Page MenuHomePhabricator

Request increased quota for notwikilambda Toolforge tool
Closed, ResolvedPublic

Description

Tool Name: notwikilambda
Type of quota increase requested: services
Reason: I would like to run some additional services which the MediaWiki installation in the main webservice talks to. Initially, this would be pygments-server, to provide syntax highlighting (the PHP container doesn’t have Python 3, so it can’t run pygmentize directly). If I can get that to work, I would also try to run function-orchestrator and function-evaluator, but I haven’t looked into these in detail yet.

The current services quota is 1. For pygments-server alone, I believe I would only need one more service; I’m not sure how many more services would be needed with the function orchestrator or evaluator, but probably no more than three (orchestrator, python executor, javascript executor)? So a quota somewhere between 2 and 5 would be nice, I think.

Event Timeline

Presuming you don't intend to use the webservice script and will be defining all this in yaml, you are aiming to set up these other things as deployments with a service in front?

Would you need internet access or just a ClusterIP service?

Here are the Kubernetes objects I have so far: https://gist.github.com/lucaswerkmeister/8b28d3325f157ca26dbef558a7c085d2

The deployment seems to work reasonably well on its own:

tools.notwikilambda@tools-sgebastion-07:~$ printf '%s\n' '#!/bin/sh' 'echo "hi"' | kubectl exec -i pygments-server-77b84dddfc-5rn45 -- ./pygmentize -lsh 2>/dev/null
<div class="highlight"><pre><span></span><span class="ch">#!/bin/sh</span>
<span class="nb">echo</span> <span class="s2">&quot;hi&quot;</span>
</pre></div>

But if I understand correctly, I need a service in order to create a DNS name for this pod and be able to reach it from the webservice.

I don’t think pygments-server would need internet access, though I confess I don’t know what a ClusterIP service is :)

(I am planning to still use the webservice script for the main webservice – as far as I’ve seen so far, it doesn’t seem to interfere with other kubernetes objects.)

If you need to only access them from inside kubernetes ClusterIP should be fine.

LGTM, +1

With a service, there will be environment variables in your namespace to access the in-cluster DNS name of the services https://kubernetes.io/docs/concepts/services-networking/service/#discovering-services

The IP and DNS name you will get are not accessible to the internet, but your main webservice will be able to access them inside the cluster. So as long as your webservice communicates directly with the other pods and deployments using these services (what a ClusterIP service is, basically), then we can give you more service objects in your quota.

If the web service needs to connect to something like https://<thing>.toolforge.org/anotherthing/api and that is exposed to the internet, it won't work and you'll want to put that thing in another tool or webservice because that needs an ingress object talking to the service. There are restrictions within a tool that basically make it difficult to make a second ingress without another Toolforge tool. On a public cloud that's doable with a LoadBalancer-type service, but we don't have those in Toolforge. Does that help explain my question?

The IP and DNS name you will get are not accessible to the internet, but your main webservice will be able to access them inside the cluster. So as long as your webservice communicates directly with the other pods and deployments using these services (what a ClusterIP service is, basically), then we can give you more service objects in your quota.

Okay, that sounds just like what I had in mind. Thanks!

+1 for approval (depending on whether we are waiting for the meeting or not for these right now...we are not for Cloud VPS requests)

Would increasing it to 3 services be ok for now?

I think so, that should let me run pygments-server and then experiment with an orchestrator or evaluator as well. If those experiments work out I might file another request with more details.

Mentioned in SAL (#wikimedia-cloud) [2021-05-27T19:42:50Z] <majavah> bump quota to 3 services T283754

taavi claimed this task.

This should be done now, feel free to reopen if there are any issues.

[taavi@tools-sgebastion-08 ~] $ kubectl describe quota -n tool-notwikilambda | grep services
services                1       1
services.nodeports      0       0
[taavi@tools-sgebastion-08 ~] $ kubectl edit quota -n tool-notwikilambda --as admin --as-group system:masters
resourcequota/tool-notwikilambda edited
[taavi@tools-sgebastion-08 ~] $ kubectl describe quota -n tool-notwikilambda | grep services
services                1       3
services.nodeports      0       0

Thanks – I had to struggle with Pygments some more (and eventually ditched pygments-server and wrote my own), but it’s working now \o/ see Not Wikilambda:Setup for both documentation of the syntax and also an example of syntax highlighting.