)]}' { "log": [ { "commit": "096654adb312a1bc858a0f886b8fba755eab52b4", "tree": "bb753ba3a24eab6a63b7f7c1757f35f0540b880a", "parents": [ "a355821fa06a7f68ff8ddca6050f71e92e4939a5" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Apr 18 23:10:19 2024 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Wed Apr 24 22:29:11 2024 +0000" }, "message": "treewide: add missing error handling\n\nChange-Id: I55ccf3ff490b58f6af93e665c668428acddc8d65\nReviewed-on: https://review.monogon.dev/c/monogon/+/3019\nVouch-Run-CI: Tim Windelschmidt \u003ctim@monogon.tech\u003e\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "3810567012959d2871400ce2ecd39f53b9072bc3", "tree": "d1821ba3db669deec3a240dceb9bbf544b68c611", "parents": [ "2a74e58ac02d0bf6ae25ae1ec4d8f187dd7db5ba" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Apr 11 01:37:29 2024 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Mon Apr 15 21:31:42 2024 +0000" }, "message": "treewide: remove shadowing of stdlib functions\n\nChange-Id: Iaccb22769d53568f6a4004924c218b9929090d89\nReviewed-on: https://review.monogon.dev/c/monogon/+/2957\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "2f7e0a281e72ae45fff6c4d79934442367475b81", "tree": "4dcd2233a274bef4645c4bfbbbd62f072d11481a", "parents": [ "c49b207a66a994ccda382d685022d08cbd9ee582" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Jun 22 16:56:13 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Jun 22 16:36:33 2023 +0000" }, "message": "m/node: enlarge K8s networks\n\nFor bigger clusters, the current 10.0.0.0/16 subnet is far too small.\nSwitch to 10.192.0.0/11 which should be out of the way of most of our\ntest infra and is large enough for 8192 nodes with 253 pods which is\nbig enough for the time being. Also migrate the service network\nto 10.224.0.0/16 and make it much bigger. It does not need to be in the\npod CIDR, so move it out of there.\nBut for large clusters this will continue to be a problem until we have\na better allocation algorithm or switch to IPv6 with 464xlat (which\nis not supported on Linux currently however).\n\nChange-Id: Ib3a019fffacec2172721f04c01133b44bffba73b\nReviewed-on: https://review.monogon.dev/c/monogon/+/1848\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "2cfafc9a4c34152dd93b58aa82df1720fb4dd6d6", "tree": "7a944999ab576f4b421651c2c4d513b0b572a1be", "parents": [ "d0be371ea905c3729f98d91d255d775b7c5193d3" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Mar 21 16:42:47 2023 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Apr 13 14:03:02 2023 +0000" }, "message": "metropolis/node/kubernetes: move worker services to KubernetesWorker nodes\n\nThis finalizes the Big Split. After this change, nodes will only run a\nkubelet (and related services) if they have a KubernetesWorker role\nattached.\n\nThe first node in a new cluster now starts out with KubernetesController\nand ConsensusMember. All joined nodes start with no roles attached.\n\nChange-Id: I25a059318450b7d2dd3c19f3653fc15367867693\nReviewed-on: https://review.monogon.dev/c/monogon/+/1380\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "fe39cc21b69bb9fd9f641dfc6b3514386cbb0d4c", "tree": "2c4ff1bc567bb6b5e276bef2028fc196cbc37f2b", "parents": [ "e88ffe9af09b2740bfe0c47ec1efae0380d4f706" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Mar 21 14:21:54 2023 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Mar 23 12:21:21 2023 +0000" }, "message": "m/n/c/curator: implement IssueCertificate for Kubernetes Workers\n\nThis is not yet used in this change, but will be very soon.\n\nChange-Id: I0283941f15211515537d2b23e0c8cd72dc2d77c5\nReviewed-on: https://review.monogon.dev/c/monogon/+/1378\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "e88ffe9af09b2740bfe0c47ec1efae0380d4f706", "tree": "da2fac1e9bd4343250bc01c1bff81062d7ee60a7", "parents": [ "e6719b379b19ad4439b5fd38da035a3043008d97" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Mar 21 13:38:46 2023 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Mar 23 12:04:17 2023 +0000" }, "message": "m/n/kubernetes: factor out generating KPKI, support multiple endpoints in Kubeconfig\n\nChange-Id: I0e648c24ffa134314a03715575d1af1b925fd450\nReviewed-on: https://review.monogon.dev/c/monogon/+/1377\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "6fdca3f2e8b60f53f69c8cd39a02109cc47059ac", "tree": "f875b3e103037078ece4842fcdd77cbb87d7a6cf", "parents": [ "f71fe9278055d5a892448554aa7c59862256db7d" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Mar 20 17:47:07 2023 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Mar 22 11:33:51 2023 +0000" }, "message": "m/n/kubernetes: start splitting, run apiproxy\n\nThis begins the process to split the Kubernetes service into a\ncontroller and a worker service.\n\nFirst, we rename the existing service to a Controller, create a Worker\nservice, and make the Worker service run our new tinylb-based apiserver\nloadbalancer.\n\nWe also make the roleserver aware of this change by making it spawn both\nthe controller and worker services according to roles.\n\nWe will move services to the Worker in follow up change requests.\n\nChange-Id: I76e98baa0603ad5df30b5892dd69154b895b35fa\nReviewed-on: https://review.monogon.dev/c/monogon/+/1374\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "78cefcafa315af20d9f603fefd1423fe7bab7483", "tree": "b5d8ab0ce4652e30ace81c0cedf64b847260612d", "parents": [ "4025c9bf83aa038c8858c82bc80bd65acecd7210" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Jun 20 12:59:55 2022 +0000" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Jun 21 11:44:25 2022 +0000" }, "message": "m/n/kubernetes: factor out cluster domain\n\nThis removes the hardcoded Kubernetes cluster domain and pushes it out\nto a single place at the root of the Kubernetes supervisor tree.\nThis will later be aligned with the cluster domain specified in the\nidentity design document, currently this does not change any behavior.\n\nIt also removes a bogous SAN from the Kubernetes API server certificate\n(kubernetes.default.svc.cluster) for which there is no corresponding\nsearch path.\n\nChange-Id: I30b8907a7b846415f5002c09a24d2d37930a9cd1\nReviewed-on: https://review.monogon.dev/c/monogon/+/773\nTested-by: Jenkins CI\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "d13c1c64387ca9a83bb832a3faa5c4b07268d265", "tree": "0c0f534db4726e4400486aad25235e8c573d455e", "parents": [ "79a1a8f9dd49afe8e0a2364c4586b8f39525b204" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Mar 30 19:58:58 2022 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Apr 05 10:35:29 2022 +0000" }, "message": "treewide: switch to gomod and bump everything\n\nThis switches version resolution from fietsje to gomod and updates\nall Go dependencies. It also bumps rules_go (required by gVisor) and\nswitches the Gazelle naming convention from go_default_xxx to the\nstandard Bazel convention of the default target having the package\nname.\n\nSince Kubernetes dropped upstream Bazel support and doesn\u0027t check in\nall generated files I manually pregenerated the OpenAPI spec. This\nshould be fixed, but because of the already-huge scope of this CL\nand the rebase complexity this is not in here.\n\nChange-Id: Iec8ea613d06946882426c2f9fad5bda7e8aaf833\nReviewed-on: https://review.monogon.dev/c/monogon/+/639\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\nReviewed-by: Leopold Schabel \u003cleo@nexantic.com\u003e\n" }, { "commit": "cc078df2124306799c66786833746999259ea792", "tree": "43807fcfec2196430b4bd4def124dad2231451db", "parents": [ "8c2c771a750f30b3edf240fc8352e777795e989b" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Dec 23 11:51:55 2021 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Feb 02 14:07:37 2022 +0000" }, "message": "m/n/kubernetes: implement Metropolis authenticating proxy\n\nThis implements an authenticating proxy for K8s which can authenticate\nMetropolis credentials and passes the extracted identity information\nback to the Kubernetes API server. It currently only handles user\nauthentication, machine-to-machine authentication is still done by the\nAPI server itself. It also adds a role binding to allow full access\nto the owner as we do not have an identity system yet.\n\nChange-Id: I02043924bb7ce7a1acdb826dad2d27a4c2008136\nReviewed-on: https://review.monogon.dev/c/monogon/+/509\nReviewed-by: Sergiusz Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "52304a8aa84604846e316e28c955b67e68c52f34", "tree": "df8518bb50b9665af7f4897665d8aa16f4a43e7f", "parents": [ "ba7bf7dc83c15cbd94a1f71b7992df7d7fc7d752" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Fri Oct 29 16:56:18 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Wed Nov 03 11:36:20 2021 +0000" }, "message": "m/node: implement Port type for node ports\n\nThis allows us to use %v/%s to get a pretty port name where needed.\n\nWe also drive-by remove MasterServicePort which is a leftover from\na pre-curator cluster service implementation.\n\nChange-Id: Id8feddf87269b13dd1dad2460a015c1a7ecbc6d7\nReviewed-on: https://review.monogon.dev/c/monogon/+/418\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "5253884d51cb64c1d1afcb2d7b969f7c2b50b302", "tree": "10a6bf03472e9c14da2515ea7755d74bb3f660e6", "parents": [ "99f477412a2e701f89f7698be1dd432adcfff17c" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Aug 11 16:22:41 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Thu Aug 19 10:20:55 2021 +0000" }, "message": "m/pkg/pki: refactor, allow for external certificates\n\nThe pki library supported managing certificates in two modes:\n\n - default, when name !\u003d \"\"\n - volatile/ephemeral, when name \u003d\u003d \"\"\n\nThe difference between the two being that default certificates were\nfully stored in etcd (key and x509 certificate), while volatile\ncertificates weren\u0027t stored at all. However, both kinds needed private\nkeys passed to the pki library.\n\nWe want to be able to emit certificates without having private keys for\nthat certificate, so we end up a third mode of operation: \u0027external\ncertificates\u0027. These are still stored in etcd, but without any\ncorresponding private key.\n\nIn the future we might actually get rid of ephemeral certificates by\nexpanding the logic of external certificates to provide a full audit log\nand revocation system, instead of matching by Certificate Name. But this\nwill do for now.\n\nWe also use this opportunity to write some simple tests for this\npackage.\n\nChange-Id: I193f4b147273b0a3981c38d749b43362d3c1b69a\nReviewed-on: https://review.monogon.dev/c/monogon/+/263\nReviewed-by: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\n" }, { "commit": "d98ad45e64b542f9945939d35cba9ebd352ff913", "tree": "cd8fa82c4ccd2bf0616986615f3eb2d7c4798f30", "parents": [ "7f17d9b41f248f4b009f5d702622616f62d0a2fa" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Jun 17 15:55:17 2021 +0200" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@nexantic.com", "time": "Tue Jun 22 12:05:20 2021 +0000" }, "message": "metropolis/n/kubernetes/pki: remove verbose \u0027ensure\u0027 cert logging\n\nChange-Id: Ie12f12a2966282d364730a1c7a148fae78ab236d\nReviewed-on: https://review.monogon.dev/c/monogon/+/190\nReviewed-by: Lorenz Brun \u003clorenz@nexantic.com\u003e\n" }, { "commit": "216fe7b3ae949376467f626f339423a31ea7da97", "tree": "b0fe587b671a76bf6229339825d2a61df7fc847b", "parents": [ "6ebdc418f3c4799c12368e34ea78dc9c9757fb54" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Fri May 21 18:36:16 2021 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Fri May 28 17:54:03 2021 +0200" }, "message": "*: reflow comments to 80 characters\n\nThis reformats the entire Metropolis codebase to have comments no longer\nthan 80 characters, implementing CR/66.\n\nThis has been done half manually, as we don\u0027t have a good integration\nbetween commentwrap/Bazel, but that can be implemented if we decide to\ngo for this tool/limit.\n\nChange-Id: If1fff0b093ef806f5dc00551c11506e8290379d0\n" }, { "commit": "9411f7c2ed0afbbf617075ab37901addc76fadfb", "tree": "f1f62aa538ba3c2265815d2dbe942377264850a5", "parents": [ "0de189355c6afad6f677029d90fa40dee824141b" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Wed Mar 10 13:12:53 2021 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Wed Mar 10 13:12:53 2021 +0100" }, "message": "m/node/kubernetes/pki: refactor out CA functionality\n\nThis factors out all non-k8s-specific CA functionality from\nmetropolis/node/kubernetes/pki into metropolis/pkg/pki.\n\nThis will allow us to re-use the same PKI-in-CA system to issue\ncertificates for the Metropolis cluster and nodes.\n\nWe also drive-by change some Kubernetes/PKI interactions to make things\ncleaner. Notably, this implements Certificate.Mount to return a\nfileargs.FileArgs containing all the files neede to use this\nCertificate.\n\nTest Plan: covered by current e2e tests. An etcd harness to test this independently would be nice, though.\n\nX-Origin-Diff: phab/D709\nGitOrigin-RevId: bdc9ff215b94c9192f65c6da8935fe2818fd14ad\n" }, { "commit": "31370b07f0df2dc2765d812d4ce00a6b35185b16", "tree": "15563902eee9591083284441c8505b084b275d0a", "parents": [ "313816f41244d7520eb2b6f8c231328ee5b7a4ef" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Jan 07 16:31:14 2021 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Jan 07 16:31:14 2021 +0100" }, "message": "*: git.monogon.dev -\u003e source.monogon.dev\n\nThis implements T882, setting our (virtual) GOPATH to source.monogon.dev\nfor this repository.\n\nTest Plan: Refactor, CI only.\n\nX-Origin-Diff: phab/D686\nGitOrigin-RevId: c5e2309089948ffc3a98e68e2e0e1cbb157d3a36\n" }, { "commit": "549b72b2d65051403301f53111509f77e88b379b", "tree": "b4e523d5d17e8130545e58b58870b4a18118a780", "parents": [ "696f39abb19ffcca03e9fc5a98681338216b1e7f" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Jan 07 14:54:19 2021 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Jan 07 14:54:19 2021 +0100" }, "message": "metropolis: unify utility packages\n\nOne last sweeping rename / reshuffle.\n\nWe get rid of //metropolis/node/common and //golibs, unifying them into\na single //metropolis/pkg meta-package.\n\nThis is to be documented somwhere properly, but here\u0027s the new logic\nbehind selecting where to place a new library package:\n\n - if it\u0027s specific to k8s-on-metropolis, put it in\n //metropolis/node/kubernetes/*. This is a self-contained tree that\n other paths cannot import from.\n - if it\u0027s a big new subsystem of the metropolis core, put it in\n //metropolis/node/core. This can be imported by anything in\n //m/n (eg the Kubernetes code at //m/n/kubernetes\n - otherwise, treat it as generic library that\u0027s part of the metropolis\n project, and put it in //metropolis/pkg. This can be imported by\n anything within //metropolis.\n\nThis will be followed up by a diff that updates visibility rules.\n\nTest Plan: Pure refactor, CI only.\n\nX-Origin-Diff: phab/D683\nGitOrigin-RevId: 883e7f09a7d22d64e966d07bbe839454ed081c79\n" }, { "commit": "662b5b3119b0798980b887d1ef9fa1b5632aa7fb", "tree": "3e1fc4ab033530e6d579112ba500d2c6edb43368", "parents": [ "39f2f691726dc6e0a291aa8609085b835a313dad" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Dec 21 13:49:00 2020 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Dec 21 13:49:00 2020 +0100" }, "message": "smalltown -\u003e metropolis\n\nThis pass removes all mentions of Smalltown, both from code and comments,\nand replaces them with appropriate new terminology.\n\nTest Plan: Refactor, covered by CI.\n\nX-Origin-Diff: phab/D674\nGitOrigin-RevId: 04a94d44ef07d46f7821530da5614daefe16d7ea\n" }, { "commit": "77cb6c5ec3acadf02ad5005dd751cfbf0ec1602f", "tree": "7ddfcdf78c489a5d6fad7a20bd3580d803407450", "parents": [ "26d41999e0c71813648c16ad84bba810c3b9d593" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Sat Dec 19 00:09:22 2020 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Sat Dec 19 00:09:22 2020 +0100" }, "message": "core -\u003e metropolis\n\nSmalltown is now called Metropolis!\n\nThis is the first commit in a series of cleanup commits that prepare us\nfor an open source release. This one just some Bazel packages around to\nfollow a stricter directory layout.\n\nAll of Metropolis now lives in `//metropolis`.\n\nAll of Metropolis Node code now lives in `//metropolis/node`.\n\nAll of the main /init now lives in `//m/n/core`.\n\nAll of the Kubernetes functionality/glue now lives in `//m/n/kubernetes`.\n\nNext steps:\n - hunt down all references to Smalltown and replace them appropriately\n - narrow down visibility rules\n - document new code organization\n - move `//build/toolchain` to `//monogon/build/toolchain`\n - do another cleanup pass between `//golibs` and\n `//monogon/node/{core,common}`.\n - remove `//delta` and `//anubis`\n\nFixes T799.\n\nTest Plan: Just a very large refactor. CI should help us out here.\n\nBug: T799\n\nX-Origin-Diff: phab/D667\nGitOrigin-RevId: 6029b8d4edc42325d50042596b639e8b122d0ded\n" } ] }