Commit graph

22 commits

Author SHA1 Message Date
Vincent Ambo
56f9e37755 fix(k8s): Move nixery-secrets to the correct namespace 2019-09-04 10:34:20 +01:00
Vincent Ambo
283951388c feat(k8s): Insert Nixery's secrets via kontemplate
Instead of having a manually prepared secret, use Cloud KMS (as per
the previous commits) to decrypt the in-repo secrets and template them
into the Secret resource in Kubernetes.

Not all of the values are actually secret, it has thus become a bit
easier to edit the known hosts, SSH config and such now.
2019-09-03 16:12:30 +01:00
Vincent Ambo
abd5d7538c feat(gcp): Create Cloud KMS resources for encrypting secrets
The idea here is to use Cloud KMS and a shell script that mimics
'pass' to trick kontemplate into using Cloud KMS to decrypt secrets.
2019-09-03 16:12:30 +01:00
Vincent Ambo
eb43ba75d2 chore(gcp): Remove monorepo repository
The repository is now public on Github.
2019-09-03 16:12:30 +01:00
Vincent Ambo
5e4157e4a2 chore(k8s): Update deployed Nixery version 2019-09-03 00:31:09 +01:00
Vincent Ambo
d577629b5b fix(k8s): Add nginx route for load-balancer health checks 2019-09-02 20:16:49 +01:00
Vincent Ambo
e2feae3387 fix(k8s): nginx does not need to be pinned to gitHEAD 2019-09-02 18:42:18 +01:00
Vincent Ambo
07a17501cc chore(k8s): Point Nixery at public depot URL 2019-09-02 18:38:24 +01:00
Vincent Ambo
a0089892dd feat(k8s): Route oslo.pub to nginx in ingress 2019-09-02 18:28:39 +01:00
Vincent Ambo
785a5a2997 feat(k8s): Add nginx instance for oslo.pub redirect
The redirect is currently all that this instance does. It is required
because HTTP load balancers in GCP don't support URL rewriting.
2019-09-02 18:19:35 +01:00
Vincent Ambo
e6cb12ebfb chore(k8s): Provision certificate for oslo.pub 2019-09-02 18:19:06 +01:00
Vincent Ambo
4881a84eaa chore(infra): Remove NixOS configuration for servers
This configuration is no longer in use. The Gemma configuration file
has been moved over to the k8s folder from where it will be templated
into the actual configuration.
2019-09-02 17:19:07 +01:00
Vincent Ambo
a58af3e371 feat(k8s): Configure HTTPS ingress for the blog
Uses Google-managed certificates and an Ingress resource to set up an
HTTPS load-balancer.

This probably won't be the final version as the GKE Ingress is very
limited and can not do things like redirect URLs, which I need to
decommission the old setup.
2019-08-27 12:44:37 +01:00
Vincent Ambo
cae99692de feat(k8s): Add Google managed TLS certificates
Introduces certificates for tazj.in & www.tazj.in.
2019-08-27 12:43:55 +01:00
Vincent Ambo
155f17173b chore(gcp): Enable Cloud DNS service 2019-08-25 17:47:34 +01:00
Vincent Ambo
31e83b33cc chore(k8s): More tazblog replicas 2019-08-23 14:13:13 +01:00
Vincent Ambo
28a9c01d36 feat(infra/k8s): Add in-cluster tazblog deployment via Nixery
First deployment actually using a Nixery image and `gitHEAD`.

This does not actually serve a working blog for various reasons. The
current storage mechanism (acid-state) isn't really appropriate
anymore and I'll need to change that soon.
2019-08-19 03:10:53 +01:00
Vincent Ambo
a4ef595fef chore(infra/k8s): Bump Nixery image to Cachix-enabled one 2019-08-19 02:43:42 +01:00
Vincent Ambo
cb810687d5 fix(infra/k8s): Always pull a Nixery image 2019-08-16 19:57:10 +01:00
Vincent Ambo
dd35be7add feat(infra/k8s): Deploy Nixery instance to cluster 2019-08-16 18:20:20 +01:00
Vincent Ambo
ba06317836 feat(infra/gcp): Add Terraform configuration for GKE & friends
Sets up Terraform itself, a GKE cluster, a storage bucket and all the
other little things required to get the basics running.
2019-08-16 16:52:06 +01:00
Vincent Ambo
a131b30514 refactor(infra): Move infrastructure into monorepo structure 2019-07-02 12:48:05 +01:00