Merge remote-tracking branch 'refs/remotes/origin/master'

2024-01-22 17:55:53 -06:00 · 2024-01-22 17:55:53 -06:00 · fb9ac66ad3
parent 832dea2c7d 0e20952740
commit fb9ac66ad3
11 changed files with 58 additions and 15 deletions
--- a/dch-webhooks/ingress.yaml
+++ b/dch-webhooks/ingress.yaml
@ -2,6 +2,8 @@
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
+  annotations:
+    nginx.ingress.kubernetes.io/ssl-redirect: "false"
  labels:
    app.kubernetes.io/name: dch-webhooks
    app.kubernetes.io/component: dch-webhooks
--- a/jenkins/ssh_known_hosts
+++ b/jenkins/ssh_known_hosts
@ -1,3 +1,4 @@
+@cert-authority *.pyrocufflink.blue ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII24CZGosLMTny0a2eDB6KOG47FhlwVkTEFQNAYzKV0t
 files.pyrocufflink.blue ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBH+S6aTqXJ15DV3NczbPXVQKXxbvMVtaHToShsrhxps1GGWcJU/pbZtpAQcN4OGth7DQ1Q/1RvrFS+Fd/5U4wv4=
 files.pyrocufflink.blue ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFzOkLdjAJDPyja2o4+Km52VNM4t7jeYTyMVYl4gtudq
 files.pyrocufflink.blue ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDbgN04bblL95EStM+wpGF1asvEOL6vmH/oNTIBRd0HbTz8jRa3CMOGWWG7/xGIRjrXglAGURGZ/EOqkyGIsciVtC53lwLuyZT18sqHrmp8S5uq/rNaY3rSVfc7kW/fXsNksjtwnQ/sNtawSZ6UFv+p/X47qOGv0XPAwAzoXDwDpQ27wOz1YnbBa+5itThLh6QvxgM1DKnb78uZ1TBpaCCdtL2iH1IVo3FLmah9bNWvUU1QECKyOUDw3IiwIS6owtHIrpdCiZTlPSJhBLPvv7P/L9V0bTfREP+MMDBT1hhj2NUgmDxC4sDd8k1Qy/qxeyU/FA+7dn7K8YVIEe9rNbs/
@ -7,3 +8,5 @@ git.pyrocufflink.blue ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDF1tB0KeyMStHKbnumin
 git.pyrocufflink.net ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJPLXOT4j+jYAIGfuGbtG8ea3oBZwtvOEYNzUHpsQBF9VO9E9nTQBswSRzc+otPzZhr5lJ+BlGo439hHGkbOIo8=
 git.pyrocufflink.net ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHEF/IXycjT/sSIpFLRDEVZUu95QA3i7d5LZvB/RncHN
 git.pyrocufflink.net ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDF1tB0KeyMStHKbnuminTQ2xwjjxyES/DBSlZZH0c7F25Lu6TfvxEEs/7YUtZKAnwFGLfuqW5gaS3eWV1eA3w7WtEGYoBAD6VFZUjN0vfmhNYWC85DMcY+gqkOkBQy1/SvyYSPHrtkgTJRPMG/MdWGaYEN+w/znr1HETPnj4qm7bFC8yxXKU2PXzKlUeY+ynY3hhlzAVwG4Ay7hgH+nO071eoAQtYq9zBdYTifXxoTzatLgU8ib3EYuC3/LDNXkFhYhxDhfp9iwPCNZRi49AccMlL323/Vp8x/Jy/iY5A60Fk8cIYtneEihRkIpzpyTudEK0MXyJ+FJ0vmjiEX5ZY9
+mtrcs0.pyrocufflink.blue ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIFklfgYwVlea/FbFNguKEY2hMXw9iOneNveLVws8dd9
+serial0.pyrocufflink.blue ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIABidV03uxUtikscJfA3qZ+mgXW9KP2QWJBLhlDOleHQ
--- a/keyserv/.gitignore
+++ b/keyserv/.gitignore
@ -0,0 +1 @@
+master.key
--- a/keyserv/age-keys/age18zz39affempnzzh9q50rhc78guwljczagc0aa3z9zvrle5dhcg4qh9hanr
+++ b/keyserv/age-keys/age18zz39affempnzzh9q50rhc78guwljczagc0aa3z9zvrle5dhcg4qh9hanr
@ -0,0 +1,8 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkWVoydG5KRGpwSlMrTEhn
+bmI4VFJabFVlclhwSThLRmlFbEd5L2tvQ0E4CnZkUXRXWVNERXQwbC84ZHRwWS9I
+ODQvM283RUZsakwxOXZnOXMyV0tsZ00KLS0tIFlVMmMwNFR4OWZ5c3UxQ0QvcHpW
+ZEdzV2l6NERCdlhVS2M4alFqMWhBdzAKClTysPEo5cDC8ZRplM0VW3FDvvdRz+tv
+/N7n0dspfmAl+kj5LfTg3Thb6a1kOW7j5AuST2uPrRVocWMCoVH9cls3eItxqy8X
+kPwnpSHD7N2v6Rd4t7qDHp3MH7CedK6WWJk+jYc0Gpm4bso=
+-----END AGE ENCRYPTED FILE-----
--- a/keyserv/age-keys/age1y5cdw7xct9f50yurw7h5flck8jycv0t4m4qj72frep3z09344pus9x4nkc
+++ b/keyserv/age-keys/age1y5cdw7xct9f50yurw7h5flck8jycv0t4m4qj72frep3z09344pus9x4nkc
@ -0,0 +1,8 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTTks1S2V0U2twVy93Z2lV
+ZlRyVDk2OTdBemIzU3JsVE1JUlZSTXZhTG53CnhqS0ZyVVJxT1NLSC9WR1dQYWh6
+SUd2M08wQi9TU2o3YkcxMW9JaUlHeGMKLS0tIEs4K0JvaVBvTG0wSDgyemZJV0lX
+VXFrbmVDenVBRy9aZmFLUEJ0ZmRBY3MKpR8uXoUp6R5BTFLBSdWlpd8YNRpxdn9J
+DcAIH9KecbAyaHVjJspIvcQQVpz6Cvh5O34spY4U9Gg4dCOsGD+qB88vmR+B/rsy
+jfTFe+Us6G87fUZ6NvdFJ8K3HsVXvcTFMNijMHw2SWlyJ3I=
+-----END AGE ENCRYPTED FILE-----
--- a/keyserv/key-map.yml
+++ b/keyserv/key-map.yml
@ -1,12 +1,17 @@
 dustin@hatch.name:
+- age1668cmw7jeyfawpdp7c6c79hdqdmvzjrkuszz4c96sfugkyjsr39qv4vsg7
 - age197zq0l27nwxj74d4pmpat6kqqth235mdc0ggmfm3006v0fy7advsg9ljts
 - age1c6swn9tm0502jd3e0yszfd4qd7lgx2nd9uk0hruuckhx7zpn3utqhau7mz
+- age1dcyvkqde4j43gz6pzk6u8g3ph85tj3qr0tucr9lkcy4sgyqshe8qzq7d20
 - age1ez6hv5frke4k4esk4p3nyf7y4g5mjq953t8ctk45qxnpreeerdpsrqu2dd
 - age1fc96yyd7a7l3uc4jr8sk06h8al607gjxd89q435jlp6nsmrhqflq5dkhtq
 - age1hl8dfgh938092h32zuex7xnfmqer3peg5gl6d892aarsw0s6nptq5tysu9
 - age1j63kzwldegazaaj4rm2ydzlm4wlh6z4cgm4s7g6pzysskh04duhslyc5yy
+- age1kfqgu0ug40uwrsqx94azeflg58wp4ckx3xsm5l2y6zvw95zqygfsy8x69t
+- age1xfmmwhutwr4cml4dlj6rq6r9mgjs3fake0q4wuly5z9r9mqgk4nsk53d5j
+- age1y3hea7a4rpeyjhcrcg29lsfzg9guwqeqx6m6q6szt5wuc8guy3hsl6t33e
 - age1y4prxtunmkx0kwrtl5qkxvj0gzl8kuyp9seyptgy2rlvrqyysegq32srfn
- age1668cmw7jeyfawpdp7c6c79hdqdmvzjrkuszz4c96sfugkyjsr39qv4vsg7
+- age1y5cdw7xct9f50yurw7h5flck8jycv0t4m4qj72frep3z09344pus9x4nkc

 burp1.pyrocufflink.blue:
 - age1xfmmwhutwr4cml4dlj6rq6r9mgjs3fake0q4wuly5z9r9mqgk4nsk53d5j
@ -23,6 +28,7 @@ nut0.pyrocufflink.blue:
 - age1y3hea7a4rpeyjhcrcg29lsfzg9guwqeqx6m6q6szt5wuc8guy3hsl6t33e
 - age1kfqgu0ug40uwrsqx94azeflg58wp4ckx3xsm5l2y6zvw95zqygfsy8x69t
 - age1xfmmwhutwr4cml4dlj6rq6r9mgjs3fake0q4wuly5z9r9mqgk4nsk53d5j
+- age1y5cdw7xct9f50yurw7h5flck8jycv0t4m4qj72frep3z09344pus9x4nkc

 nvr1.pyrocufflink.blue:
 - age1668cmw7jeyfawpdp7c6c79hdqdmvzjrkuszz4c96sfugkyjsr39qv4vsg7
--- a/keyserv/kustomization.yaml
+++ b/keyserv/kustomization.yaml
@ -43,6 +43,7 @@ secretGenerator:
  - age-keys/age1y3hea7a4rpeyjhcrcg29lsfzg9guwqeqx6m6q6szt5wuc8guy3hsl6t33e
  - age-keys/age1kfqgu0ug40uwrsqx94azeflg58wp4ckx3xsm5l2y6zvw95zqygfsy8x69t
  - age-keys/age1xfmmwhutwr4cml4dlj6rq6r9mgjs3fake0q4wuly5z9r9mqgk4nsk53d5j
+  - age-keys/age1y5cdw7xct9f50yurw7h5flck8jycv0t4m4qj72frep3z09344pus9x4nkc
  options:
    disableNameSuffixHash: true
    labels:
--- a/kitchen/kitchen.yaml
+++ b/kitchen/kitchen.yaml
@ -38,6 +38,8 @@ spec:
        env:
        - name: TZ
          value: America/Chicago
+        - name: SSL_CERT_FILE
+          value: /usr/lib/python3.10/site-packages/certifi/cacert.pem
        imagePullPolicy: Always
        ports:
        - containerPort: 8000
@ -129,6 +131,6 @@ roleRef:
  kind: Role
  name: jenkins
 subjects:
- apiGroup: rbac.authorization.k8s.io
-  kind: User
-  name: jenkins
+- kind: ServiceAccount
+  name: default
+  namespace: jenkins-jobs
--- a/victoria-metrics/scrape.yml
+++ b/victoria-metrics/scrape.yml
@ -80,9 +80,21 @@ scrape_configs:
  - files:
    - /scrape/collectd/scrape-collectd.yml
  relabel_configs:
+  - source_labels:
+    - __address__
+    target_label: host__tmp
  - source_labels: [__address__]
    target_label: __address__
    replacement: '$1:9103'
+  metric_relabel_configs:
+  - source_labels:
+    - __name__
+    - host__tmp
+    separator: ;
+    regex: collectd_virt.*;(.*)
+    target_label: host
+  - action: labeldrop
+    regex: host__tmp

 - job_name: sambadc
  scrape_interval: 1m
--- a/victoria-metrics/vmstorage.yaml
+++ b/victoria-metrics/vmstorage.yaml
@ -50,17 +50,6 @@ spec:
          name: vmselect
        - containerPort: 8482
          name: http
-        readinessProbe: &probe
-          httpGet:
-            port: http
-            path: /health
-          periodSeconds: 60
-        startupProbe:
-          <<: *probe
-          periodSeconds: 1
-          successThreshold: 1
-          failureThreshold: 30
-          timeoutSeconds: 1
        securityContext:
          runAsNonRoot: true
          readOnlyRootFilesystem: true
--- a/xactfetch/xactfetch.yaml
+++ b/xactfetch/xactfetch.yaml
@ -33,6 +33,17 @@ spec:
              readOnlyRootFilesystem: true
              runAsGroup: 999
              runAsUser: 999
+          - name: sync
+            image: git.pyrocufflink.net/packages/xactfetch
+            command:
+            - rbw
+            - sync
+            securityContext:
+              readOnlyRootFilesystem: true
+            volumeMounts:
+            - mountPath: /var/lib/xactfetch
+              name: xactfetch-data
+              subPath: data
          containers:
          - name: xactfetch
            image: git.pyrocufflink.net/packages/xactfetch