Page MenuHomePhabricator
Create Task
Maniphest T302195

Create the ml-serve-staging k8s cluster
Closed, ResolvedPublic
Actions

Description

In T294946 DCops racked and configured ml-staging200[12] nodes. We should do the following:

  1. Reimage both nodes as Bullseye (with overlay partitions etc..)
  2. Create ml-serve-staging-etcd200[1-3] VMs and the related etcd cluster
  3. Create ml-serve-staging-ctrl200[1-2] VMs (control plane nodes)
  4. Allocate network resources.
  5. Bootstrap the ml-serve-staging k8s cluster
  6. Add the inference-staging.svc.codfw.wmnet endpoint (or a discovery one, if it makes sense, maybe yes for consistency).

The above plan is very high level, it will require surely more work. More details in https://wikitech.wikimedia.org/wiki/Kubernetes/Clusters/New

Details

SubjectRepoBranchLines +/-
ml-services: add some more revscoring services to stagingoperations/deployment-chartsmaster+36 -0
ml-services: add single draftquality inference service to stagingoperations/deployment-chartsmaster+9 -0
role::ml_k8s::worker::staging: add calico-cni configoperations/puppetproduction+29 -0
ml-staging: Add inference services for testingoperations/deployment-chartsmaster+13 -0
Add ml-staging-codfw among the helmfile envs to testoperations/deployment-chartsmaster+1 -1
pki: Add ML staging k8s to list of CAsoperations/puppetproduction+2 -1
Add dummy secrets for ML staging k8s CAlabs/privatemaster+3 -0
net: Add network config setup for ML staging k8soperations/puppetproduction+15 -0
hiera: Switch ML staging inference endpoint to lvs_setupoperations/puppetproduction+3 -1
service::catalog: Add inference-staging serviceoperations/puppetproduction+32 -1
Add inference-staging service IP (10.2.1.58)operations/dnsmaster+4 -0
ml-staging-codfw: Add override for cert namesoperations/deployment-chartsmaster+5 -0
role::prometheus: enable settings for k8s ml-stagingoperations/puppetproduction+6 -7
profile::kubernetes: remove ml-staging specific bitslabs/privatemaster+0 -54
admin_ng: set cfssl-issuer's values for ml-serve clustersoperations/deployment-chartsmaster+10 -5
role::pki::multirootca: add settings for the ml-staging clusteroperations/puppetproduction+12 -0
Set cluster group to ml-serve for ml-staging control plane nodesoperations/puppetproduction+1 -1
Move the ml-staging cluster under ml-serve's definitionoperations/puppetproduction+0 -1
admin_ng: Add config for ML staging k8s in codfwoperations/deployment-chartsmaster+71 -0
hiera: Switch ML staging control plane to lvs_setupoperations/puppetproduction+1 -1
Add service IP for ML staging k8s ctrl planeoperations/dnsmaster+1 -0
hiera: Add ML staging k8s ctrl node configoperations/puppetproduction+238 -1
hiera/modules: Add config for ML staging k8s workersoperations/puppetproduction+84 -1
hiera: Add ML staging k8s roleoperations/puppetproduction+159 -1
labs: Add dummy keyfile for ML staging k8s in codfwlabs/privatemaster+0 -0
hiera: Add k8s dummy tokens for ML staging envlabs/privatemaster+52 -0
Show related patches Customize query in gerrit

Related Objects
Search...

Event Timeline

elukey created this task.Feb 21 2022, 8:54 AM
elukey added a comment.Feb 21 2022, 10:55 AM

ml-staging200x nodes reimaged with bullseye!

elukey assigned this task to klausman.Mar 2 2022, 8:22 AM
elukey triaged this task as Medium priority.
klausman added a subtask: T302504: New control plane VMs for ML staging cluster in codfw.Mar 2 2022, 10:18 AM
klausman closed subtask T302504: New control plane VMs for ML staging cluster in codfw as Resolved.Mar 2 2022, 11:19 AM
klausman closed subtask T302198: Create ml-serve-staging k8s's control plane VMs as Resolved.
klausman closed subtask T302197: Create etcd cluster for ml-serve-staging k8s as Resolved.Mar 15 2022, 5:54 PM
gerritbot added a comment.Mar 21 2022, 3:03 PM

Change 772417 had a related patch set uploaded (by Klausman; author: Klausman):

[operations/puppet@production] hiera: Add ML staging k8s ctrl node config

https://gerrit.wikimedia.org/r/772417

gerritbot added a project: Patch-For-Review.Mar 21 2022, 3:03 PM
gerritbot added a comment.Mar 22 2022, 3:26 PM

Change 772866 had a related patch set uploaded (by Klausman; author: Klausman):

[labs/private@master] hiera: Add k8s dummy tokens for ML staging env

https://gerrit.wikimedia.org/r/772866

gerritbot added a comment.Mar 22 2022, 3:29 PM

Change 772866 merged by Klausman:

[labs/private@master] hiera: Add k8s dummy tokens for ML staging env

https://gerrit.wikimedia.org/r/772866

klausman mentioned this in rLPRIbd2fb2724109: hiera: Add k8s dummy tokens for ML staging env.Mar 22 2022, 3:51 PM
gerritbot added a comment.Mar 22 2022, 4:05 PM

Change 772871 had a related patch set uploaded (by Klausman; author: Klausman):

[labs/private@master] labs: Add dummy keyfile for ML staging k8s in codfw

https://gerrit.wikimedia.org/r/772871

gerritbot added a comment.Mar 22 2022, 4:06 PM

Change 772871 merged by Klausman:

[labs/private@master] labs: Add dummy keyfile for ML staging k8s in codfw

https://gerrit.wikimedia.org/r/772871

klausman mentioned this in rLPRI899d25e97d8d: labs: Add dummy keyfile for ML staging k8s in codfw.Mar 22 2022, 4:06 PM
gerritbot added a comment.Mar 28 2022, 2:33 PM

Change 774488 had a related patch set uploaded (by Klausman; author: Klausman):

[operations/puppet@production] hiera: Add ML staging k8s role

https://gerrit.wikimedia.org/r/774488

gerritbot added a comment.Mar 31 2022, 10:11 AM

Change 774488 merged by Klausman:

[operations/puppet@production] hiera: Add ML staging k8s role

https://gerrit.wikimedia.org/r/774488

gerritbot added a comment.Mar 31 2022, 1:36 PM

Change 775860 had a related patch set uploaded (by Klausman; author: Klausman):

[operations/puppet@production] hiera/modules: Add config for ML staging k8s workers

https://gerrit.wikimedia.org/r/775860

gerritbot added a comment.Mar 31 2022, 1:52 PM

Change 775860 merged by Klausman:

[operations/puppet@production] hiera/modules: Add config for ML staging k8s workers

https://gerrit.wikimedia.org/r/775860

gerritbot added a comment.Mar 31 2022, 3:44 PM

Change 772417 abandoned by Klausman:

[operations/puppet@production] hiera: Add ML staging k8s ctrl node config

Reason:

All covered in smaller CLs

https://gerrit.wikimedia.org/r/772417

Maintenance_bot removed a project: Patch-For-Review.Mar 31 2022, 4:11 PM
elukey moved this task from Parked to In Progress on the Machine-Learning-Team (Active Tasks) board.Apr 26 2022, 7:34 AM
gerritbot added a comment.Apr 26 2022, 2:04 PM

Change 786319 had a related patch set uploaded (by Klausman; author: Klausman):

[operations/puppet@production] Switch ML staging control plane to lvs_setup

https://gerrit.wikimedia.org/r/786319

gerritbot added a project: Patch-For-Review.Apr 26 2022, 2:04 PM
gerritbot added a comment.Apr 26 2022, 2:20 PM

Change 786320 had a related patch set uploaded (by Klausman; author: Klausman):

[operations/dns@master] Add service IP for ML staging k8s ctrl plane

https://gerrit.wikimedia.org/r/786320

gerritbot added a comment.Apr 26 2022, 2:22 PM

Change 786320 merged by Klausman:

[operations/dns@master] Add service IP for ML staging k8s ctrl plane

https://gerrit.wikimedia.org/r/786320

gerritbot added a comment.Apr 26 2022, 3:09 PM

Change 786319 merged by Klausman:

[operations/puppet@production] hiera: Switch ML staging control plane to lvs_setup

https://gerrit.wikimedia.org/r/786319

gerritbot added a comment.Apr 27 2022, 7:59 AM

Change 786808 had a related patch set uploaded (by Klausman; author: Klausman):

[operations/deployment-charts@master] admin_ng: Add config for ML staging k8s in codfw

https://gerrit.wikimedia.org/r/786808

gerritbot added a comment.Apr 27 2022, 1:57 PM

Change 786808 merged by jenkins-bot:

[operations/deployment-charts@master] admin_ng: Add config for ML staging k8s in codfw

https://gerrit.wikimedia.org/r/786808

Stashbot added a comment.May 31 2022, 7:27 AM

Mentioned in SAL (#wikimedia-operations) [2022-05-31T07:27:39Z] <elukey> add profile k8s_mlstaging + authkey for ml-staging k8s - T302195

gerritbot added a comment.May 31 2022, 11:44 AM

Change 801662 had a related patch set uploaded (by Elukey; author: Elukey):

[operations/puppet@production] Move the ml-staging cluster under ml-serve's definition

https://gerrit.wikimedia.org/r/801662

gerritbot added a comment.May 31 2022, 12:38 PM

Change 801662 merged by Elukey:

[operations/puppet@production] Move the ml-staging cluster under ml-serve's definition

https://gerrit.wikimedia.org/r/801662

gerritbot added a comment.May 31 2022, 3:41 PM

Change 801742 had a related patch set uploaded (by Elukey; author: Elukey):

[operations/puppet@production] Set cluster group to ml-serve for ml-staging control plane nodes

https://gerrit.wikimedia.org/r/801742

gerritbot added a comment.May 31 2022, 3:43 PM

Change 801742 merged by Elukey:

[operations/puppet@production] Set cluster group to ml-serve for ml-staging control plane nodes

https://gerrit.wikimedia.org/r/801742

gerritbot added a comment.May 31 2022, 3:55 PM

Change 801744 had a related patch set uploaded (by Elukey; author: Elukey):

[operations/puppet@production] role::pki::multirootca: add settings for the ml-staging cluster

https://gerrit.wikimedia.org/r/801744

gerritbot added a comment.May 31 2022, 3:58 PM

Change 801766 had a related patch set uploaded (by Elukey; author: Elukey):

[operations/deployment-charts@master] admin_ng: set cfssl-issuer's values for ml-serve clusters

https://gerrit.wikimedia.org/r/801766

gerritbot added a comment.Jun 1 2022, 1:11 PM

Change 801744 merged by Elukey:

[operations/puppet@production] role::pki::multirootca: add settings for the ml-staging cluster

https://gerrit.wikimedia.org/r/801744

gerritbot added a comment.Jun 1 2022, 1:16 PM

Change 801766 merged by Elukey:

[operations/deployment-charts@master] admin_ng: set cfssl-issuer's values for ml-serve clusters

https://gerrit.wikimedia.org/r/801766

gerritbot added a comment.Jun 1 2022, 3:45 PM

Change 802159 had a related patch set uploaded (by Elukey; author: Elukey):

[labs/private@master] profile::kubernetes: remove ml-staging specific bits

https://gerrit.wikimedia.org/r/802159

elukey added a comment.Jun 1 2022, 4:06 PM

We moved the ml-staging configs under the ml-serve umbrella, since the staging cluster will be used to test serving things mostly.

elukey@deploy1002:~$ ls /etc/helmfile-defaults/private/ml-serve_services/cfssl-issuer/
ml-serve-codfw.yaml  ml-serve-eqiad.yaml  ml-staging-codfw.yaml

helmfile specific configs are now populated as well.

elukey added a comment.Jun 1 2022, 4:08 PM

Next steps:

gerritbot added a comment.Jun 1 2022, 4:14 PM

Change 802159 merged by Elukey:

[labs/private@master] profile::kubernetes: remove ml-staging specific bits

https://gerrit.wikimedia.org/r/802159

elukey mentioned this in rLPRI12e7c00f2a31: profile::kubernetes: remove ml-staging specific bits.Jun 1 2022, 4:30 PM
gerritbot added a comment.Jun 6 2022, 2:31 PM

Change 803295 had a related patch set uploaded (by Elukey; author: Elukey):

[operations/puppet@production] role::prometheus: enable settings for k8s ml-staging

https://gerrit.wikimedia.org/r/803295

gerritbot added a comment.Jun 6 2022, 3:02 PM

Change 803295 merged by Elukey:

[operations/puppet@production] role::prometheus: enable settings for k8s ml-staging

https://gerrit.wikimedia.org/r/803295

elukey added a comment.Jun 6 2022, 3:06 PM

Completed the basic networking work (calico, eventrouter, coredns) + BGP config.

Next step: https://wikitech.wikimedia.org/wiki/Kubernetes/Clusters/New#Istio

Some notes:

  1. We should create an LVS endpoint called inference-staging.svc.codfw.wmnet to support this cluster
  2. Let's pay attention to what we have to configure for cert-manager to issue the above certificate. With the standard ml-serve settings I am afraid that it will try to retrieve the inference.svc TLS cert from cfssl, that is probably not what we want. We should check what the serviceops team did and try to follow it.
klausman added a comment.Jun 13 2022, 11:21 AM

Istio config and (most of) the cert-manager config have been applied. For cert-manager, I need to sync up with Luca regarding part of said config referring to the ml-serve endpoints.

gerritbot added a comment.Jun 13 2022, 1:43 PM

Change 805127 had a related patch set uploaded (by Klausman; author: Klausman):

[operations/deployment-charts@master] ml-staging-codfw: Add override for cert names

https://gerrit.wikimedia.org/r/805127

gerritbot added a comment.Jun 13 2022, 1:58 PM

Change 805127 merged by jenkins-bot:

[operations/deployment-charts@master] ml-staging-codfw: Add override for cert names

https://gerrit.wikimedia.org/r/805127

gerritbot added a comment.Jun 13 2022, 2:39 PM

Change 805135 had a related patch set uploaded (by Klausman; author: Klausman):

[operations/dns@master] Add inference-staging service IP (10.2.1.58)

https://gerrit.wikimedia.org/r/805135

gerritbot added a comment.Jun 14 2022, 9:21 AM

Change 805135 merged by Klausman:

[operations/dns@master] Add inference-staging service IP (10.2.1.58)

https://gerrit.wikimedia.org/r/805135

gerritbot added a comment.Jun 14 2022, 9:38 AM

Change 805329 had a related patch set uploaded (by Klausman; author: Klausman):

[operations/puppet@production] service::catalog: Add inference-staging service

https://gerrit.wikimedia.org/r/805329

gerritbot added a comment.Jun 21 2022, 9:44 AM

Change 805329 merged by Elukey:

[operations/puppet@production] service::catalog: Add inference-staging service

https://gerrit.wikimedia.org/r/805329

gerritbot added a comment.Jun 21 2022, 11:10 AM

Change 807096 had a related patch set uploaded (by Klausman; author: Klausman):

[operations/puppet@production] net: Add network config setup for ML staging k8s

https://gerrit.wikimedia.org/r/807096

gerritbot added a comment.Jun 21 2022, 1:54 PM

Change 807133 had a related patch set uploaded (by Klausman; author: Klausman):

[operations/puppet@production] hiera: Switch ML staging inference endpoint to lvs_setup

https://gerrit.wikimedia.org/r/807133

gerritbot added a comment.Jun 21 2022, 3:17 PM

Change 807133 merged by Klausman:

[operations/puppet@production] hiera: Switch ML staging inference endpoint to lvs_setup

https://gerrit.wikimedia.org/r/807133

gerritbot added a comment.Jun 22 2022, 10:29 AM

Change 807096 merged by Klausman:

[operations/puppet@production] net: Add network config setup for ML staging k8s

https://gerrit.wikimedia.org/r/807096

gerritbot added a comment.Jun 22 2022, 10:30 AM

Change 807502 had a related patch set uploaded (by Klausman; author: Klausman):

[operations/puppet@production] pki: Add ML staging k8s to list of CAs

https://gerrit.wikimedia.org/r/807502

gerritbot added a comment.Jun 22 2022, 11:49 AM

Change 807520 had a related patch set uploaded (by Klausman; author: Klausman):

[labs/private@master] Add dummy secrets for ML staging k8s CA

https://gerrit.wikimedia.org/r/807520

gerritbot added a comment.Jun 22 2022, 11:50 AM

Change 807520 merged by Klausman:

[labs/private@master] Add dummy secrets for ML staging k8s CA

https://gerrit.wikimedia.org/r/807520

klausman mentioned this in rLPRI45bed6f9e285: Add dummy secrets for ML staging k8s CA.Jun 22 2022, 12:28 PM
gerritbot added a comment.Jun 22 2022, 1:06 PM

Change 807502 merged by Klausman:

[operations/puppet@production] pki: Add ML staging k8s to list of CAs

https://gerrit.wikimedia.org/r/807502

klausman added a comment.EditedJun 22 2022, 1:25 PM

Add'l things done:

  • Firewall rules so Staging k8s can talk to the WMF PKI machines
  • PKI setup so the new cluster can be its own CA
  • Deployed knative
  • Deployed kserve

Still needs to be done:

  • Prometheus
  • Deploy a model and test if it works
klausman added a comment.Jun 23 2022, 2:56 PM

Prometheus is now correctly set up with its own volumes (we hadn't done that yet), and I managed to save the old data.

gerritbot added a comment.Jun 28 2022, 12:11 PM

Change 809146 had a related patch set uploaded (by Klausman; author: Klausman):

[operations/deployment-charts@master] ml-staging: Add inference services for testing

https://gerrit.wikimedia.org/r/809146

gerritbot added a comment.Jun 28 2022, 12:30 PM

Change 809149 had a related patch set uploaded (by Elukey; author: Elukey):

[operations/deployment-charts@master] Add ml-staging-codfw among the helmfile envs to test

https://gerrit.wikimedia.org/r/809149

gerritbot added a comment.Jun 28 2022, 2:03 PM

Change 809149 merged by Elukey:

[operations/deployment-charts@master] Add ml-staging-codfw among the helmfile envs to test

https://gerrit.wikimedia.org/r/809149

gerritbot added a comment.Jun 28 2022, 4:06 PM

Change 809146 merged by Klausman:

[operations/deployment-charts@master] ml-staging: Add inference services for testing

https://gerrit.wikimedia.org/r/809146

gerritbot added a comment.Jun 29 2022, 8:13 AM

Change 809534 had a related patch set uploaded (by Elukey; author: Elukey):

[operations/puppet@production] role::ml_k8s::worker::staging: add calico-cni config

https://gerrit.wikimedia.org/r/809534

gerritbot added a comment.Jun 29 2022, 8:15 AM

Change 809534 merged by Elukey:

[operations/puppet@production] role::ml_k8s::worker::staging: add calico-cni config

https://gerrit.wikimedia.org/r/809534

elukey added a comment.Jul 5 2022, 8:48 AM

articlequality pods up and running! The swift credentials are working as expected.

Next steps: add some editquality etc.. pods as well.

elukey added a comment.Jul 5 2022, 8:54 AM
elukey@ml-serve-ctrl1001:~$ curl "https://inference-staging.svc.codfw.wmnet:30443/v1/models/enwiki-articlequality:predict" -X POST -d @input.json -i -H "Host: enwiki-articlequality.revscoring-articlequality.wikimedia.org" --http1.1
HTTP/1.1 200 OK
content-length: 225
content-type: application/json; charset=UTF-8
date: Tue, 05 Jul 2022 08:53:20 GMT
server: istio-envoy
x-envoy-upstream-service-time: 317

{"predictions": {"prediction": "Stub", "probability": {"B": 0.017382693143129683, "C": 0.011305576384229396, "FA": 0.002078191955918339, "GA": 0.0029161293780774434, "Start": 0.05709479871741571, "Stub": 0.9092226104212294}}}
gerritbot added a comment.Jul 5 2022, 1:08 PM

Change 811304 had a related patch set uploaded (by Klausman; author: Klausman):

[operations/deployment-charts@master] ml-services: add single draftquality inference service to staging

https://gerrit.wikimedia.org/r/811304

gerritbot added a comment.Jul 5 2022, 1:33 PM

Change 811304 merged by jenkins-bot:

[operations/deployment-charts@master] ml-services: add single draftquality inference service to staging

https://gerrit.wikimedia.org/r/811304

klausman added a comment.Jul 5 2022, 1:37 PM

Now also running draftquality for enwiki:

ml-serve-ctrl1001 ~ $ curl "https://inference-staging.svc.codfw.wmnet:30443/v1/models/enwiki-draftquality:predict" -X POST -d @input.json -i -H "Host: enwiki-draftquality.revscoring-draftquality.wikimedia.org" --http1.1;echo
HTTP/1.1 200 OK
content-length: 174
content-type: application/json; charset=UTF-8
date: Tue, 05 Jul 2022 13:37:02 GMT
server: istio-envoy
x-envoy-upstream-service-time: 230

{"predictions": {"prediction": "OK", "probability": {"OK": 0.6755321636163237, "attack": 0.048572863418591725, "spam": 0.13317597668241205, "vandalism": 0.1427189962826724}}}
ml-serve-ctrl1001 ~ $
gerritbot added a comment.Jul 5 2022, 1:46 PM

Change 811313 had a related patch set uploaded (by Klausman; author: Klausman):

[operations/deployment-charts@master] ml-services: add some more revscoring services to staging

https://gerrit.wikimedia.org/r/811313

gerritbot added a comment.Jul 7 2022, 9:31 AM

Change 811313 merged by Klausman:

[operations/deployment-charts@master] ml-services: add some more revscoring services to staging

https://gerrit.wikimedia.org/r/811313

calbon closed this task as Resolved.Jul 19 2022, 2:36 PM
calbon moved this task from In Progress to Completed on the Machine-Learning-Team (Active Tasks) board.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL