Page MenuHomePhabricator

Move eventgate-main to use TLS only
Closed, ResolvedPublic

Description

  • Add TLS support to the deployment chart
  • Enable TLS on k8s in production
  • Add Additional LVS endpoint configuration
  • Switch services to use the TLS LVS
  • Remove non-TLS LVS endpoint configuration
  • Remove the non-TLS k8s service

Event Timeline

JMeybohm triaged this task as Medium priority.Jul 21 2020, 7:54 AM

Change 627536 had a related patch set uploaded (by JMeybohm; owner: JMeybohm):
[operations/puppet@production] lvs: Remove check_eventgate_main_http_cluster monitoring

https://gerrit.wikimedia.org/r/627536

Change 627537 had a related patch set uploaded (by JMeybohm; owner: JMeybohm):
[operations/puppet@production] lvs: Remove eventgate-main non-TLS endpoint from LVS 1/2

https://gerrit.wikimedia.org/r/627537

Change 627538 had a related patch set uploaded (by JMeybohm; owner: JMeybohm):
[operations/puppet@production] lvs: Remove eventgate-main non-TLS endpoint from LVS 2/2

https://gerrit.wikimedia.org/r/627538

Change 627536 merged by JMeybohm:
[operations/puppet@production] lvs: Remove check_eventgate_main_http_cluster monitoring

https://gerrit.wikimedia.org/r/627536

Change 627537 merged by JMeybohm:
[operations/puppet@production] lvs: Remove eventgate-main non-TLS endpoint from LVS 1/2

https://gerrit.wikimedia.org/r/627537

Change 627538 merged by JMeybohm:
[operations/puppet@production] lvs: Remove eventgate-main non-TLS endpoint from LVS 2/2

https://gerrit.wikimedia.org/r/627538

Mentioned in SAL (#wikimedia-operations) [2020-09-22T09:55:22Z] <jayme> restarting pybal on lvs1016.eqiad.wmnet,lvs2010.codfw.wmnet - T255873 T255870

Mentioned in SAL (#wikimedia-operations) [2020-09-22T09:57:17Z] <jayme> restarting pybal on lvs1015.eqiad.wmnet,lvs2009.codfw.wmnet - T255873 T255870

Mentioned in SAL (#wikimedia-operations) [2020-09-22T09:59:04Z] <jayme> running ipvsadm -D -t 10.2.2.45:34192; ipvsadm -D -t 10.2.2.42:35192 on lvs1016.eqiad.wmnet,lvs1015.eqiad.wmnet - T255873 T255870

Mentioned in SAL (#wikimedia-operations) [2020-09-22T09:59:44Z] <jayme> running ipvsadm -D -t 10.2.1.45:34192; ipvsadm -D -t 10.2.1.42:35192 on lvs2010.codfw.wmnet,lvs2009.codfw.wmnet - T255873 T255870

Remove the non-TLS k8s service will be handled via T255871