| commit | dbfc638fa03704d274f78b31f508dde1e37502ee | [log] [tgz] |
|---|---|---|
| author | Serge Bazanski <serge@nexantic.com> | Fri Jun 19 20:35:43 2020 +0200 |
| committer | Serge Bazanski <serge@nexantic.com> | Fri Jun 19 20:35:43 2020 +0200 |
| tree | 607f2fbd8683bfd5fc855cd03bce700a107f68fd | |
| parent | 71f7a567f372b41b3ea5cf72dfebd0546e3ff7df [diff] |
core/internal/kubernetes: refactor PKI fully We move ad-hoc certificate/key creation to a little declarative, future-inspired API. The API is split into two distinct layers: - an etcd-backed managed certificate storage that understands server certificates, client certificates and CAs - a Kubernetes PKI object, that understands what certificates are needed to bring up a cluster This allows for deduplicated path names in etcd, some semantic information about available certificates, and is in general groundwork for some future improvements, like: - a slightly higher level etcd 'data store' api, with less-stringly-typed paths - simplification of service startup code (there's a bunch of cleanups that can be still done in core/internal/kubernetes wrt. to certificate marshaling to the filesystem, etc) Test Plan: covered by existing tests - but this should also now be nicely testable in isolation! X-Origin-Diff: phab/D564 GitOrigin-RevId: a58620c37ac064a15b7db106b7a5cbe9bd0b7cd0
This is the monorepo storing all of nexantic's internal projects and libraries.
We assume a Fedora host system provisioned using rW, and IntelliJ as the IDE.
For better reproducibility, all builds are executed in containers.
Spinning up: scripts/create_container.sh
Spinning down: scripts/destroy_container.sh
Running commands: scripts/run_in_container.sh <...>
Using bazel using a wrapper script: scripts/bin/bazel <...> (add to your local $PATH for convenience)
This repository is compatible with the IntelliJ Bazel plugin. All commands run inside the container, and necessary paths are mapped into the container.
We check the entire .ijwb project directory into the repository, which requires everyone to use the latest version of both IntelliJ and the Bazel plugin, but eliminates manual setup steps.
The following steps are necessary:
Install Google's official Bazel plugin in IntelliJ.
Add the absolute path to your ~/.cache/bazel-nxt folder to your idea64.vmoptions (Help → Edit Custom VM Options) and restart IntelliJ:
-Dbazel.bep.path=/home/leopold/.cache/bazel-nxt
Set "Bazel Binary Location" in Other Settings → Bazel Settings to the absolute path of scripts/bin/bazel. This is a wrapper that will execute Bazel inside the container.
Open the .ijwb folder as IntelliJ project.
Disable Vgo support for the project.
Run a non-incremental sync in IntelliJ
The plugin will automatically resolve paths for generated files.
If you do not use IntelliJ, you need to use the scripts/bazel_copy_generated_for_ide.sh script to copy files locally.