Page MenuHomePhabricator

Upgrade the nginx ingress controller in Toolforge (and likely PAWS)
Open, HighPublic

Description

We are currently using controller version 0.25.0, which is quite outdated and has been improved on significantly since then. A careful and tested upgrade would be a good idea to stay up to date with security and bug-fix patches.

In addition to that, the helm chart is now embraced in the upstream repo. Using the helm chart would simplify some aspects of upgrade management (upgrades and rollbacks are made quite clear), remove a lot of boilerplate from our yaml, and possibly add a set of settings for local testing in the future. The only changes that would require is:

  • installing helm 3 from our repos to the control plane servers
  • swapping out the yaml files in puppet with yaml files that are strictly our override values (basically, a values.yaml with a more expressive name)

For PAWS, changing to using the helm chart is even easier, if the ingress controller is made an optional dependency and the values are added to the existing values and secrets yaml files. I will definitely propose a patch for this latter case because it's very easy to not include that in minikube deploy while deploying our setup to PAWS prod.

Event Timeline

Bstorm created this task.Sep 30 2020, 5:53 PM

Change 631421 had a related patch set uploaded (by Arturo Borrero Gonzalez; owner: Arturo Borrero Gonzalez):
[operations/puppet@production] aptrepro: thirdparty/kubeadm-k8s-1-17: introduce helm3 package

https://gerrit.wikimedia.org/r/631421

Bstorm added a comment.Oct 1 2020, 2:50 PM

Quick info on at least my reading of the very long changelog between current and our version: T263284#6506145

Change 631421 merged by Arturo Borrero Gonzalez:
[operations/puppet@production] aptrepo: thirdparty/kubeadm-k8s-1-17: introduce helm3 package

https://gerrit.wikimedia.org/r/631421

Change 631711 had a related patch set uploaded (by Arturo Borrero Gonzalez; owner: Arturo Borrero Gonzalez):
[operations/puppet@production] aptrepo: add gpg key for baltocdn external repository

https://gerrit.wikimedia.org/r/631711

Change 631711 merged by Arturo Borrero Gonzalez:
[operations/puppet@production] aptrepo: add gpg key for baltocdn external repository

https://gerrit.wikimedia.org/r/631711

Change 631712 had a related patch set uploaded (by Arturo Borrero Gonzalez; owner: Arturo Borrero Gonzalez):
[operations/puppet@production] aptrepo: updates: fix baltocdn key id

https://gerrit.wikimedia.org/r/631712

Mentioned in SAL (#wikimedia-operations) [2020-10-02T09:11:49Z] <arturo> added helm3 package to buster-wikimedia/thirdparty/kubeadm-k8s-1-17 (T264221)

Change 631712 merged by Arturo Borrero Gonzalez:
[operations/puppet@production] aptrepo: updates: fix baltocdn key id

https://gerrit.wikimedia.org/r/631712

Andrew triaged this task as High priority.Tue, Jan 12, 5:08 PM