Stand up upgraded Toolforge etcd clusters
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	Bstorm
	Feb 8 2019, 9:42 PM

Description

From https://kubernetes.io/docs/tasks/administer-cluster/configure-upgrade-etcd/, "The minimum recommended version of etcd to run in production is 3.2.10+".

It looks like Wikimedia's stretch/main repo has etcd-3.2.16. That should do!

For building the two clusters we need, we require:

A revisit of the current etcd config in puppet with attention to any new ideas around certificate management. -- note T144153, T169287 and T215553. There's a lot entangled in these tasks.
Documentation of the build and configuration -- making sure etcdctl actually functions on the servers in a way that is documented and perhaps consistent with upstream docs (currently, it might work, but it is so old that upstream docs are totally different).

Related Objects
Search...

Status	Assigned	Task
		Restricted Task
Resolved	Bstorm	T246122 Upgrade the Toolforge Kubernetes cluster to v1.16
		Restricted Task
Resolved	• bd808	T232536 Toolforge Kubernetes internal API down, causing `webservice` and other tooling to fail
Resolved	Bstorm	T236565 "tools" Cloud VPS project jessie deprecation
Resolved	aborrero	T101651 Set up toolsbeta more fully to help make testing easier
Resolved	Bstorm	T166949 Homedir/UID info breaks after a while in Tools Kubernetes (can't read replica.my.cnf)
Resolved	Bstorm	T246059 Add admin account creation to maintain-kubeusers
Resolved	Bstorm	T154504 Make webservice backend default to kubernetes
Declined	None	T245230 Investigate cpu/ram requests and limits for DaemonSets pods
Resolved	Bstorm	T214513 Deploy and migrate tools to a Kubernetes v1.15 or newer cluster
Resolved	aborrero	T142862 Setup Kubernetes Masters in a HA setup
Resolved	aborrero	T215663 Stand up upgraded Toolforge etcd clusters

Event Timeline

Bstorm triaged this task as High priority.Feb 8 2019, 9:42 PM

Bstorm created this task.

Bstorm updated the task description. (Show Details)Feb 8 2019, 9:45 PM

For at least test builds, we could probably just use the puppet certs...and that might be a fine way to use them going forward with a documentation and/or puppet change to say "subscribe" to the puppet certs file...not sure exactly how that would work or if it would considering how puppet uses them, but...

• bd808 removed a project: Goal.Feb 10 2019, 8:48 PM

BTW, https://kubernetes.io/docs/setup/independent/setup-ha-etcd-with-kubeadm/

We can stand up etcd using kubeadm if we choose. It's weird. We'll probably at least test the process to see.

One advantage to using kubeadm for most everything is centralizing CA management from k8s itself, but this could turn into a problem instead of a solution. It depends on exactly how all certs end up getting used.

Bstorm added a parent task: T142862: Setup Kubernetes Masters in a HA setup.Feb 12 2019, 10:27 PM

• GTirloni removed a subscriber: • GTirloni.Mar 21 2019, 9:06 PM

This has been done in 2 different ways:

the one developed in this phabricator task: T226098: Toolforge: modernize deployment for etcd in k8s
the approach of using kubeadm to setup the stacked etcd setup for us, tested and developed in task: T215531: Deploy upgraded Kubernetes to toolsbeta

So I think this task can be closed now. Feel free to reopen if required.

Stand up upgraded Toolforge etcd clustersClosed, ResolvedPublicActions

Description

Related ObjectsSearch...

Event Timeline

Stand up upgraded Toolforge etcd clusters
Closed, ResolvedPublic
Actions

Related Objects
Search...