- Add TLS support to the deployment chart
- Enable TLS on k8s in production
- Add Additional LVS endpoint configuration
- Switch services to use the TLS LVS
- Remove non-TLS LVS endpoint configuration
- Remove the non-TLS k8s service
Description
Description
Details
Details
Customize query in gerrit
| Status | Subtype | Assigned | Task | ||
|---|---|---|---|---|---|
| Resolved | JMeybohm | T235411 Add TLS termination to services running on kubernetes | |||
| Resolved | JMeybohm | T255879 Move cxserver to use TLS only |
Event Timeline
Comment Actions
Change 625935 had a related patch set uploaded (by Giuseppe Lavagetto; owner: Giuseppe Lavagetto):
[operations/deployment-charts@master] cxserver: enable the service proxy in staging
Comment Actions
Change 626110 had a related patch set uploaded (by Giuseppe Lavagetto; owner: Giuseppe Lavagetto):
[operations/deployment-charts@master] cxserver: enable the service proxy everywhere
Comment Actions
Change 625935 merged by jenkins-bot:
[operations/deployment-charts@master] cxserver: enable the service proxy in staging
Comment Actions
Change 626110 merged by jenkins-bot:
[operations/deployment-charts@master] cxserver: enable the service proxy everywhere
Comment Actions
Change 627431 had a related patch set uploaded (by JMeybohm; owner: JMeybohm):
[operations/puppet@production] lvs: Rename cxserver-https to cxserver
Comment Actions
Change 627432 had a related patch set uploaded (by JMeybohm; owner: JMeybohm):
[operations/puppet@production] lvs: Remove cxserver non-TLS endpoint from LVS 1/3
Comment Actions
Change 627433 had a related patch set uploaded (by JMeybohm; owner: JMeybohm):
[operations/puppet@production] lvs: Remove cxserver non-TLS endpoint from LVS 2/3
Comment Actions
Change 627434 had a related patch set uploaded (by JMeybohm; owner: JMeybohm):
[operations/puppet@production] lvs: Remove cxserver non-TLS endpoint from LVS 3/3
Comment Actions
Change 627431 merged by JMeybohm:
[operations/puppet@production] lvs: Rename cxserver-https to cxserver
Comment Actions
Change 627433 abandoned by JMeybohm:
[operations/puppet@production] lvs: Remove cxserver non-TLS endpoint from LVS 2/3
Reason:
Comment Actions
Change 627432 merged by JMeybohm:
[operations/puppet@production] lvs: Remove cxserver non-TLS endpoint from LVS 1/3
Comment Actions
Change 627434 merged by JMeybohm:
[operations/puppet@production] lvs: Remove cxserver non-TLS endpoint from LVS 3/3
Comment Actions
Mentioned in SAL (#wikimedia-operations) [2020-09-22T07:39:19Z] <jayme> running puppet on lvs servers - T255879 T254581
Comment Actions
Mentioned in SAL (#wikimedia-operations) [2020-09-22T07:42:29Z] <jayme> restarting pybal on lvs1016.eqiad.wmnet,lvs2010.codfw.wmnet - T255879 T254581
Comment Actions
Mentioned in SAL (#wikimedia-operations) [2020-09-22T07:46:29Z] <jayme> restarting pybal on lvs1015.eqiad.wmnet,lvs2009.codfw.wmnet - T255879 T254581
Comment Actions
Mentioned in SAL (#wikimedia-operations) [2020-09-22T07:49:48Z] <jayme> running ipvsadm -D -t 10.2.2.18:8080; ipvsadm -D -t 10.2.2.46:3030 on lvs1016.eqiad.wmnet,lvs1015.eqiad.wmnet - T255879 T254581
Comment Actions
Mentioned in SAL (#wikimedia-operations) [2020-09-22T07:51:18Z] <jayme> running ipvsadm -D -t 10.2.1.18:8080; ipvsadm -D -t 10.2.1.46:3030 on lvs2010.codfw.wmnet,lvs2009.codfw.wmnet - T255879 T254581
Comment Actions
Change 715453 had a related patch set uploaded (by JMeybohm; author: JMeybohm):
[operations/deployment-charts@master] cxserver: Remove HTTP service from kubernetes
Comment Actions
Change 715453 merged by jenkins-bot:
[operations/deployment-charts@master] cxserver: Remove HTTP service from kubernetes