kube/

directory
v0.0.0-...-40caaa6 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 13, 2025 License: BSD-3-Clause

README

Kubernetes config and applications

Scripts, YAML files, and utility apps to run our kubernetes cluster(s). Each cluster will have its own subdirectory that matches the name of the GCE project.

Ingress

The ingress configs presume that the IP address and certs have already been created and named, both of which can be done via command line.

Upload certs:

gcloud compute ssl-certificates create skia-org --certificate=skia.pem --private-key=skia.key

Take care when copying the certs around, for example, download them onto a ramdrive and unmount the ramdrive after they have been uploaded. See 'create-sa.sh' in this directory.

Reserving a named global IP address:

gcloud compute addresses create skia-org --global

pushk and kube/clusters/config.json

The definitive list of clusters and how to talk to each one is stored in kube/clusters/config.json.

This config file also defines the git repo where YAML files are stored and where to checkout that repo when pushing. The location of the checkout can be set by setting the PUSHK_GITDIR environment variable.

The k8s YAML files are checked into https://skia.googlesource.com/k8s-config/, with one sub-directory for each cluster.

See http://go/corp-ssh-helper for details on setting up SSH.

When you run pushk it will update the images for all the clusters and then run kubectl apply for each file and for each cluster.

Standing up a new cluster in a different project

  1. Add a new __skia_NNN function to clusters.sh.
  2. Create the config-NNN.sh file.
  3. Copy and modify the create-cluster-corp.sh script.
  4. Add a node pool if necessary using the web UI.
  5. Update kube/clusters/config.json with info on the new cluster.

Directories

Path Synopsis
Package clusters contains the current cluster config json file as an embedded string.
Package clusters contains the current cluster config json file as an embedded string.
cmd
k8s-config-presubmit
The presubmit binary runs many checks on the differences between the current commit and its parent branch.
The presubmit binary runs many checks on the differences between the current commit and its parent branch.
go
authproxy
Package authproxy is a reverse proxy that runs in front of applications and takes care of authentication.
Package authproxy is a reverse proxy that runs in front of applications and takes care of authentication.
authproxy/auth
Package auth provides an interface for handling authenticated users.
Package auth provides an interface for handling authenticated users.
authproxy/mockedauth
package mockedauth is intended for use with local development use cases.
package mockedauth is intended for use with local development use cases.
authproxy/protoheader
Package header supports extracting the email of an authorized user from a protobuf in an HTTP Header.
Package header supports extracting the email of an authorized user from a protobuf in an HTTP Header.
expand-and-reload
expand-and-reload is a simple app that watches for a configmap file to change and when it does it writes the file, after doing environment variable expansion, to --dst.
expand-and-reload is a simple app that watches for a configmap file to change and when it does it writes the file, after doing environment variable expansion, to --dst.
oauth2redirect
Package oauth2redirect is a reverse proxy that runs in front of applications and takes care of handling the oauth2 redirect leg of the OAuth 3-legged flow.
Package oauth2redirect is a reverse proxy that runs in front of applications and takes care of handling the oauth2 redirect leg of the OAuth 3-legged flow.
pushk
pushk pushes a new version of an app.
pushk pushes a new version of an app.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL