Alexandros Kosiaris has submitted this change and it was merged. (
https://gerrit.wikimedia.org/r/352580 )
Change subject: lvs: Add the kubernetes master service/cluster
......................................................................
lvs: Add the kubernetes master service/cluster
Add a conftool cluster called kubernetes, and add the first service for
it, namely master. Listen on port 6443 for it, but don't enable
ProxyFetch or icinga monitoring for now, until we figure out a proper
way of authn/authz for monitoring requests. Also open the ferm firewall
rules in order allow monitoring from pybal
Bug: T162040
Change-Id: I5f7518e8923b44c8e203d463bcc206280812021f
---
M conftool-data/node/eqiad.yaml
M conftool-data/service/services.yaml
M hieradata/common/lvs/configuration.yaml
M modules/role/manifests/lvs/balancer.pp
4 files changed, 35 insertions(+), 0 deletions(-)
Approvals:
Alexandros Kosiaris: Verified; Looks good to me, approved
diff --git a/conftool-data/node/eqiad.yaml b/conftool-data/node/eqiad.yaml
index ba9383e..c9cbbfb 100644
--- a/conftool-data/node/eqiad.yaml
+++ b/conftool-data/node/eqiad.yaml
@@ -308,3 +308,6 @@
logstash1001.eqiad.wmnet: [kibana]
logstash1002.eqiad.wmnet: [kibana]
logstash1003.eqiad.wmnet: [kibana]
+ kubernetes:
+ argon.eqiad.wmnet: [kubemaster]
+ chlorine.eqiad.wmnet: [kubemaster]
diff --git a/conftool-data/service/services.yaml
b/conftool-data/service/services.yaml
index aee6bcd..162fe26 100644
--- a/conftool-data/service/services.yaml
+++ b/conftool-data/service/services.yaml
@@ -218,3 +218,11 @@
default_values:
pooled: 'no'
weight: 10
+kubernetes:
+ kubemaster:
+ port: 6443
+ datacenters:
+ - eqiad
+ default_values:
+ pooled: 'yes'
+ weight: 10
diff --git a/hieradata/common/lvs/configuration.yaml
b/hieradata/common/lvs/configuration.yaml
index 7e1919c..9871f20 100644
--- a/hieradata/common/lvs/configuration.yaml
+++ b/hieradata/common/lvs/configuration.yaml
@@ -140,6 +140,9 @@
trendingedits: &ip_block035
eqiad: 10.2.2.9
codfw: 10.2.1.9
+ kubemaster: &ip_block036
+ eqiad: 10.2.2.8
+ codfw: 10.2.1.8
lvs::configuration::lvs_services:
text:
description: "Main wiki platform LVS service, text.%{::site}.wikimedia.org
(Varnish)"
@@ -1249,3 +1252,22 @@
hostname: trendingedits.svc.eqiad.wmnet
codfw:
hostname: trendingedits.svc.codfw.wmnet
+ kubemaster:
+ description: "Kubernetes master service. kubemaster.svc.%{::site}.wmnet"
+ class: low-traffic
+ sites:
+ - eqiad
+ ip: *ip_block036
+ port: 6443
+ bgp: 'yes'
+ depool-threshold: '.5'
+ monitors:
+ # Despite kubernetes being an HTTP REST API, it seems it does not yet
support unauthenticated requests,
+ # so no ProxyFetch for now
+ IdleConnection:
+ timeout-clean-reconnect: 3
+ max-delay: 300
+ conftool:
+ cluster: kubernetes
+ service: kubemaster
+ # For now, no icinga monitoring for the same reasons as ProxyFetch
diff --git a/modules/role/manifests/lvs/balancer.pp
b/modules/role/manifests/lvs/balancer.pp
index 1742d15..2f3a78c 100644
--- a/modules/role/manifests/lvs/balancer.pp
+++ b/modules/role/manifests/lvs/balancer.pp
@@ -49,6 +49,7 @@
$sip['eventstreams'][$::site],
$sip['pdfrender'][$::site],
$sip['trendingedits'][$::site],
+ $sip['kubemaster'][$::site],
],
# codfw (should mirror eqiad above, eventually, and become merged with
it via regex
@@ -85,6 +86,7 @@
$sip['eventstreams'][$::site],
$sip['pdfrender'][$::site],
$sip['trendingedits'][$::site],
+ $sip['kubemaster'][$::site],
],
# esams + ulsfo
--
To view, visit https://gerrit.wikimedia.org/r/352580
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I5f7518e8923b44c8e203d463bcc206280812021f
Gerrit-PatchSet: 5
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Alexandros Kosiaris <[email protected]>
Gerrit-Reviewer: Alexandros Kosiaris <[email protected]>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
