Page MenuHomePhabricator
Create Task
Maniphest T241853

Move metrics-server and kube-state-metrics into the new metrics namespace
Closed, ResolvedPublic
Actions

Description

Since this is a new chunk of work that might be a little fiddly getting the permissions right, this task is to move the Toolforge metrics-server and kube-state-metrics services into the new metrics namespace with potentially their own PSPs or with the default psp, if that seems appropriate.

General guidelines would be the usual principle of least privilege and running the containers in a security context that specifies a non-root UID. It probably won't be that hard, but including a security context that runs as a UID other than root may or may not work for metrics-server, etc. It seems likely that they'll work ok since they don't need filesystem access to work.

Details

SubjectRepoBranchLines +/-
toolforge: new k8s: move metrics-server and kube-state-metrics to new namespaceoperations/puppetproduction+59 -17
Customize query in gerrit

Related Objects
Search...

Event Timeline

Bstorm created this task.Jan 3 2020, 5:53 PM
aborrero claimed this task.Jan 4 2020, 5:38 PM
aborrero triaged this task as Medium priority.
aborrero moved this task from Inbox to Doing on the cloud-services-team (Kanban) board.
gerritbot added a comment.Jan 7 2020, 1:09 PM

Change 562508 had a related patch set uploaded (by Arturo Borrero Gonzalez; owner: Arturo Borrero Gonzalez):
[operations/puppet@production] toolforge: new k8s: move metrics-server and kube-state-metrics to new namespace

https://gerrit.wikimedia.org/r/562508

gerritbot added a project: Patch-For-Review.Jan 7 2020, 1:09 PM
Stashbot added a comment.Jan 7 2020, 1:23 PM

Mentioned in SAL (#wikimedia-cloud) [2020-01-07T13:23:00Z] <arturo> [new k8s] doing changes to kube-state-metrics and metrics-server trying to relocate them to the 'metrics' namespace (T241853)

Stashbot added a comment.Jan 7 2020, 1:31 PM

Mentioned in SAL (#wikimedia-cloud) [2020-01-07T13:31:24Z] <arturo> upload docker-registry.tools.wmflabs.org/metrics-server-amd64:v0.3.6 copied from k8s.gcr.io/metrics-server-amd64:v0.3.6 (T241853)

Stashbot added a comment.Jan 7 2020, 1:33 PM

Mentioned in SAL (#wikimedia-cloud) [2020-01-07T13:33:49Z] <arturo> upload docker-registry.tools.wmflabs.org/coreos/kube-state-metrics:v1.8.0 copied from quay.io/coreos/kube-state-metrics:v1.8.0 (T241853)

Stashbot added a comment.Jan 7 2020, 2:02 PM

Mentioned in SAL (#wikimedia-cloud) [2020-01-07T14:02:12Z] <arturo> root@tools-k8s-control-3:~# wmcs-k8s-secret-for-cert -n metrics -s metrics-server-certs -a metrics-server (T241853)

gerritbot added a comment.Jan 7 2020, 2:29 PM

Change 562508 merged by Arturo Borrero Gonzalez:
[operations/puppet@production] toolforge: new k8s: move metrics-server and kube-state-metrics to new namespace

https://gerrit.wikimedia.org/r/562508

Maintenance_bot removed a project: Patch-For-Review.Jan 7 2020, 3:10 PM
aborrero closed this task as Resolved.Jan 8 2020, 12:50 PM

This is done. Please reopen if required.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL