)]}' { "log": [ { "commit": "5253884d51cb64c1d1afcb2d7b969f7c2b50b302", "tree": "10a6bf03472e9c14da2515ea7755d74bb3f660e6", "parents": [ "99f477412a2e701f89f7698be1dd432adcfff17c" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Aug 11 16:22:41 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Thu Aug 19 10:20:55 2021 +0000" }, "message": "m/pkg/pki: refactor, allow for external certificates\n\nThe pki library supported managing certificates in two modes:\n\n - default, when name !\u003d \"\"\n - volatile/ephemeral, when name \u003d\u003d \"\"\n\nThe difference between the two being that default certificates were\nfully stored in etcd (key and x509 certificate), while volatile\ncertificates weren\u0027t stored at all. However, both kinds needed private\nkeys passed to the pki library.\n\nWe want to be able to emit certificates without having private keys for\nthat certificate, so we end up a third mode of operation: \u0027external\ncertificates\u0027. These are still stored in etcd, but without any\ncorresponding private key.\n\nIn the future we might actually get rid of ephemeral certificates by\nexpanding the logic of external certificates to provide a full audit log\nand revocation system, instead of matching by Certificate Name. But this\nwill do for now.\n\nWe also use this opportunity to write some simple tests for this\npackage.\n\nChange-Id: I193f4b147273b0a3981c38d749b43362d3c1b69a\nReviewed-on: https://review.monogon.dev/c/monogon/+/263\nReviewed-by: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\n" }, { "commit": "d98ad45e64b542f9945939d35cba9ebd352ff913", "tree": "cd8fa82c4ccd2bf0616986615f3eb2d7c4798f30", "parents": [ "7f17d9b41f248f4b009f5d702622616f62d0a2fa" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Jun 17 15:55:17 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@nexantic.com", "time": "Tue Jun 22 12:05:20 2021 +0000" }, "message": "metropolis/n/kubernetes/pki: remove verbose \u0027ensure\u0027 cert logging\n\nChange-Id: Ie12f12a2966282d364730a1c7a148fae78ab236d\nReviewed-on: https://review.monogon.dev/c/monogon/+/190\nReviewed-by: Lorenz Brun \u003clorenz@nexantic.com\u003e\n" }, { "commit": "216fe7b3ae949376467f626f339423a31ea7da97", "tree": "b0fe587b671a76bf6229339825d2a61df7fc847b", "parents": [ "6ebdc418f3c4799c12368e34ea78dc9c9757fb54" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Fri May 21 18:36:16 2021 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Fri May 28 17:54:03 2021 +0200" }, "message": "*: reflow comments to 80 characters\n\nThis reformats the entire Metropolis codebase to have comments no longer\nthan 80 characters, implementing CR/66.\n\nThis has been done half manually, as we don\u0027t have a good integration\nbetween commentwrap/Bazel, but that can be implemented if we decide to\ngo for this tool/limit.\n\nChange-Id: If1fff0b093ef806f5dc00551c11506e8290379d0\n" }, { "commit": "99d210d48afc2207ffb4064c58068faa9449a981", "tree": "781a73c0e5bf7e9ff586653eef0cce594b90def0", "parents": [ "4e0dba61375bcb989d86cacf18cf00ebfe6303b4" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Mon May 17 15:29:18 2021 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue May 18 14:06:11 2021 +0200" }, "message": "m/n/k/plugins/kvmdevice: export resource name variable for easier consumption\n\nTrivial change to consume the resource name of this device plugin as\na variable.\n\nTest Plan: Trivial change\n\nX-Origin-Diff: phab/D791\nGitOrigin-RevId: d71d878f87be1da5a547e17b9965f92e737b644c\n" }, { "commit": "37050126ef89ec30cc677c272471debe55ec0d69", "tree": "c64a64a622ec1c3e1e72fc12a6d4252c0e803cc1", "parents": [ "2999427c182463840a339cf0e82885d8a3b6e79f" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue Mar 30 14:00:27 2021 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue Apr 13 11:04:01 2021 +0200" }, "message": "Implement Block PVCs in our storage backend\n\nThis implements full support for Block PVCs in our Kubernetes storage backend.\nThe block PVCs are backed by files made available to the pods using loop devices and\nhave read-only and online expansion support.\n\nThis also requires a Kubernetes patch because they call losetup if block PVCs are used\nwith CSI to establish a form of lock on the backing block device. This lock is not\nexclusive and does absolutely nothing for our use case and could get very expensive\non dense machines so I removed it.\n\nTest Plan: Comes with E2E tests\n\nX-Origin-Diff: phab/D746\nGitOrigin-RevId: 430d3f445286c0d3498b2153df333a19f3fcab89\n" }, { "commit": "d8af5bf4c14a5c53d1736695a1210b6eea4d246e", "tree": "83e4c35e105d8fb0e5bf71ac8c93bbd3e7f964b4", "parents": [ "4e090357c4f1f3bae53a5f2feaf20ea5e1bbbe61" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue Mar 16 13:38:29 2021 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue Mar 16 13:38:29 2021 +0100" }, "message": "metropolis/node: use Event Value for network status\n\nThis moves over the GetIP API to use our fancy new event/value library.\nThe consumers of this data are currently the cluster manager and the\nkubernetes root service. Both are migrated over.\n\nTest Plan: Refactor, covered by E2E tests.\n\nX-Origin-Diff: phab/D711\nGitOrigin-RevId: 8a1e0dd35236d55492722f4439323cb2ee9574fc\n" }, { "commit": "4e090357c4f1f3bae53a5f2feaf20ea5e1bbbe61", "tree": "335ec273335722befdeca623b8f3f787a2cd6571", "parents": [ "0ed2f96a3a86aff2c9ce36289aa5d58a75f4d59b" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Mar 17 17:44:41 2021 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Mar 17 17:44:41 2021 +0100" }, "message": "Add KVM device plugin\n\nThis adds a KVM device plugin for Kubernetes. This plugin allows for unprivileged access and granular\ncontrol of KVM access.\n\nTest Plan: Tested in subsequent revision\n\nX-Origin-Diff: phab/D739\nGitOrigin-RevId: 5cd738a47d24e7bfdc29bbd1a31537209e1ebf46\n" }, { "commit": "056042962060369bd7607ecfea51c515fc3a8140", "tree": "86a6dbf7b1781ed2f5baf332938d4e8211353112", "parents": [ "0ab4edafde3eb22e111e75d6aa5e29faa92c30ca" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Fri Mar 12 17:47:21 2021 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Fri Mar 12 17:47:21 2021 +0100" }, "message": "m/node/kubernetes: parse klog output from services\n\nThis translates Kubernetes\u0027 logging ingo logging that we can\nquery/filter more easily.\n\nTest Plan: We don\u0027t test resulting logs from the system, and I\u0027m not sure we should?\n\nX-Origin-Diff: phab/D716\nGitOrigin-RevId: ba3f42b9a4e3172bf058bd7dce4283f50dc8e69d\n" }, { "commit": "9411f7c2ed0afbbf617075ab37901addc76fadfb", "tree": "f1f62aa538ba3c2265815d2dbe942377264850a5", "parents": [ "0de189355c6afad6f677029d90fa40dee824141b" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Wed Mar 10 13:12:53 2021 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Wed Mar 10 13:12:53 2021 +0100" }, "message": "m/node/kubernetes/pki: refactor out CA functionality\n\nThis factors out all non-k8s-specific CA functionality from\nmetropolis/node/kubernetes/pki into metropolis/pkg/pki.\n\nThis will allow us to re-use the same PKI-in-CA system to issue\ncertificates for the Metropolis cluster and nodes.\n\nWe also drive-by change some Kubernetes/PKI interactions to make things\ncleaner. Notably, this implements Certificate.Mount to return a\nfileargs.FileArgs containing all the files neede to use this\nCertificate.\n\nTest Plan: covered by current e2e tests. An etcd harness to test this independently would be nice, though.\n\nX-Origin-Diff: phab/D709\nGitOrigin-RevId: bdc9ff215b94c9192f65c6da8935fe2818fd14ad\n" }, { "commit": "74e8e5c35fea1ec9ce13c8a2d16100bab45d42d9", "tree": "3ec734c4b86fed54a5039623c789dd4b805b3b6e", "parents": [ "19eb0006edc79edc53fb53ea0eed67e93f4c8eba" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue Jan 26 14:00:50 2021 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue Jan 26 14:00:50 2021 +0100" }, "message": "Make containerd work with read-only root\n\nThis makes containerd work with a read-only root. There were a few config mistakes on our side which\ncaused it to write to the rootfs (mostly leftovers from the switch to /ephemeral) and a semi-hardcoded path\nin /var/lib/cni from containernetworking/cni. This is technically configurable, but it would require patching\nthree different repos (see diff message) and getting all of them to agree to take the change and wait for\nit to propagate to all repos (containerd is known to be slow to release stuff). So let\u0027s just hack in\nthis one-line diff for the time being.\n\nTest Plan: Should be covered by existing tests\n\nX-Origin-Diff: phab/D694\nGitOrigin-RevId: 0e8f5dbfb216539c16e64130af9fe1023722ae1b\n" }, { "commit": "31370b07f0df2dc2765d812d4ce00a6b35185b16", "tree": "15563902eee9591083284441c8505b084b275d0a", "parents": [ "313816f41244d7520eb2b6f8c231328ee5b7a4ef" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Jan 07 16:31:14 2021 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Jan 07 16:31:14 2021 +0100" }, "message": "*: git.monogon.dev -\u003e source.monogon.dev\n\nThis implements T882, setting our (virtual) GOPATH to source.monogon.dev\nfor this repository.\n\nTest Plan: Refactor, CI only.\n\nX-Origin-Diff: phab/D686\nGitOrigin-RevId: c5e2309089948ffc3a98e68e2e0e1cbb157d3a36\n" }, { "commit": "0be9be88224dd87eedb10436b11615fa59862271", "tree": "2cffcd0ca273ada48c0b42a36bd25bb1cc2da35c", "parents": [ "549b72b2d65051403301f53111509f77e88b379b" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Jan 07 15:23:44 2021 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Jan 07 15:23:44 2021 +0100" }, "message": "metropolis: Lock down visibility rules\n\nThis formalizes the package structure introduced by D683.\n\nTest Plan: Pure refactor, CI only.\n\nX-Origin-Diff: phab/D684\nGitOrigin-RevId: 574aa14c71faf94f4a5c02a2110e2e3fef7d36ac\n" }, { "commit": "549b72b2d65051403301f53111509f77e88b379b", "tree": "b4e523d5d17e8130545e58b58870b4a18118a780", "parents": [ "696f39abb19ffcca03e9fc5a98681338216b1e7f" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Jan 07 14:54:19 2021 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Jan 07 14:54:19 2021 +0100" }, "message": "metropolis: unify utility packages\n\nOne last sweeping rename / reshuffle.\n\nWe get rid of //metropolis/node/common and //golibs, unifying them into\na single //metropolis/pkg meta-package.\n\nThis is to be documented somwhere properly, but here\u0027s the new logic\nbehind selecting where to place a new library package:\n\n - if it\u0027s specific to k8s-on-metropolis, put it in\n //metropolis/node/kubernetes/*. This is a self-contained tree that\n other paths cannot import from.\n - if it\u0027s a big new subsystem of the metropolis core, put it in\n //metropolis/node/core. This can be imported by anything in\n //m/n (eg the Kubernetes code at //m/n/kubernetes\n - otherwise, treat it as generic library that\u0027s part of the metropolis\n project, and put it in //metropolis/pkg. This can be imported by\n anything within //metropolis.\n\nThis will be followed up by a diff that updates visibility rules.\n\nTest Plan: Pure refactor, CI only.\n\nX-Origin-Diff: phab/D683\nGitOrigin-RevId: 883e7f09a7d22d64e966d07bbe839454ed081c79\n" }, { "commit": "696f39abb19ffcca03e9fc5a98681338216b1e7f", "tree": "3eb962a59b2af0c3fb3cf40a05c405ae23b7f8a9", "parents": [ "81de89b8675ee0ce677225ffef1cd3ee6ad9f56f" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue Dec 22 16:54:01 2020 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue Dec 22 16:54:01 2020 +0100" }, "message": "Make kube-apiserver use supervisor helper for commands\n\nAll other Kubernetes services already use this and it enables them to log\ninto logtree. Make kube-apiserver also do the same.\n\nTest Plan: Covered by existing tests\n\nX-Origin-Diff: phab/D680\nGitOrigin-RevId: 59df1342edc2cb27c22ffa9b4eb9101d7d1b400f\n" }, { "commit": "662b5b3119b0798980b887d1ef9fa1b5632aa7fb", "tree": "3e1fc4ab033530e6d579112ba500d2c6edb43368", "parents": [ "39f2f691726dc6e0a291aa8609085b835a313dad" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Dec 21 13:49:00 2020 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Dec 21 13:49:00 2020 +0100" }, "message": "smalltown -\u003e metropolis\n\nThis pass removes all mentions of Smalltown, both from code and comments,\nand replaces them with appropriate new terminology.\n\nTest Plan: Refactor, covered by CI.\n\nX-Origin-Diff: phab/D674\nGitOrigin-RevId: 04a94d44ef07d46f7821530da5614daefe16d7ea\n" }, { "commit": "77cb6c5ec3acadf02ad5005dd751cfbf0ec1602f", "tree": "7ddfcdf78c489a5d6fad7a20bd3580d803407450", "parents": [ "26d41999e0c71813648c16ad84bba810c3b9d593" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Sat Dec 19 00:09:22 2020 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Sat Dec 19 00:09:22 2020 +0100" }, "message": "core -\u003e metropolis\n\nSmalltown is now called Metropolis!\n\nThis is the first commit in a series of cleanup commits that prepare us\nfor an open source release. This one just some Bazel packages around to\nfollow a stricter directory layout.\n\nAll of Metropolis now lives in `//metropolis`.\n\nAll of Metropolis Node code now lives in `//metropolis/node`.\n\nAll of the main /init now lives in `//m/n/core`.\n\nAll of the Kubernetes functionality/glue now lives in `//m/n/kubernetes`.\n\nNext steps:\n - hunt down all references to Smalltown and replace them appropriately\n - narrow down visibility rules\n - document new code organization\n - move `//build/toolchain` to `//monogon/build/toolchain`\n - do another cleanup pass between `//golibs` and\n `//monogon/node/{core,common}`.\n - remove `//delta` and `//anubis`\n\nFixes T799.\n\nTest Plan: Just a very large refactor. CI should help us out here.\n\nBug: T799\n\nX-Origin-Diff: phab/D667\nGitOrigin-RevId: 6029b8d4edc42325d50042596b639e8b122d0ded\n" } ] }