Blubberoid should be moved to be TLS only. Given we have several clients still on http, we first need to add TLS, then to have both versions of the service live while we convert all clients.
| Status | Subtype | Assigned | Task | ||
|---|---|---|---|---|---|
| Resolved | JMeybohm | T235411 Add TLS termination to services running on kubernetes | |||
| Resolved | JMeybohm | T236017 Move blubberoid to use TLS only. |
Change 544774 had a related patch set uploaded (by Giuseppe Lavagetto; owner: Giuseppe Lavagetto):
[operations/deployment-charts@master] blubberoid: Add TLS termination
Change 544774 merged by jenkins-bot:
[operations/deployment-charts@master] blubberoid: Add TLS termination
Change 553369 had a related patch set uploaded (by Giuseppe Lavagetto; owner: Giuseppe Lavagetto):
[operations/puppet@production] trafficserver: use https discovery url for blubberoid
Once the patch I created is merged, we will be able to remove the HTTP endpoint as soon as we're varnish-be-free.
Change 553369 merged by Giuseppe Lavagetto:
[operations/puppet@production] trafficserver: use https discovery url for blubberoid
Picking this up again - we already migrated the CDN to use https - do we need to do something for CI?
From the CI client side we've been interacting with blubberoid from the external url (i.e., https://blubberoid.wikimedia.org/v1/): https://gerrit.wikimedia.org/r/plugins/gitiles/integration/pipelinelib/+/master/src/org/wikimedia/integration/PipelineRunner.groovy#33
Change 627268 had a related patch set uploaded (by JMeybohm; owner: JMeybohm):
[operations/puppet@production] lvs: Remove blubberoid non-TLS endpoint from LVS 1/3
Change 627269 had a related patch set uploaded (by JMeybohm; owner: JMeybohm):
[operations/puppet@production] lvs: Remove blubberoid non-TLS endpoint from LVS 2/3
Change 627270 had a related patch set uploaded (by JMeybohm; owner: JMeybohm):
[operations/puppet@production] lvs: Remove blubberoid non-TLS endpoint from LVS 3/3
Change 627269 abandoned by JMeybohm:
[operations/puppet@production] lvs: Remove blubberoid non-TLS endpoint from LVS 2/3
Reason:
Change 627268 merged by JMeybohm:
[operations/puppet@production] lvs: Remove blubberoid non-TLS endpoint from LVS 1/3
Change 627270 merged by JMeybohm:
[operations/puppet@production] lvs: Remove blubberoid non-TLS endpoint from LVS 3/3
Change 715447 had a related patch set uploaded (by JMeybohm; author: JMeybohm):
[operations/deployment-charts@master] blubberoid: Remove HTTP service from kubernetes
Change 715447 merged by jenkins-bot:
[operations/deployment-charts@master] blubberoid: Remove HTTP service from kubernetes