)]}' { "log": [ { "commit": "2cfafc9a4c34152dd93b58aa82df1720fb4dd6d6", "tree": "7a944999ab576f4b421651c2c4d513b0b572a1be", "parents": [ "d0be371ea905c3729f98d91d255d775b7c5193d3" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Mar 21 16:42:47 2023 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Apr 13 14:03:02 2023 +0000" }, "message": "metropolis/node/kubernetes: move worker services to KubernetesWorker nodes\n\nThis finalizes the Big Split. After this change, nodes will only run a\nkubelet (and related services) if they have a KubernetesWorker role\nattached.\n\nThe first node in a new cluster now starts out with KubernetesController\nand ConsensusMember. All joined nodes start with no roles attached.\n\nChange-Id: I25a059318450b7d2dd3c19f3653fc15367867693\nReviewed-on: https://review.monogon.dev/c/monogon/+/1380\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "9104e381ab7a2c90087843de00204eed9ed7cf99", "tree": "73bd733d7615f660d33ee8cae514782b66b53734", "parents": [ "c09cca0e59c56f054a2f47872e54f83cad288c31" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Apr 04 20:08:21 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Apr 06 14:19:04 2023 +0000" }, "message": "metropolis/test/e2e: add self-test image for networking\n\nWe don\u0027t have any networking tests in our E2E tests. This adds an image\nwhich de-facto implements one. Or at least, will implement one once we\nmove to split workers/controllers and contacting a Kubernetes apiserver\nfrom a pod will mean we\u0027re actually testing cross-node traffic.\n\nChange-Id: I3d7be3824ac041d72e1c19cd468d30dbcb71fa03\nReviewed-on: https://review.monogon.dev/c/monogon/+/1481\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "630fb5c5349b13330b7de6f8300b495b801db061", "tree": "9d946ba0dd34a6ba0567f4f7120174797e29a8fe", "parents": [ "1fb2b10801eb4ea56a1e00f174923ec83f039623" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Apr 06 10:50:24 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Apr 06 09:55:51 2023 +0000" }, "message": "m/test/e2e: deflake\n\nNow that nodes don\u0027t heartbeat before they have critical ESP data\npersisted, we can simply make sure they heartbeat before any disruptive\nreboot and that will remove our biggest source of flakiness in E2E\ntests.\n\nChange-Id: I9d4483015341157af6b27c8bd98f5df64da229d2\nReviewed-on: https://review.monogon.dev/c/monogon/+/1499\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "8535cb5bc5437960430ff94d3ea7280ccf931340", "tree": "57edb5cf064ad8b43aef52c1bbb974dd5cce7c26", "parents": [ "30fd15406e2c9cba7391f6af96c775b313a115fa" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Mar 29 14:15:08 2023 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Mar 29 17:18:22 2023 +0000" }, "message": "m/n/core/rpc: implement node verification in authenticated connections\n\nThe current API of NewAuthenticatedCredentials is not easily extensible,\nso switch over to such an API now.\n\nThis then adds a WantRemoteNode option which verifies that the remote\nconnection is established to a node with a given ID.\n\nChange-Id: Ie9f6b33d8b032729181bae5591eba9856ea2f523\nReviewed-on: https://review.monogon.dev/c/monogon/+/1427\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "05f813bf2d311f94dbc8021a85b37ff7c2e33242", "tree": "861772847ef842bbdc362224c442a7679b8b10f2", "parents": [ "cc4e96aed59648a3c4ac3faf3755deff4bb7f656" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Mar 16 17:58:39 2023 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Mar 16 20:52:16 2023 +0000" }, "message": "m/test/e2e: use concise-style logging\n\nMaking our test logs look like LogEntry.ConciseString() means we have\nsignificantly more readable test logs.\n\nChange-Id: I0b1eab6a5a837bb2001f3b32779c23df2feaa381\nReviewed-on: https://review.monogon.dev/c/monogon/+/1362\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "591d808678b9770bd579509928997dc5494806e8", "tree": "3afd01fdd280f279610160141c6ef1b02debb119", "parents": [ "cf23ebc1afc53f93d56a0fd33209db7b033a991a" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Mar 16 00:26:59 2023 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Mar 16 13:41:02 2023 +0000" }, "message": "m/test/e2e: stop downloading container images\n\nHaving tests rely on The Internet isn\u0027t great, having tests rely on the\nDockercorp registry is even worse. Instead, let\u0027s test everything using\nthe preseed_test image.\n\nChange-Id: Ib82ce266592e9c6d2f0d4597abcc114c12746b1f\nReviewed-on: https://review.monogon.dev/c/monogon/+/1338\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "97f212c1d25424a099b6a2ff52e0464a2755f11e", "tree": "f5da74b0ac98113b684f51c98946d405fbeacb77", "parents": [ "6294854ace5e06e3b731878544eb39f5351de66d" ], "author": { "name": "Leopold", "email": "leo@monogon.tech", "time": "Sat Jan 21 19:06:34 2023 +0100" }, "committer": { "name": "Leopold Schabel", "email": "leo@monogon.tech", "time": "Tue Jan 24 16:16:59 2023 +0000" }, "message": "build/ci: mark supervisor and e2e tests as flaky\n\nChange-Id: I56459eac238d3ecc5c8429226cab1c32ceb2e0c4\nReviewed-on: https://review.monogon.dev/c/monogon/+/1088\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "ddf19b4b194936cc310eae9fc5c01bedcedbb900", "tree": "9eb4a4760f926cfa78b227c782ed306961049ab9", "parents": [ "5055d727cdcf6692d0049a8963ec56ac3401721b" ], "author": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Wed Jun 22 12:27:37 2022 +0200" }, "committer": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Thu Jun 23 16:23:08 2022 +0000" }, "message": "m/t/e2e: move testEventual to common test util pkg\n\ntestEventual, among other implementation, will be reused in metroctl\ntests.\n\nChange-Id: I24df31a72034b707e3906889e7a569c8e97669ad\nReviewed-on: https://review.monogon.dev/c/monogon/+/788\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "78cefcafa315af20d9f603fefd1423fe7bab7483", "tree": "b5d8ab0ce4652e30ace81c0cedf64b847260612d", "parents": [ "4025c9bf83aa038c8858c82bc80bd65acecd7210" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Jun 20 12:59:55 2022 +0000" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Jun 21 11:44:25 2022 +0000" }, "message": "m/n/kubernetes: factor out cluster domain\n\nThis removes the hardcoded Kubernetes cluster domain and pushes it out\nto a single place at the root of the Kubernetes supervisor tree.\nThis will later be aligned with the cluster domain specified in the\nidentity design document, currently this does not change any behavior.\n\nIt also removes a bogous SAN from the Kubernetes API server certificate\n(kubernetes.default.svc.cluster) for which there is no corresponding\nsearch path.\n\nChange-Id: I30b8907a7b846415f5002c09a24d2d37930a9cd1\nReviewed-on: https://review.monogon.dev/c/monogon/+/773\nTested-by: Jenkins CI\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "32b192929c34e408bec6286de471313a4cfce5e2", "tree": "5a05f888581a3749ede7f09340119171422150e2", "parents": [ "08cb464d60f859ad029a52abe161cae02a0bf405" ], "author": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Tue May 17 13:26:55 2022 +0200" }, "committer": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Fri May 27 10:24:27 2022 +0000" }, "message": "m/n/core: implement node heartbeats\n\nThis change introduces cluster member node health monitoring by\nimplementing a bidirectional RPC stream the nodes will periodically\nsend their heartbeat updates through. Management.GetNodes call was\nmodified to include the new node health information.\n\nRelevant data available through the management API is non-persistent,\nand stored within current Curator leader\u0027s local state. As such, it\nwill become briefly unavailable in an event of leader re-election. The\ninformation returned, however, is guaranteed to be correct.\n\nChange-Id: I916ac48f496941a7decc09d672ecf72a914b0d88\nReviewed-on: https://review.monogon.dev/c/monogon/+/694\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "0246f5eb3a48f8a521ab20d776b923fcf0af6e1c", "tree": "73ff4458a28566fa580c116958aeceb222d7e4ac", "parents": [ "2930e9966deca2ebcb9b497d4d133ffb6258ed87" ], "author": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Fri Apr 22 17:29:04 2022 +0200" }, "committer": { "name": "Mateusz Zalega", "email": "mateusz@monogon.tech", "time": "Tue May 03 12:11:19 2022 +0000" }, "message": "m/test: implement non-transient QEMU VMs\n\nThis patch reworks the launch code, enabling rebooting of cluster\nmember VMs, while precluding erasure of their transient state (disk\nimage, OVMF firmware variables, TPM state, MAC address).\n\nRebootNode method included in this patch is cluster-aware in the sense\nthat it blocks until the node has re-joined the cluster.\n\nChange-Id: Ie1236297d214399e927a67295200f8b8879a5b39\nReviewed-on: https://review.monogon.dev/c/monogon/+/664\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "be74284cb84581b7217a934d2a771edb7c948223", "tree": "c943b51d32f0f0c0f81b97faa4660a9099b3caee", "parents": [ "fe7134b0b25b620b6f40b1f41f37ab93fca6d3c0" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Apr 04 13:18:50 2022 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Wed Apr 06 09:52:24 2022 +0000" }, "message": "m/test: implement SOCKS proxy in cluster tests\n\nThis uses the new socksproxy package to run a proxy server in the\nnanoswitch, and uses it within tests to access the test cluster\u0027s nodes.\n\nThe cluster test code (and nanoswitch) still forward traffic to the\nfirst node, but this will be gradually removed as SOCKS support is\nimplemented in metroctl and the debug tool. Forwards from host ports to\ndifferent node can then be implemented as part of the dbg tool (instead\nof the cluster launch code) to maintain a simple interface during debug\nand development.\n\nWe also use the opportunity to make the non-cluster launch code not\nMetropolis specific (by removing an assumption that all ports on all\nnodes are Metropolis ports). In the long term, we will probably remove\nnon-cluster launches entirely (or further turn this code into just being\na \u0027launch qemu\u0027 wrapper).\n\nChange-Id: I9b321bde95ba74fbfaa695eaaad8f9974aba5372\nReviewed-on: https://review.monogon.dev/c/monogon/+/648\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "d13c1c64387ca9a83bb832a3faa5c4b07268d265", "tree": "0c0f534db4726e4400486aad25235e8c573d455e", "parents": [ "79a1a8f9dd49afe8e0a2364c4586b8f39525b204" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Mar 30 19:58:58 2022 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Apr 05 10:35:29 2022 +0000" }, "message": "treewide: switch to gomod and bump everything\n\nThis switches version resolution from fietsje to gomod and updates\nall Go dependencies. It also bumps rules_go (required by gVisor) and\nswitches the Gazelle naming convention from go_default_xxx to the\nstandard Bazel convention of the default target having the package\nname.\n\nSince Kubernetes dropped upstream Bazel support and doesn\u0027t check in\nall generated files I manually pregenerated the OpenAPI spec. This\nshould be fixed, but because of the already-huge scope of this CL\nand the rebase complexity this is not in here.\n\nChange-Id: Iec8ea613d06946882426c2f9fad5bda7e8aaf833\nReviewed-on: https://review.monogon.dev/c/monogon/+/639\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "6dff6d6a57b999eb91f1b9cf956e2ebc18c2defd", "tree": "4db4fa350e81b0fc52db7cf81f4c620114b28d18", "parents": [ "636032e843efcdef0716ed9956f40642d07b8d4c" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Fri Jan 28 18:15:14 2022 +0100" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Wed Feb 23 16:15:54 2022 +0000" }, "message": "m/n/roleserve: reactive service management\n\nBottom line up first: this starts etcd, the curator and Kubernetes on\nnodes that register into the cluster. Effectively, this is multi-node\nsupport.\n\nThis significantly refactors the node roleserver to start both the\ncontrol plane and Kubernetes on demand, based on roles assigned by the\ncluster (or due to bootstrapping a new cluster). Most importantly, we\npretty much remove all cluster-bootstrapping code from the node startup\nprocess, thereby making the first node and any subsequent nodes not go\nthrough different codepaths.\n\nIn addition, access to the cluster Curators is now also mediated via\nthe roleserver, which is the component aware whether the node code\nshould connect to the local curator (if the control plane is running) or\nto remote curators (if the control plane is not [yet] running).\n\nThis implementation is a bit verbose as we make heavy use of untyped\nEvent Values, and we add quite a few lines repeated of code to combine\ndata from different values into something that a goroutine can wait on.\nOnce Go 1.18 lands we should be able to make this code much nicer.\n\nThere\u0027s still a few things that need to be implemented for all flows to\nbe working fully (notably, we can end up with stale curator clients,\ncurator clients are not load balanced across multiple curators, and\ncluster directories for connecting to the curator do not get updated\nafter startup). However, these are all features that we should be able\nto easily implement once this lands.\n\nCurrently this is only covered by the e2e test. The individual workers\nwithin roleserver should be able to be independently tested, and this is\nsomething I plan on doing very soon as another change on top, while this\none is being reviewed.\n\nWith time, the two large startup components (the cluster \"enrolment\"\nmanager and the roleserver) have slightly lost their original purpose\nand their names aren\u0027t exactly fitting anymore. I might rename them in\nan upcoming change, if anyone has any good naming ideas I\u0027m all ears :).\n\nChange-Id: Iaf0fc9f6fdd2122e6aae19607be1648382063e66\nReviewed-on: https://review.monogon.dev/c/monogon/+/532\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "cc078df2124306799c66786833746999259ea792", "tree": "43807fcfec2196430b4bd4def124dad2231451db", "parents": [ "8c2c771a750f30b3edf240fc8352e777795e989b" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Dec 23 11:51:55 2021 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Feb 02 14:07:37 2022 +0000" }, "message": "m/n/kubernetes: implement Metropolis authenticating proxy\n\nThis implements an authenticating proxy for K8s which can authenticate\nMetropolis credentials and passes the extracted identity information\nback to the Kubernetes API server. It currently only handles user\nauthentication, machine-to-machine authentication is still done by the\nAPI server itself. It also adds a role binding to allow full access\nto the owner as we do not have an identity system yet.\n\nChange-Id: I02043924bb7ce7a1acdb826dad2d27a4c2008136\nReviewed-on: https://review.monogon.dev/c/monogon/+/509\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "e78a08987e48aa5d9f77954886b7cc544f218638", "tree": "77d91020801cf19d2979db69495e40f3aeb889d5", "parents": [ "957c5b142abf8976c212ae013e6c36c4ff80f6c8" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Oct 07 17:03:49 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Thu Dec 09 17:51:43 2021 +0000" }, "message": "m/n/c/cluster: implement register flow\n\nChange-Id: I197cbfa96d34c9912c7fc19710db25276e7440fc\nReviewed-on: https://review.monogon.dev/c/monogon/+/454\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "66e589595ecbefdc1466ea5e98e9c237e3300f8e", "tree": "c5bf14131ce984dea96ee6825c12b5e3cf7a342a", "parents": [ "a1a96b454eb3c21d03b7f95f1917dd6ce1b84b8a" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Oct 05 17:06:56 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Mon Oct 11 13:27:02 2021 +0000" }, "message": "m/test: refactor cluster launch code, use for e2e tests\n\nThis is a light dust-off pass for the existing cluster launch code.\nNotably, we separate Metropolis-specific code into a subpackage\n(allowing us to make the package itself depend on the required\nnode/kernel images, without introducing dependency loops or unnecessary\ndependencies on the Metropolis node image).\n\nWe also make the LaunchCluster code return an already authenticated\nManagement client, and subsequent changes will use this client to add\nmore nodes to the running cluster.\n\nWe then move the E2E test to use LaunchCluster instead of LaunchNode, in\npreparation for running a multi-node cluster in the E2E test.\n\nWe also add some more log calls and clean up the existing ones to make\nit clear which subsystem (launch, launch/cluster or e2e) is respondible\nfor each message.\n\nChange-Id: I838bdc75073831fe94b9cdcef4fb3ab6bf8cba2c\nReviewed-on: https://review.monogon.dev/c/monogon/+/343\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "bf68fa9d8cbf6d283da8d538c1f28d8f53df0fcd", "tree": "d62cda0e060b4376dec815629f72e1661d77a73f", "parents": [ "bc671d09b9cdeb420260797c22020aa12059eb36" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Oct 05 17:53:58 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Wed Oct 06 14:50:09 2021 +0000" }, "message": "m/n/c/roleserve: implement ClusterAgent\n\nThe ClusterAgent is a runnable that is scheduled to run on all cluster\nnodes. It\u0027s currently used to report the current node status to the\nCluster, and in the future can be used to implement hearbeat detection\nfor nodes.\n\nChange-Id: Iff394e2cc37064d1e42fd27e40884dda83d88418\nReviewed-on: https://review.monogon.dev/c/monogon/+/341\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "d7d6e0284de38cbeeb185ca17c0853b4b2c10ee9", "tree": "37e0b443caf904f0b78d423ba6580c1416f5bc11", "parents": [ "9ffa1f9577003ab70a6b483475874f3552d1ccc3" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Sep 01 15:03:06 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Fri Sep 03 11:15:40 2021 +0000" }, "message": "m/n/core/rpc: create library for common gRPC functions\n\nThis is the beginning of consolidating all gRPC-related code into a\nsingle package.\n\nWe also run the Curator service publicly and place it behind a new\nauthorization permission bit. This is in preparation for Curator\nfollowers needing access to this Service.\n\nSome of the service split and authorization options are likely to be\nchanged in the future (I\u0027m considering renaming Curator to something\nelse, or at least clearly stating that it\u0027s a node-to-node service).\n\nChange-Id: I0a4a57da15b35688aefe7bf669ba6342d46aa3f5\nReviewed-on: https://review.monogon.dev/c/monogon/+/316\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "1f9a03b3f952320824b1ae49e56da3cb814cd5b0", "tree": "315ea3ca5711b2dca9173dcf825c18e031affa84", "parents": [ "b9044c888097757c36933062f27b5f5ee103ee5f" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Aug 17 13:40:53 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Tue Aug 24 17:26:20 2021 +0000" }, "message": "m/test/e2e: retrieve owner credentials in e2e test\n\nThis exercises AAA.Escrow for the initial cluster owner within our large\ne2e test suite. The certificate retrieved this way is not yet used, but\nis verified to be emitted for the correct public key.\n\nChange-Id: Id33178cd223e3180d6f834c6fac94d6d657d5349\nReviewed-on: https://review.monogon.dev/c/monogon/+/290\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "216fe7b3ae949376467f626f339423a31ea7da97", "tree": "b0fe587b671a76bf6229339825d2a61df7fc847b", "parents": [ "6ebdc418f3c4799c12368e34ea78dc9c9757fb54" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Fri May 21 18:36:16 2021 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Fri May 28 17:54:03 2021 +0200" }, "message": "*: reflow comments to 80 characters\n\nThis reformats the entire Metropolis codebase to have comments no longer\nthan 80 characters, implementing CR/66.\n\nThis has been done half manually, as we don\u0027t have a good integration\nbetween commentwrap/Bazel, but that can be implemented if we decide to\ngo for this tool/limit.\n\nChange-Id: If1fff0b093ef806f5dc00551c11506e8290379d0\n" }, { "commit": "f055a7fce0263a30fd2c853b5ed002a765fc23e8", "tree": "de2dc0daeebfc7ecce2b1987ffb13eb4f2475088", "parents": [ "2666513457e8d7a282560a7090f35439ab9695ce" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue Apr 13 16:22:33 2021 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Apr 14 14:35:09 2021 +0200" }, "message": "third_party/linux: build using unhermetic rule\n\nThis replaces ad-hoc genrules (for the node Linux image and the ktest\nimage) with a real Bazel rule with an attached transition which ensures\nwe end up with the same-ish configurations for all builds of an image.\n\nThis reduces rebuilds of the ktest Linux kernel, from three down to one.\n\nBefore: https://drive.google.com/file/d/1c6VmY2bqx9Pgs61TOUfgMi8Sn0WQeobu/view\n\nAfter: https://drive.google.com/file/d/13eO1rLhoBCMMRUKrmJz8QnhdAR3ctIGb/view\n\nWe also drive-by fix the Kubernetes CTS test suite to run on a single-node\nCluster (instead of failing early due to that being currently reworked).\n\nTest Plan: Build system refactor, following existing test.\n\nX-Origin-Diff: phab/D761\nGitOrigin-RevId: b5545ac5fd402fbf0340d941a90b9ea6ea0b6d43\n" }, { "commit": "37050126ef89ec30cc677c272471debe55ec0d69", "tree": "c64a64a622ec1c3e1e72fc12a6d4252c0e803cc1", "parents": [ "2999427c182463840a339cf0e82885d8a3b6e79f" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue Mar 30 14:00:27 2021 +0200" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue Apr 13 11:04:01 2021 +0200" }, "message": "Implement Block PVCs in our storage backend\n\nThis implements full support for Block PVCs in our Kubernetes storage backend.\nThe block PVCs are backed by files made available to the pods using loop devices and\nhave read-only and online expansion support.\n\nThis also requires a Kubernetes patch because they call losetup if block PVCs are used\nwith CSI to establish a form of lock on the backing block device. This lock is not\nexclusive and does absolutely nothing for our use case and could get very expensive\non dense machines so I removed it.\n\nTest Plan: Comes with E2E tests\n\nX-Origin-Diff: phab/D746\nGitOrigin-RevId: 430d3f445286c0d3498b2153df333a19f3fcab89\n" }, { "commit": "30167f5cf55829d38f9d480466d7b5742c62a5fc", "tree": "fd89a3bb8a1c08b10d870a6b185b2deffa131cac", "parents": [ "9956e72c6c0b4f6436dc9493bc213965ee0cc191" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Mar 17 17:49:01 2021 +0100" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue Apr 13 11:03:56 2021 +0200" }, "message": "Add VM infrastructure smoke test\n\nThis adds an E2E test which exercises the VM infrastructure (Kubernetes, KVM device plugin and QEMU).\nThis test should ensure that nobody breaks the core infrastructure Metropolis VMs rely on.\n\nTest Plan: This is a test\n\nX-Origin-Diff: phab/D740\nGitOrigin-RevId: ddf629725dfb664ace5a50efee9ed9442962d6f7\n" }, { "commit": "0ed2f96a3a86aff2c9ce36289aa5d58a75f4d59b", "tree": "afbe1fb6cd0a1667e981edfe97969338437bdaca", "parents": [ "056042962060369bd7607ecfea51c515fc3a8140" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Mar 15 16:39:30 2021 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Mar 15 16:39:30 2021 +0100" }, "message": "metropolis/proto: EnrolmentConfig -\u003e NodeParameters\n\nThis starts off the move to a node configuration API conforming to\nthe lifecycle management design document.\n\nInstead of an Enrolment Config used only to join an existing cluster, we\nmove to a NodeParameters proto that must always be given to a node if\nit\u0027s supposed to either bootstrap a new cluster or join an existing one.\n\nThis links the existing cluster management code (and its state machine)\nto work with this file. However, that state machine will be removed very\nsoon, anyway.\n\nWe also remove everything related to golden tickets.\n\nThis breaks multi-node tests.\n\nX-Origin-Diff: phab/D710\nGitOrigin-RevId: f22615fbccab975f2d5e6928bdc7387ab3aa5714\n" }, { "commit": "19eb0006edc79edc53fb53ea0eed67e93f4c8eba", "tree": "704a52ab75bde43409d80246cf23bce6b6be3467", "parents": [ "842536b10bd1b11e62317940feef215442a8ecb4" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Jan 21 14:25:25 2021 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Jan 21 14:25:25 2021 +0100" }, "message": "third_party: bump Kubernetes to 1.19.7\n\nThis... didn\u0027t exactly go well. Turns out a change between rc.1 and rc.2\nbroke our runc runtime by enabling seccomp by default for pod sandboxes.\n\nWe work around this by reverting this change, and filing T916 to solve\nthis soon.\n\nThis fixes T910 and T909.\n\nTest Plan: kube bump, CI should run e2e, didn\u0027t run CTS.\n\nBug: T910, T909\n\nX-Origin-Diff: phab/D691\nGitOrigin-RevId: 78afca77c294895859e0af9150128d82677d875b\n" }, { "commit": "f12bedfa4cd144c3abc4deac58405067d55f9c87", "tree": "ddbc408e424a0ea8e446bcf0022ee16278202d63", "parents": [ "c3ad846e0eaf4cf008130a643ff247aa27531e17" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Fri Jan 15 16:58:50 2021 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Fri Jan 15 16:58:50 2021 +0100" }, "message": "*: bump up Go dependencies\n\nThis started off as \u0027let\u0027s bump gVisor\u0027. However, pulling that thread\nresulted in quite a few things that also required bumping for the build\nto actually work. Here I come back from a day in the Bazel mines,\nbearing fruits of my labor.\n\nNotable changes:\n\n - bump up gVisor\n - bump up containerd\n - bump up Bazel\n - bump up rules_go, rules_docker, Gazelle\n - use google.golang.org/protobuf (the \u0027new\u0027 go proto package)\n - bump up gRPC (but not too much, as go-etcd is still straggling)\n\nNotable effects:\n\n - new gVisor supports TTY allocation (kubectl run -it\n --image\u003dubuntu:20.04 ubuntu bash now works!)\n\nNotable notes:\n\n - gVisor shim has new been rolled into the main gVisor package and is\n slightly easier to build (we can get rid of a bunch of patches).\n - Opencontainers\u0027 runtime-specs now follow containerd instead of gVisor\n - gVisor had to be taught to use the slightly newer runtime-specs via a\n new patch.\n - go_rule() in Starlark is now deprecated, and we had to change our\n Starlark rule definitions to use rule() instead. We also had to patch\n gVisor to do that (as there hasn\u0027t yet been a release that rolled\n this up).\n - Gazelle now supports different naming schemes for generated Go\n targets - either the old //foo/bar:go_default_library scheme, or a\n new and nicer //foo/bar:bar scheme. We currently force the usage of\n the old scheme, as switching over is probably not going to be easy\n (we use a lot of external Bazel files, and we have to wait for their\n compatibility with the new scheme first).\n - New Bazel/rules_go sets a TMPDIR long enough to generate paths (via\n ioutil.TempDir) to which sockets cannot be bound (108-byte limit).\n - The new protobuf API is incompatible with gogoproto. containerd/ttrpc\n uses gogoproto, but we are smart enough to pull in the old protobuf\n library as gogoproto\u0027s transitive dep. However, ttrpc also wants to\n use some proto-generated grpc bits, and that doesn\u0027t work. We have to\n pull in a ttrpc fork from a PR that hasn\u0027t yet been merged that fixes\n this issue.\n\nTest Plan: Refactor only, should be covered by tests.\n\nX-Origin-Diff: phab/D689\nGitOrigin-RevId: 1188c0605d25e7f40307fab5fd96e7019f3a9171\n" }, { "commit": "31370b07f0df2dc2765d812d4ce00a6b35185b16", "tree": "15563902eee9591083284441c8505b084b275d0a", "parents": [ "313816f41244d7520eb2b6f8c231328ee5b7a4ef" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Jan 07 16:31:14 2021 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Jan 07 16:31:14 2021 +0100" }, "message": "*: git.monogon.dev -\u003e source.monogon.dev\n\nThis implements T882, setting our (virtual) GOPATH to source.monogon.dev\nfor this repository.\n\nTest Plan: Refactor, CI only.\n\nX-Origin-Diff: phab/D686\nGitOrigin-RevId: c5e2309089948ffc3a98e68e2e0e1cbb157d3a36\n" }, { "commit": "0be9be88224dd87eedb10436b11615fa59862271", "tree": "2cffcd0ca273ada48c0b42a36bd25bb1cc2da35c", "parents": [ "549b72b2d65051403301f53111509f77e88b379b" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Jan 07 15:23:44 2021 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Jan 07 15:23:44 2021 +0100" }, "message": "metropolis: Lock down visibility rules\n\nThis formalizes the package structure introduced by D683.\n\nTest Plan: Pure refactor, CI only.\n\nX-Origin-Diff: phab/D684\nGitOrigin-RevId: 574aa14c71faf94f4a5c02a2110e2e3fef7d36ac\n" }, { "commit": "6df7c4f6b2c9a896357cb6c4e236d588f4e23277", "tree": "1f6690534fa123509708fe197ef3f35e6edf6903", "parents": [ "df952416e693f5b3180f1e69b6021a589cdc80d9" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Mon Dec 21 15:02:00 2020 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Mon Dec 21 15:02:00 2020 +0100" }, "message": "Properly exit CTS on signals\n\nThis kills the loops when the global context is cancelled ensuring reliable termination\nof the CTS with Ctrl+C or a signal.\n\nTest Plan: Manually tested by aborting the CTS with Ctrl+C\n\nX-Origin-Diff: phab/D673\nGitOrigin-RevId: a2f367cd4a7a57bb573bd57656148681add048a2\n" }, { "commit": "662b5b3119b0798980b887d1ef9fa1b5632aa7fb", "tree": "3e1fc4ab033530e6d579112ba500d2c6edb43368", "parents": [ "39f2f691726dc6e0a291aa8609085b835a313dad" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Dec 21 13:49:00 2020 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Dec 21 13:49:00 2020 +0100" }, "message": "smalltown -\u003e metropolis\n\nThis pass removes all mentions of Smalltown, both from code and comments,\nand replaces them with appropriate new terminology.\n\nTest Plan: Refactor, covered by CI.\n\nX-Origin-Diff: phab/D674\nGitOrigin-RevId: 04a94d44ef07d46f7821530da5614daefe16d7ea\n" }, { "commit": "77cb6c5ec3acadf02ad5005dd751cfbf0ec1602f", "tree": "7ddfcdf78c489a5d6fad7a20bd3580d803407450", "parents": [ "26d41999e0c71813648c16ad84bba810c3b9d593" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Sat Dec 19 00:09:22 2020 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Sat Dec 19 00:09:22 2020 +0100" }, "message": "core -\u003e metropolis\n\nSmalltown is now called Metropolis!\n\nThis is the first commit in a series of cleanup commits that prepare us\nfor an open source release. This one just some Bazel packages around to\nfollow a stricter directory layout.\n\nAll of Metropolis now lives in `//metropolis`.\n\nAll of Metropolis Node code now lives in `//metropolis/node`.\n\nAll of the main /init now lives in `//m/n/core`.\n\nAll of the Kubernetes functionality/glue now lives in `//m/n/kubernetes`.\n\nNext steps:\n - hunt down all references to Smalltown and replace them appropriately\n - narrow down visibility rules\n - document new code organization\n - move `//build/toolchain` to `//monogon/build/toolchain`\n - do another cleanup pass between `//golibs` and\n `//monogon/node/{core,common}`.\n - remove `//delta` and `//anubis`\n\nFixes T799.\n\nTest Plan: Just a very large refactor. CI should help us out here.\n\nBug: T799\n\nX-Origin-Diff: phab/D667\nGitOrigin-RevId: 6029b8d4edc42325d50042596b639e8b122d0ded\n" } ] }