Proton is currently running in the Beta Cluster on the deployment-chromium01 instance. We should create a new instance, using the role::beta::docker_services Puppet role, to host the Dockerized service using images from the deployment pipeline. The configuration will be similar to that used on deployment-push-notifications01.
I would suggest updating the naming convention to use the common name 'proton' to match the service name in k8s, making this new instance deployment-proton01 (or, for additional clarity, deployment-docker-proton01).
- Create new instance deployment-proton01 (or deployment-docker-proton01) from the latest Debian Buster image
- Update the Puppet SSL cert to get Puppet running successfully with the Beta Cluster puppetmaster (see P7162 for an example of the procedure)
- Add required hiera config, including the service configuration
- Apply the role::beta::docker_services and ensure Puppet still runs successfully
- Verify that the service is correctly serving internal requests
- Create a security group (if needed) to expose the service port (3030) to incoming traffic, and apply it to deployment-[docker-]proton01
- Migrate any existing references to deployment-chromium01 to deployment-[docker-]proton01
- Delete the existing proton-beta.wmflabs.org web proxy and create new a web proxy from proton-beta.wmflabs.org to port 3030 on deployment-[docker-]proton01
- Ensure that proton-beta.wmflabs.org correctly serves external requests
- Destroy deployment-chromium01