)]}' { "log": [ { "commit": "b682ba55d4a51babad2beebb470b0fef0e6067ca", "tree": "d94c2bb98f3a47896558d9cd4d2cc0271a4558c7", "parents": [ "f85748717f32f0a74816de01b1e5f2e0104342c5" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Jul 08 14:51:36 2020 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Jul 08 14:51:36 2020 +0200" }, "message": "Add service proxy\n\nThis adds a service proxy based on nfproxy and changes to the service IP allocation to make it work.\nAlso adds support for masquerading outbound traffic for outbound network connectivity.\n\nTest Plan:\nCurrently manually tested by creating an alpine pod and running \u0027apk add curl \u0026\u0026 curl -k https://192.168.188.1:443/\u0027.\nWill be covered later by CTS.\n\nBug: T810\n\nX-Origin-Diff: phab/D580\nGitOrigin-RevId: cace863fd8c2f045560f8abf84c40cc77bc275d4\n" }, { "commit": "1ebd1e133bac1a7fe0d667ec2ac95f87f63c3701", "tree": "c84bca5f68d4bbe959006215bf4711050af04288", "parents": [ "c2c7ad97b50194a550e77b875570ece90259f4ea" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Jul 13 19:17:16 2020 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Jul 13 19:17:16 2020 +0200" }, "message": "core/internal/cluster: add new single-node cluster code\n\nThis adds a cluster library, that consists of:\n - a Node object that can be loaded from and saved into etcd,\n representing a node of the cluster that can have different \u0027role\n tags\u0027 assigned to it\n - a cluster Manager, that is responsible for bringing up the local node\n into a cluster (by creaating a new cluster, enrolling into or joining a\n cluster)\n\nThis also gets wired into core/cmd/init, and as such completes a chunk\nof The Refactor. This code should pass tests.\n\nTest Plan: this should work! should be covered by existing e2e tests.\n\nX-Origin-Diff: phab/D590\nGitOrigin-RevId: e88022164e4353249b29fc16849a02805f15dd49\n" }, { "commit": "c2c7ad97b50194a550e77b875570ece90259f4ea", "tree": "cc0d43c49c5d1cb787adf5c548c589fa50e9e72e", "parents": [ "efdb6e9da9ed4d575afe72fde02a27817eca37c4" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Jul 13 17:20:09 2020 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Jul 13 17:20:09 2020 +0200" }, "message": "core/internal: move containerd and kubernetes to localstorage\n\nThis moves the last users of the old \u0027storage\u0027 library onto \u0027localstorage\u0027. We move a lot of \u0027runtime\u0027 directories to a single `/ephemeral` root. This could be called `/run`, but that might imply FHS compliance - which we don\u0027t have, nor want to have.\n\nWe also slightly refactor Kubernetes services to be a bit nicer to spawn. But generally, this is a pure refactor, with no functional changes.\n\nTest Plan: this should fail. part of a larger stack. D590 is the first tip of the stack that should work.\n\nX-Origin-Diff: phab/D589\nGitOrigin-RevId: d2a7c0bb52c2a7c753199221c609e03474936c22\n" }, { "commit": "f042e6f95bb7dc771bf79f309dbdf0b34da933da", "tree": "f18c60fb92202ce2d5ec7041c85579865a81509d", "parents": [ "b876fc31f12628562a51c70668b318b9fc50478b" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Jun 24 16:46:09 2020 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Wed Jun 24 16:46:09 2020 +0200" }, "message": "Add Wireguard-based K8s pod networking\n\nThis adds a pod networking runnable based on Wireguard which watches all nodes\nand adds their K8s IPAM allocations as routes into the kernel \u0026 WireGuard. It only depends\non K8s and only performs direct routing.\n\nTest Plan: Manually tested by spinning up a two-node cluster and running two Alpine pods pinging eachother. Can be covered by E2E tests once we can do image preseeding for the test infra (T793).\n\nBug: T487\n\nX-Origin-Diff: phab/D573\nGitOrigin-RevId: ba3fc36f421fd75002f6cf8bea25ed6f1eb457b0\n" }, { "commit": "dbfc638fa03704d274f78b31f508dde1e37502ee", "tree": "607f2fbd8683bfd5fc855cd03bce700a107f68fd", "parents": [ "71f7a567f372b41b3ea5cf72dfebd0546e3ff7df" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Fri Jun 19 20:35:43 2020 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Fri Jun 19 20:35:43 2020 +0200" }, "message": "core/internal/kubernetes: refactor PKI fully\n\nWe move ad-hoc certificate/key creation to a little declarative,\nfuture-inspired API.\n\nThe API is split into two distinct layers:\n - an etcd-backed managed certificate storage that understands server\n certificates, client certificates and CAs\n - a Kubernetes PKI object, that understands what certificates are\n needed to bring up a cluster\n\nThis allows for deduplicated path names in etcd, some semantic\ninformation about available certificates, and is in general groundwork\nfor some future improvements, like:\n - a slightly higher level etcd \u0027data store\u0027 api, with\n less-stringly-typed paths\n - simplification of service startup code (there\u0027s a bunch of cleanups\n that can be still done in core/internal/kubernetes wrt. to\n certificate marshaling to the filesystem, etc)\n\nTest Plan: covered by existing tests - but this should also now be nicely testable in isolation!\n\nX-Origin-Diff: phab/D564\nGitOrigin-RevId: a58620c37ac064a15b7db106b7a5cbe9bd0b7cd0\n" }, { "commit": "71f7a567f372b41b3ea5cf72dfebd0546e3ff7df", "tree": "ef5ea6804ca0419e8851d1a21f956508764ba446", "parents": [ "5a09142af47b710bb76df16eca94edefcd3052d7" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Jun 22 16:37:28 2020 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Jun 22 16:37:28 2020 +0200" }, "message": "Revert \"scripts/create_container: fix cockroachdb startup\"\n\nThis reverts commit 25aee769a555d34ae3c9f12560a8a29986601034.\n\nThis was uh messed up in phabricator and contains changes that shouldn\u0027t\nhave landed.\n\nTest Plan: it\u0027s a revert.\n\nX-Origin-Diff: phab/D567\nGitOrigin-RevId: 0dee3a91f708a9c2aba6cc7dbc929c3c887647c3\n" }, { "commit": "5a09142af47b710bb76df16eca94edefcd3052d7", "tree": "6be9238cf37c51dfc8f99aded4ef06c4ac81bb12", "parents": [ "385c12f84a0f1b6b5d70f228a0fb629f6f8f316c" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Jun 22 14:01:45 2020 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Jun 22 14:01:45 2020 +0200" }, "message": "scripts/create_container: fix cockroachdb startup\n\nAfter moving the build container to --net\u003dhost this broke building //...\n(as sqlboiler touches a local crdb in order to generate SQL\nboilerplate...). This moves cockroachdb to also run with --net\u003dhost, and\nfixes the advertisement address in the same way as it\u0027s fixed in\nrun_ci.sh.\n\nTest Plan: tested this locally :/\n\nX-Origin-Diff: phab/D562\nGitOrigin-RevId: 25aee769a555d34ae3c9f12560a8a29986601034\n" }, { "commit": "fc5dbc6646c6e332f5cbb88f6a68b6fbcffebe77", "tree": "4ea7cb93b2f0abfca9f547ee1401d39b73a79f5d", "parents": [ "140bddcbe1aac46b168f6fc2178eb9c3870a434c" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Thu May 28 12:18:07 2020 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Thu May 28 12:18:07 2020 +0200" }, "message": "Add E2E tests for basic functionality and port launching to Go\n\nThis adds a new E2E test suite replacing the old log-parsing\nbased one. It also moves launching and controlling Smalltown VMs into\na Go package and command and exposes the \u0027//:launch\u0027 alias.\nThe new E2E test suite covers basic conditions (IP assigned, Data\navailable) and Kubernetes Node, Deployment and StatefulSet tests.\n\nTest Plan: This consists of E2E tests\n\nX-Origin-Diff: phab/D544\nGitOrigin-RevId: 7c624c667c849068bafa544a3a6c635d6d406e1c\n" }, { "commit": "e6030f696613983ea00fc93b9e8b826cea7a1e9a", "tree": "89a0459f2d021a77701faaa73742c21a24f07843", "parents": [ "4cc664da40ef91422fb90039b2a1e90a3f997078" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Wed Jun 03 17:52:59 2020 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Wed Jun 03 17:52:59 2020 +0200" }, "message": "core/internal/kubernetes: refactor reconciler, move to subpackage\n\nThis makes the reconciler a bit more generic, and thus allows for\nwriting some basic tests (of the reconciler logic and of the declared\nresources).\n\nWe also start the cleanup of //core/internal/kubernetes by moving the\nreconciler into a separate subpackage. This creates two sketchy\ncross-package references that we\u0027ll need to fix in the future once we\ncontinue the cleanup and modularization of the Kubernetes package.\n\nTest Plan: the reconciler is now tested with unit tests!\n\nX-Origin-Diff: phab/D552\nGitOrigin-RevId: b43643065c8174402922c62e80cd9c87fdce2f13\n" }, { "commit": "4cc664da40ef91422fb90039b2a1e90a3f997078", "tree": "9742180802c0f4364641bbc9607dea521d7a9a86", "parents": [ "980d003d69087eb3ef8976a2a7c2df6c7d3c54e7" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue Jun 02 16:08:24 2020 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue Jun 02 16:08:24 2020 +0200" }, "message": "Reconciler fixup\n\nI made some changes further down the revision stack which weren\u0027t properly propagated.\nThis makes sure the code from subsequent revisions also has the necessary changes.\n\nTest Plan: `bazel run //:launch` no longer shows the reconciler looping\n\nX-Origin-Diff: phab/D547\nGitOrigin-RevId: 2d8c6121b071504048f10cd8a34cbfba2a0f94b7\n" }, { "commit": "b15abadcd33cc25c220a2e8987f11bd967af5765", "tree": "e9744eb8694a12238f345fa409ba1553f813d18d", "parents": [ "0db90ba4fde0be782f2dc43f4e6d269d7c1c5f0b" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Thu Apr 16 11:17:12 2020 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Thu Apr 16 11:17:12 2020 +0200" }, "message": "Add PV provisioner\n\nThis adds a new PV provisioner which works together with the\nCSI Node driver to provide storage to workloads on Smalltown.\nIt talks to Kubernetes and listens for PVCs which need to be provisioned\nand PVs which have been released and need to be deleted.\n\nIs is implemented as a per-node agent where every node provisions the\nvolumes scheduled onto it by kube-scheduler.\n\nTest Plan: Manually tested by running `bazel run //core/cmd/dbg -- kubectl create -f $PWD/pv-test.yml` and observing a provisioned PV that\u0027s attached to the pod. An example `test-pv.yml` is in P137.\n\nX-Origin-Diff: phab/D482\nGitOrigin-RevId: 75a871b039e71dd248f937719c471e0277887964\n" }, { "commit": "0db90ba4fde0be782f2dc43f4e6d269d7c1c5f0b", "tree": "49237accda7efdae1c8398aa10da4aaa3ee9a4c8", "parents": [ "8e3b8fc9c4ccf5f92179c249de692e38a92d6ee0" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Mon Apr 06 14:04:52 2020 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Mon Apr 06 14:04:52 2020 +0200" }, "message": "Implement CSI node plugin\n\nThis implements a CSI node plugin with registration support\nbacked by bind mounts from our XFS data partition.\nIt supports online volume expansion (and technically shrinking,\nbut K8s does not support shrinking) and CSI statistics backed by fsquota\n\nTest Plan: TBD\n\nX-Origin-Diff: phab/D471\nGitOrigin-RevId: 6bc37dac3726b39bd5d71cfddb2d53aeee0c8b4d\n" }, { "commit": "8e3b8fc9c4ccf5f92179c249de692e38a92d6ee0", "tree": "0cb705a7be0e42ac642cef771edab856f6676098", "parents": [ "8da5377d65930ff0a4085449c61f09fcfe64ec02" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue May 19 14:29:40 2020 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue May 19 14:29:40 2020 +0200" }, "message": "Port kubernetes package to supervisor\n\nThis replaces the ad-hoc goroutine and process management\npreviously in the kubernetes package with a nice supervisor-based\nimplementation which should make it easier to understand and more\nreliable. It also prevents creation of more ad-hoc launching code\nfor future features (like CSI \u0026 Provisioning).\n\nSince porting SmalltownNode is rather involved I just instantiated a\nnew supervision tree in the Kubernetes main service and wired it\nup to the old interface. Once we port SmalltownNode we can just\nremove the legacy Start() method and directly call Run().\n\nTest Plan:\nPasses Bazel tests, Kubernetes functionality was manually\ntested by running `bazel run //core/cmd/dbg -- kubectl run -i --image alpine:edge sh`\nto verify that Kubernetes still works properly. Automated tests for this\nare being worked on.\n\nX-Origin-Diff: phab/D534\nGitOrigin-RevId: 001de38eaa5c7ee661bf5db9a7c3d0125c1b6af2\n" }, { "commit": "878f5f9e5f9de93b09d354db7d116fd3d558dbfa", "tree": "994b67ea5264f7e38bb67e9043a369454eaab75d", "parents": [ "9a741a861a4cb5c52b0251a4abf3a2c606b06198" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue May 12 16:15:39 2020 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Tue May 12 16:15:39 2020 +0200" }, "message": "Add Kubernetes Worker and infrastructure\n\nAdds Kubernetes Kubelet with patches for syscall-based mounting and\nsyscall-based (and much faster) metrics. fsquota patches have been\ndeferred to a further revision (for robust emptyDir capacity isolation).\n\nChanges encoding of the node ID to hex since Base64-URL is not supported\nas a character set for K8s names. Also adds `/etc/machine-id` and\n`/etc/os-release` since Kubernetes wants them. `os-release` is generated\nby stamping, `machine-id` is the hex-encoded node ID derived from the\npublic key.\n\nAlso includes a primitive reconciler which automatically ensures a set of\nbuilt-in Kubernetes objects are always present. Currently this includes\na PSP and some basic RBAC policies that are elementary to proper cluster\noperations.\n\nAdds an additional gRPC service (NodeDebugService) to cleanly\ncommunicate with external debug and test tooling. It supports reading\nfrom logbuffers for all externally-run components, checking conditions\n(for replacing log matching in testing and debugging) and getting\ndebug credentials for the Kubernetes cluster.\n\nA small utility (dbg) is provided that interfaces with NodeDebugService\nand provides access to its functions from the CLI. It also incorporates\na kubectl wrapper which directly grabs credentials from the Debug API\nand passes them to kubectl\n(e.g. `bazel run //core/cmd/dbg -- kubectl describe node`).\n\nTest Plan:\nManually tested.\nKubernetes:\n`bazel run //core/cmd/dbg -- kubectl create -f test.yml`\n\nChecked that pods run, logs are accessible and exec works.\n\nReading buffers:\n`bazel run //core/cmd/dbg -- logs containerd`\n\nOutputs containerd logs in the right order.\n\nAutomated testing is in the works, but has been deferred to a future\nrevision because this one is already too big again.\n\nX-Origin-Diff: phab/D525\nGitOrigin-RevId: 0fbfa0c433de405526c7f09ef10c466896331328\n" }, { "commit": "d3c59d22955d01ff4afcada9d4845cd935d820b7", "tree": "faa355d618630f556b053707cbe5ee60f84a534e", "parents": [ "c88c82db8b1a7f8a07782c970e1d0dfb453f9f66" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Mon May 11 16:00:22 2020 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Mon May 11 16:00:22 2020 +0200" }, "message": "Update to Go 1.14\n\nUpdates the Go toolchain to 1.14 and gets rid of all upstreamed\npatches. Also shrinks binary sizes.\n\nTest Plan: Should be covered by CI.\n\nX-Origin-Diff: phab/D515\nGitOrigin-RevId: 1c400a6ba6a8d78a02aba925d95486b807eda0e9\n" }, { "commit": "bb7db92ee6e788b576e22ece70914e0321a785f7", "tree": "1f4fee21a390625bd9766d0394e3076cf7e34d48", "parents": [ "547b33f2b38dba41f2c171f8730ff5093b267eaf" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Apr 30 12:43:10 2020 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Apr 30 12:43:10 2020 +0200" }, "message": "Add all dependencies for Kubernetes worker\n\nAdds Kubelet, CNI plugins, containerd, runc and gVisor using a\npre-baked list of dependencies generated using scripts/gazelle-deps/sh.\n\nThis moves all dependencies of gVisor, Kubernetes, runc, etc into the\nsame \u0027namespace\u0027 of Bazel external repositories, giving us ease of\naccessing code as libraries, and benefits when it comes to version\nauditing.\n\nThe gazelle-deps.sh script is a temporary solution that will be replaced\nASAP, see T725.\n\nThis unblocks T486.\n\nThis is an alternative to D389.\n\nTest Plan: `bazel build //core:image` runs and picks up the new binaries\n\nX-Origin-Diff: phab/D487\nGitOrigin-RevId: a28a25071fa2ae76b272d237ce9af777485065ff\n" }, { "commit": "8efe51e0fd63e9df72cd61ab610ffe0a6dd27834", "tree": "250202ef0188f8018193626c43f03b2cb3165de0", "parents": [ "30b00d6d9f0bc6928ea81a6780883d252def5a3c" ], "author": { "name": "Hendrik Hofstadt", "email": "hendrik@nexantic.com", "time": "Fri Feb 28 12:53:41 2020 +0100" }, "committer": { "name": "Hendrik Hofstadt", "email": "hendrik@nexantic.com", "time": "Fri Feb 28 12:53:41 2020 +0100" }, "message": "ide: use goimports instead of gofmt\n\nTest Plan: changed import sorting and saved file. Imports were resorted.\n\nX-Origin-Diff: phab/D413\nGitOrigin-RevId: 72ce771a9724f62f839e44211ee5cd64c89c56d7\n" }, { "commit": "a4516f9887e43b774e49c22db93cdf289dc9cfb1", "tree": "8a0761a3480074b01d5584a1cd5c111a69f76594", "parents": [ "6e8f69c53a2c82f5a760ab2e8152218cc86f3430" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Dec 04 20:27:05 2019 +0000" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Dec 04 20:27:05 2019 +0000" }, "message": "Add minimal functionality test for k8s control plane\n\nBasic functionality test that sends the bootstrap RPC call,\nwaits for the k8s control plane to come up and runs a simple\nkubectl command (that is expected to fail).\n\nAdds reflection to the server to make grpc_cli easier to use.\n\nTest Plan:\nRan `:launch` (because we modified its config) and `:test_boot`,\nsaw a nicely booted k8s cluster:\n\n{P90}\n\nX-Origin-Diff: phab/D275\nGitOrigin-RevId: fe01e3f3ed09877aa76c15946664c9d9bdc4751b\n" }, { "commit": "6e8f69c53a2c82f5a760ab2e8152218cc86f3430", "tree": "1556b56e0a0cdb5108c301dc88710b5b2d74ba1b", "parents": [ "b7a18fd9be7732e9ed9b29f33b7f545916da207b" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Mon Nov 18 10:44:24 2019 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Mon Nov 18 10:44:24 2019 +0100" }, "message": "Initial Kubernetes Control Plane\n\nThis adds a minimum viable Kubernetes Control Plane consisting of a\nkube-apiserver, kube-controller-manager and kube-scheduler. It contains\ntwo small CAs for Kubernetes Identity management based on shared\ncertificates and contains changes for exposing etcd via UNIX socket\nso that the apiserver can talk to it.\n\nTest Plan:\nTested by manually calling Setup() and observing subsequent logs and\nconnecting to the API server.\n\nBug: T485\n\nX-Origin-Diff: phab/D271\nGitOrigin-RevId: e56f3e50eb9d33ea291289faa1aac3bebdeb3346\n" } ] }