- Add TLS support to the deployment chart
- Enable TLS on k8s in production
- Add Additional LVS endpoint configuration
- Switch services to use the TLS LVS
- Remove non-TLS LVS endpoint configuration
- Remove the non-TLS k8s service
Description
Details
Status | Subtype | Assigned | Task | ||
---|---|---|---|---|---|
Open | JMeybohm | T235411 Add TLS termination to services running on kubernetes | |||
Open | JMeybohm | T255875 Move mathoid to use TLS only |
Event Timeline
Change 629325 had a related patch set uploaded (by JMeybohm; owner: JMeybohm):
[operations/puppet@production] service: add TLS endpoint for mathoid 1/2
Change 629326 had a related patch set uploaded (by JMeybohm; owner: JMeybohm):
[operations/puppet@production] service: add TLS endpoint for mathoid 2/2
Change 629327 had a related patch set uploaded (by JMeybohm; owner: JMeybohm):
[operations/puppet@production] services_proxy: switch mathoid to the TLS endpoint
Change 629328 had a related patch set uploaded (by JMeybohm; owner: JMeybohm):
[operations/puppet@production] lvs: Remove mathoid non-TLS endpoint 1/2
Change 629329 had a related patch set uploaded (by JMeybohm; owner: JMeybohm):
[operations/puppet@production] lvs: Remove mathoid non-TLS endpoint 2/2
Change 629325 merged by JMeybohm:
[operations/puppet@production] service: add TLS endpoint for mathoid 1/2
Mentioned in SAL (#wikimedia-operations) [2020-09-24T09:43:40Z] <jayme> running puppet on lvs servers - T255875
Mentioned in SAL (#wikimedia-operations) [2020-09-24T09:46:28Z] <jayme> restart pybal on lvs1016.eqiad.wmnet,lvs2010.codfw.wmnet - T255875
Mentioned in SAL (#wikimedia-operations) [2020-09-24T09:48:58Z] <jayme> restart pybal on lvs1015.eqiad.wmnet,lvs2009.codfw.wmnet - T255875
Change 629326 merged by JMeybohm:
[operations/puppet@production] service: add TLS endpoint for mathoid 2/2
Change 629327 merged by JMeybohm:
[operations/puppet@production] services_proxy: switch mathoid to the TLS endpoint
Mentioned in SAL (#wikimedia-operations) [2020-09-24T12:58:37Z] <jayme> switched mathoid service-proxy listener to use TLS - T255875
Change 629328 merged by JMeybohm:
[operations/puppet@production] lvs: Remove mathoid non-TLS endpoint 1/2
Change 629329 merged by JMeybohm:
[operations/puppet@production] lvs: Remove mathoid non-TLS endpoint 2/2
Mentioned in SAL (#wikimedia-operations) [2020-10-02T09:12:25Z] <jayme> running puppet on lvs servers - T255875 T255869
Mentioned in SAL (#wikimedia-operations) [2020-10-02T09:14:41Z] <jayme> restarting pybal on lvs1016.eqiad.wmnet,lvs2010.codfw.wmnet - T255875 T255869
Mentioned in SAL (#wikimedia-operations) [2020-10-02T09:17:49Z] <jayme> restarting pybal on lvs1015.eqiad.wmnet,lvs2009.codfw.wmnet - T255875 T255869
Mentioned in SAL (#wikimedia-operations) [2020-10-02T09:18:14Z] <jayme> running ipvsadm -D -t 10.2.2.20:10042; ipvsadm -D -t 10.2.2.16:1969 on lvs1016.eqiad.wmnet,lvs1015.eqiad.wmnet - T255875 T255869
Mentioned in SAL (#wikimedia-operations) [2020-10-02T09:19:01Z] <jayme> running ipvsadm -D -t 10.2.1.20:10042; ipvsadm -D -t 10.2.1.16:1969 on lvs2010.codfw.wmnet,lvs2009.codfw.wmnet - T255875 T255869