)]}' { "log": [ { "commit": "b00f7f9a97eae55ae6df80bbdea46815498898fa", "tree": "46517933cf9c0d9fc18ccf085dcf335d664e2b94", "parents": [ "1947e9b1480d9a3e90fe8b12bc897fd5cd2abce7" ], "author": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Thu Mar 06 17:27:22 2025 +0100" }, "committer": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Tue Mar 18 14:02:05 2025 +0000" }, "message": "m/node/kubernetes: implement storage resizing\n\nThis implements persistent volume resizing in the storage provisioner.\nThe logic is based on https://github.com/kubernetes-csi/external-resizer\n\nThe mutation caches are an optimization to prevent unnecessary repeated\nprocessing, because they make the controller remember changes that it\nhas made itself, when the watch events for those changes have not\narrived yet.\n\nThe controller supports the RecoverVolumeExpansionFailure feature, which\nallows reducing the requested size when the previous resize fails due to\ninsufficient space. When resize fails, it is retried with backoff.\n\nChange-Id: I0f3d40c1a592b30d25739f5d20b529dfe25dfbe1\nReviewed-on: https://review.monogon.dev/c/monogon/+/4008\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "1947e9b1480d9a3e90fe8b12bc897fd5cd2abce7", "tree": "9c3586cc1e87b87b48d489ac77082b91199c699e", "parents": [ "551a7373e295b30eb7453d51d71b21a5f8bac108" ], "author": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Thu Jan 16 16:45:03 2025 +0100" }, "committer": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Tue Mar 18 14:02:05 2025 +0000" }, "message": "m/n/kubernetes: fix storage provisioner rate limiting\n\nForget() resets the rate limiter, so it should only be called when\nprocessing has suceeded.\n\nFor example, provisioning can fail for a block volume if there is not\nenough disk space for the requested size. Previously, this caused the\nlog to be quickly spammed with \"Failed processing item\" messages, all\nwith \"numrequeues: 0\". With the fix, the retries are properly backed\noff, with the requeue counter incrementing.\n\nChange-Id: I8a31fa03fadb202205967e045d4e30f04567d9d1\nReviewed-on: https://review.monogon.dev/c/monogon/+/4007\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "17ad63fa0b09d3dfe461ac237cd5db5eaeefc2ed", "tree": "aa133f4b89c91044047c902dad5b752696098b14", "parents": [ "12e4b549f88c91e5eccb2abe1631793c879a66c6" ], "author": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Thu Feb 27 14:43:56 2025 +0100" }, "committer": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Thu Feb 27 17:33:51 2025 +0000" }, "message": "m/n/kubernetes/networkpolicy: add Cyclonus test suite\n\nThis adds a test for the network policy controller, based on the\nCyclonus test suite. Running Cyclonus on a real cluster takes multiple\nhours, as there are over 200 test cases, each of which takes around 1\nminute. The test implemented here uses a fake Kubernetes API and pods,\nwhich allows running all tests in around 15 seconds.\n\nIPv6 is partially implemented but disabled. The tests pass, but each\ntest takes around 2 seconds, because some ICMPv6 replies for blocked TCP\nconnections seem to get lost somewhere and are only processed when the\nTCP SYN is resent one second later.\n\nChange-Id: Id77f2dd4d884b6d156e238e07e88c222e3bbe9a2\nReviewed-on: https://review.monogon.dev/c/monogon/+/3905\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "12e4b549f88c91e5eccb2abe1631793c879a66c6", "tree": "9bf724f8068149af2711a1132d569c006d507ecd", "parents": [ "ec03df42d643603d0a8d92b0db1cc4a4a865651e" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Feb 19 16:29:30 2025 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Feb 27 17:23:16 2025 +0000" }, "message": "gomod: update k8s-nft-npc\n\nThis includes all of Jan\u0027s fixes to get the test suite to pass.\n\nChange-Id: Ie172325b87e7e4f4859c3576ce8577d48497027f\nReviewed-on: https://review.monogon.dev/c/monogon/+/3924\nReviewed-by: Jan Schär \u003cjan@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "9bd9bd45d58fd615c0c240226e6fb74e406b0d17", "tree": "18961f688d41f4098e34231c201f2e96ac35d864", "parents": [ "ffd8c7bb37da9b72eb66a0555e319ca2290ea761" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Fri Feb 14 17:08:52 2025 +0100" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Feb 27 07:43:17 2025 +0000" }, "message": "treewide: replace deprecated grpc.Dial with grpc.NewClient\n\nChange-Id: I925912ca1ee01d547fd9c1813eb083a2cd9a590a\nReviewed-on: https://review.monogon.dev/c/monogon/+/3858\nReviewed-by: Jan Schär \u003cjan@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "12cab56e96b6591f4756bdca96e26260431fbcda", "tree": "bdba0d9a4bc52abe4fb2dd8bf287055f844725a1", "parents": [ "e294916b24bb6d0035484d215421ceb03c6598b7" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Feb 25 17:01:02 2025 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Feb 26 14:11:21 2025 +0000" }, "message": "m/n/c/l/crypt: open blockdevs read-only for discovery\n\nUse the new blockdev capabilities to only open the block devices in\nread-only mode for partition discovery. This allows us to disable writes\nto mounted partitions in Linux 6.12 and not get a spurious warning for\nevery boot. It\u0027s also generally good practice as we don\u0027t want to write\nat that stage anyways.\n\nChange-Id: If8dd9b49ae593aac6f0a25d439baa0b7d60d7ffe\nReviewed-on: https://review.monogon.dev/c/monogon/+/3986\nReviewed-by: Jan Schär \u003cjan@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "bed76d97e58becd2aa314a6132c9968efabc16b5", "tree": "d9e862bcddf77a913e8bdd3bb361f2fbcd949be5", "parents": [ "8eb0244ed3653b6bcb80a29acb4f9e6b66a272f4" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Feb 18 03:04:14 2025 +0100" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Feb 25 21:36:11 2025 +0000" }, "message": "osbase/build: move efi.bzl, split and move def.bzl to their corresponding action\n\nThis is a small reorganization to make the osbase/build less dependent on each other.\n\nChange-Id: I8c12f04f3bdc98128c5424f142f452c2e094f2e8\nReviewed-on: https://review.monogon.dev/c/monogon/+/3903\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "2c3956750bb75b0d18ddd52565f998492b0f83f4", "tree": "e74900cf54d9476463bde2bac7a8c3e040ff18a6", "parents": [ "d842aaf9b5b45c6a0851542e8c9d21032f99a249" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Feb 18 12:26:41 2025 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Feb 25 16:04:13 2025 +0000" }, "message": "m/n/c/network: drop random snat mapping workaround\n\nLinux has since fixed the issue that if two connections get assigned the\nsame mapped port/address combo one of them drops the packet. Instead\nthey just \"requeue\" it so it gets a new non-conflicting mapping.\n\nThis allows us the drop the workaround that mappings need to be\ngenerated on a per-connection basis instead of just a per-port basis,\nthis makes Linux behave more like an endpoint-independent NAT which is\nbetter for anything trying to establish P2P connections and also a bit\neasier to debug as source ports get preserved if possible.\n\nChange-Id: Ibfaf63746a269ec6bf0444e8c7dddb3a51b07900\nReviewed-on: https://review.monogon.dev/c/monogon/+/3907\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "16cb15ab5aa2fc0193a1534e65ba2e527e3e8f56", "tree": "0d04d148f5127884b12f73b9bc6f83804c65d4cd", "parents": [ "7b1e4c1e89ba5507dd029984a29739b3d43f6846" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Mon Feb 24 18:47:48 2025 +0100" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Feb 25 14:23:22 2025 +0000" }, "message": "treewide: explicity load built-in rules\n\nIn Bazel 9 all autoloaded rules will be disabled. This prepares us for\nthat.\n\nChange-Id: Ibaa4fa2e6b7095922a5699d2d5f3ae6c2cba3552\nReviewed-on: https://review.monogon.dev/c/monogon/+/3939\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "24bf6fdd43f3abb5a96d3081753fbdcc6bd3c1de", "tree": "f1d31a396adfe2489659ac0743a3e173d44c2a4c", "parents": [ "632049b3e6ffda1039ef569ec2c234a7eadceae4" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Wed Feb 12 04:48:24 2025 +0100" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Mon Feb 17 13:53:17 2025 +0000" }, "message": "osbase/build: replace label_keyed_string_dict with string_keyed_label_dict\n\nBefore bazel 7.4 the string_keyed_label_dict attribute type wasn\u0027t available. fsspec_core_impl was using a label_keyed_string_dict which is structurally wrong but there was no alternative for it. This replaces that usage.\n\nChange-Id: I36c02c84e6aa2557cd2beb09c07d3ceca501553d\nReviewed-on: https://review.monogon.dev/c/monogon/+/3853\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "52700ae56c5d541e711fbd5f27373b3dc200f8dc", "tree": "ed5e75883fc44d14f7824b0a5ed40a6ab650923e", "parents": [ "e8beaed8dcde2c198e91addb0baa884079363581" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Jan 28 15:07:08 2025 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Feb 11 15:05:46 2025 +0000" }, "message": "m/n/k8s: add nftables network policy controller\n\nThis integrates my K8s network policy controller. In its current form it\ndoes not have many guarantees as the custom CNI plugin is not yet in\nthere but it mostly works. Also there is still a DNS hole as host-local\nservices are not properly policed yet.\n\nIt has a basic smoke test using the connectivity testing helper as well\nas some metrics to make sure it is integrated properly and to be able to\nmonitor its performance.\n\nChange-Id: Ia2f54b9975361270678ce742ae5e32df25e515c5\nReviewed-on: https://review.monogon.dev/c/monogon/+/3740\nTested-by: Jenkins CI\nReviewed-by: Jan Schär \u003cjan@monogon.tech\u003e\n" }, { "commit": "e8beaed8dcde2c198e91addb0baa884079363581", "tree": "8470b2dfe6a8017729083a4bb119c1d8f0b514d9", "parents": [ "08fd1cb799ef2629a2da846584cd42fe2d6ecb35" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Feb 05 22:03:50 2025 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Feb 11 13:39:37 2025 +0000" }, "message": "m/n/kubernetes: add metricsprovider\n\nKubernetes has a metrics provider interface, add an adapter to be able\nto get these into our Prometheus registry. This code exists in a similar\nform inside K8s but against their custom metrics architecture, not plain\nPrometheus.\n\nAs these metrics are shared across all workqueues we follow K8s in\nimplementing this with a singleton/global. It\u0027s not the prettiest, but\notherwise we may get issues with Prometheus and duplicate metrics.\n\nChange-Id: I0b6d608d14793e44859166a5a59d446c8f662a25\nReviewed-on: https://review.monogon.dev/c/monogon/+/3829\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "5ffa636e48f42aef08bd8d186db2213fc8d0d665", "tree": "6c40f21e3e1c52567734de5aa574b92c5ba10e20", "parents": [ "de57e6f273b05ebf9f58bf4a4ca9734038bcad9f" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Jan 28 19:20:06 2025 +0100" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Mon Feb 10 16:11:22 2025 +0000" }, "message": "treewide: Fix RPC_REQUEST_STANDARD_NAME and RPC_RESPONSE_STANDARD_NAME\n\nChange-Id: I190ade92c04313961edd4787196568216d028ba8\nReviewed-on: https://review.monogon.dev/c/monogon/+/3818\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "6d33a4342a16200d628f30ff91b169927fc2867a", "tree": "e65ad23cb6d0b795420b5ec625a757784d4c3e3b", "parents": [ "7887f758de8f9106a484ca59d9734304aa919e36" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Feb 04 14:34:25 2025 +0100" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Feb 06 17:03:43 2025 +0000" }, "message": "treewide: add license header and enable haslicense linter\n\nChange-Id: I873a8d4082d75e8f813d8a726a41187eea7a065e\nReviewed-on: https://review.monogon.dev/c/monogon/+/3825\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "7887f758de8f9106a484ca59d9734304aa919e36", "tree": "f3e85143bc4b4a064e44534327a1f656c83b6340", "parents": [ "e6cc22700801d284386fdf7345dd85f7e522a6cb" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Feb 04 03:06:56 2025 +0100" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Feb 06 16:46:49 2025 +0000" }, "message": "third_party: move go patches into their own folder\n\nChange-Id: I7e2f2790e233aaf13cfd6ed2ffcf5544461a4f39\nReviewed-on: https://review.monogon.dev/c/monogon/+/3822\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "99e15117227f5663d390536118c02fbcc0e71834", "tree": "00f534ca904605a66e6ccfa988bfa6a4744db367", "parents": [ "7c0bd0b18e0c857a8af930607b61bde0b68fb55f" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Wed Feb 05 17:38:16 2025 +0100" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Feb 06 14:04:05 2025 +0000" }, "message": "treewide: run gofmt -s and enable linter\n\nChange-Id: I90b8ef48c955dccfddc5bbc0a57205b7da844b60\nReviewed-on: https://review.monogon.dev/c/monogon/+/3828\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "f525fa74802d2ea61577b188476bea2d54f816d7", "tree": "9603a1111df362b72286e12dc6a0f8f685a349bf", "parents": [ "b51ecdff88528652297cdaeefa9fd94e7d63f093" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Jan 28 15:31:42 2025 +0100" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Wed Feb 05 15:45:47 2025 +0000" }, "message": "treewide: Unmark SERVICE_SUFFIX rule exception as todo\n\nWe can\u0027t rename the services as it would be a breaking change.\n\nChange-Id: Ib6db1692e80ddff74819df62824b0d1311f11d7d\nReviewed-on: https://review.monogon.dev/c/monogon/+/3817\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "b51ecdff88528652297cdaeefa9fd94e7d63f093", "tree": "14948d20ad9c3057fcc3cf58aaefca8e794bc186", "parents": [ "0dca6c91ea9b8a14278aeb3a1a8ba6b512479862" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Wed Jan 22 21:59:59 2025 +0100" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Wed Feb 05 15:45:47 2025 +0000" }, "message": "treewide: Unmark missed ENUM_ZERO_VALUE_SUFFIX rule exception as todo\n\nChange-Id: If621eaedf1a1d816a528494efb3e46668c5608e1\nReviewed-on: https://review.monogon.dev/c/monogon/+/3816\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "0dca6c91ea9b8a14278aeb3a1a8ba6b512479862", "tree": "d3a4605fa9cefa9dccc79fe3df71d1e4335381a8", "parents": [ "b6ed72eabf092066a837fea4b68846376bd70e8a" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Jan 28 15:04:13 2025 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Feb 05 14:55:23 2025 +0000" }, "message": "metropolis: use interface groups\n\nThis adds interface groups to all K8s pod interfaces via a CNI plugin\npatch and corresponding configuration. It also adds an interface group\nto the clusternet interface. Using these new interface groups the\nnftables rules for NAT can be simplified.\n\nThese will also be used by the network policy plugin later.\n\nChange-Id: I4638a4349ccb12b8724ad28ae34bb61cac4b4ece\nReviewed-on: https://review.monogon.dev/c/monogon/+/3814\nTested-by: Jenkins CI\nReviewed-by: Jan Schär \u003cjan@monogon.tech\u003e\n" }, { "commit": "3c19522f224526e8418bd606f63a037a4bdc9466", "tree": "cd958c30e93628ef7f77d32437f385c97c494417", "parents": [ "b69a71ca61b99fc68e83d5735eb449f638ef8b1e" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Jan 30 15:12:12 2025 +0100" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Mon Feb 03 14:11:04 2025 +0000" }, "message": "n/c/update/e2e/testos: ignore unnamed-macro lint\n\nThis also removes the global exclude for the unnamed-macro linter rule\n\nChange-Id: I416a73013abc38c5390348ffdf95984f769fd9c0\nReviewed-on: https://review.monogon.dev/c/monogon/+/3819\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "b69a71ca61b99fc68e83d5735eb449f638ef8b1e", "tree": "69aa2c20e8002355ca7657523b617923b2243e39", "parents": [ "8f1254d1919c7cda42c611c9e1d83cf9a2ef8034" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Dec 23 14:12:46 2024 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Feb 03 14:05:23 2025 +0000" }, "message": "o/t/ktest: switch to proper rule\n\nThis was previously implemented as a macro, lacking proper transitions.\nReimplement it as a proper test rule.\n\nChange-Id: I237a2fcc29ea6dfbb294ce6313c9ff457def12b8\nReviewed-on: https://review.monogon.dev/c/monogon/+/3722\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "f4d38759600c2f308c4d4c79cfd9b4215d56b34a", "tree": "ea31800f2baa3bd6a6db28ca6d106abdf103058c", "parents": [ "3eb7d033642ebaaddccde287d5ad3c8c59f7a576" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Wed Jan 22 21:59:59 2025 +0100" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Jan 28 15:44:58 2025 +0000" }, "message": "treewide: Unmark ENUM_ZERO_VALUE_SUFFIX rule exception as todo\n\nWe don\u0027t really have a policy for these, they are chosen arbitrarily.\n\nChange-Id: I705ad309c2a36d794665de2482441858850a1893\nReviewed-on: https://review.monogon.dev/c/monogon/+/3805\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "d634975c7d113b8ec093dae261288b10080283e0", "tree": "a71b12031fb83ca71af32de568135b2e39746bfa", "parents": [ "7dac92b4445e15f0467a0a6e330c40faabae23fe" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Jan 09 06:43:26 2025 +0100" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Jan 28 12:30:59 2025 +0000" }, "message": "treewide: bump rules_rust to 0.56.0\n\nChange-Id: I7e1ee6f6d10d1ffe0b8e94f81b4a901f49bf818d\nReviewed-on: https://review.monogon.dev/c/monogon/+/3765\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "7dac92b4445e15f0467a0a6e330c40faabae23fe", "tree": "7b1e9290437ae2c023cd0c1aa5015e4c69a75f4d", "parents": [ "83da4226001e9ce1cc71e687418ab61fdff6cfc9" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Mon Dec 16 02:51:04 2024 +0100" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Mon Jan 27 17:17:28 2025 +0000" }, "message": "metropolis/node/core: migrate main to osbase/bringup\n\nThis migrates our existing startup code to use our bringup library\n\nChange-Id: Ic78c80bc4631fa2a67cd6a3db1ea19642b20aea9\nReviewed-on: https://review.monogon.dev/c/monogon/+/3706\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nReviewed-by: Jan Schär \u003cjan@monogon.tech\u003e\n" }, { "commit": "1cd14f55663e33a6b6c42864395a8543fb325581", "tree": "194853ce3e2efcfd991c7f6f6b6c54a93d6b5a46", "parents": [ "a857936232478afe0329b2d66ea8a794ca6f3667" ], "author": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Mon Jan 27 11:43:13 2025 +0100" }, "committer": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Mon Jan 27 16:44:11 2025 +0000" }, "message": "m/n/core/network: add netlink error callback\n\nAdd a callback which logs netlink subscription errors. This may be\nuseful for debugging.\n\nChange-Id: I35c64ef68bfd098139f94e7d952174ff81acaac3\nReviewed-on: https://review.monogon.dev/c/monogon/+/3810\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "a857936232478afe0329b2d66ea8a794ca6f3667", "tree": "7f9308b1be0eef9de07c25ae85deb6aeb55b1576", "parents": [ "d1683d27351bb06f1e896ce29512531b8e67e57c" ], "author": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Mon Jan 27 11:34:26 2025 +0100" }, "committer": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Mon Jan 27 16:44:11 2025 +0000" }, "message": "m/n/core/network: fix panic\n\nIf the channel is closed, then u.Link is nil, and calling .Attrs() on it\ncauses a nil pointer dereference panic.\n\nChange-Id: I2d1b7b4e38957e6a55ef663876ac571e2dd6d3c1\nReviewed-on: https://review.monogon.dev/c/monogon/+/3809\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "a10d0cb2c85c0ede60be6cc6d2dc7a66750ddecb", "tree": "540bc92832ea12cc8427c0bcd785498dfcc30119", "parents": [ "f408e8123a3919a27d51983973a1bd41eaac1162" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Mon Jan 13 14:44:15 2025 +0100" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Jan 23 20:14:58 2025 +0000" }, "message": "treewide: Fix ENUM_VALUE_PREFIX rule exception\n\nChange-Id: Ibc2fd66711f6aa347e88e2379c12db1898373700\nReviewed-on: https://review.monogon.dev/c/monogon/+/3804\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "20c2ff08e3ec38d2388c80b580a129fc8a851add", "tree": "894b412c6ed8422b08401a17ab15050863734fdd", "parents": [ "2f9f624dee572823d0ead529c1507bb3605d9ae5" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Sat Jan 11 08:34:38 2025 +0100" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Jan 23 19:05:38 2025 +0000" }, "message": "treewide: Fix FIELD_LOWER_SNAKE_CASE rule exception\n\nChange-Id: If59edf4c5483416c9779c382a5aafa58c7f73385\nReviewed-on: https://review.monogon.dev/c/monogon/+/3802\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "2f9f624dee572823d0ead529c1507bb3605d9ae5", "tree": "29977f8a39336929d45189a119bc7e4bf82c4bf5", "parents": [ "3b62407486d2c1fe7cd24a5f38e86fb19d1e2fa3" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Sat Jan 11 08:25:54 2025 +0100" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Jan 23 19:05:38 2025 +0000" }, "message": "treewide: Fix PACKAGE_DIRECTORY_MATCH rule exception\n\nChange-Id: I8c4061f8d147a4708167b0674abfa23784a7f40d\nReviewed-on: https://review.monogon.dev/c/monogon/+/3801\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "3b62407486d2c1fe7cd24a5f38e86fb19d1e2fa3", "tree": "bfe8bbebd74234a135aa48bb72d071097120c487", "parents": [ "15c46ccb52bc2544d35eee9a80b3c2fb5c0756e2" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Sat Jan 11 07:16:35 2025 +0100" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Jan 23 19:05:38 2025 +0000" }, "message": "treewide: add buf_proto_lint_test to all proto_library targets\n\nChange-Id: Iaf6dc22fdbef6fcfd0bedff755bcdb06b56a6631\nReviewed-on: https://review.monogon.dev/c/monogon/+/3800\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "5b83c5278b9ecd4f04e75ac0ddb7fcb0cfb0f20a", "tree": "364e0339c662ee9fb005d8072d58c8246a30a40b", "parents": [ "4beaf4fac641e77fd08b7b9a3139f7d27fddac72" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Jan 14 16:12:38 2025 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Jan 16 12:38:32 2025 +0000" }, "message": "m/n/c/curator: fix panic caused by race\n\nThe starting/stopping of the respective follower/leader implementations\nis not synchronized with the state event source. Thus it can happen that\nrequests get routed to an improper implementation. The follower\ncorrectly rejected requests when the current state indicated that it was\na leader, but panic\u0027ed if it was neither which is a valid state.\n\nReject requests when it is not a follower, not just if it is a leader.\n\nChange-Id: I5cee85a44cb8a1ce1f4f28c49930abd1d14ac4e1\nReviewed-on: https://review.monogon.dev/c/monogon/+/3782\nReviewed-by: Jan Schär \u003cjan@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "896b1388fb26096ccaf60ff99ac8da2a9b07dab3", "tree": "1f70faa162e8af73f4d08d75dceee15010f849c5", "parents": [ "25e0d8f5bdcae3b03b1bc43cad49b4ed0b4e567e" ], "author": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Wed Jan 15 13:54:26 2025 +0100" }, "committer": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Thu Jan 16 08:56:10 2025 +0000" }, "message": "m/n/kubernetes: switch to typed workqueue\n\nThe functions and types without \"Typed\" are deprecated, and should be\nreplaced by the corresponding ones with \"Typed\".\n\nChange-Id: I41c378df953ae4964d1247e470ccf38f13ea1f47\nReviewed-on: https://review.monogon.dev/c/monogon/+/3784\nTested-by: Jenkins CI\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\n" }, { "commit": "25e0d8f5bdcae3b03b1bc43cad49b4ed0b4e567e", "tree": "d82d60b706433dafabc494619032e35044aa3151", "parents": [ "bdd0d25cda74c662cef174c032057cb2aba29e8a" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Mon Dec 02 23:46:24 2024 +0100" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Jan 14 16:15:53 2025 +0000" }, "message": "treewide: remove usage of global tags between build configs\n\nChange-Id: Ie7c4714d30f8c3342a97451d58e14cfb43087586\nReviewed-on: https://review.monogon.dev/c/monogon/+/3776\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "156248b949f3da7c8d0f4f46cb97ac7606464952", "tree": "ff52faf242a29f1916edad64bca6282f8030ee66", "parents": [ "227c5cbbdd8f682b6e4d4cc661fa0d6e734206f2" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Fri Jan 10 00:27:45 2025 +0100" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Fri Jan 10 20:13:30 2025 +0000" }, "message": "treewide: format repo with buildifier\n\nChange-Id: Ia7aebeb7bba5b119c9157d1ad805cc477bcbb68a\nReviewed-on: https://review.monogon.dev/c/monogon/+/3774\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "3a171d123fff540c8c9d646152a5d5ed9ef873de", "tree": "62fe245a0182c3ba931d8c33278f2dd89c35e77b", "parents": [ "0996ea85ca6200e1729941d316f7891835871938" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Mon Dec 09 23:51:23 2024 +0100" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Jan 09 21:19:31 2025 +0000" }, "message": "treewide: add race-detector config\n\nThis also disables all `pure \u003d \"on\"` attributes as they propagate too\nfar and break the race detector because rules_go contradicts itself by\nforcing pure go even when CGO is required by the race detector. We build\neverything for our node images static and pure via a transition anyway,\nso this is actually fine.\n\nChange-Id: I5cd3879fba4258caa94df4dbea5c6472867b7e34\nReviewed-on: https://review.monogon.dev/c/monogon/+/3725\nTested-by: Jenkins CI\nReviewed-by: Hendrik Hofstadt \u003chendrik@monogon.tech\u003e\n" }, { "commit": "16ebf144db82c8a57869456d159352e5aa2f4392", "tree": "b26ca61256f9773e3680291876032729d81a29d1", "parents": [ "eda1e1228ee6174e266cc0b4a30310b56a292558" ], "author": { "name": "Leopold Schabel", "email": "leo@monogon.tech", "time": "Thu Jan 09 20:54:52 2025 +0100" }, "committer": { "name": "Leopold Schabel", "email": "leo@monogon.tech", "time": "Thu Jan 09 20:53:07 2025 +0000" }, "message": "metropolis/node/core: fix typo\n\nChange-Id: I07b362e411d22ddd99eecbb1b19b5a5e604c6d34\nReviewed-on: https://review.monogon.dev/c/monogon/+/3769\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "deaf0c044579516df1fb510c106e8e7881028701", "tree": "d9207b12566cbb64234994e16a0f4a1923b0e4c7", "parents": [ "681d5157b955f6b942c620837d1a9e90bdefc983" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Wed Jan 08 00:17:15 2025 +0100" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Wed Jan 08 21:08:46 2025 +0000" }, "message": "metropolis/node/core: fix formatting call to Info instead of Infof\n\nChange-Id: I1188104834e3620907b1ae3df2551d5fffcae713\nReviewed-on: https://review.monogon.dev/c/monogon/+/3752\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "681d5157b955f6b942c620837d1a9e90bdefc983", "tree": "254905b461e1545d960fafbdad1ec2c250fc383f", "parents": [ "2edb96aeded0f67904ac9630088454fb12a62317" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Wed Jan 08 00:19:33 2025 +0100" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Wed Jan 08 20:54:21 2025 +0000" }, "message": "treewide: clean up test static binary targets\n\nThis removes some intermediate targets only used for transitions by\nconsolidating them into a single one.\n\nChange-Id: I46dcbcb731038edd2b67259de1811018f5ba43da\nReviewed-on: https://review.monogon.dev/c/monogon/+/3753\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\nTested-by: Jenkins CI\nVouch-Run-CI: Tim Windelschmidt \u003ctim@monogon.tech\u003e\n" }, { "commit": "153c9c1d69e5c37dd96f8d43ff1e628bd548320e", "tree": "dc8b3d767ad46645cf2b0c3425f5a2f1e65cfcb5", "parents": [ "8e19fa4edcb992d8c486b420debb6d63f8777d97" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Jan 07 17:44:45 2025 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Jan 08 00:01:30 2025 +0000" }, "message": "treewide: unfork netlink\n\nWe were using our own fork because of the psample change whose\nupstreaming effort has stalled since Mateusz left the company. That\nnetlink base is now getting too old and we have more patches on top\nwhich all have since become irrelevant or got upstreamed.\n\nThe new version of netlink also no longer has the quirk that default\nroutes do not have a destination set, fix that in the DHCP tests and use\ngo-cmp as the raw binary values are annoying to get right and do not\nmatter. Semantic equivalence is what we\u0027re after.\n\nThus stop using our fork and instead pick up the rebased psample patches\nfrom the new upstreaming effort. This removes one more replace directive\nwhich is nice.\n\nChange-Id: I21a59c2c9a99dd3baf672a8aa2ad9332e573cba1\nReviewed-on: https://review.monogon.dev/c/monogon/+/3750\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "8e19fa4edcb992d8c486b420debb6d63f8777d97", "tree": "ed19daa5f7ddf6376658e6d4e04754aeaca83a00", "parents": [ "5178dd76472906d541fe08c643633499708c67de" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Nov 12 13:39:43 2024 +0000" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Jan 07 17:00:42 2025 +0000" }, "message": "metropolis/node/core/bios_bootcode: Add legacy bootcode\n\nThis change provides a legacy bootcode that shows the user that they\nare using an invalid configuration, e.g. not use UEFI. This can be\ntested with \"qemu-system-i386 -hda bazel-bin/metropolis/node/image.img\".\n\nCloses monogon-dev/monogon#142\n\nChange-Id: I3337a70125010aec110ad75647346310cac76d37\nReviewed-on: https://review.monogon.dev/c/monogon/+/3748\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "837cb8e459b9eefabe89ab17df0b7dafb5e3d631", "tree": "32337d84d4f32b0c2c523e2c5bd177f4acfe4808", "parents": [ "b6afed68fd1d2ee9b32d395b388d2db1338d0fa0" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Dec 23 13:52:56 2024 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Dec 23 21:59:59 2024 +0000" }, "message": "treewide: update Kubernetes to 1.32\n\nRelatively easy change, one cadvisor fix is temporarily needed. The\nlegacy log dir patch needed to be rebased, that\u0027s about it.\n\nI enabled single-process OOM killing again as that was the default for\ncgroupv1 and IMO the more sane behavior.\n\nUpstrem changelog at:\nhttps://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.32.md\n\nChange-Id: I537a6e37137d05efb6eec8635915e36fd8b37cbc\nReviewed-on: https://review.monogon.dev/c/monogon/+/3721\nReviewed-by: Jan Schär \u003cjan@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "3c6183f7f12ded0c563239c7eff1f1dc4a9bebec", "tree": "e3487e97b71fb10a310780a36c7438f4fb9af242", "parents": [ "bc32bcd241a9270786a749266ce4f6a5df6d0a6e" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Mon Dec 16 02:42:21 2024 +0100" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Mon Dec 23 13:10:21 2024 +0000" }, "message": "osbase/supervisor: use MustRegister for metrics registration\n\nChange-Id: I4321c626f210bea025ab27bfecf783425f1482b5\nReviewed-on: https://review.monogon.dev/c/monogon/+/3703\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "bdbb9c2baa94f72bf57ad1c13a2c2a5c3ff01858", "tree": "97fad3e69df9ac10117a71846320dd8748caeecd", "parents": [ "742fde7cd4861bb16b4f0655b84f587510c1e84b" ], "author": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Wed Dec 18 15:14:02 2024 +0100" }, "committer": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Mon Dec 23 10:13:43 2024 +0000" }, "message": "m/node/core/time: use CommandContext\n\nChange-Id: Ie98b949facf3d26c819bdf56329f5837b8e3dac7\nReviewed-on: https://review.monogon.dev/c/monogon/+/3712\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "91bcf46639db7008c7290e6f27136cd122fd1b3c", "tree": "f0edbfddd7a96ce00edb0db0bb1cf294536d9f1a", "parents": [ "007d66e6b32db8080d37738b2986871729a48e03" ], "author": { "name": "Timon Stampfli", "email": "timon@timon.ch", "time": "Sun Dec 15 16:57:05 2024 +0100" }, "committer": { "name": "Timon Stampfli", "email": "timon@timon.ch", "time": "Fri Dec 20 15:53:04 2024 +0000" }, "message": "m/node: remove non-definition dependencies\n\nThis enables usage from arbitrary platforms without including lots of\ndependencies that aren\u0027t related to functionality.\n\nChange-Id: I33e16b5396dc7216b676b294b8c1752caf3551b3\nReviewed-on: https://review.monogon.dev/c/monogon/+/3697\nTested-by: Jenkins CI\nVouch-Run-CI: Lorenz Brun \u003clorenz@monogon.tech\u003e\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "b62b8e04eb6f2f6ebc54ecc397ded788a924f279", "tree": "9934baf66b686eee0609ec2ceb402450de0afee3", "parents": [ "b9701c362d602b9b51961bcff849b2eb28b65883" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Dec 16 20:18:47 2024 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Dec 16 20:24:07 2024 +0000" }, "message": "m/n/kubernetes: fix flake in TestAsFlags\n\nThis test was flaky due to Go\u0027s map iteration not being deterministic.\nSort the output to make sure we do not introduce unnecessary\nnon-determinism.\n\nFixes: #363\nChange-Id: If70486306a809b7d33bc17206600b0f750429b7d\nReviewed-on: https://review.monogon.dev/c/monogon/+/3708\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "d1a8b64d305c57f45416fc40b39211541113a373", "tree": "17fcd0e77576b200e75a940fb26ce2334a7a8553", "parents": [ "d77e26ee216738393a9808c95266bbcb91ca0e68" ], "author": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Tue Dec 03 17:40:41 2024 +0100" }, "committer": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Wed Dec 04 08:28:03 2024 +0000" }, "message": "treewide: add more ptr.To usages\n\nChange-Id: Ibf511bc012a17e39d6b7b4f3a7d9abc1304d755f\nReviewed-on: https://review.monogon.dev/c/monogon/+/3677\nTested-by: Jenkins CI\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\n" }, { "commit": "d77e26ee216738393a9808c95266bbcb91ca0e68", "tree": "8dd5dfa48c9b388684b697687be4198094ac66e3", "parents": [ "affe8fa229e3a701e060cb6bc35b9362814b5daf" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Mon Dec 02 18:23:10 2024 +0100" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Dec 03 14:31:57 2024 +0000" }, "message": "treewide: replace bool-to-boolptr helpers with k8s.io/utils/ptr.To\n\nChange-Id: I90419ddfe087291f41f7f2f3589263e56c15470a\nReviewed-on: https://review.monogon.dev/c/monogon/+/3675\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "2ecccae4ff62b687ec5e218349fcf8a42069dfc9", "tree": "c5a5914c9d3bd8fb37a5650a6b3e4881f9fc2610", "parents": [ "d58edf4e2f745427d69ecc72bfe9a9ead69d697d" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Nov 27 22:03:35 2024 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Dec 02 16:50:54 2024 +0000" }, "message": "m/node: enable user namespaces in K8s\n\nThis enables the two feature gates for user namespace support in K8s.\nWe did not previously have a passwd file which caused Go\u0027s UserLookup\nto fail with an unexpected error. Add an mostly-empty placeholder file\nto placate it.\n\nChange-Id: I71a7a6dc889a289512075a25b7e551f2cd65ffb6\nReviewed-on: https://review.monogon.dev/c/monogon/+/3665\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "d58edf4e2f745427d69ecc72bfe9a9ead69d697d", "tree": "bd9424fdb0a58cb7c78ab99d8a3b1d4ebc07c5db", "parents": [ "ff7452b586134e18af9f1362d7b96dcb64aa8d71" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Nov 27 20:38:14 2024 +0000" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Dec 02 16:50:54 2024 +0000" }, "message": "m/n/kubernetes: introduce feature gate infra\n\nThis introduces centralized infrastructure to control feature gates in K8s.\n\nIt includes a test to make sure that we do not keep outdated flags in there.\n\nChange-Id: Ife251cbd5210bc8b3757bb3829e91bcdb2e6fdfb\nReviewed-on: https://review.monogon.dev/c/monogon/+/3664\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "ff7452b586134e18af9f1362d7b96dcb64aa8d71", "tree": "7e3b9fe5c161cedf1073a086d0b6e5511b20bd98", "parents": [ "231ee041b652ab2aea6a64e0c4929fa4beb5851b" ], "author": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Thu Nov 28 13:08:55 2024 +0100" }, "committer": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Thu Nov 28 14:45:57 2024 +0000" }, "message": "m/node/kubernetes: mount PVs with noexec on the host\n\nNow that runc always replaces per-mount-point flags when bind-mounting\nvolumes inside the container, we can mount them with noexec on the host\nwithout affecting workloads. This has some security advantages, as any\nexecutables in volumes are no longer executable from the host.\n\nChange-Id: Id5a8ea8caf702fca58d300fc9e17c21e94ebaf13\nReviewed-on: https://review.monogon.dev/c/monogon/+/3660\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "690c42d8e98c4b9ad5caec1f8dc0da91f9347f12", "tree": "58a3e2cbd510aaa5286a82f983e26ba2d83c8553", "parents": [ "7873f46b185f846260d0119fad34e8882a48bf8d" ], "author": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Thu Nov 21 12:10:53 2024 +0100" }, "committer": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Thu Nov 28 09:58:03 2024 +0000" }, "message": "metropolis/node: validate label prefixes with our own function\n\nI think it makes sense to use our own domain validation function here\ninstead of using the function from Kubernetes. The Kubernetes one is\nless strict than ours, and actually allows names which are not valid\nDNS names, because it does not limit the length of labels to 63.\n\nAll labels which are valid according to ValidateLabelKey should also be\nvalid according to Kubernetes IsQualifiedName, and I added a test for\nthis. We need this property for synchronizing labels to Kubernetes.\n\nChange-Id: I0f96551b7d41f38b28174b7349cd8f37e6fd8f81\nReviewed-on: https://review.monogon.dev/c/monogon/+/3624\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "73beb693ce8aed1c1caffaec2f01b2b9c65516b3", "tree": "378d3b779febf33b1666438b1dd003053d9fd21c", "parents": [ "be70c9247b7c8f7ab0eef4b0c7b1faaf934b8f97" ], "author": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Wed Nov 27 17:47:09 2024 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Nov 27 19:34:17 2024 +0000" }, "message": "m/node/kubernetes: remove local-strict storage class\n\nIt turns out that the local-strict storage class did not have an effect\non readonly volumes, or on gVisor. And after updating runc to 1.2.0, it\nno longer has an effect anywhere. It appears that setting noexec and\nsimilar flags in the CSI server, using a storage class, is the wrong\napproach and just happened to work by accident. Instead, this should\nprobably be implemented as a Kubernetes feature to set per-mount-point\nflags on the VolumeMount.\n\nThis commit thus removes the local-strict storage class and the mount\noptions processing in the provisioner and CSI server. This will allow\nupdating runc.\n\nAdditionally, the StatefulSet end-to-end test is extended to also run\ntests with gVisor. gVisor apparently does not support block volumes.\n\nSee: https://github.com/monogon-dev/monogon/issues/361\nChange-Id: Ic2f50aa3bc9442ca1dbb9e8742d5b8fecbfc3614\nReviewed-on: https://review.monogon.dev/c/monogon/+/3658\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "be70c9247b7c8f7ab0eef4b0c7b1faaf934b8f97", "tree": "b1126b8ddaf845314329bd33249e2ec0db6940dd", "parents": [ "0ec0c53061acd57cf545440a723c1fd9817ed080" ], "author": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Thu Nov 21 11:16:03 2024 +0100" }, "committer": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Thu Nov 21 12:57:42 2024 +0000" }, "message": "m/node/kubernetes: fix attaching block PVs\n\nAttaching a block PV to a container failed with the error:\n\"failed to create device node at target path: file exists\".\nThis happened because there was already a directory at the path.\nThe directory should only be created for mounts, not for block devices.\n\nI also extended the PV end-to-end test to add a block volume, and check\nthat it can be opened as a block device and has the expected size.\n\nChange-Id: I40ca82cfcbfee1cb3196a900423f967b45790a64\nReviewed-on: https://review.monogon.dev/c/monogon/+/3623\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "0ec0c53061acd57cf545440a723c1fd9817ed080", "tree": "ac07fa1b10948234fe1add7300508a427c058325", "parents": [ "652c2ad2e499ca709523978e04b3a3dbb6df642c" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Aug 29 12:39:47 2024 +0000" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Nov 20 18:40:12 2024 +0000" }, "message": "m/n/k/containerd: upgrade to v2\n\nUpgrade containerd to 2.0, migrate config and adjust all paths.\nNo new K8s features are enabled yet, this will come separately.\n\nAlso bumps gVisor to the latest version and essentially reimplements the\nshim as the API has changed a lot.\n\nA drive-by fix in clitable was necessary as the x/tools upgrade\nintroduced a new analysis pass.\n\nChange-Id: I9d25af203b94667aaac69a71eeccad2d42aa5f99\nReviewed-on: https://review.monogon.dev/c/monogon/+/3622\nTested-by: Jenkins CI\nReviewed-by: Jan Schär \u003cjan@monogon.tech\u003e\n" }, { "commit": "652c2ad2e499ca709523978e04b3a3dbb6df642c", "tree": "4a31c1797694ed53331d1a998922c3587d940d5b", "parents": [ "36f0375c9834d82016cb077142d2eaaea981d7a5" ], "author": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Tue Nov 19 17:40:50 2024 +0100" }, "committer": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Wed Nov 20 13:55:19 2024 +0000" }, "message": "m/node/kubernetes: fix PV mount flags and add e2e test\n\nMount flags did not work because of two problems:\n- The provisioner did not copy them from the StorageClass to the\n PersistentVolume.\n- The CSI server used \u003d instead of |\u003d when adding flags, so only one of\n the flags was added or removed.\n\nThere was an existing e2e test for PVs, however this only created the\nPVC/PV without even attaching it to a container. I extended this test to\nattach the PV and check from inside the container that it has the\nexpected mount flags and quota.\n\nThe existing e2e test also created a block PV, however attaching a block\nPV to a container was not tested and is apparently broken, so I removed\nthis test for now.\n\nChange-Id: Ie14adfafd333eab38d2b5f1b4ce8a2aa8795eae0\nReviewed-on: https://review.monogon.dev/c/monogon/+/3613\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "1587a80c5a13a64798b46e32ecad998dd96db906", "tree": "6d685e516c6e125dc5ccfc46dde0f291b7824be1", "parents": [ "795951910e1c6f66efecf40e4dcc909d143999fc" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Sep 30 21:18:03 2024 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Nov 12 19:02:38 2024 +0000" }, "message": "metropolis: add boot IDs to status\n\nThis allows for precisely determining if a kernel restart has occurred.\nUseful for making tests more accurate and relying less on sleeps.\n\nCloses: #357\nChange-Id: Ic215b5db841b29b3a3c622333a05be6c35cc6ded\nReviewed-on: https://review.monogon.dev/c/monogon/+/3477\nTested-by: Jenkins CI\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\n" }, { "commit": "a8938da203b9ecc42a61b4aa9e92b802bf0e4902", "tree": "52c8f2971cc6ce50b9bf17a490a7defbf66e69d2", "parents": [ "9eab31ccbba4a2db416e4c5c387d22ec672ea92f" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Fri Sep 13 22:34:01 2024 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Mon Nov 11 16:03:55 2024 +0000" }, "message": "metropolis/node/kubernetes: add mountOptions support for PVs\n\nWe have very strict defaults on our data mount which prevents exec\u0027s and\nsuid binaries. By adding support for mountOptions on PVs we enable\nthe user to allow specific behaviour e.g. exec\u0027s on the given PV.\n\nChange-Id: I902cf3b9dafb14598cddc18c327ef3f5bcd6450b\nReviewed-on: https://review.monogon.dev/c/monogon/+/3421\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "272c8301e0db375689dbc5bee6134b91cc23188d", "tree": "31c97490efe77ff7b571402f51b776af2d601b97", "parents": [ "b701df98b1706751142f29bee032321447886267" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Nov 05 05:17:44 2024 +0100" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Wed Nov 06 16:47:06 2024 +0000" }, "message": "osbase/build/mkimage: replace embedsrc abloader reference with argument\n\nrules_rust things that our abloader target itself is an exec target\nbecause it is included as embedsrc inside mkimage. To prevent this wrong\ndetection we provide it as runfile like the kernel and rootfs. This is\na preparation for updating rust to the current stable version, as it\nrequires specific overrides to work correctly with our efi toolchain.\n\nChange-Id: I78de6a15570a81d9f673702ec4e50954d604117d\nReviewed-on: https://review.monogon.dev/c/monogon/+/3598\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "78567601398f4db5a8080fd30038ff7ac6affe0f", "tree": "757ee7c8d374317366a2535dbfb48ceaa66700f0", "parents": [ "beec27c6bdc2da730ffa2a2be6a68e1610148913" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Oct 31 13:42:04 2024 +0000" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Nov 05 13:11:03 2024 +0000" }, "message": "metropolis: remove stutter in ClusterConfiguration.KubernetesConfig\n\nWe already know this is a config (it lives in ClusterConfiguration), no\nneed to call that a config again.\n\nThis doesn\u0027t break any compatibility yet as field names are not (yet)\nunder a stability guarantee.\n\nChange-Id: Ib6492d1c8303cbd0620b979b8047ec9757e301c0\nReviewed-on: https://review.monogon.dev/c/monogon/+/3594\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "1f51cf42fcd4d7bb7f4b103c797c438bfa7b0098", "tree": "8baeed7e76e82440e9217ea7055d04af0ba14435", "parents": [ "39f4f5c360e7a286bff4adaeabc52393dc28dc22" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Oct 01 17:04:28 2024 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Oct 31 14:09:31 2024 +0000" }, "message": "treewide: update rules_rust to v0.53.0\n\nThis updated our patches for rules_rust, removes a transition as it can\nbe replaced with the \"platform\" field in the rust_binary rule. This then\nallows us to correctly reference it in all targets that depend on it.\nAdditionally the -target parameter is replaced inside the llvm-efi\ntoolchain with --target\u003d.\n\nChange-Id: Ie98753e505736c9ef28ff92fa1c5aa5b3612aec3\nReviewed-on: https://review.monogon.dev/c/monogon/+/3473\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "39f4f5c360e7a286bff4adaeabc52393dc28dc22", "tree": "c81382f2408a83ab7391414738713633b8fc9608", "parents": [ "1e39914fbcecda7ec236e67f143bbefc31eee9da" ], "author": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Tue Oct 29 09:41:50 2024 +0100" }, "committer": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Wed Oct 30 13:10:29 2024 +0000" }, "message": "metropolis: add cluster domain config and metroctl param\n\nThis adds a --cluster parameter to metroctl and a cluster domain field\nto the bootstrap configuration. It is not yet used anywhere, but later\nthe cluster domain will be used to identify the cluster.\n\nThe length of the cluster domain is limited to 80, to allow for\nconstructing subdomains. This limit could be increased later if needed,\nbut it cannot easily be decreased, so I chose a conservative value that\nshould be enough in most cases.\n\nChange-Id: I627cca8eb1d92c4b06e4dfd6b6926a013e8f33ae\nReviewed-on: https://review.monogon.dev/c/monogon/+/3508\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "1e39914fbcecda7ec236e67f143bbefc31eee9da", "tree": "806a09d23eec324d7ff131f42ddfab13cc0f98e0", "parents": [ "20498ddc40079451c83ba3708afc57d820866cb3" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Oct 22 10:58:15 2024 +0000" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Oct 30 11:42:51 2024 +0000" }, "message": "metropolis: first pass API for reconfiguring cluster\n\nThis implements management.ConfigureCluster. This API is based around\nProtobuf FieldMasks, which is a new thing in the Metropolis codebase\n(node config mutation is performed via optional fields).\n\nWhether this is the right way to do this is to be discussed.\nAlternatives considered are:\n\n1. Always insert a full new config, providing the old one as a base. The\n downside of that is the potential conflicts that will spring up the\n moment we have systems regularly mutate independent parts of the\n config. Additionally, this might lead to some odd behaviour when\n dealing with clients that don\u0027t have support for newer versions of\n the config proto.\n2. Use optional fields, like in Node role code. However, this has the\n downside of duplicating protos (one for the config state, one for the\n mutation request). Plus, protobuf optionals are still somewhat\n unusual.\n3. Provide individual requests for mutating fields (like with Node\n labels). This also results in a lot of boilerplate code.\n4. Something akin to JSON Patch, but for protobufs, which doesn\u0027t seem\n to exist.\n\nChange-Id: I42e5eabd42076e947f4bc8399b843e0e1fd48548\nReviewed-on: https://review.monogon.dev/c/monogon/+/3591\nTested-by: Jenkins CI\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\n" }, { "commit": "e99638e3c7a2f1a604d49c47cc7a2685bfff8c5e", "tree": "636c243a58100c971cc3e224abf2c54324aad00a", "parents": [ "9579be5e09b6293edc78d3142b0c67a24afda93c" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Sep 30 17:06:44 2024 +0000" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Oct 28 14:22:49 2024 +0000" }, "message": "metropolis/node/kubernetes: synchronize metropolis node labels to kubernetes\n\nThis extends the labelmaker to manage Kubernetes node labels mirrored\nfrom Metropolis node labels.\n\nNote that currently there is no way to edit a ClusterConfiguration at\ncluster runtime, but this will come in a future CL.\n\nChange-Id: If7dbc3796085a8b85c1b5b2a181bcb1cee3d1db4\nReviewed-on: https://review.monogon.dev/c/monogon/+/3469\nReviewed-by: Jan Schär \u003cjan@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "9579be5e09b6293edc78d3142b0c67a24afda93c", "tree": "52fd3bd699099ff599eca2d7c52febad6b5b41c4", "parents": [ "dd2b80fa4eb22931702aae5d849c178a4930e101" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Sep 30 17:01:04 2024 +0000" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Oct 28 14:22:49 2024 +0000" }, "message": "metropolis/proto/common: add node label synchronization rules\n\nThis paves the way for a mechanism to synchronize Metropolis node labels\nto Kubernetes node labels. This is just the API/Protobuf part.\n\nChange-Id: Ia6f5dd91190d46495714ea56aa359c48e6a068d7\nReviewed-on: https://review.monogon.dev/c/monogon/+/3468\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "dd2b80fa4eb22931702aae5d849c178a4930e101", "tree": "56d10f07a4dec157756a62caa7e534a270591921", "parents": [ "6d1ff36763f1d48cf8620afd17321a06d2fbe228" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Sep 24 13:06:27 2024 +0000" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Oct 28 14:22:49 2024 +0000" }, "message": "metropolis: support prefixes in node labels\n\nThis brings Metropolis node label semantics to be the same as Kubernetes\nlabels.\n\nChange-Id: I33c321432ec01abf978bb8dfbb3cef90f75a38eb\nReviewed-on: https://review.monogon.dev/c/monogon/+/3467\nTested-by: Jenkins CI\nReviewed-by: Jan Schär \u003cjan@monogon.tech\u003e\n" }, { "commit": "6d1ff36763f1d48cf8620afd17321a06d2fbe228", "tree": "e0f48b5b138f51579de1ce2662e1b3a39acec6d3", "parents": [ "677de978403a58cd219e77b312b647927bd560ac" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Sep 30 15:15:31 2024 +0000" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Oct 28 14:22:49 2024 +0000" }, "message": "metropolis/node/kubernetes: update labels based on node roles\n\nThis implements the labelmaker, a reconciling loop running on Kubernetes\ncontroller nodes which updates Kubernetes node labels based on cluster\ndata.\n\nCurrently it only updates role labels based on cluster roles, but this\ncan be extended in the future to also replicate Metropolis node labels\ninto Kubernetes node labels.\n\nChange-Id: I9c5ba92bb46f064aa03836720d4a80adc6061ab9\nReviewed-on: https://review.monogon.dev/c/monogon/+/3464\nTested-by: Jenkins CI\nReviewed-by: Jan Schär \u003cjan@monogon.tech\u003e\n" }, { "commit": "8eebee7e32f60095137dab785a3cc3f97c85d03d", "tree": "f5bd0bca5b537a56071f54b60dbad6d34b9fb4a7", "parents": [ "0bc92a087ee0eb279ab29c3aba5d127b4202a2ea" ], "author": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Thu Sep 26 10:33:48 2024 +0200" }, "committer": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Tue Oct 15 07:48:46 2024 +0000" }, "message": "m/n/c/curator: add ID field to nodes in etcd\n\nThis makes the ID independent of the public key for nodes stored in\netcd. This is needed to eventually allow node key rotation.\n\nWe could just extract the ID from the key without adding an ID field.\nBut the consistency check between key and value has already caught a bug\nonce, so it seems worth keeping.\n\nChange-Id: I7ba5904d37d54e93ad6dc7d4b6f0cfac19bc730d\nReviewed-on: https://review.monogon.dev/c/monogon/+/3475\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "0bc92a087ee0eb279ab29c3aba5d127b4202a2ea", "tree": "9c481ad86d6324cdd6bdfff4a55af4d4b4689f3c", "parents": [ "61b97a375aee98f58c13c13be672b442aecc8440" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Oct 01 22:53:08 2024 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Oct 10 15:55:35 2024 +0000" }, "message": "treewide: bump rules_oci to v2.0.0\n\nChange-Id: Idbeb3a3b7645c5b6f774eb43d218ca0bc79dccc1\nReviewed-on: https://review.monogon.dev/c/monogon/+/3474\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "61b97a375aee98f58c13c13be672b442aecc8440", "tree": "75e76cee9a7b32a31650f06f8b3c775d598016a4", "parents": [ "0b4fb8c4987b6ce0c8d33d9b643e0bcee5bfabe5" ], "author": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Wed Oct 02 13:30:33 2024 +0200" }, "committer": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Wed Oct 09 12:23:11 2024 +0000" }, "message": "m/node/core/localstorage: fix EFI directory name\n\nThe EFI directory is called EFI, not ESP. The ESPEFIDirectory is not\nused anywhere, so this typo did not have any effect.\n\nChange-Id: I38cd44ee06cb5f210acbd4a608e499b0372c2633\nReviewed-on: https://review.monogon.dev/c/monogon/+/3476\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "5fb8a3fc41a1c59636adaf55c6495c1a671ef7ad", "tree": "102e0e764764bce2ff2e0f375500b2ef0f236ac5", "parents": [ "d5538b52d7a8739f7123458c10973be36b27b9ff" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Sep 30 17:04:20 2024 +0000" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Sep 30 18:18:32 2024 +0000" }, "message": "metropolis/curator: log warning if cluster configuration cannot be loaded\n\nChange-Id: I4ad520d7545fe88d0db85a223f3a2e6d51e05136\nReviewed-on: https://review.monogon.dev/c/monogon/+/3466\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "d5538b52d7a8739f7123458c10973be36b27b9ff", "tree": "fd718931af36798650ddbf1a8978a94220994e82", "parents": [ "1dcede9600e4c1584da4fbe89128970ea9532860" ], "author": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Wed Sep 25 13:16:49 2024 +0200" }, "committer": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Thu Sep 26 11:44:09 2024 +0000" }, "message": "m/n/c/consensus: fix startup after removing a cluster node\n\nThe consensus service was waiting for all initial peers to be DNS\nresolvable before starting etcd. However, the list of initial peers is\nnever updated. If an etcd member is removed from the cluster, it is no\nlonger resolvable, but may still be contained in initial peer lists. The\nconsensus service then fails to start, as it is blocked forever waiting\nfor the removed peer to become resolvable.\n\nThe wait for resolvability was added in c1cb37ce9c43 with this\nexplanation:\n\n\u003e It also makes the consensus service wait for DNS resolvability before\n\u003e attempting to join an existing cluster, which makes etcd startup much\n\u003e cleaner (as etcd will itself crash if it cannot immediately resolve\n\u003e its ExistingPeers in startup).\n\nThis does not appear to be needed anymore. I did not observe etcd\ncrashes after removing the wait for resolvability.\n\nI extended the e2e test to test this scenario. After removing the\nconsensus role, it also deletes the node and reboots the remaining\nnodes. I moved these tests to the ha_cold suite, because with encryption\nenabled, we currently cannot reboot a node in a 2-node cluster.\n\nChange-Id: If811c79ea127550fa9ca750014272fa885767c77\nReviewed-on: https://review.monogon.dev/c/monogon/+/3454\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "39d9c24f7167eb853aed0e1865ef8b187adf5bba", "tree": "dc8229e272c2f78eac56bdf4fde135809444f255", "parents": [ "8d82f8d261b14b73385ba66e44279c53bb9fef13" ], "author": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Tue Sep 24 13:49:55 2024 +0200" }, "committer": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Thu Sep 26 11:44:09 2024 +0000" }, "message": "metropolis: reduce usage of identity.NodeID\n\nEventually, we want to be able to rotate node keypairs. To allow this,\nthe node ID needs to become independent of the public key. This change\nis a refactoring which starts this work by reducing the usage of\nidentity.NodeID, the function which derives a node ID from a public key.\n\nChange-Id: I5231ed0a7be37c23327fec93481b00c74374af07\nReviewed-on: https://review.monogon.dev/c/monogon/+/3445\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "8d82f8d261b14b73385ba66e44279c53bb9fef13", "tree": "f7332695f7546dd34ac043ac4ce4d6dcc6547dce", "parents": [ "ad8982fcd78a3408c024d9031fa611b48dd86304" ], "author": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Wed Sep 18 11:22:46 2024 +0200" }, "committer": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Thu Sep 26 11:44:09 2024 +0000" }, "message": "m/n/c/curator: maintain consistency between roles and etcd members\n\nWhen updating the consensus role, both etcd membership and the role need\nto be updated. It is possible that the etcd membership change is applied\nbut the role update fails, resulting in an inconsistency. This change\nadds a background process which cleans up this inconsistency by updating\nroles to match etcd membership.\n\nThis is partially based on previous work by Serge Bazanski, where this\nbackground sync was performed in the opposite direction: etcd membership\nis removed if the role is missing. Here, I instead update the role based\non etcd membership. This has the benefit that we finish partially\napplied management operations, instead of fighting them.\n\nCo-authored-by: Serge Bazanski \u003cserge@monogon.tech\u003e\nChange-Id: I8871b068d1d20c65bcbea5289eafe54676906819\nReviewed-on: https://review.monogon.dev/c/monogon/+/3438\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "ad8982fcd78a3408c024d9031fa611b48dd86304", "tree": "b6a7f84b0d7d8e1d4531883eac22dab990c6f1c7", "parents": [ "fc6e1cf11d0d96fac1e8d52b5787b207f8b1fd9f" ], "author": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Tue Sep 17 13:56:34 2024 +0200" }, "committer": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Thu Sep 26 11:44:09 2024 +0000" }, "message": "m/node/core: remove etcd membership before removing consensus role\n\nWhen removing the consensus role, we also need to remove etcd\nmembership. It is safer to remove membership first, and then the role,\nbecause otherwise, the etcd cluster is in a degraded state during the\ntime where etcd on the node has been stopped, but the node is still\ncounted as a voting member by etcd.\n\nIf the membership is removed, but then removing the role fails, the\ncluster ends up in an inconsistent state. If the affected node was the\ncurator or etcd leader, that will almost certainly happen. In this case,\nthe request can just be retried until it succeeds, and then the cluster\nstate is consistent again between etcd membership and roles.\n\nChange-Id: I1ab526470a4201e76817e8ca0a597996fb903d1f\nReviewed-on: https://review.monogon.dev/c/monogon/+/3437\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "5f1a7de2dfb5db1884fcb677a0bd38daf6dd3c97", "tree": "fd52bf35b4b2e6b5c51f56d62424c9d0820ef537", "parents": [ "e337e938ae8e08dffa3a01045571188413ce70ff" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Sep 19 02:00:14 2024 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Sep 19 12:06:50 2024 +0000" }, "message": "treewide: fix %v in cases where we should use %w\n\nWe should always use %w when using fmt.Errorf as you can use error.Is to\ncompare the underlying error. When printing an error the use of %w is\nwrong and should be replaced with %v.\n\nChange-Id: I741111bd91dcee4099144d2ecaffa879fdbb34a2\nReviewed-on: https://review.monogon.dev/c/monogon/+/2993\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "e337e938ae8e08dffa3a01045571188413ce70ff", "tree": "f82fa1f5722c3eae99506510056fb6a5ce736309", "parents": [ "7a1b27df41a9729dd9669cdaabd6864afc5e85b7" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Sun Sep 15 20:14:39 2024 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Wed Sep 18 22:27:59 2024 +0000" }, "message": "m/n/k/containerd: set device ownership based on security context\n\nWhen a user deploys a pod with a kvm device it is owned by root. By\nsetting device_ownership_from_security_context to true, containerd\nwill chown these devices to the uid/gid set in the securityContext.\nFor more informations see\nhttps://kubernetes.io/blog/2021/11/09/non-root-containers-and-devices/\n\nChange-Id: I1a0285dfc560c3c662d5e2eb8e37e68d87408b83\nReviewed-on: https://review.monogon.dev/c/monogon/+/3428\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "e4b1d20497b31ce639b6d8d8fb7079ea49686144", "tree": "4f143be7218443701acf6fb1830762a4a749c34d", "parents": [ "c5d28e49c53c7dd0b1f88160514342a1e1b98958" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Sep 17 23:44:46 2024 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Sep 18 18:31:28 2024 +0000" }, "message": "m/node/core: fix nodeparams dependent on network\n\nThe GCP nodeparams gathering strategy depends on network availability.\nWith the introduction of static network configuration that got added to\nNodeParameters which meant that they needed to be there before the\nnetwork could be initialized. This dependency loop stalls bootup on GCP\nforever.\n\nFix it by splitting up NodeParameter gathering into a local and a\nnon-local phase. In setups where metadata is gathered via network\nautomated network configuration is generally always available to break\nthis dependency loop. Thus we can start networking after the local phase\nhas finished and run the non-local (i.e. networked) phase later.\n\nChange-Id: I661b9b474f67f2289f427327efa4c3eaa19393e7\nFixes: https://github.com/monogon-dev/monogon/issues/353\nReviewed-on: https://review.monogon.dev/c/monogon/+/3439\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "ca8d951b683a3f0c64da7f61d4f74567d50623ac", "tree": "8e8f7af5a5902c0807d77d6774dfd8b426510624", "parents": [ "04aa3df595521dab1fe8fb12b716d2826a37105f" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Sep 12 14:20:57 2024 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Sep 16 16:29:59 2024 +0000" }, "message": "metropolis/resolver: use logging.Leveled\n\nThis moves the resover client library to use logging.Leveled instead of\nan ad-hoc logger interface.\n\nBy now having multiple level of logs, and by defaulting metroctl to show\nerrors and warnings, this should fix #302.\n\nChange-Id: I7cae1cf1be377ec824ad46ea1da1b23b46e01903\nReviewed-on: https://review.monogon.dev/c/monogon/+/3432\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "3c5d0635f855f16780792a6be311f71b4d59f20b", "tree": "4a48292bf17a874f2d627901ee4f7e9145c5b040", "parents": [ "a036c4e792e4b497c512991291b0cc18bc12b5e3" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Sep 12 10:49:12 2024 +0000" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Mon Sep 16 14:03:22 2024 +0000" }, "message": "osbase/logtree.LeveledLogger -\u003e go/logging.Leveled\n\nThis factors out the common leveled logger interface out of the logtree.\nWe want to use the same interface outside of logtree/supervisor usage\nwithin the resolver code, which will be exposed to clients.\n\nChange-Id: I299e76d91e8cefddf8f36f1e58432418c4694df2\nReviewed-on: https://review.monogon.dev/c/monogon/+/3411\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "a036c4e792e4b497c512991291b0cc18bc12b5e3", "tree": "d759d4504d042a62577a1b57a9093a4ab97f0f67", "parents": [ "96e014e23888e09c12a8f0dd78ac13a1b319751d" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Sep 10 19:11:57 2024 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Sep 16 12:21:19 2024 +0000" }, "message": "m/n/c/mgmt: move and factor out reboot code\n\nMake sure we do not have two copies of mostly temporary reboot code\nsitting around and put it in a sensible place.\n\nChange-Id: I293a699dbfc3cfe23378485c512d8769b2859ab8\nReviewed-on: https://review.monogon.dev/c/monogon/+/3396\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "154e6d90cd52d48d274e0fe14f070342a6c5b2b8", "tree": "ebbbb10d975d6f84cfa56bd45db904379d2ddb84", "parents": [ "437d62480bbd4e34b443e7380071bc0c41c5a948" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Sep 11 17:26:31 2024 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Sep 12 09:23:42 2024 +0000" }, "message": "metropolis: prevent printk console pollution\n\nThis implements two separate approaches to limit printk pollution of the\nnew tconsole:\n\n 1. Sets the minimum printk level to EMERG. Everything lower than this\n level will not get blasted to tty0.\n 2. Jut in case something does a spurious EMERG printk (or something\n just writes to tty0), we redraw the console. This makes it\n self-healing.\n\nChange-Id: I69370ebf6c3cb3cacc8b6ea1ad3703e758bbf50c\nReviewed-on: https://review.monogon.dev/c/monogon/+/3398\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "437d62480bbd4e34b443e7380071bc0c41c5a948", "tree": "276b2cf12b559106623bde38e11eec3287bebd1a", "parents": [ "c752ec63559ecd9b486cc9df2cdb37366ceda427" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Sep 10 02:26:27 2024 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Wed Sep 11 20:20:14 2024 +0000" }, "message": "m/n/c/u/e2e/testos: migrate to bringup package\n\nChange-Id: I661e4240f5fc3a40acac38250212ab892ac121c1\nReviewed-on: https://review.monogon.dev/c/monogon/+/3394\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "5a5c66bf9f8b7429687705e30b35e5ef2249a068", "tree": "8f0bf5954e9f9083084b132414abdc52ec626df9", "parents": [ "32ccd10f990e435ddd830c86e1ca312b065da0da" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Aug 22 16:11:44 2024 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Sep 11 13:40:22 2024 +0000" }, "message": "metropolis: add Reboot RPC\n\nThis adds a new Reboot RPC to reboot a running node. It also supports\nrebooting into the passive slot and powering off the node.\n\nChange-Id: I329b22ea879adeb65a3e31103d39ad89813d61e8\nReviewed-on: https://review.monogon.dev/c/monogon/+/3354\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "32ccd10f990e435ddd830c86e1ca312b065da0da", "tree": "1a8c4175af9b07031cdefe16ef96685d9ae91555", "parents": [ "509c70950fb77ded605f98f38c99a1dfc1f1aef4" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Sep 09 19:57:03 2024 +0000" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Sep 11 13:40:22 2024 +0000" }, "message": "m/n/c/cluster: ensure A/B state exists\n\nWe always want to make sure that A/B boot state tracking is done, even when registering or bootstrapping. Call MarkBootSuccessful for both remaining paths.\n\nChange-Id: I7ffa5d05e0e038dd816a5e3dc488948bb37501b2\nReviewed-on: https://review.monogon.dev/c/monogon/+/3390\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "1640c289768c3007154b4240e21457778dfcd105", "tree": "c41ae608df011ec6cab878c2efd364c199495338", "parents": [ "73c632ff52f3669a4cf1d72bacb36f4c480c09b0" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Sep 09 17:50:48 2024 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Sep 11 13:40:22 2024 +0000" }, "message": "m/n/c/update: allow kexec\u0027ing the next slot\n\nThis allows asking the update service to stage the next slot into kexec,\nallowing for kexec-assisted reboots.\n\nChange-Id: I8aea80918ecbf714c3ae10462ee26bbc5bad0d2e\nReviewed-on: https://review.monogon.dev/c/monogon/+/3387\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "73c632ff52f3669a4cf1d72bacb36f4c480c09b0", "tree": "dba07e3e0ec98bf3b133d366ecfd68a18d53e6c0", "parents": [ "d735a3c8cc39ba707768137815e1294224efe6bd" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Sep 05 13:51:57 2024 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Sep 11 11:19:39 2024 +0000" }, "message": "tconsole: add logs page\n\nThis is a basic log console. Future work can be performed to make the\ndisplay more compact, allow scrollback functionality and maybe scrolling\nto the sides to see longer lines.\n\nChange-Id: I81defe874542acfe89137035d0fc6de9861d3e33\nReviewed-on: https://review.monogon.dev/c/monogon/+/3382\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "d735a3c8cc39ba707768137815e1294224efe6bd", "tree": "5a535552aa5729480c5ccc53153f673dc2f377be", "parents": [ "0d9e125d30455e7d4352e1394fead5b093846621" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Thu Sep 05 13:51:44 2024 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Sep 11 11:19:39 2024 +0000" }, "message": "tconsole: add status bar\n\nThis adds a status bar to the bottom of the tconsole. It contains a page\nselector and clock.\n\nChange-Id: Ia932fe793ff067f3d096046d8bd93c060bac807a\nReviewed-on: https://review.monogon.dev/c/monogon/+/3381\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "0d9e125d30455e7d4352e1394fead5b093846621", "tree": "e69047b94bba04e16d4cbfa89a4c7ffd30a3a176", "parents": [ "5abcc7a8a8eb891c0f8920fbd4fa0104e751841b" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Sep 03 12:16:47 2024 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Sep 11 11:19:39 2024 +0000" }, "message": "tconsole: init\n\nThis introduces the \u0027tconsole\u0027 (terminal console), the default\ninterface to show in /dev/tty1 on a Metropolis node.\n\nCurrently it just shows some basic status in a single page. Upcoming\nchanges will reintroduce a simple log dump on a different page, as well\nas entirely new features like supervision tree inspection.\n\nTo iterate quickly on the console, a \u0027standalone\u0027 target is added which\nexercises the console on the user\u0027s terminal with fake node data.\nHowever only the actual console in Linux displays colours as intended.\n\nChange-Id: I5cfba2bdb320daa080a073e76bf0494aeab6a4d4\nReviewed-on: https://review.monogon.dev/c/monogon/+/3371\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "12b9a5d23a8cd59b2b9861aca47b81ed44abbdfd", "tree": "f8bd6cf5f8dfd0be8808360f24f96a93b93c9c85", "parents": [ "c39b1dc86b0af53d0aee5ca0f1a32ab79408167d" ], "author": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Mon Aug 26 17:22:03 2024 +0200" }, "committer": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Tue Sep 10 14:50:21 2024 +0000" }, "message": "m/n/c/localstorage: grow data partition before initializing\n\nThis adds the feature of growing the data partition before initializing,\nif there is free space after the partition. This is mainly useful for\nvirtual machines whose disk is initialized from a smaller image.\n\nChange-Id: I3ce071f73f494dc3a32ce79fd9db415ceb0e6f0d\nReviewed-on: https://review.monogon.dev/c/monogon/+/3348\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "ca6da6adf2fa3b88c743c9d7f88ef9cfea4e0823", "tree": "08cb2a1a2593333a77f932d117f53e8aea493251", "parents": [ "442cf688ef848811b1fa17d8a7cd7c7aaf774195" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Sep 09 17:55:15 2024 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Sep 09 20:37:57 2024 +0000" }, "message": "m/n/c/update: implement Rollback\n\nImplement a mechanism for manual rollbacks, useful for cases where\nrolling forward is not an option or automated rollbacks did not catch an\nissue. To ensure that the rollback does not break the machine, the\nalternate slot is only tried on next boot and that version needs to set\nthe slot active before it is permanently activated.\n\nChange-Id: I2fe4dfedcecd5bf7d1bdebdd070e40e817bca7c3\nReviewed-on: https://review.monogon.dev/c/monogon/+/3386\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "442cf688ef848811b1fa17d8a7cd7c7aaf774195", "tree": "b09cc8b514288118facd2ee2ab4255265a392937", "parents": [ "93d2e6c9014c17e86e357f7285e2a3378a6dbbcb" ], "author": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Thu Sep 05 18:28:48 2024 +0200" }, "committer": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Mon Sep 09 11:32:45 2024 +0000" }, "message": "m/n/c/consensus: handle empty etcd member Name\n\nWhen an etcd member has not been started yet, the member.Name field is\nthe empty string. In this case, we need to extract the node id from\nPeerURLs instead.\n\nChange-Id: I41aa39423bd4c7888467d65eb2a3f96e7d02e617\nReviewed-on: https://review.monogon.dev/c/monogon/+/3385\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "14e634795ccfe49710f6f7b5d6c1819f575480a6", "tree": "aa56ba6100eb4c03a59c07b06726e102ede07017", "parents": [ "62e6f0b9a4561118f691f2d886a7e2c026cec333" ], "author": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Thu Sep 05 15:34:26 2024 +0200" }, "committer": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Mon Sep 09 11:32:45 2024 +0000" }, "message": "m/n/c/curator: refactor consensus status access\n\nWe already obtain the consensus status when starting the curator, and it\nseems strange to do it again in one RPC handler.\n\nChange-Id: I3dd9d93b16180011392f8b64c94b0267ec30815f\nReviewed-on: https://review.monogon.dev/c/monogon/+/3383\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "b2d6c33bbb47a4b59bfb8c63934de500815a6a91", "tree": "474ea1474ceb7e6a58db658d41e4905ae7235b36", "parents": [ "f538ce4e8ca06767b9723d1f7969691d76561936" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Sep 03 12:18:24 2024 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Sep 04 19:40:28 2024 +0000" }, "message": "metropolis/roleserver: expose cluster credentials to external users\n\nThis will be used by the terminal console to access information about\nthe node ID and CA fingerprint.\n\nChange-Id: Ia9ff6ab1b5b903415b8275d6b4156ba176bbbf1b\nReviewed-on: https://review.monogon.dev/c/monogon/+/3369\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "f538ce4e8ca06767b9723d1f7969691d76561936", "tree": "cb7d709acb6f3ec11c839796b9ee68175c7bda30", "parents": [ "18e9a3f6a499f45e7a00b5d8613165124bb984f8" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Tue Sep 03 12:17:25 2024 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Sep 04 19:40:28 2024 +0000" }, "message": "metropolis/minit: do not log to /dev/console, bump year\n\n/dev/console and /dev/tty overlap, causing us to emit the copyright\nnotice twice.\n\nChange-Id: Ibe4f816dda9a32cfc614eed4ad19159bf72c6c4a\nReviewed-on: https://review.monogon.dev/c/monogon/+/3368\nTested-by: Jenkins CI\nReviewed-by: Leopold Schabel \u003cleo@monogon.tech\u003e\n" }, { "commit": "732a88411de08ac44d1f2bdb6b948c39c9ddc727", "tree": "6c7b78cf514254594d3ccadbb41f6364dd2cc286", "parents": [ "688ee2b59301e5a0494890003a85583f8da07ec5" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Mon Aug 26 23:25:37 2024 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Aug 27 21:40:54 2024 +0000" }, "message": "treewide: update to Kubernetes 1.31\n\nOverall not that bad, we got rid of some workarounds and added some new\nones. Biggest change is a significant refactor of the hyperkube package\nas Kubernetes really doesn\u0027t like multiple of their top-level Cobra\ncommands to be instantiated. One new patch for gVisor as new fields got\nadded to a Linux struct which caused codegen to rename an existing one.\nThat patch will go away once [1] is released as this has been changed\nback again.\nOtherwise mostly standard rebases of patches. We currently have a\nwarning in kubelet as our containerd CRI does not support the\nRuntimeConfig RPC, but no released version of containerd has that and\nthe fallback works fine for now.\n\n[1] https://go-review.googlesource.com/c/sys/+/607876\n\nChange-Id: I275e5fb78bc1d09c4ca0e8b5705edbaa80f30d96\nReviewed-on: https://review.monogon.dev/c/monogon/+/3355\nReviewed-by: Tim Windelschmidt \u003ctim@monogon.tech\u003e\nTested-by: Jenkins CI\n" }, { "commit": "10ef8f93d9c3acc3307819b679578f50c6798559", "tree": "aa957dd6625fac3c0afc62f17b9d8332fd3473d0", "parents": [ "1b1d95d14cb8727cd8c6a1b3efe88cef98b7bd0a" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Aug 13 15:35:10 2024 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Aug 22 12:05:26 2024 +0000" }, "message": "treewide: move //net to //osbase/net\n\nThe net package contains the utility to dump a network configuration in\nproto format. It should be in osbase.\n\nChange-Id: I4d25d9c7d600f4a04b9b79bd1ba98286bf9daec3\nReviewed-on: https://review.monogon.dev/c/monogon/+/3313\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "397f7eaa1e98554f8b9fed2c748e492bf739027b", "tree": "e0184b594e51a432b41f7ada43efdb1342e67061", "parents": [ "53964c1343dd37e29c8a61a44f47202b3f3726cc" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Tue Aug 20 21:26:06 2024 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Aug 21 12:33:07 2024 +0000" }, "message": "m/n/kubernetes: set PV inode quota relative to capacity\n\nThis removes the hardcoded 100k inode limit which is very low for large\nPVs in favor of a scaled value dependent on its capacity. This\ntechnically allows overcommit as the inode space is not accounted for on\nthe capacity side, but this was already the case before, just with a\nstatic limit.\n\nChange-Id: I48816cd904127397907c1372e7cbb4b9b5ea60f2\nReviewed-on: https://review.monogon.dev/c/monogon/+/3339\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n" }, { "commit": "53964c1343dd37e29c8a61a44f47202b3f3726cc", "tree": "c7d2c72ce7bf42810a452dd37576c8cdab98638a", "parents": [ "91bf1c89cbb61cf9f8183306196bfda97dd852a5" ], "author": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Mon Jul 29 17:59:32 2024 +0200" }, "committer": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Wed Aug 21 11:10:01 2024 +0000" }, "message": "WORKSPACE: remove CoreDNS dependency\n\nThis is no longer needed, CoreDNS was replaced by the new DNS server \nimplementation.\n\nChange-Id: I0c1072645a9e8ba196eabf6c549924def00b0212\nReviewed-on: https://review.monogon.dev/c/monogon/+/3281\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "91bf1c89cbb61cf9f8183306196bfda97dd852a5", "tree": "6c2c49d69e6db68917f2170055ddae5496664093", "parents": [ "a48bd3c3220063ed6beecf0b36ef6959f79f3790" ], "author": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Mon Jul 29 17:31:33 2024 +0200" }, "committer": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Wed Aug 21 11:10:01 2024 +0000" }, "message": "treewide: integrate new DNS server\n\nThis integrates the new DNS server into the network service, replacing \nCoreDNS.\n\nChange-Id: I1d2e0fd3315dc2c602a8f805ed701633799e9986\nReviewed-on: https://review.monogon.dev/c/monogon/+/3260\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n" }, { "commit": "c2290c2e21ee5615d341d56799516829c2fea540", "tree": "fdbf849c7e459508b844c7aff2a33e79f4c1b12e", "parents": [ "be0b4c9158371b29c21badc5702ee50ed8179935" ], "author": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Thu Aug 15 19:56:00 2024 +0200" }, "committer": { "name": "Tim Windelschmidt", "email": "tim@monogon.tech", "time": "Tue Aug 20 13:03:42 2024 +0000" }, "message": "treewide: move build helper to more fitting places\n\nChange-Id: I3d0cfe9283222d403ae369ec9db09201ad511e15\nReviewed-on: https://review.monogon.dev/c/monogon/+/3327\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\nTested-by: Jenkins CI\n" } ], "next": "be0b4c9158371b29c21badc5702ee50ed8179935" }