Page MenuHomePhabricator

Add egress rules for dbproxy1017 & dbproxy1021
Closed, ResolvedPublic


These are the proxies being added in front of m5-master

Event Timeline

bd808 changed the task status from Open to In Progress.Oct 27 2021, 4:36 PM
bd808 claimed this task.
bd808 triaged this task as High priority.
bd808 moved this task from Backlog to In Progress on the Toolhub board.

Change 735031 had a related patch set uploaded (by BryanDavis; author: Bryan Davis):

[operations/deployment-charts@master] toolhub: Add egress to m5-master dbproxy nodes

Change 735031 merged by jenkins-bot:

[operations/deployment-charts@master] toolhub: Add egress to m5-master dbproxy nodes

After deploying the updated helm chart, the networkpolicy for the toolhub namespace in eqiad allows port 3306 outbound to:

  • (dbproxy1017.eqiad.wmnet)
  • (dbproxy1021.eqiad.wmnet)
  • (dbproxy2004.codfw.wmnet)
  • (db1128.eqiad.wmnet)
  • (db1132.eqiad.wmnet)

Checked with kube_env toolhub eqiad; kubectl describe networkpolicies toolhub-main from deploy1002.

Thank you Bryan for fixing this so quickly!