Eliminate single point of failure from Toolforge front proxy
Open, MediumPublic
Actions

Assigned To

None

Authored By

	taavi
	May 28 2021, 6:28 PM

Description

We want to eliminate the manual failover with the Toolforge dynamicproxy servers (SSL termination + grid engine routing). This is currently the only point on Toolforge k8s web requests that has a single point of failure, haproxy+ingress+worked pods will all automatically fail over on node failure. I essentially see two options here:

Completely remove that layer, and terminate TLS at either on haproxy or on the ingress, like on PAWS haproxy
Do automatic failover for Nginx (easy) and its Redis backend (complex for a "temporary" solution)

The first one is ideal in the long-term, but would require a workaround for grid engine tools (T282975) until the grid is deprecated and removed (a long time).

Related Objects
Search...

Status	Assigned	Task
Resolved	None	T90534 Make toolforge reliable enough (tracking)
Open	None	T283948 Eliminate single point of failure from Toolforge front proxy
Resolved	taavi	T282975 Create Kubernetes ingress for tools running on the grid engine to remove dynamicproxy
Open	None	T284558 Add toolviews support for Kubernetes ingress-nginx
Open	None	T284564 Update webservicemonitor to work without dynamicproxy
Resolved	Andrew	T317714 Include unique ip pageviews in the toolviews report