).
  • A reasonably recent kernel with user namespaces enabled.
  • Working KVM with access to /dev/kvm (if you want to run tests).

Our docs assume that Bazelisk is available as bazel on your PATH.

Refer to SETUP.md for detailed instructions.

Monogon OS

Run a single node demo cluster

Build CLI and node image:

bazel build //metropolis/cli/dbg //:launch --config dbg

Launch an ephemeral test node:

bazel test //:launch --config dbg --test_output=streamed

Run a kubectl command while the test is running:

bazel-bin/metropolis/cli/dbg/dbg_/dbg kubectl describe node

Test suite

Run full test suite:

bazel test --config dbg //...