)]}' { "log": [ { "commit": "b00f7f9a97eae55ae6df80bbdea46815498898fa", "tree": "46517933cf9c0d9fc18ccf085dcf335d664e2b94", "parents": [ "1947e9b1480d9a3e90fe8b12bc897fd5cd2abce7" ], "author": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Thu Mar 06 17:27:22 2025 +0100" }, "committer": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Tue Mar 18 14:02:05 2025 +0000" }, "message": "m/node/kubernetes: implement storage resizing\n\nThis implements persistent volume resizing in the storage provisioner.\nThe logic is based on https://github.com/kubernetes-csi/external-resizer\n\nThe mutation caches are an optimization to prevent unnecessary repeated\nprocessing, because they make the controller remember changes that it\nhas made itself, when the watch events for those changes have not\narrived yet.\n\nThe controller supports the RecoverVolumeExpansionFailure feature, which\nallows reducing the requested size when the previous resize fails due to\ninsufficient space. When resize fails, it is retried with backoff.\n\nChange-Id: I0f3d40c1a592b30d25739f5d20b529dfe25dfbe1\nReviewed-on: https://review.monogon.dev/c/monogon/+/4008\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "52700ae56c5d541e711fbd5f27373b3dc200f8dc", "tree": "ed5e75883fc44d14f7824b0a5ed40a6ab650923e", "parents": [ "e8beaed8dcde2c198e91addb0baa884079363581" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Jan 28 15:07:08 2025 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Feb 11 15:05:46 2025 +0000" }, "message": "m/n/k8s: add nftables network policy controller\n\nThis integrates my K8s network policy controller. In its current form it\ndoes not have many guarantees as the custom CNI plugin is not yet in\nthere but it mostly works. Also there is still a DNS hole as host-local\nservices are not properly policed yet.\n\nIt has a basic smoke test using the connectivity testing helper as well\nas some metrics to make sure it is integrated properly and to be able to\nmonitor its performance.\n\nChange-Id: Ia2f54b9975361270678ce742ae5e32df25e515c5\nReviewed-on: https://review.monogon.dev/c/monogon/+/3740\nTested-by: Jenkins CI\nReviewed-by: Jan Schär \u003cjan@monogon.tech\u003e\n" }, { "commit": "6d33a4342a16200d628f30ff91b169927fc2867a", "tree": "e65ad23cb6d0b795420b5ec625a757784d4c3e3b", "parents": [ "7887f758de8f9106a484ca59d9734304aa919e36" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Feb 04 14:34:25 2025 +0100" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Feb 06 17:03:43 2025 +0000" }, "message": "treewide: add license header and enable haslicense linter\n\nChange-Id: I873a8d4082d75e8f813d8a726a41187eea7a065e\nReviewed-on: https://review.monogon.dev/c/monogon/+/3825\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "d1a8b64d305c57f45416fc40b39211541113a373", "tree": "17fcd0e77576b200e75a940fb26ce2334a7a8553", "parents": [ "d77e26ee216738393a9808c95266bbcb91ca0e68" ], "author": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Tue Dec 03 17:40:41 2024 +0100" }, "committer": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Wed Dec 04 08:28:03 2024 +0000" }, "message": "treewide: add more ptr.To usages\n\nChange-Id: Ibf511bc012a17e39d6b7b4f3a7d9abc1304d755f\nReviewed-on: https://review.monogon.dev/c/monogon/+/3677\nTested-by: Jenkins CI\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\n" }, { "commit": "d77e26ee216738393a9808c95266bbcb91ca0e68", "tree": "8dd5dfa48c9b388684b697687be4198094ac66e3", "parents": [ "affe8fa229e3a701e060cb6bc35b9362814b5daf" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Mon Dec 02 18:23:10 2024 +0100" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Dec 03 14:31:57 2024 +0000" }, "message": "treewide: replace bool-to-boolptr helpers with k8s.io/utils/ptr.To\n\nChange-Id: I90419ddfe087291f41f7f2f3589263e56c15470a\nReviewed-on: https://review.monogon.dev/c/monogon/+/3675\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "73beb693ce8aed1c1caffaec2f01b2b9c65516b3", "tree": "378d3b779febf33b1666438b1dd003053d9fd21c", "parents": [ "be70c9247b7c8f7ab0eef4b0c7b1faaf934b8f97" ], "author": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Wed Nov 27 17:47:09 2024 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Nov 27 19:34:17 2024 +0000" }, "message": "m/node/kubernetes: remove local-strict storage class\n\nIt turns out that the local-strict storage class did not have an effect\non readonly volumes, or on gVisor. And after updating runc to 1.2.0, it\nno longer has an effect anywhere. It appears that setting noexec and\nsimilar flags in the CSI server, using a storage class, is the wrong\napproach and just happened to work by accident. Instead, this should\nprobably be implemented as a Kubernetes feature to set per-mount-point\nflags on the VolumeMount.\n\nThis commit thus removes the local-strict storage class and the mount\noptions processing in the provisioner and CSI server. This will allow\nupdating runc.\n\nAdditionally, the StatefulSet end-to-end test is extended to also run\ntests with gVisor. gVisor apparently does not support block volumes.\n\nSee: https://github.com/monogon-dev/monogon/issues/361\nChange-Id: Ic2f50aa3bc9442ca1dbb9e8742d5b8fecbfc3614\nReviewed-on: https://review.monogon.dev/c/monogon/+/3658\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "a8938da203b9ecc42a61b4aa9e92b802bf0e4902", "tree": "52c8f2971cc6ce50b9bf17a490a7defbf66e69d2", "parents": [ "9eab31ccbba4a2db416e4c5c387d22ec672ea92f" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Fri Sep 13 22:34:01 2024 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Mon Nov 11 16:03:55 2024 +0000" }, "message": "metropolis/node/kubernetes: add mountOptions support for PVs\n\nWe have very strict defaults on our data mount which prevents exec\u0027s and\nsuid binaries. By adding support for mountOptions on PVs we enable\nthe user to allow specific behaviour e.g. exec\u0027s on the given PV.\n\nChange-Id: I902cf3b9dafb14598cddc18c327ef3f5bcd6450b\nReviewed-on: https://review.monogon.dev/c/monogon/+/3421\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "5f1a7de2dfb5db1884fcb677a0bd38daf6dd3c97", "tree": "fd52bf35b4b2e6b5c51f56d62424c9d0820ef537", "parents": [ "e337e938ae8e08dffa3a01045571188413ce70ff" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Sep 19 02:00:14 2024 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Sep 19 12:06:50 2024 +0000" }, "message": "treewide: fix %v in cases where we should use %w\n\nWe should always use %w when using fmt.Errorf as you can use error.Is to\ncompare the underlying error. When printing an error the use of %w is\nwrong and should be replaced with %v.\n\nChange-Id: I741111bd91dcee4099144d2ecaffa879fdbb34a2\nReviewed-on: https://review.monogon.dev/c/monogon/+/2993\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "9f21f5396aa18bc9f2f83c867ff883f49bbf02ae", "tree": "c232f42c84bd6b7ace576261a188134cb0c69771", "parents": [ "f430fbfe35b70283090b6174cf5a920163c0148c" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue May 07 15:14:20 2024 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Jul 04 12:19:37 2024 +0000" }, "message": "treewide: introduce osbase package and move things around\n\nAll except localregistry moved from metropolis/pkg to osbase,\nlocalregistry moved to metropolis/test as its only used there anyway.\n\nChange-Id: If1a4bf377364bef0ac23169e1b90379c71b06d72\nReviewed-on: https://review.monogon.dev/c/monogon/+/3079\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "3b5a917c5a1ac49acad50eeacb5cf275efc3631e", "tree": "1da59c672acf3b68aab81fae38c6b6e5929b82a2", "parents": [ "988403453448d27f6df6eea0a232e97c2a2e739b" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu May 23 13:33:52 2024 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu May 23 12:44:02 2024 +0000" }, "message": "treewide: initialize empty structs with var\n\nChange-Id: I72d3993eaf5fe57c77b1dda8218e36a8cc11813d\nReviewed-on: https://review.monogon.dev/c/monogon/+/3108\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "d5d33ba1e0798b48f56e6a1bc9178af9fc778179", "tree": "76f4f0b0a1175a77b64d5dd7469b3ec6a3d57c2d", "parents": [ "69f5f4e5ffac12c1d8e45e4cc9dc72868aa3af41" ], "author": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Wed May 15 11:45:35 2024 +0200" }, "committer": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Wed May 15 16:15:25 2024 +0000" }, "message": "m/n/k/reconciler: remove PSP role and rolebinding\n\nPod Security Policies have been removed from Kubernetes. The default PSP \nwas removed in commit 6211e4dc40, but the role and rolebinding was still \nleft. They do not have a function anymore. Now that reconciler updates \nare implemented, these will be removed from existing clusters after \nupgrading.\n\nChange-Id: Ia953a5ae03c581b15efc4e3b3711aaa008dc145d\nReviewed-on: https://review.monogon.dev/c/monogon/+/3091\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "69f5f4e5ffac12c1d8e45e4cc9dc72868aa3af41", "tree": "a28c2166fc40b1a2bee20070b4ae6788477ccf1f", "parents": [ "6bc958326f8bd4f3a1606e8a767d21f12f584e88" ], "author": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Wed May 15 10:32:07 2024 +0200" }, "committer": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Wed May 15 16:15:25 2024 +0000" }, "message": "m/n/k/reconciler: implement updates\n\nThe reconciler now checks if already present object are equal to the \nexpected object, and else updates them. If the update fails due to \nimmutable fields, the object is instead deleted and recreated.\n\nAlso, the reconciler now logs create/update/delete operations.\n\nFor the CSI driver, the StorageCapacity and RequiresRepublish were added \nand set to their default value. If we don\u0027t do this, the API server will \nadd these defaults, and then our update comparison fails. There is also \na new test which ensures that expected objects have all defaults already \napplied. This test will fail if a Kubernetes upgrade adds new fields \nwith default values.\n\nCloses #288.\n\nChange-Id: Ibfb37d07b4613ae1a883ad47715feeda87135820\nReviewed-on: https://review.monogon.dev/c/monogon/+/2893\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "d20ddccddf601c2a34cc5238bd82b6a4a1744502", "tree": "52eeeb7917b79220ad0f0cb34447525f7c21341b", "parents": [ "8bc82868fd289220078ff317235db084349d9f70" ], "author": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Wed May 08 14:18:29 2024 +0200" }, "committer": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Tue May 14 12:11:45 2024 +0000" }, "message": "m/n/k/reconciler: implement leader election\n\nBefore this change, the reconciler runs on all Kubernetes controllers. \nWhen we are in a rolling upgrade of the cluster where a reconciled \nobject changes, this will cause the old and new versions of the \nreconciler to fight each other, constantly updating the object back and \nforth.\n\nNow, the reconciler is elected among nodes of the latest release. The \nstatus of the reconciliation is communicated to all Kubernetes \ncontrollers through a new key-value in etcd.\n\nAdditionally, compatibility constraints can be expressed by changing the \nconstants minReconcilerRelease and minApiserverRelease, allowing \nreconciliation to happen in a controlled way that ensures compatibility \neven during rolling upgrades.\n\nChange-Id: Iaf7c27702bd9809a13d47bcf041b71438353bef2\nReviewed-on: https://review.monogon.dev/c/monogon/+/3062\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "51daf25d90adca76375e0d141c93d692ab2cd2eb", "tree": "6784b8f4a4c5facdc345ef1d47e0946a6267e74a", "parents": [ "b41b548058101e663a9591beaf2c491a44638d56" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Apr 18 23:18:43 2024 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Wed Apr 24 22:29:11 2024 +0000" }, "message": "treewide: documentation on exported functions should start with their name\n\nChange-Id: Iea3e929bed743d7edfbf5b54bbaa31796aeaaadd\nReviewed-on: https://review.monogon.dev/c/monogon/+/3027\nVouch-Run-CI: Tim Windelschmidt \u003ctim@monogon.tech\u003e\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "24ce66f0f5f5dac457d5e65beb2980db6780a72a", "tree": "ca5e78ebae92122ec6f9cbe5cf34e64984ebcc05", "parents": [ "2d0230524e96bdca53354fe191554342674c5fc4" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Apr 18 23:59:24 2024 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Wed Apr 24 22:29:11 2024 +0000" }, "message": "metropolis/node/kubernetes/reconciler: remove redundant nil check\n\nChange-Id: I0ebd2d8d815a964fa854e86868a4870b754ea548\nReviewed-on: https://review.monogon.dev/c/monogon/+/3015\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\nVouch-Run-CI: Tim Windelschmidt \u003ctim@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "6b6428da110db384cad1f1d65c81f1874c8cecae", "tree": "f44e7d1ffcc410893a9851e76e81939b178853df", "parents": [ "5e460a92353ec619f4f12fffbe3281d40c85cf61" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Apr 11 01:35:41 2024 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Mon Apr 15 21:31:42 2024 +0000" }, "message": "treewide: remove redundant loop vars\n\nChange-Id: I61bada9e3df38e6a94cd6c8fe2d0d8f3ba41c1af\nReviewed-on: https://review.monogon.dev/c/monogon/+/2955\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "6211e4dc404a285d858e1ecc69ac488c9cabb96b", "tree": "ff3b84efffb58982e0e55e61ed7fceb5df9609dc", "parents": [ "2ac249bf8e571ae7fd134b586ff9c87dce520956" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Nov 14 19:09:40 2023 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Apr 15 14:45:53 2024 +0000" }, "message": "treewide: k8s 1.28 and lots related updates\n\nFirst, this contains a bunch of dependency updates. Important ones in no\nparticular order:\nKubernetes 1.24.2 -\u003e 1.28.8\netcd 3.5.4 -\u003e 3.5.13\nProtobuf 1.32.0 -\u003e 1.33.0\nOpenTelemetry 0.20.0 -\u003e 1.20.0\ncontainerd 1.6.6 -\u003e 1.7.15\nCoreDNS 1.9.2 -\u003e 1.11.1\n\nWith Kubernetes 1.25 PodSecurityPolicies are removed, this replaces them\nwith a static PodSecurity admission configuration which behaves the same\nor is slightly more permissive in most ways. Only known exceptions are\nthat NET_RAW is no longer an allowed permission and non-standard SELinux\nlabels are no longer permitted (but these never did anything anyways).\nThe RBAC policies are intentionally not removed yet as we do not yet\nhave the capability to actually update these, so they will be removed\nwhen that is available (#288), until then they will stay in-place but\ndo nothing.\n\nWith the containerd upgrade the deprecated option for ignoring\npreseeded/pinned images for garbage collection in Kubelet can be\nremoved.\n\nThis change also contains some drive-by fixes to the controller-manager,\nlike passing the Service IP net and disabling cloud-related control\nloops which generate spurious warnings if enabled.\n\nThe containerd tracing patch is removed as we can now use OTel v1, thus\nthat patch is no longer necessary.\n\nAn actual upgrade test will be part of a future CL as this one is\nalready quite large and it works stand-alone.\n\nCo-authored-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\nChange-Id: I8e5f51e6e6240a1b67590458b2f1c24d58c8e91e\nReviewed-on: https://review.monogon.dev/c/monogon/+/2315\nTested-by: Jenkins CI\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\n" }, { "commit": "7f72748c67df593b110176422d27be878a7a37f4", "tree": "75a621c3ae4ec5daf0d90dffcf298583ef3240c9", "parents": [ "23e5230930b482807be2f7fd29c6f14badf3ad0f" ], "author": { "name": "Jan Schär", "email": "jan@jschaer.ch", "time": "Mon Mar 25 13:03:51 2024 +0100" }, "committer": { "name": "Jan Schär", "email": "jan@jschaer.ch", "time": "Mon Mar 25 19:41:38 2024 +0000" }, "message": "m/n/k/reconciler: refactor resource interface\n\nReplace interface{} with meta.Object, an interface which provides \naccessors for and is implemented by meta.ObjectMeta. List now returns \nthe objects themselves instead of their names. This makes the reconciler \nslightly less generic, as it now only supports kubernetes objects.\n\nThis is a refactoring in preparation for implementing updates in the \nreconciler. There should be no change in behavior.\n\nChange-Id: I97a4b1c0166a1e6fd0f247ee04e7c44cff570fd7\nReviewed-on: https://review.monogon.dev/c/monogon/+/2891\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\nVouch-Run-CI: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "456961d6589c1afec75954ca94ed631e1f380566", "tree": "ac99bfa39deefe0f4aca7478077a66ef8b7c9d74", "parents": [ "1e90c6d29a4af63fa01b472b7a49bdba256797b2" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Feb 20 13:18:26 2024 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Feb 20 18:12:12 2024 +0000" }, "message": "m/n/k/reconciler: set fsGroupPolicy for CSI driver\n\nThis fixes an issue where kubelet did not apply fsGroupChangePolicy due\nto questionable capability detection code with the default\nfsGroupPolicy. Setting this to the File policy asserts that this driver\nalways supports ownership changes and thus bypasses that Kubernetes\ncapability detection code.\n\nChange-Id: I4799a01561af4f3d9c0de7a6040fd5f9db784d3e\nReviewed-on: https://review.monogon.dev/c/monogon/+/2784\nTested-by: Jenkins CI\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\n" }, { "commit": "2cfafc9a4c34152dd93b58aa82df1720fb4dd6d6", "tree": "7a944999ab576f4b421651c2c4d513b0b572a1be", "parents": [ "d0be371ea905c3729f98d91d255d775b7c5193d3" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Mar 21 16:42:47 2023 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Apr 13 14:03:02 2023 +0000" }, "message": "metropolis/node/kubernetes: move worker services to KubernetesWorker nodes\n\nThis finalizes the Big Split. After this change, nodes will only run a\nkubelet (and related services) if they have a KubernetesWorker role\nattached.\n\nThe first node in a new cluster now starts out with KubernetesController\nand ConsensusMember. All joined nodes start with no roles attached.\n\nChange-Id: I25a059318450b7d2dd3c19f3653fc15367867693\nReviewed-on: https://review.monogon.dev/c/monogon/+/1380\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "356cbf3e49af75d9cccf92fd8d0a3236727f6761", "tree": "a8865bc1422fdde0d8f5a63f8e7e100156dccfeb", "parents": [ "f9bdf3126488a2728e265a2b28cba564c8072e04" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Mar 16 17:52:20 2023 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Mar 16 21:22:24 2023 +0000" }, "message": "m/n/kubernetes: run reconciler before starting more services\n\nThis makes sure we successfully ran the reconciler at least once before\nattempting to running more than the apiserver. It saves us from a whole\nbunch of services complaining about not having the right permissions to\n(yet) access the cluster.\n\nChange-Id: I605eae9d6bbcc16a9dcb971caa26ee56a06e5d5b\nReviewed-on: https://review.monogon.dev/c/monogon/+/1358\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "d13c1c64387ca9a83bb832a3faa5c4b07268d265", "tree": "0c0f534db4726e4400486aad25235e8c573d455e", "parents": [ "79a1a8f9dd49afe8e0a2364c4586b8f39525b204" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Mar 30 19:58:58 2022 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Apr 05 10:35:29 2022 +0000" }, "message": "treewide: switch to gomod and bump everything\n\nThis switches version resolution from fietsje to gomod and updates\nall Go dependencies. It also bumps rules_go (required by gVisor) and\nswitches the Gazelle naming convention from go_default_xxx to the\nstandard Bazel convention of the default target having the package\nname.\n\nSince Kubernetes dropped upstream Bazel support and doesn\u0027t check in\nall generated files I manually pregenerated the OpenAPI spec. This\nshould be fixed, but because of the already-huge scope of this CL\nand the rebase complexity this is not in here.\n\nChange-Id: Iec8ea613d06946882426c2f9fad5bda7e8aaf833\nReviewed-on: https://review.monogon.dev/c/monogon/+/639\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "cc078df2124306799c66786833746999259ea792", "tree": "43807fcfec2196430b4bd4def124dad2231451db", "parents": [ "8c2c771a750f30b3edf240fc8352e777795e989b" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Dec 23 11:51:55 2021 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Feb 02 14:07:37 2022 +0000" }, "message": "m/n/kubernetes: implement Metropolis authenticating proxy\n\nThis implements an authenticating proxy for K8s which can authenticate\nMetropolis credentials and passes the extracted identity information\nback to the Kubernetes API server. It currently only handles user\nauthentication, machine-to-machine authentication is still done by the\nAPI server itself. It also adds a role binding to allow full access\nto the owner as we do not have an identity system yet.\n\nChange-Id: I02043924bb7ce7a1acdb826dad2d27a4c2008136\nReviewed-on: https://review.monogon.dev/c/monogon/+/509\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "216fe7b3ae949376467f626f339423a31ea7da97", "tree": "b0fe587b671a76bf6229339825d2a61df7fc847b", "parents": [ "6ebdc418f3c4799c12368e34ea78dc9c9757fb54" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Fri May 21 18:36:16 2021 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Fri May 28 17:54:03 2021 +0200" }, "message": "*: reflow comments to 80 characters\n\nThis reformats the entire Metropolis codebase to have comments no longer\nthan 80 characters, implementing CR/66.\n\nThis has been done half manually, as we don\u0027t have a good integration\nbetween commentwrap/Bazel, but that can be implemented if we decide to\ngo for this tool/limit.\n\nChange-Id: If1fff0b093ef806f5dc00551c11506e8290379d0\n" }, { "commit": "31370b07f0df2dc2765d812d4ce00a6b35185b16", "tree": "15563902eee9591083284441c8505b084b275d0a", "parents": [ "313816f41244d7520eb2b6f8c231328ee5b7a4ef" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Jan 07 16:31:14 2021 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Jan 07 16:31:14 2021 +0100" }, "message": "*: git.monogon.dev -\u003e source.monogon.dev\n\nThis implements T882, setting our (virtual) GOPATH to source.monogon.dev\nfor this repository.\n\nTest Plan: Refactor, CI only.\n\nX-Origin-Diff: phab/D686\nGitOrigin-RevId: c5e2309089948ffc3a98e68e2e0e1cbb157d3a36\n" }, { "commit": "549b72b2d65051403301f53111509f77e88b379b", "tree": "b4e523d5d17e8130545e58b58870b4a18118a780", "parents": [ "696f39abb19ffcca03e9fc5a98681338216b1e7f" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Jan 07 14:54:19 2021 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Jan 07 14:54:19 2021 +0100" }, "message": "metropolis: unify utility packages\n\nOne last sweeping rename / reshuffle.\n\nWe get rid of //metropolis/node/common and //golibs, unifying them into\na single //metropolis/pkg meta-package.\n\nThis is to be documented somwhere properly, but here\u0027s the new logic\nbehind selecting where to place a new library package:\n\n - if it\u0027s specific to k8s-on-metropolis, put it in\n //metropolis/node/kubernetes/*. This is a self-contained tree that\n other paths cannot import from.\n - if it\u0027s a big new subsystem of the metropolis core, put it in\n //metropolis/node/core. This can be imported by anything in\n //m/n (eg the Kubernetes code at //m/n/kubernetes\n - otherwise, treat it as generic library that\u0027s part of the metropolis\n project, and put it in //metropolis/pkg. This can be imported by\n anything within //metropolis.\n\nThis will be followed up by a diff that updates visibility rules.\n\nTest Plan: Pure refactor, CI only.\n\nX-Origin-Diff: phab/D683\nGitOrigin-RevId: 883e7f09a7d22d64e966d07bbe839454ed081c79\n" }, { "commit": "662b5b3119b0798980b887d1ef9fa1b5632aa7fb", "tree": "3e1fc4ab033530e6d579112ba500d2c6edb43368", "parents": [ "39f2f691726dc6e0a291aa8609085b835a313dad" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Dec 21 13:49:00 2020 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Dec 21 13:49:00 2020 +0100" }, "message": "smalltown -\u003e metropolis\n\nThis pass removes all mentions of Smalltown, both from code and comments,\nand replaces them with appropriate new terminology.\n\nTest Plan: Refactor, covered by CI.\n\nX-Origin-Diff: phab/D674\nGitOrigin-RevId: 04a94d44ef07d46f7821530da5614daefe16d7ea\n" }, { "commit": "77cb6c5ec3acadf02ad5005dd751cfbf0ec1602f", "tree": "7ddfcdf78c489a5d6fad7a20bd3580d803407450", "parents": [ "26d41999e0c71813648c16ad84bba810c3b9d593" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Sat Dec 19 00:09:22 2020 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Sat Dec 19 00:09:22 2020 +0100" }, "message": "core -\u003e metropolis\n\nSmalltown is now called Metropolis!\n\nThis is the first commit in a series of cleanup commits that prepare us\nfor an open source release. This one just some Bazel packages around to\nfollow a stricter directory layout.\n\nAll of Metropolis now lives in `//metropolis`.\n\nAll of Metropolis Node code now lives in `//metropolis/node`.\n\nAll of the main /init now lives in `//m/n/core`.\n\nAll of the Kubernetes functionality/glue now lives in `//m/n/kubernetes`.\n\nNext steps:\n - hunt down all references to Smalltown and replace them appropriately\n - narrow down visibility rules\n - document new code organization\n - move `//build/toolchain` to `//monogon/build/toolchain`\n - do another cleanup pass between `//golibs` and\n `//monogon/node/{core,common}`.\n - remove `//delta` and `//anubis`\n\nFixes T799.\n\nTest Plan: Just a very large refactor. CI should help us out here.\n\nBug: T799\n\nX-Origin-Diff: phab/D667\nGitOrigin-RevId: 6029b8d4edc42325d50042596b639e8b122d0ded\n" } ] }