Page MenuHomePhabricator
Create Task
Maniphest T347397

Migrate functions-orchestrator service to mw-api-int
Closed, ResolvedPublic
Actions

Description

Splitting specific concern from more general T344998, and putting in the general task tree.

Details

SubjectRepoBranchLines +/-
admin_nd: Don't allow uncached api access from wikifunctionsoperations/deployment-chartsmaster+1 -1
wikifunctions: Allow orchestrator to connecto to mw-api-int podsoperations/deployment-chartsmaster+32 -8
Revert "wikifunctions: Switch all clusters to use the service mesh"operations/deployment-chartsmaster+8 -5
wikifunctions: Switch all clusters to use the service meshoperations/deployment-chartsmaster+5 -8
Customize query in gerrit

Related Objects
Search...

Event Timeline

Jdforrester-WMF created this task.Sep 26 2023, 12:45 PM
gerritbot added a comment.Sep 26 2023, 1:28 PM

Change 961108 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/deployment-charts@master] wikifunctions: Switch all clusters to use the service mesh

https://gerrit.wikimedia.org/r/961108

gerritbot added a project: Patch-For-Review.Sep 26 2023, 1:28 PM
gerritbot added a comment.Sep 26 2023, 1:32 PM

Change 961108 merged by jenkins-bot:

[operations/deployment-charts@master] wikifunctions: Switch all clusters to use the service mesh

https://gerrit.wikimedia.org/r/961108

gerritbot added a comment.Sep 26 2023, 2:00 PM

Change 961111 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/deployment-charts@master] Revert "wikifunctions: Switch all clusters to use the service mesh"

https://gerrit.wikimedia.org/r/961111

gerritbot added a comment.Sep 26 2023, 2:02 PM

Change 961111 merged by jenkins-bot:

[operations/deployment-charts@master] Revert "wikifunctions: Switch all clusters to use the service mesh"

https://gerrit.wikimedia.org/r/961111

Maintenance_bot removed a project: Patch-For-Review.Sep 26 2023, 2:10 PM
Jdforrester-WMF changed the task status from Open to In Progress.Sep 27 2023, 12:58 PM
Jdforrester-WMF moved this task from To triage to In Progress on the Abstract Wikipedia team board.
gerritbot added a comment.Sep 27 2023, 1:11 PM

Change 961383 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/deployment-charts@master] wikifunctions: Allow orchestrator to connecto to mw-api-int pods

https://gerrit.wikimedia.org/r/961383

gerritbot added a project: Patch-For-Review.Sep 27 2023, 1:11 PM
gerritbot added a comment.Sep 27 2023, 1:18 PM

Change 961383 merged by jenkins-bot:

[operations/deployment-charts@master] wikifunctions: Allow orchestrator to connecto to mw-api-int pods

https://gerrit.wikimedia.org/r/961383

Maintenance_bot removed a project: Patch-For-Review.Sep 27 2023, 1:31 PM
JMeybohm claimed this task.Sep 27 2023, 1:32 PM
JMeybohm subscribed.

It took me a while to figure this out, sorry. Due to wikifunctions having more strict firewall rules in general, our automation that puts firewall rules in place for service-mesh listeners did not work as expected. This is now fixed within wikifunctions be specifying a explicit rule as following up on the automation part will take some time.

Rolled out to all clusters, wikifunctions still working and the mesh is used according to metrics. I'll claim this task and will remove the firewall rule allowing direct access to mw-api later.

JMeybohm moved this task from Incoming 🐫 to Doing 😎 on the serviceops board.Sep 27 2023, 1:33 PM
gerritbot added a comment.Sep 27 2023, 1:53 PM

Change 961394 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/deployment-charts@master] admin_nd: Don't allow uncached api access from wikifunctions

https://gerrit.wikimedia.org/r/961394

gerritbot added a project: Patch-For-Review.Sep 27 2023, 1:53 PM
gerritbot added a comment.Sep 27 2023, 2:00 PM

Change 961394 merged by jenkins-bot:

[operations/deployment-charts@master] admin_nd: Don't allow uncached api access from wikifunctions

https://gerrit.wikimedia.org/r/961394

Jdforrester-WMF moved this task from In Progress to Verify in production on the Abstract Wikipedia team board.Sep 27 2023, 2:08 PM
Maintenance_bot removed a project: Patch-For-Review.Sep 27 2023, 2:10 PM
JMeybohm closed this task as Resolved.Sep 27 2023, 3:04 PM

Direct access to mw-api is forbidden now. wikifunctions still working

Jdforrester-WMF added a parent task: T343458: Allow logged-out users to run (community-approved) implementations on wikifunctions.org via the `wikilambda-execute` right.Oct 12 2023, 4:34 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL