infra
/
kubernetes
1
0
Fork 0
Code Pull Requests 4 Activity
691 Commits
9 Branches
0 Tags
3.5 MiB
Commit Graph

17 Commits (master)

Author SHA1 Message Date
Dustin 4dc21e6179 sshca: Add machine IDs for CM4 cluster nodes 
* _ctrl-2ed83d.k8s.pyrocufflink.black_
* _node-6a3f8.k8s.pyrocufflink.black_
* _node-6ed191.k8s.pyrocufflink.black_
 2025-07-27 17:42:43 -05:00
Dustin b75d83cd32 sshca: Do not sign certs for root 
We no longer need *root* in the list of authorized principals for user
certificates issued by SSHCA.
 2025-03-04 19:23:49 -06:00
Dustin 32175156ac sshca: Add machine ID for node-474c83.k8s.p.bk 2025-02-01 18:16:10 -06:00
Dustin 252dcfedc8 sshca: Add machine ID for ctrl-pi-spellbind 2024-12-28 10:38:26 -06:00
Dustin 62b19e942b sshca: Add machine ID for nut1.p.b 2024-11-10 11:19:53 -06:00
Dustin 4adb9cd243 sshca: Add machine IDs for VM hosts 2024-08-31 17:49:36 -05:00
Dustin 4436ec5c6c sshca: Add machine ID for chromie.p.b 
*chromie.pyrocufflink.blue* runs on the same hardware that was
originally *nvr1.pyrocufflink.blue*.
 2024-08-28 11:57:49 -05:00
Dustin a785fcec73 sshca: Allow Jenkins jobs to restart the Deployment 
The Jenkins job for the SSHCA Server restarts the Deployment after
building a new container image.
 2024-07-27 13:10:20 -05:00
Dustin aedd4df9f6 sshca: Add machine ID for Toad 2024-05-22 15:20:09 -05:00
Dustin 5c34fdb1c6 sshca: Add Machine UUID for nvr2.p.b 2024-04-05 12:26:51 -05:00
Dustin a395d176bc sshca: Set group principals for Server Admins 
Members of the *Server Admins* group need to be able to log in to
machines using their respective privileged accounts for e.g.
provisioning or emergencies.
 2024-02-02 21:02:40 -06:00
Dustin 2cd4a8b097 sshca: Configure user CA 
SSHCA now supports issuing user certificates.  It uses OpenID Connect to
authenticate requests, and issues certificates based on the user's ID
token.
 2024-02-01 09:02:11 -06:00
Dustin a5d186b461 sshca: Add update-machine-ids script 
The `update-machine-ids.sh` shell script helps update the `sshca-data`
SealedSecret with the current contents of the `machine-ids.json` file
(stored locally, not tracked in Git).
 2024-01-25 20:42:47 -06:00
Dustin 7eae328a2c sshca: Add machine ID for serial1.p.b 2024-01-25 20:41:54 -06:00
Dustin 89516ebf55 sshca: Add machine ID for nut0 2024-01-13 09:51:13 -06:00
Dustin 4cec66fc13 sshca: Add machine IDs for nvr1, k8s-aarch64-n1 2024-01-07 21:16:37 -06:00
Dustin fe2a84a222 sshca: Deploy SSH CA service 
[sshca] is a simple web service I wrote to automatically create signed
SSH certificates for hosts' public keys.  It authenticates hosts by
their machine UUID, which it can find using the libvirt API.

[sshca]: https://git.pyrocufflink.net/dustin/sshca
 2023-11-10 14:22:31 -06:00