)]}'
{"/PATCHSET_LEVEL":[{"author":{"_account_id":1000000,"name":"Leopold Schabel","display_name":"Leo","email":"leo@monogon.tech","username":"leo","avatars":[{"url":"https://www.gravatar.com/avatar/98f8f79a6bb45adef37defa7ead8f3d2.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/98f8f79a6bb45adef37defa7ead8f3d2.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/98f8f79a6bb45adef37defa7ead8f3d2.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/98f8f79a6bb45adef37defa7ead8f3d2.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"change_message_id":"1694938748f2bfe291fe5b90f7d748068c6cf8c6","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":2,"id":"b094c23d_4bdbc2e9","updated":"2022-03-01 17:58:37.000000000","message":"\u003e Change message removed by: Leopold Schabel\n\nOops - I accidentally clicked the \"DELETE\" instead of the \"REPLY\" button. Gerrit might want to reconsider this 😄","commit_id":"ef8e0df08441957a87473bb314afe31af9c84182"},{"author":{"_account_id":1000002,"name":"Serge Bazanski","display_name":"Serge","email":"serge@monogon.tech","username":"serge","avatars":[{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"change_message_id":"46aa4e6b5623d82b5ea64bde469e12302c42f810","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":2,"id":"b58f0bea_4a9da8ef","updated":"2022-03-01 13:07:12.000000000","message":"To build HTML and review: bazel  build //metropolis/handbook, then see bazel-bin/metropolis/handbook/handbook .\n\nI\u0027m not super comfortable with some stylistic choices in here, so feel free to pick that apart. Haven\u0027t written public technical docs in a while :).","commit_id":"ef8e0df08441957a87473bb314afe31af9c84182"},{"author":{"_account_id":1000010,"name":"Mateusz Zalega","display_name":"msgctl","email":"mateusz@monogon.tech","username":"mateusz","avatars":[{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"change_message_id":"3963641823773c9f4db2f1914bd6e7737b257da7","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":2,"id":"f94af7db_e39dc9da","updated":"2022-03-22 10:26:54.000000000","message":"gj","commit_id":"ef8e0df08441957a87473bb314afe31af9c84182"},{"author":{"_account_id":1000010,"name":"Mateusz Zalega","display_name":"msgctl","email":"mateusz@monogon.tech","username":"mateusz","avatars":[{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"change_message_id":"5ecba47851b6f5a7ddf0023b988556d90fe25151","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":3,"id":"297a8725_de8eff33","updated":"2022-06-29 13:51:15.000000000","message":"I\u0027ve cleaned it up a bit while leaving some of the comments open. IMO it\u0027s good enough to go in, but I\u0027ll keep the open comments in mind.","commit_id":"c7370b1bf0412adc474126add576fa70e837915b"}],"metropolis/handbook/src/ch01-00-metropolis-organization.md":[{"author":{"_account_id":1000000,"name":"Leopold Schabel","display_name":"Leo","email":"leo@monogon.tech","username":"leo","avatars":[{"url":"https://www.gravatar.com/avatar/98f8f79a6bb45adef37defa7ead8f3d2.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/98f8f79a6bb45adef37defa7ead8f3d2.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/98f8f79a6bb45adef37defa7ead8f3d2.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/98f8f79a6bb45adef37defa7ead8f3d2.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"change_message_id":"3138a475119dc0101e1106ccae0b29b5794127f0","unresolved":true,"context_lines":[{"line_number":1,"context_line":"## Metropolis in your Organization"},{"line_number":2,"context_line":""},{"line_number":3,"context_line":"\u003e *Note*: In this chapter, \u0027developers\u0027 mean product developers, ie. Metropolis **Users**, not Metropolis **Developers**. Whenever you see **User**, **Operator** or **Developer**, think of Metropolis roles. However, whenever you see **developer**, think of product development teams acting as **Users**."},{"line_number":4,"context_line":""},{"line_number":5,"context_line":"As outlined in **How to use this Handbook**, Metropolis has at its core the concept of separate Users and Operators of a Metropolis cluster."},{"line_number":6,"context_line":""}],"source_content_type":"text/x-markdown","patch_set":2,"id":"74a3905e_95c8f7f7","line":3,"updated":"2022-03-22 11:42:06.000000000","message":"Can we actually expect users to parse this correctly?","commit_id":"ef8e0df08441957a87473bb314afe31af9c84182"},{"author":{"_account_id":1000000,"name":"Leopold Schabel","display_name":"Leo","email":"leo@monogon.tech","username":"leo","avatars":[{"url":"https://www.gravatar.com/avatar/98f8f79a6bb45adef37defa7ead8f3d2.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/98f8f79a6bb45adef37defa7ead8f3d2.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/98f8f79a6bb45adef37defa7ead8f3d2.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/98f8f79a6bb45adef37defa7ead8f3d2.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"change_message_id":"2183eb7cbe12ec1f6b288b060ac70f5905e75d08","unresolved":true,"context_lines":[{"line_number":1,"context_line":"## Metropolis in your Organization"},{"line_number":2,"context_line":""},{"line_number":3,"context_line":"\u003e *Note*: In this chapter, \u0027developers\u0027 mean product developers, ie. Metropolis **Users**, not Metropolis **Developers**. Whenever you see **User**, **Operator** or **Developer**, think of Metropolis roles. However, whenever you see **developer**, think of product development teams acting as **Users**."},{"line_number":4,"context_line":""},{"line_number":5,"context_line":"As outlined in **How to use this Handbook**, Metropolis has at its core the concept of separate Users and Operators of a Metropolis cluster."},{"line_number":6,"context_line":""}],"source_content_type":"text/x-markdown","patch_set":2,"id":"c7de0f4c_8a6ae9a6","line":3,"in_reply_to":"5593765a_f1b86ab1","updated":"2022-06-30 18:21:14.000000000","message":"No, but I\u0027m saying that the likelihood of casual readers making the proper distinction between `developer` and `Developer` is nil","commit_id":"ef8e0df08441957a87473bb314afe31af9c84182"},{"author":{"_account_id":1000002,"name":"Serge Bazanski","display_name":"Serge","email":"serge@monogon.tech","username":"serge","avatars":[{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"change_message_id":"4109991701fd4109246f3c7180de9a704a0f43cb","unresolved":true,"context_lines":[{"line_number":1,"context_line":"## Metropolis in your Organization"},{"line_number":2,"context_line":""},{"line_number":3,"context_line":"\u003e *Note*: In this chapter, \u0027developers\u0027 mean product developers, ie. Metropolis **Users**, not Metropolis **Developers**. Whenever you see **User**, **Operator** or **Developer**, think of Metropolis roles. However, whenever you see **developer**, think of product development teams acting as **Users**."},{"line_number":4,"context_line":""},{"line_number":5,"context_line":"As outlined in **How to use this Handbook**, Metropolis has at its core the concept of separate Users and Operators of a Metropolis cluster."},{"line_number":6,"context_line":""}],"source_content_type":"text/x-markdown","patch_set":2,"id":"5593765a_f1b86ab1","line":3,"in_reply_to":"74a3905e_95c8f7f7","updated":"2022-06-30 18:19:56.000000000","message":"Do you have some alternative nomenclature in mind, or an alternative way of presenting it, or an alternative way of using such nomenclature in the doc?","commit_id":"ef8e0df08441957a87473bb314afe31af9c84182"},{"author":{"_account_id":1000000,"name":"Leopold Schabel","display_name":"Leo","email":"leo@monogon.tech","username":"leo","avatars":[{"url":"https://www.gravatar.com/avatar/98f8f79a6bb45adef37defa7ead8f3d2.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/98f8f79a6bb45adef37defa7ead8f3d2.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/98f8f79a6bb45adef37defa7ead8f3d2.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/98f8f79a6bb45adef37defa7ead8f3d2.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"change_message_id":"7856350f9511971d0bfa5b1570b21e96edf32568","unresolved":false,"context_lines":[{"line_number":1,"context_line":"## Metropolis in your Organization"},{"line_number":2,"context_line":""},{"line_number":3,"context_line":"\u003e *Note*: In this chapter, \u0027developers\u0027 mean product developers, ie. Metropolis **Users**, not Metropolis **Developers**. Whenever you see **User**, **Operator** or **Developer**, think of Metropolis roles. However, whenever you see **developer**, think of product development teams acting as **Users**."},{"line_number":4,"context_line":""},{"line_number":5,"context_line":"As outlined in **How to use this Handbook**, Metropolis has at its core the concept of separate Users and Operators of a Metropolis cluster."},{"line_number":6,"context_line":""}],"source_content_type":"text/x-markdown","patch_set":2,"id":"69148fce_23cc8a09","line":3,"in_reply_to":"c7de0f4c_8a6ae9a6","updated":"2022-06-30 18:22:05.000000000","message":"Perhaps we can use some typographic distinction, always making them italic, something like that? Either way, I\u0027m marking this resolved since it\u0027s not a blocker.","commit_id":"ef8e0df08441957a87473bb314afe31af9c84182"},{"author":{"_account_id":1000000,"name":"Leopold Schabel","display_name":"Leo","email":"leo@monogon.tech","username":"leo","avatars":[{"url":"https://www.gravatar.com/avatar/98f8f79a6bb45adef37defa7ead8f3d2.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/98f8f79a6bb45adef37defa7ead8f3d2.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/98f8f79a6bb45adef37defa7ead8f3d2.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/98f8f79a6bb45adef37defa7ead8f3d2.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"change_message_id":"3138a475119dc0101e1106ccae0b29b5794127f0","unresolved":true,"context_lines":[{"line_number":2,"context_line":""},{"line_number":3,"context_line":"\u003e *Note*: In this chapter, \u0027developers\u0027 mean product developers, ie. Metropolis **Users**, not Metropolis **Developers**. Whenever you see **User**, **Operator** or **Developer**, think of Metropolis roles. However, whenever you see **developer**, think of product development teams acting as **Users**."},{"line_number":4,"context_line":""},{"line_number":5,"context_line":"As outlined in **How to use this Handbook**, Metropolis has at its core the concept of separate Users and Operators of a Metropolis cluster."},{"line_number":6,"context_line":""},{"line_number":7,"context_line":"This split might, at first glance, seem antithetical to the spirit of \u0027DevOps\u0027. However, this distinction **doesn\u0027t exist to take away operational tasks from software developers** (Users), but to let Metropolis scale to large organizations where developers cannot be expected to responsible for operations from physical hardware (or a public cloud) up to their product. We believe product teams should be able to focus on the operational aspects specific to their product, and not have to deal with low-level fluff like cluster-level backups, monitoring and security."},{"line_number":8,"context_line":""}],"source_content_type":"text/x-markdown","patch_set":2,"id":"52a4985b_cb615746","line":5,"range":{"start_line":5,"start_character":15,"end_line":5,"end_character":43},"updated":"2022-03-22 11:42:06.000000000","message":"This should probably be a hyperlink?","commit_id":"ef8e0df08441957a87473bb314afe31af9c84182"},{"author":{"_account_id":1000010,"name":"Mateusz Zalega","display_name":"msgctl","email":"mateusz@monogon.tech","username":"mateusz","avatars":[{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"change_message_id":"5ecba47851b6f5a7ddf0023b988556d90fe25151","unresolved":false,"context_lines":[{"line_number":2,"context_line":""},{"line_number":3,"context_line":"\u003e *Note*: In this chapter, \u0027developers\u0027 mean product developers, ie. Metropolis **Users**, not Metropolis **Developers**. Whenever you see **User**, **Operator** or **Developer**, think of Metropolis roles. However, whenever you see **developer**, think of product development teams acting as **Users**."},{"line_number":4,"context_line":""},{"line_number":5,"context_line":"As outlined in **How to use this Handbook**, Metropolis has at its core the concept of separate Users and Operators of a Metropolis cluster."},{"line_number":6,"context_line":""},{"line_number":7,"context_line":"This split might, at first glance, seem antithetical to the spirit of \u0027DevOps\u0027. However, this distinction **doesn\u0027t exist to take away operational tasks from software developers** (Users), but to let Metropolis scale to large organizations where developers cannot be expected to responsible for operations from physical hardware (or a public cloud) up to their product. We believe product teams should be able to focus on the operational aspects specific to their product, and not have to deal with low-level fluff like cluster-level backups, monitoring and security."},{"line_number":8,"context_line":""}],"source_content_type":"text/x-markdown","patch_set":2,"id":"240f6202_28b52fe3","line":5,"range":{"start_line":5,"start_character":15,"end_line":5,"end_character":43},"in_reply_to":"52a4985b_cb615746","updated":"2022-06-29 13:51:15.000000000","message":"Done","commit_id":"ef8e0df08441957a87473bb314afe31af9c84182"},{"author":{"_account_id":1000010,"name":"Mateusz Zalega","display_name":"msgctl","email":"mateusz@monogon.tech","username":"mateusz","avatars":[{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"change_message_id":"3963641823773c9f4db2f1914bd6e7737b257da7","unresolved":true,"context_lines":[{"line_number":4,"context_line":""},{"line_number":5,"context_line":"As outlined in **How to use this Handbook**, Metropolis has at its core the concept of separate Users and Operators of a Metropolis cluster."},{"line_number":6,"context_line":""},{"line_number":7,"context_line":"This split might, at first glance, seem antithetical to the spirit of \u0027DevOps\u0027. However, this distinction **doesn\u0027t exist to take away operational tasks from software developers** (Users), but to let Metropolis scale to large organizations where developers cannot be expected to responsible for operations from physical hardware (or a public cloud) up to their product. We believe product teams should be able to focus on the operational aspects specific to their product, and not have to deal with low-level fluff like cluster-level backups, monitoring and security."},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"This chapter aims to explain and argument the reasoning for such a split, and tie this into how Metropolis expects to be managed in different kinds of organizations."},{"line_number":10,"context_line":""}],"source_content_type":"text/x-markdown","patch_set":2,"id":"d958b525_bf459ca5","line":7,"updated":"2022-03-22 10:26:54.000000000","message":"omission: \"cannot be expected to responsible\"","commit_id":"ef8e0df08441957a87473bb314afe31af9c84182"},{"author":{"_account_id":1000010,"name":"Mateusz Zalega","display_name":"msgctl","email":"mateusz@monogon.tech","username":"mateusz","avatars":[{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"change_message_id":"5ecba47851b6f5a7ddf0023b988556d90fe25151","unresolved":false,"context_lines":[{"line_number":4,"context_line":""},{"line_number":5,"context_line":"As outlined in **How to use this Handbook**, Metropolis has at its core the concept of separate Users and Operators of a Metropolis cluster."},{"line_number":6,"context_line":""},{"line_number":7,"context_line":"This split might, at first glance, seem antithetical to the spirit of \u0027DevOps\u0027. However, this distinction **doesn\u0027t exist to take away operational tasks from software developers** (Users), but to let Metropolis scale to large organizations where developers cannot be expected to responsible for operations from physical hardware (or a public cloud) up to their product. We believe product teams should be able to focus on the operational aspects specific to their product, and not have to deal with low-level fluff like cluster-level backups, monitoring and security."},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"This chapter aims to explain and argument the reasoning for such a split, and tie this into how Metropolis expects to be managed in different kinds of organizations."},{"line_number":10,"context_line":""}],"source_content_type":"text/x-markdown","patch_set":2,"id":"4d2e1a1f_36a50cce","line":7,"in_reply_to":"d958b525_bf459ca5","updated":"2022-06-29 13:51:15.000000000","message":"Done","commit_id":"ef8e0df08441957a87473bb314afe31af9c84182"},{"author":{"_account_id":1000010,"name":"Mateusz Zalega","display_name":"msgctl","email":"mateusz@monogon.tech","username":"mateusz","avatars":[{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"change_message_id":"3963641823773c9f4db2f1914bd6e7737b257da7","unresolved":true,"context_lines":[{"line_number":10,"context_line":""},{"line_number":11,"context_line":"### Platform Teams"},{"line_number":12,"context_line":""},{"line_number":13,"context_line":"Metropolis allows large organizations to build internal Platform Teams. These exist to bring a \u0027PaaS\u0027-style experiende to multiple internal product development teams. Metropolis neatly fits into this scenario by exposing only a standard Kubernetes API to these development teams (acting as Metropolis Users), while also exposing a powerful but proprietary API for the platform team (Metropolis Operators) that concerns only operational work. The two APIs are separate but do not overlap in functionality."},{"line_number":14,"context_line":""},{"line_number":15,"context_line":"In the following example, the Platform Team are Metropolis Operators, while Product Teams A and B are Metropolis Users. The Platform Team runs two multi-tenant Metrooplis clusters, both of which can be used by any Product Team for any purpose."},{"line_number":16,"context_line":""}],"source_content_type":"text/x-markdown","patch_set":2,"id":"92185332_1d677b37","line":13,"updated":"2022-03-22 10:26:54.000000000","message":"typo: experiende","commit_id":"ef8e0df08441957a87473bb314afe31af9c84182"},{"author":{"_account_id":1000010,"name":"Mateusz Zalega","display_name":"msgctl","email":"mateusz@monogon.tech","username":"mateusz","avatars":[{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"change_message_id":"5ecba47851b6f5a7ddf0023b988556d90fe25151","unresolved":false,"context_lines":[{"line_number":10,"context_line":""},{"line_number":11,"context_line":"### Platform Teams"},{"line_number":12,"context_line":""},{"line_number":13,"context_line":"Metropolis allows large organizations to build internal Platform Teams. These exist to bring a \u0027PaaS\u0027-style experiende to multiple internal product development teams. Metropolis neatly fits into this scenario by exposing only a standard Kubernetes API to these development teams (acting as Metropolis Users), while also exposing a powerful but proprietary API for the platform team (Metropolis Operators) that concerns only operational work. The two APIs are separate but do not overlap in functionality."},{"line_number":14,"context_line":""},{"line_number":15,"context_line":"In the following example, the Platform Team are Metropolis Operators, while Product Teams A and B are Metropolis Users. The Platform Team runs two multi-tenant Metrooplis clusters, both of which can be used by any Product Team for any purpose."},{"line_number":16,"context_line":""}],"source_content_type":"text/x-markdown","patch_set":2,"id":"0eb831d3_c2153961","line":13,"in_reply_to":"92185332_1d677b37","updated":"2022-06-29 13:51:15.000000000","message":"Done","commit_id":"ef8e0df08441957a87473bb314afe31af9c84182"},{"author":{"_account_id":1000010,"name":"Mateusz Zalega","display_name":"msgctl","email":"mateusz@monogon.tech","username":"mateusz","avatars":[{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"change_message_id":"3963641823773c9f4db2f1914bd6e7737b257da7","unresolved":true,"context_lines":[{"line_number":12,"context_line":""},{"line_number":13,"context_line":"Metropolis allows large organizations to build internal Platform Teams. These exist to bring a \u0027PaaS\u0027-style experiende to multiple internal product development teams. Metropolis neatly fits into this scenario by exposing only a standard Kubernetes API to these development teams (acting as Metropolis Users), while also exposing a powerful but proprietary API for the platform team (Metropolis Operators) that concerns only operational work. The two APIs are separate but do not overlap in functionality."},{"line_number":14,"context_line":""},{"line_number":15,"context_line":"In the following example, the Platform Team are Metropolis Operators, while Product Teams A and B are Metropolis Users. The Platform Team runs two multi-tenant Metrooplis clusters, both of which can be used by any Product Team for any purpose."},{"line_number":16,"context_line":""},{"line_number":17,"context_line":"```"},{"line_number":18,"context_line":".----------------.      Manages     .--------------------------."}],"source_content_type":"text/x-markdown","patch_set":2,"id":"45ae9dd2_c7770c2e","line":15,"updated":"2022-03-22 10:26:54.000000000","message":"typo: Metropolis","commit_id":"ef8e0df08441957a87473bb314afe31af9c84182"},{"author":{"_account_id":1000010,"name":"Mateusz Zalega","display_name":"msgctl","email":"mateusz@monogon.tech","username":"mateusz","avatars":[{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"change_message_id":"5ecba47851b6f5a7ddf0023b988556d90fe25151","unresolved":false,"context_lines":[{"line_number":12,"context_line":""},{"line_number":13,"context_line":"Metropolis allows large organizations to build internal Platform Teams. These exist to bring a \u0027PaaS\u0027-style experiende to multiple internal product development teams. Metropolis neatly fits into this scenario by exposing only a standard Kubernetes API to these development teams (acting as Metropolis Users), while also exposing a powerful but proprietary API for the platform team (Metropolis Operators) that concerns only operational work. The two APIs are separate but do not overlap in functionality."},{"line_number":14,"context_line":""},{"line_number":15,"context_line":"In the following example, the Platform Team are Metropolis Operators, while Product Teams A and B are Metropolis Users. The Platform Team runs two multi-tenant Metrooplis clusters, both of which can be used by any Product Team for any purpose."},{"line_number":16,"context_line":""},{"line_number":17,"context_line":"```"},{"line_number":18,"context_line":".----------------.      Manages     .--------------------------."}],"source_content_type":"text/x-markdown","patch_set":2,"id":"f54eabf4_8bd94385","line":15,"in_reply_to":"45ae9dd2_c7770c2e","updated":"2022-06-29 13:51:15.000000000","message":"Done","commit_id":"ef8e0df08441957a87473bb314afe31af9c84182"},{"author":{"_account_id":1000000,"name":"Leopold Schabel","display_name":"Leo","email":"leo@monogon.tech","username":"leo","avatars":[{"url":"https://www.gravatar.com/avatar/98f8f79a6bb45adef37defa7ead8f3d2.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/98f8f79a6bb45adef37defa7ead8f3d2.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/98f8f79a6bb45adef37defa7ead8f3d2.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/98f8f79a6bb45adef37defa7ead8f3d2.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"change_message_id":"3138a475119dc0101e1106ccae0b29b5794127f0","unresolved":true,"context_lines":[{"line_number":53,"context_line":""},{"line_number":54,"context_line":"As the organization grows, Metropolis will continue gently guiding (by way of Users/Operators role separation) workflows of the Backend team to not mix these two roles together. From the beginning, the Product can be deployed only using the Kubernetes API without needing to touch Metropolis-specific APIs. As new products and projects are developed, these can continue to use the existing Metropolis infrastructure without overhead of having each team manage their own production from the ground up."},{"line_number":55,"context_line":""},{"line_number":56,"context_line":"### Organizational anti-patterns"},{"line_number":57,"context_line":""},{"line_number":58,"context_line":"Monogon believes that organizational issues cannot simply be fixed by applying technical solutions. Thus, Metropolis explicitly avoids supporting usecases that stem from heavy internal siloization of organizations, or the broken incentives of a syadmin-style platform team. We believe that Metropolis can be used as a catalyst to build better teams and workflows, but it is not by itself a fix for organizational problems."},{"line_number":59,"context_line":""}],"source_content_type":"text/x-markdown","patch_set":2,"id":"abdaac72_ca74759a","line":56,"updated":"2022-03-22 11:42:06.000000000","message":"What would be some examples of features we do not want to add?","commit_id":"ef8e0df08441957a87473bb314afe31af9c84182"},{"author":{"_account_id":1000000,"name":"Leopold Schabel","display_name":"Leo","email":"leo@monogon.tech","username":"leo","avatars":[{"url":"https://www.gravatar.com/avatar/98f8f79a6bb45adef37defa7ead8f3d2.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/98f8f79a6bb45adef37defa7ead8f3d2.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/98f8f79a6bb45adef37defa7ead8f3d2.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/98f8f79a6bb45adef37defa7ead8f3d2.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"change_message_id":"5177d90177c0ee4cd6e3c6d856504594e3d5f5a3","unresolved":false,"context_lines":[{"line_number":53,"context_line":""},{"line_number":54,"context_line":"As the organization grows, Metropolis will continue gently guiding (by way of Users/Operators role separation) workflows of the Backend team to not mix these two roles together. From the beginning, the Product can be deployed only using the Kubernetes API without needing to touch Metropolis-specific APIs. As new products and projects are developed, these can continue to use the existing Metropolis infrastructure without overhead of having each team manage their own production from the ground up."},{"line_number":55,"context_line":""},{"line_number":56,"context_line":"### Organizational anti-patterns"},{"line_number":57,"context_line":""},{"line_number":58,"context_line":"Monogon believes that organizational issues cannot simply be fixed by applying technical solutions. Thus, Metropolis explicitly avoids supporting usecases that stem from heavy internal siloization of organizations, or the broken incentives of a syadmin-style platform team. We believe that Metropolis can be used as a catalyst to build better teams and workflows, but it is not by itself a fix for organizational problems."},{"line_number":59,"context_line":""}],"source_content_type":"text/x-markdown","patch_set":2,"id":"cae06259_bb352cae","line":56,"in_reply_to":"abdaac72_ca74759a","updated":"2022-06-30 18:24:07.000000000","message":"Done","commit_id":"ef8e0df08441957a87473bb314afe31af9c84182"},{"author":{"_account_id":1000010,"name":"Mateusz Zalega","display_name":"msgctl","email":"mateusz@monogon.tech","username":"mateusz","avatars":[{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"change_message_id":"3963641823773c9f4db2f1914bd6e7737b257da7","unresolved":true,"context_lines":[{"line_number":61,"context_line":""},{"line_number":62,"context_line":"1. [Infra teams: good, bad or none at all](https://rachelbythebay.com/w/2020/05/19/abc/), which describes the typical emerging ways organizations deal with infrastructure work. Metropolis leans heavily towards a “Company A” environment."},{"line_number":63,"context_line":"1. [The SRE Book](https://sre.google/sre-book/table-of-contents/), which describes Google\u0027s “implementation” of DevOps. While the processes described work best for extremely large companies, a significant amount of high-level observations and judgements can be pertinent to even the smallest organizations."},{"line_number":64,"context_line":"1. [The SRE Workbook](https://sre.google/workbook/table-of-contents/) chapter [“How SRE Relates to DevOps”](https://sre.google/workbook/how-sre-relates/), which describes an organizational approach to development and operation tams in which Metropolis works best."},{"line_number":65,"context_line":""}],"source_content_type":"text/x-markdown","patch_set":2,"id":"afb61996_55947fc8","line":64,"updated":"2022-03-22 10:26:54.000000000","message":"typo: tams","commit_id":"ef8e0df08441957a87473bb314afe31af9c84182"},{"author":{"_account_id":1000010,"name":"Mateusz Zalega","display_name":"msgctl","email":"mateusz@monogon.tech","username":"mateusz","avatars":[{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"change_message_id":"5ecba47851b6f5a7ddf0023b988556d90fe25151","unresolved":false,"context_lines":[{"line_number":61,"context_line":""},{"line_number":62,"context_line":"1. [Infra teams: good, bad or none at all](https://rachelbythebay.com/w/2020/05/19/abc/), which describes the typical emerging ways organizations deal with infrastructure work. Metropolis leans heavily towards a “Company A” environment."},{"line_number":63,"context_line":"1. [The SRE Book](https://sre.google/sre-book/table-of-contents/), which describes Google\u0027s “implementation” of DevOps. While the processes described work best for extremely large companies, a significant amount of high-level observations and judgements can be pertinent to even the smallest organizations."},{"line_number":64,"context_line":"1. [The SRE Workbook](https://sre.google/workbook/table-of-contents/) chapter [“How SRE Relates to DevOps”](https://sre.google/workbook/how-sre-relates/), which describes an organizational approach to development and operation tams in which Metropolis works best."},{"line_number":65,"context_line":""}],"source_content_type":"text/x-markdown","patch_set":2,"id":"88b2bf9c_daa5ca57","line":64,"in_reply_to":"afb61996_55947fc8","updated":"2022-06-29 13:51:15.000000000","message":"Done","commit_id":"ef8e0df08441957a87473bb314afe31af9c84182"}],"metropolis/handbook/src/ch03-00-cluster-architecture.md":[{"author":{"_account_id":1000010,"name":"Mateusz Zalega","display_name":"msgctl","email":"mateusz@monogon.tech","username":"mateusz","avatars":[{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"change_message_id":"3963641823773c9f4db2f1914bd6e7737b257da7","unresolved":true,"context_lines":[{"line_number":36,"context_line":""},{"line_number":37,"context_line":"```"},{"line_number":38,"context_line":""},{"line_number":39,"context_line":"When booting, a Node needs to become part of a cluster (by either Bootstrapping a new one, Registering into an existing one for the first time, or Joining after reboot) to gather all the key material needed to mount the encrypted data partition. One part of the key is stored on the EFI System Partition encrypted by the TPM (sealed), and will only decrypt correctly if the Node\u0027s Secure Boot settings have not been tampered. The other part of the key is stored by the Cluster, enforcing active communication (and possibly hardware attestation) with the Cluster before a Node can boot."},{"line_number":40,"context_line":""},{"line_number":41,"context_line":"```"},{"line_number":42,"context_line":".-------------------.  Measures Secure Boot settings"}],"source_content_type":"text/x-markdown","patch_set":2,"id":"d913d540_9c1583c7","line":39,"updated":"2022-03-22 10:26:54.000000000","message":"phrasal verb: tampered with","commit_id":"ef8e0df08441957a87473bb314afe31af9c84182"},{"author":{"_account_id":1000010,"name":"Mateusz Zalega","display_name":"msgctl","email":"mateusz@monogon.tech","username":"mateusz","avatars":[{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"change_message_id":"5ecba47851b6f5a7ddf0023b988556d90fe25151","unresolved":false,"context_lines":[{"line_number":36,"context_line":""},{"line_number":37,"context_line":"```"},{"line_number":38,"context_line":""},{"line_number":39,"context_line":"When booting, a Node needs to become part of a cluster (by either Bootstrapping a new one, Registering into an existing one for the first time, or Joining after reboot) to gather all the key material needed to mount the encrypted data partition. One part of the key is stored on the EFI System Partition encrypted by the TPM (sealed), and will only decrypt correctly if the Node\u0027s Secure Boot settings have not been tampered. The other part of the key is stored by the Cluster, enforcing active communication (and possibly hardware attestation) with the Cluster before a Node can boot."},{"line_number":40,"context_line":""},{"line_number":41,"context_line":"```"},{"line_number":42,"context_line":".-------------------.  Measures Secure Boot settings"}],"source_content_type":"text/x-markdown","patch_set":2,"id":"109602e5_12f2c7ef","line":39,"in_reply_to":"d913d540_9c1583c7","updated":"2022-06-29 13:51:15.000000000","message":"Done","commit_id":"ef8e0df08441957a87473bb314afe31af9c84182"},{"author":{"_account_id":1000010,"name":"Mateusz Zalega","display_name":"msgctl","email":"mateusz@monogon.tech","username":"mateusz","avatars":[{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"change_message_id":"3963641823773c9f4db2f1914bd6e7737b257da7","unresolved":true,"context_lines":[{"line_number":54,"context_line":"\u0027-------------------\u0027           | Seals/Unseals"},{"line_number":55,"context_line":"         | Mounts               v"},{"line_number":56,"context_line":"         |           .---------------------.        .------------------------."},{"line_number":57,"context_line":"         | .---------| Node Encryption Key |        |    Running Cluster     |"},{"line_number":58,"context_line":"         |/          \u0027---------------------\u0027        |------------------------|"},{"line_number":59,"context_line":"         | .----------------------------------------| Cluster Encryption Key |"},{"line_number":60,"context_line":"         |/                                         |       (per node)       |"}],"source_content_type":"text/x-markdown","patch_set":2,"id":"301372d2_92230b70","line":57,"updated":"2022-03-22 10:26:54.000000000","message":"There\u0027s inconsistent use of Node Unlock Key, Node Encryption Key and Local Unlock Key throughout the repository.","commit_id":"ef8e0df08441957a87473bb314afe31af9c84182"},{"author":{"_account_id":1000002,"name":"Serge Bazanski","display_name":"Serge","email":"serge@monogon.tech","username":"serge","avatars":[{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"change_message_id":"4109991701fd4109246f3c7180de9a704a0f43cb","unresolved":true,"context_lines":[{"line_number":54,"context_line":"\u0027-------------------\u0027           | Seals/Unseals"},{"line_number":55,"context_line":"         | Mounts               v"},{"line_number":56,"context_line":"         |           .---------------------.        .------------------------."},{"line_number":57,"context_line":"         | .---------| Node Encryption Key |        |    Running Cluster     |"},{"line_number":58,"context_line":"         |/          \u0027---------------------\u0027        |------------------------|"},{"line_number":59,"context_line":"         | .----------------------------------------| Cluster Encryption Key |"},{"line_number":60,"context_line":"         |/                                         |       (per node)       |"}],"source_content_type":"text/x-markdown","patch_set":2,"id":"957e73d7_0edd5b53","line":57,"in_reply_to":"301372d2_92230b70","updated":"2022-06-30 18:19:56.000000000","message":"Do you wanna fix this to NUK / Node Unlock Key? CUK / Cluster Unlock Key, tool.","commit_id":"ef8e0df08441957a87473bb314afe31af9c84182"},{"author":{"_account_id":1000010,"name":"Mateusz Zalega","display_name":"msgctl","email":"mateusz@monogon.tech","username":"mateusz","avatars":[{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"change_message_id":"87d5434f9e1448bda8629cfb98aeac23c4466aaf","unresolved":false,"context_lines":[{"line_number":54,"context_line":"\u0027-------------------\u0027           | Seals/Unseals"},{"line_number":55,"context_line":"         | Mounts               v"},{"line_number":56,"context_line":"         |           .---------------------.        .------------------------."},{"line_number":57,"context_line":"         | .---------| Node Encryption Key |        |    Running Cluster     |"},{"line_number":58,"context_line":"         |/          \u0027---------------------\u0027        |------------------------|"},{"line_number":59,"context_line":"         | .----------------------------------------| Cluster Encryption Key |"},{"line_number":60,"context_line":"         |/                                         |       (per node)       |"}],"source_content_type":"text/x-markdown","patch_set":2,"id":"45c4999b_f505b284","line":57,"in_reply_to":"957e73d7_0edd5b53","updated":"2022-07-01 10:27:09.000000000","message":"816: m: remove references to LUK, GUK | https://review.monogon.dev/c/monogon/+/816","commit_id":"ef8e0df08441957a87473bb314afe31af9c84182"},{"author":{"_account_id":1000010,"name":"Mateusz Zalega","display_name":"msgctl","email":"mateusz@monogon.tech","username":"mateusz","avatars":[{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"change_message_id":"3963641823773c9f4db2f1914bd6e7737b257da7","unresolved":true,"context_lines":[{"line_number":66,"context_line":" "},{"line_number":67,"context_line":"```"},{"line_number":68,"context_line":""},{"line_number":69,"context_line":"The Node boot, disk setup and security model is described in mode detail in the [Node](ch03-01-node.md) chapter."},{"line_number":70,"context_line":""},{"line_number":71,"context_line":"Each Node has the same minimal userland implemented in Go. However, this userland is unlike an usual GNU/Linux distribution, or most Linux-based operating systems for that matter. Metropolis does not have an LSB-compliant filesystem root (no /bin, /etc...) and does not run a standard init system / syslog. Instead, all process management is performed within a supervision tree (where supervised processes are called Runnables), and logging is performed within that supervision tree."},{"line_number":72,"context_line":""}],"source_content_type":"text/x-markdown","patch_set":2,"id":"488eba48_16020bb6","line":69,"updated":"2022-03-22 10:26:54.000000000","message":"is/are","commit_id":"ef8e0df08441957a87473bb314afe31af9c84182"},{"author":{"_account_id":1000010,"name":"Mateusz Zalega","display_name":"msgctl","email":"mateusz@monogon.tech","username":"mateusz","avatars":[{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"change_message_id":"5ecba47851b6f5a7ddf0023b988556d90fe25151","unresolved":false,"context_lines":[{"line_number":66,"context_line":" "},{"line_number":67,"context_line":"```"},{"line_number":68,"context_line":""},{"line_number":69,"context_line":"The Node boot, disk setup and security model is described in mode detail in the [Node](ch03-01-node.md) chapter."},{"line_number":70,"context_line":""},{"line_number":71,"context_line":"Each Node has the same minimal userland implemented in Go. However, this userland is unlike an usual GNU/Linux distribution, or most Linux-based operating systems for that matter. Metropolis does not have an LSB-compliant filesystem root (no /bin, /etc...) and does not run a standard init system / syslog. Instead, all process management is performed within a supervision tree (where supervised processes are called Runnables), and logging is performed within that supervision tree."},{"line_number":72,"context_line":""}],"source_content_type":"text/x-markdown","patch_set":2,"id":"cc9a49d1_fed843a1","line":69,"in_reply_to":"488eba48_16020bb6","updated":"2022-06-29 13:51:15.000000000","message":"Done","commit_id":"ef8e0df08441957a87473bb314afe31af9c84182"},{"author":{"_account_id":1000010,"name":"Mateusz Zalega","display_name":"msgctl","email":"mateusz@monogon.tech","username":"mateusz","avatars":[{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"change_message_id":"3963641823773c9f4db2f1914bd6e7737b257da7","unresolved":true,"context_lines":[{"line_number":84,"context_line":""},{"line_number":85,"context_line":"The first column represents a runnable\u0027s Distinguished Name. It shows, for example, that the `DISCOVERING \u003d\u003e REQUESTING` log line was emitted by a supervision tree runnable named `dhcp`, which was spawned by another runnable named `interfaces`, which in turn was spawned by a runnable named `network`, which in turn was started by the root of the Metropolis Node code."},{"line_number":86,"context_line":""},{"line_number":87,"context_line":"The Node runnables axioms, supervision tree and log tree are described in more detail in the [Node Runnabled and Logging](ch03-02-node-runnables.md) chapter."},{"line_number":88,"context_line":""},{"line_number":89,"context_line":"Node roles and control plane"},{"line_number":90,"context_line":"---"}],"source_content_type":"text/x-markdown","patch_set":2,"id":"6eba5ab8_d96a8dd3","line":87,"updated":"2022-03-22 10:26:54.000000000","message":"typo: Runnabled","commit_id":"ef8e0df08441957a87473bb314afe31af9c84182"},{"author":{"_account_id":1000010,"name":"Mateusz Zalega","display_name":"msgctl","email":"mateusz@monogon.tech","username":"mateusz","avatars":[{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"change_message_id":"5ecba47851b6f5a7ddf0023b988556d90fe25151","unresolved":false,"context_lines":[{"line_number":84,"context_line":""},{"line_number":85,"context_line":"The first column represents a runnable\u0027s Distinguished Name. It shows, for example, that the `DISCOVERING \u003d\u003e REQUESTING` log line was emitted by a supervision tree runnable named `dhcp`, which was spawned by another runnable named `interfaces`, which in turn was spawned by a runnable named `network`, which in turn was started by the root of the Metropolis Node code."},{"line_number":86,"context_line":""},{"line_number":87,"context_line":"The Node runnables axioms, supervision tree and log tree are described in more detail in the [Node Runnabled and Logging](ch03-02-node-runnables.md) chapter."},{"line_number":88,"context_line":""},{"line_number":89,"context_line":"Node roles and control plane"},{"line_number":90,"context_line":"---"}],"source_content_type":"text/x-markdown","patch_set":2,"id":"79a9554c_0230dfb3","line":87,"in_reply_to":"6eba5ab8_d96a8dd3","updated":"2022-06-29 13:51:15.000000000","message":"Done","commit_id":"ef8e0df08441957a87473bb314afe31af9c84182"}],"metropolis/handbook/src/introduction-00-title.md":[{"author":{"_account_id":1000010,"name":"Mateusz Zalega","display_name":"msgctl","email":"mateusz@monogon.tech","username":"mateusz","avatars":[{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"change_message_id":"3963641823773c9f4db2f1914bd6e7737b257da7","unresolved":true,"context_lines":[{"line_number":9,"context_line":"## What makes Metropolis unique"},{"line_number":10,"context_line":""},{"line_number":11,"context_line":" 1. **A self-contained operating system**: Metropolis is a full software stack, including the Linux kernel, userspace code, Kubernetes distribution and cluster management system. In contrast to traditional cluster administration, there are no puzzles to put together from a dozen vendors. The entire stack is tested as a single deployable unit."},{"line_number":12,"context_line":" 1. **Eliminates state**: Metropolis nodes don\u0027t have a traditional read-write filesystem, all their state is contained on separate permission with clear per-component ownership of data. All node configuration is managed declaratively on a per-node basis, and all cluster operations are all done by gRPC API."},{"line_number":13,"context_line":" 1. **No shell, no one-off hacks, no configuration drift**: Metropolis nodes do not run SSH nor depend on low-level system administration tools for day-to-day operations, even debugging."},{"line_number":14,"context_line":" 1. **Opinionated on production readiness**: Metropolis does not attempt to support every possible software configuration, instead focusing on scenarios that make for a high quality production experience ."},{"line_number":15,"context_line":" 1. **Robust**: Metropolis builds upon proven technology and does not take risks. Cluster consensus is maintained using the Raft protocol, user and node communication uses well-defined gRPC services, system services are limited in complexity and purpose-built for Metropolis."}],"source_content_type":"text/x-markdown","patch_set":2,"id":"94c24ad8_55324328","line":12,"updated":"2022-03-22 10:26:54.000000000","message":"on a separate partition?","commit_id":"ef8e0df08441957a87473bb314afe31af9c84182"},{"author":{"_account_id":1000010,"name":"Mateusz Zalega","display_name":"msgctl","email":"mateusz@monogon.tech","username":"mateusz","avatars":[{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"change_message_id":"5ecba47851b6f5a7ddf0023b988556d90fe25151","unresolved":false,"context_lines":[{"line_number":9,"context_line":"## What makes Metropolis unique"},{"line_number":10,"context_line":""},{"line_number":11,"context_line":" 1. **A self-contained operating system**: Metropolis is a full software stack, including the Linux kernel, userspace code, Kubernetes distribution and cluster management system. In contrast to traditional cluster administration, there are no puzzles to put together from a dozen vendors. The entire stack is tested as a single deployable unit."},{"line_number":12,"context_line":" 1. **Eliminates state**: Metropolis nodes don\u0027t have a traditional read-write filesystem, all their state is contained on separate permission with clear per-component ownership of data. All node configuration is managed declaratively on a per-node basis, and all cluster operations are all done by gRPC API."},{"line_number":13,"context_line":" 1. **No shell, no one-off hacks, no configuration drift**: Metropolis nodes do not run SSH nor depend on low-level system administration tools for day-to-day operations, even debugging."},{"line_number":14,"context_line":" 1. **Opinionated on production readiness**: Metropolis does not attempt to support every possible software configuration, instead focusing on scenarios that make for a high quality production experience ."},{"line_number":15,"context_line":" 1. **Robust**: Metropolis builds upon proven technology and does not take risks. Cluster consensus is maintained using the Raft protocol, user and node communication uses well-defined gRPC services, system services are limited in complexity and purpose-built for Metropolis."}],"source_content_type":"text/x-markdown","patch_set":2,"id":"8cdca09d_8ea65dfd","line":12,"in_reply_to":"94c24ad8_55324328","updated":"2022-06-29 13:51:15.000000000","message":"Done","commit_id":"ef8e0df08441957a87473bb314afe31af9c84182"},{"author":{"_account_id":1000010,"name":"Mateusz Zalega","display_name":"msgctl","email":"mateusz@monogon.tech","username":"mateusz","avatars":[{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"change_message_id":"3963641823773c9f4db2f1914bd6e7737b257da7","unresolved":true,"context_lines":[{"line_number":12,"context_line":" 1. **Eliminates state**: Metropolis nodes don\u0027t have a traditional read-write filesystem, all their state is contained on separate permission with clear per-component ownership of data. All node configuration is managed declaratively on a per-node basis, and all cluster operations are all done by gRPC API."},{"line_number":13,"context_line":" 1. **No shell, no one-off hacks, no configuration drift**: Metropolis nodes do not run SSH nor depend on low-level system administration tools for day-to-day operations, even debugging."},{"line_number":14,"context_line":" 1. **Opinionated on production readiness**: Metropolis does not attempt to support every possible software configuration, instead focusing on scenarios that make for a high quality production experience ."},{"line_number":15,"context_line":" 1. **Robust**: Metropolis builds upon proven technology and does not take risks. Cluster consensus is maintained using the Raft protocol, user and node communication uses well-defined gRPC services, system services are limited in complexity and purpose-built for Metropolis."},{"line_number":16,"context_line":" 1. **Secure at rest**: Metropolis nodes by default encrypt their data partitions and check the integrity of running code, providing tamper resistance and preventing data exfiltrating even if an attacker can access a node\u0027s disk drives."},{"line_number":17,"context_line":" 1. **Self-locking**: Metropolis can be configured to use TPM hardware attestation, in which cluster membership is limited to nodes that are running trusted versions of the software on trusted hardware."},{"line_number":18,"context_line":" 1. **Not magic**: Metropolis clusters are complex, distributed systems. Managing any distributed system like Metropolis requires some knowledge of core concepts and components involved, and the Metropolis does not attempt to hide that complexity away. Limited internal abstractions and well documented source code lets anyone easily troubleshoot any deeper issues."}],"source_content_type":"text/x-markdown","patch_set":2,"id":"dafe2804_68be1b6c","line":15,"updated":"2022-03-22 10:26:54.000000000","message":"uses -\u003e use?\n\nThe last statement could be a correct sentence in itself.","commit_id":"ef8e0df08441957a87473bb314afe31af9c84182"},{"author":{"_account_id":1000010,"name":"Mateusz Zalega","display_name":"msgctl","email":"mateusz@monogon.tech","username":"mateusz","avatars":[{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"change_message_id":"5ecba47851b6f5a7ddf0023b988556d90fe25151","unresolved":false,"context_lines":[{"line_number":12,"context_line":" 1. **Eliminates state**: Metropolis nodes don\u0027t have a traditional read-write filesystem, all their state is contained on separate permission with clear per-component ownership of data. All node configuration is managed declaratively on a per-node basis, and all cluster operations are all done by gRPC API."},{"line_number":13,"context_line":" 1. **No shell, no one-off hacks, no configuration drift**: Metropolis nodes do not run SSH nor depend on low-level system administration tools for day-to-day operations, even debugging."},{"line_number":14,"context_line":" 1. **Opinionated on production readiness**: Metropolis does not attempt to support every possible software configuration, instead focusing on scenarios that make for a high quality production experience ."},{"line_number":15,"context_line":" 1. **Robust**: Metropolis builds upon proven technology and does not take risks. Cluster consensus is maintained using the Raft protocol, user and node communication uses well-defined gRPC services, system services are limited in complexity and purpose-built for Metropolis."},{"line_number":16,"context_line":" 1. **Secure at rest**: Metropolis nodes by default encrypt their data partitions and check the integrity of running code, providing tamper resistance and preventing data exfiltrating even if an attacker can access a node\u0027s disk drives."},{"line_number":17,"context_line":" 1. **Self-locking**: Metropolis can be configured to use TPM hardware attestation, in which cluster membership is limited to nodes that are running trusted versions of the software on trusted hardware."},{"line_number":18,"context_line":" 1. **Not magic**: Metropolis clusters are complex, distributed systems. Managing any distributed system like Metropolis requires some knowledge of core concepts and components involved, and the Metropolis does not attempt to hide that complexity away. Limited internal abstractions and well documented source code lets anyone easily troubleshoot any deeper issues."}],"source_content_type":"text/x-markdown","patch_set":2,"id":"21b0d8a2_57d303d4","line":15,"in_reply_to":"dafe2804_68be1b6c","updated":"2022-06-29 13:51:15.000000000","message":"Done","commit_id":"ef8e0df08441957a87473bb314afe31af9c84182"},{"author":{"_account_id":1000010,"name":"Mateusz Zalega","display_name":"msgctl","email":"mateusz@monogon.tech","username":"mateusz","avatars":[{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"change_message_id":"3963641823773c9f4db2f1914bd6e7737b257da7","unresolved":true,"context_lines":[{"line_number":13,"context_line":" 1. **No shell, no one-off hacks, no configuration drift**: Metropolis nodes do not run SSH nor depend on low-level system administration tools for day-to-day operations, even debugging."},{"line_number":14,"context_line":" 1. **Opinionated on production readiness**: Metropolis does not attempt to support every possible software configuration, instead focusing on scenarios that make for a high quality production experience ."},{"line_number":15,"context_line":" 1. **Robust**: Metropolis builds upon proven technology and does not take risks. Cluster consensus is maintained using the Raft protocol, user and node communication uses well-defined gRPC services, system services are limited in complexity and purpose-built for Metropolis."},{"line_number":16,"context_line":" 1. **Secure at rest**: Metropolis nodes by default encrypt their data partitions and check the integrity of running code, providing tamper resistance and preventing data exfiltrating even if an attacker can access a node\u0027s disk drives."},{"line_number":17,"context_line":" 1. **Self-locking**: Metropolis can be configured to use TPM hardware attestation, in which cluster membership is limited to nodes that are running trusted versions of the software on trusted hardware."},{"line_number":18,"context_line":" 1. **Not magic**: Metropolis clusters are complex, distributed systems. Managing any distributed system like Metropolis requires some knowledge of core concepts and components involved, and the Metropolis does not attempt to hide that complexity away. Limited internal abstractions and well documented source code lets anyone easily troubleshoot any deeper issues."},{"line_number":19,"context_line":""}],"source_content_type":"text/x-markdown","patch_set":2,"id":"0990485c_024ea8be","line":16,"updated":"2022-03-22 10:26:54.000000000","message":"exfiltrating -\u003e exfiltration ?","commit_id":"ef8e0df08441957a87473bb314afe31af9c84182"},{"author":{"_account_id":1000010,"name":"Mateusz Zalega","display_name":"msgctl","email":"mateusz@monogon.tech","username":"mateusz","avatars":[{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"change_message_id":"5ecba47851b6f5a7ddf0023b988556d90fe25151","unresolved":false,"context_lines":[{"line_number":13,"context_line":" 1. **No shell, no one-off hacks, no configuration drift**: Metropolis nodes do not run SSH nor depend on low-level system administration tools for day-to-day operations, even debugging."},{"line_number":14,"context_line":" 1. **Opinionated on production readiness**: Metropolis does not attempt to support every possible software configuration, instead focusing on scenarios that make for a high quality production experience ."},{"line_number":15,"context_line":" 1. **Robust**: Metropolis builds upon proven technology and does not take risks. Cluster consensus is maintained using the Raft protocol, user and node communication uses well-defined gRPC services, system services are limited in complexity and purpose-built for Metropolis."},{"line_number":16,"context_line":" 1. **Secure at rest**: Metropolis nodes by default encrypt their data partitions and check the integrity of running code, providing tamper resistance and preventing data exfiltrating even if an attacker can access a node\u0027s disk drives."},{"line_number":17,"context_line":" 1. **Self-locking**: Metropolis can be configured to use TPM hardware attestation, in which cluster membership is limited to nodes that are running trusted versions of the software on trusted hardware."},{"line_number":18,"context_line":" 1. **Not magic**: Metropolis clusters are complex, distributed systems. Managing any distributed system like Metropolis requires some knowledge of core concepts and components involved, and the Metropolis does not attempt to hide that complexity away. Limited internal abstractions and well documented source code lets anyone easily troubleshoot any deeper issues."},{"line_number":19,"context_line":""}],"source_content_type":"text/x-markdown","patch_set":2,"id":"7f63b969_c8c410dc","line":16,"in_reply_to":"0990485c_024ea8be","updated":"2022-06-29 13:51:15.000000000","message":"Done","commit_id":"ef8e0df08441957a87473bb314afe31af9c84182"}],"metropolis/handbook/src/introduction-01-how-to-use.md":[{"author":{"_account_id":1000000,"name":"Leopold Schabel","display_name":"Leo","email":"leo@monogon.tech","username":"leo","avatars":[{"url":"https://www.gravatar.com/avatar/98f8f79a6bb45adef37defa7ead8f3d2.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/98f8f79a6bb45adef37defa7ead8f3d2.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/98f8f79a6bb45adef37defa7ead8f3d2.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/98f8f79a6bb45adef37defa7ead8f3d2.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"change_message_id":"3138a475119dc0101e1106ccae0b29b5794127f0","unresolved":true,"context_lines":[{"line_number":2,"context_line":""},{"line_number":3,"context_line":"This handbook is the canonical documentation for Metropolis. It aims to document all aspects of Metropolis, from a quick demo, through production deployment to architecture internals."},{"line_number":4,"context_line":""},{"line_number":5,"context_line":"\u003e Note: **This section is critical to understand the Handbook structure** and must be read by anyone looking to use Metropolis. At the bottom of this page you will find information about which sections to read next, depending on how you want to use Metropolis."},{"line_number":6,"context_line":""},{"line_number":7,"context_line":"## Who is this book for?"},{"line_number":8,"context_line":""}],"source_content_type":"text/x-markdown","patch_set":2,"id":"1ae8a5b3_4de83a6f","line":5,"updated":"2022-03-22 11:42:06.000000000","message":"My bet would be that nobody reads the \"How to use this Handbook\" part of a handbook.","commit_id":"ef8e0df08441957a87473bb314afe31af9c84182"},{"author":{"_account_id":1000002,"name":"Serge Bazanski","display_name":"Serge","email":"serge@monogon.tech","username":"serge","avatars":[{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"change_message_id":"4109991701fd4109246f3c7180de9a704a0f43cb","unresolved":true,"context_lines":[{"line_number":2,"context_line":""},{"line_number":3,"context_line":"This handbook is the canonical documentation for Metropolis. It aims to document all aspects of Metropolis, from a quick demo, through production deployment to architecture internals."},{"line_number":4,"context_line":""},{"line_number":5,"context_line":"\u003e Note: **This section is critical to understand the Handbook structure** and must be read by anyone looking to use Metropolis. At the bottom of this page you will find information about which sections to read next, depending on how you want to use Metropolis."},{"line_number":6,"context_line":""},{"line_number":7,"context_line":"## Who is this book for?"},{"line_number":8,"context_line":""}],"source_content_type":"text/x-markdown","patch_set":2,"id":"45eaa21e_7d87c2ef","line":5,"in_reply_to":"1ae8a5b3_4de83a6f","updated":"2022-06-30 18:19:56.000000000","message":"Well, what do you wanna do about this? Snark is fine, but actionable snark is better :).","commit_id":"ef8e0df08441957a87473bb314afe31af9c84182"},{"author":{"_account_id":1000000,"name":"Leopold Schabel","display_name":"Leo","email":"leo@monogon.tech","username":"leo","avatars":[{"url":"https://www.gravatar.com/avatar/98f8f79a6bb45adef37defa7ead8f3d2.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/98f8f79a6bb45adef37defa7ead8f3d2.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/98f8f79a6bb45adef37defa7ead8f3d2.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/98f8f79a6bb45adef37defa7ead8f3d2.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"change_message_id":"5177d90177c0ee4cd6e3c6d856504594e3d5f5a3","unresolved":false,"context_lines":[{"line_number":2,"context_line":""},{"line_number":3,"context_line":"This handbook is the canonical documentation for Metropolis. It aims to document all aspects of Metropolis, from a quick demo, through production deployment to architecture internals."},{"line_number":4,"context_line":""},{"line_number":5,"context_line":"\u003e Note: **This section is critical to understand the Handbook structure** and must be read by anyone looking to use Metropolis. At the bottom of this page you will find information about which sections to read next, depending on how you want to use Metropolis."},{"line_number":6,"context_line":""},{"line_number":7,"context_line":"## Who is this book for?"},{"line_number":8,"context_line":""}],"source_content_type":"text/x-markdown","patch_set":2,"id":"66fa5716_9ecd9435","line":5,"in_reply_to":"45eaa21e_7d87c2ef","updated":"2022-06-30 18:24:07.000000000","message":"\"structure it such that intuition is good enough\" but that\u0027s not really immediately actionable so I\u0027m marking this resolved too :)","commit_id":"ef8e0df08441957a87473bb314afe31af9c84182"},{"author":{"_account_id":1000010,"name":"Mateusz Zalega","display_name":"msgctl","email":"mateusz@monogon.tech","username":"mateusz","avatars":[{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"change_message_id":"3963641823773c9f4db2f1914bd6e7737b257da7","unresolved":true,"context_lines":[{"line_number":26,"context_line":""},{"line_number":27,"context_line":"In addition, Metropolis makes no attempt to hide that it itself and Kubernetes are distributed systems and applications running on top of clusters need to be engineered to handle such a scenario."},{"line_number":28,"context_line":""},{"line_number":29,"context_line":"In most organizations, Users will be developers part of some product teams  working on delivering an organization\u0027s product or service, responsible for both operations and development of the product."},{"line_number":30,"context_line":""},{"line_number":31,"context_line":"### Developers"},{"line_number":32,"context_line":""}],"source_content_type":"text/x-markdown","patch_set":2,"id":"37d3863b_f86683b4","line":29,"updated":"2022-03-22 10:26:54.000000000","message":"imho this sentence needs rephrasing","commit_id":"ef8e0df08441957a87473bb314afe31af9c84182"},{"author":{"_account_id":1000010,"name":"Mateusz Zalega","display_name":"msgctl","email":"mateusz@monogon.tech","username":"mateusz","avatars":[{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"change_message_id":"5ecba47851b6f5a7ddf0023b988556d90fe25151","unresolved":false,"context_lines":[{"line_number":26,"context_line":""},{"line_number":27,"context_line":"In addition, Metropolis makes no attempt to hide that it itself and Kubernetes are distributed systems and applications running on top of clusters need to be engineered to handle such a scenario."},{"line_number":28,"context_line":""},{"line_number":29,"context_line":"In most organizations, Users will be developers part of some product teams  working on delivering an organization\u0027s product or service, responsible for both operations and development of the product."},{"line_number":30,"context_line":""},{"line_number":31,"context_line":"### Developers"},{"line_number":32,"context_line":""}],"source_content_type":"text/x-markdown","patch_set":2,"id":"7159c605_39246a71","line":29,"in_reply_to":"37d3863b_f86683b4","updated":"2022-06-29 13:51:15.000000000","message":"Done","commit_id":"ef8e0df08441957a87473bb314afe31af9c84182"},{"author":{"_account_id":1000010,"name":"Mateusz Zalega","display_name":"msgctl","email":"mateusz@monogon.tech","username":"mateusz","avatars":[{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"change_message_id":"3963641823773c9f4db2f1914bd6e7737b257da7","unresolved":true,"context_lines":[{"line_number":34,"context_line":""},{"line_number":35,"context_line":"Metropolis comes with high quality developer tooling to work on the codebase - all tests, including full cluster tests, can be run without any special software straight from a Monogon repository checkout."},{"line_number":36,"context_line":""},{"line_number":37,"context_line":"People who wish to build Metropolis from source (for security, to reproduce official artifacts, or to apply internal organization patches) are also expected to fall into this category. In the future, a purpose-specific documentation might be built for software packagers or people who wish to ensure Metropolis builds are reproducible, but that is not the case yet."},{"line_number":38,"context_line":""},{"line_number":39,"context_line":"## Which sections should be read, and in what order?"},{"line_number":40,"context_line":""}],"source_content_type":"text/x-markdown","patch_set":2,"id":"f0a1fd80_0ea85387","line":37,"updated":"2022-03-22 10:26:54.000000000","message":"uncountable \"purpose-specific documentation\"","commit_id":"ef8e0df08441957a87473bb314afe31af9c84182"},{"author":{"_account_id":1000010,"name":"Mateusz Zalega","display_name":"msgctl","email":"mateusz@monogon.tech","username":"mateusz","avatars":[{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/30cae8ca0782f23ce0a60ac80fda3dd9.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"change_message_id":"5ecba47851b6f5a7ddf0023b988556d90fe25151","unresolved":false,"context_lines":[{"line_number":34,"context_line":""},{"line_number":35,"context_line":"Metropolis comes with high quality developer tooling to work on the codebase - all tests, including full cluster tests, can be run without any special software straight from a Monogon repository checkout."},{"line_number":36,"context_line":""},{"line_number":37,"context_line":"People who wish to build Metropolis from source (for security, to reproduce official artifacts, or to apply internal organization patches) are also expected to fall into this category. In the future, a purpose-specific documentation might be built for software packagers or people who wish to ensure Metropolis builds are reproducible, but that is not the case yet."},{"line_number":38,"context_line":""},{"line_number":39,"context_line":"## Which sections should be read, and in what order?"},{"line_number":40,"context_line":""}],"source_content_type":"text/x-markdown","patch_set":2,"id":"640cc844_23f7afb9","line":37,"in_reply_to":"f0a1fd80_0ea85387","updated":"2022-06-29 13:51:15.000000000","message":"Done","commit_id":"ef8e0df08441957a87473bb314afe31af9c84182"}]}