Page MenuHomePhabricator
Create Task
Maniphest T308418

Add missing failure domain labels to ml-serve-* clusters
Closed, ResolvedPublic
Actions

Description

In the parent task it was discussed that the ml-serve clusters should have labels like:

failure-domain.beta.kubernetes.io/region: {eqiad,codfw}
failure-domain.beta.kubernetes.io/zone: row-{a,b,c,d,e1,e2,....}

The zone will be mixed between "old" per-row redundancy scheme (row-{a,b,c,d}) and new per-rack scheme of row E/F (row-{e1,e2,e3,..,f1,f2..}). Since we cannot add the labels via puppet, because in k8s 1.16 node labels can be added only upon the first run of the Kubelet, we'll have to add them manually and possibly add a comment in puppet to remember to properly add them when we'll migrate to the new k8s version (the labels are deprecated in the new version so we'll need something new of course).

Details

SubjectRepoBranchLines +/-
role::ml_k8s::master: remove node labels for kubeletoperations/puppetproduction+0 -2
Add kubelet labels used in ml-serve clustersoperations/puppetproduction+50 -0
Allow BGP from calico pods running on master nodes on ml-serve-eqiadoperations/deployment-chartsmaster+4 -4
Reduce the scope of Calico's global BGP Peers for ml-serve-eqiadoperations/deployment-chartsmaster+4 -0
Customize query in gerrit

Related Objects
Search...

Event Timeline

elukey created this task.May 16 2022, 7:57 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMay 16 2022, 7:57 AM
elukey added a comment.May 16 2022, 8:05 AM
root@deploy1002:~# kubectl label nodes ml-serve1001.eqiad.wmnet failure-domain.beta.kubernetes.io/region=eqiad
node/ml-serve1001.eqiad.wmnet labeled
root@deploy1002:~# kubectl label nodes ml-serve1002.eqiad.wmnet failure-domain.beta.kubernetes.io/region=eqiad
node/ml-serve1002.eqiad.wmnet labeled
root@deploy1002:~# kubectl label nodes ml-serve1003.eqiad.wmnet failure-domain.beta.kubernetes.io/region=eqiad
node/ml-serve1003.eqiad.wmnet labeled
root@deploy1002:~# kubectl label nodes ml-serve1004.eqiad.wmnet failure-domain.beta.kubernetes.io/region=eqiad
node/ml-serve1004.eqiad.wmnet labeled
root@deploy1002:~# kubectl label nodes ml-serve1005.eqiad.wmnet failure-domain.beta.kubernetes.io/region=eqiad
node/ml-serve1005.eqiad.wmnet labeled
root@deploy1002:~# kubectl label nodes ml-serve1006.eqiad.wmnet failure-domain.beta.kubernetes.io/region=eqiad
node/ml-serve1006.eqiad.wmnet labeled
root@deploy1002:~# kubectl label nodes ml-serve1007.eqiad.wmnet failure-domain.beta.kubernetes.io/region=eqiad
node/ml-serve1007.eqiad.wmnet labeled
root@deploy1002:~# kubectl label nodes ml-serve1008.eqiad.wmnet failure-domain.beta.kubernetes.io/region=eqiad
node/ml-serve1008.eqiad.wmnet labeled

root@deploy1002:~# kubectl label nodes ml-serve1001.eqiad.wmnet failure-domain.beta.kubernetes.io/zone=row-a
node/ml-serve1001.eqiad.wmnet labeled
root@deploy1002:~# kubectl label nodes ml-serve1002.eqiad.wmnet failure-domain.beta.kubernetes.io/zone=row-b
node/ml-serve1002.eqiad.wmnet labeled
root@deploy1002:~# kubectl label nodes ml-serve1003.eqiad.wmnet failure-domain.beta.kubernetes.io/zone=row-c
node/ml-serve1003.eqiad.wmnet labeled
root@deploy1002:~# kubectl label nodes ml-serve1004.eqiad.wmnet failure-domain.beta.kubernetes.io/zone=row-d
node/ml-serve1004.eqiad.wmnet labeled
root@deploy1002:~# kubectl label nodes ml-serve1005.eqiad.wmnet failure-domain.beta.kubernetes.io/zone=row-e2
node/ml-serve1005.eqiad.wmnet labeled
root@deploy1002:~# kubectl label nodes ml-serve1006.eqiad.wmnet failure-domain.beta.kubernetes.io/zone=row-e3
node/ml-serve1006.eqiad.wmnet labeled
root@deploy1002:~# kubectl label nodes ml-serve1007.eqiad.wmnet failure-domain.beta.kubernetes.io/zone=row-f2
node/ml-serve1007.eqiad.wmnet labeled
root@deploy1002:~# kubectl label nodes ml-serve1008.eqiad.wmnet failure-domain.beta.kubernetes.io/zone=row-f3
node/ml-serve1008.eqiad.wmnet labeled

Haven't added anything to Ganeti nodes since it needs to be discussed in the parent task first. Codfw is missing too but we can do it as soon as we have a final/good/tested setup in ml-serve-eqiad in my opinion.

elukey mentioned this in T306649: Agree strategy for Kubernetes BGP peering to top-of-rack switches.May 16 2022, 11:40 AM
gerritbot added a comment.May 16 2022, 3:53 PM

Change 792232 had a related patch set uploaded (by Elukey; author: Elukey):

[operations/deployment-charts@master] Reduce the scope of Calico's global BGP Peers for ml-serve-eqiad

https://gerrit.wikimedia.org/r/792232

gerritbot added a project: Patch-For-Review.May 16 2022, 3:53 PM
gerritbot added a comment.May 17 2022, 12:58 PM

Change 792232 merged by Elukey:

[operations/deployment-charts@master] Reduce the scope of Calico's global BGP Peers for ml-serve-eqiad

https://gerrit.wikimedia.org/r/792232

gerritbot added a comment.May 17 2022, 1:10 PM

Change 792611 had a related patch set uploaded (by Elukey; author: Elukey):

[operations/deployment-charts@master] Allow BGP from calico pods running on master nodes on ml-serve-eqiad

https://gerrit.wikimedia.org/r/792611

gerritbot added a comment.May 17 2022, 1:46 PM

Change 792611 merged by Elukey:

[operations/deployment-charts@master] Allow BGP from calico pods running on master nodes on ml-serve-eqiad

https://gerrit.wikimedia.org/r/792611

elukey moved this task from Unsorted to Active Tasks on the Machine-Learning-Team board.May 17 2022, 2:11 PM
elukey edited projects, added Machine-Learning-Team (Active Tasks); removed Machine-Learning-Team.
elukey claimed this task.May 17 2022, 2:18 PM
elukey moved this task from Parked to In Progress on the Machine-Learning-Team (Active Tasks) board.
Maintenance_bot removed a project: Patch-For-Review.May 17 2022, 2:30 PM
elukey added a comment.May 18 2022, 7:23 AM
root@deploy1002:~# kubectl label nodes ml-serve2001.codfw.wmnet failure-domain.beta.kubernetes.io/region=codfw
node/ml-serve2001.codfw.wmnet labeled
root@deploy1002:~# kubectl label nodes ml-serve2002.codfw.wmnet failure-domain.beta.kubernetes.io/region=codfw
node/ml-serve2002.codfw.wmnet labeled
root@deploy1002:~# kubectl label nodes ml-serve2003.codfw.wmnet failure-domain.beta.kubernetes.io/region=codfw
node/ml-serve2003.codfw.wmnet labeled
root@deploy1002:~# kubectl label nodes ml-serve2004.codfw.wmnet failure-domain.beta.kubernetes.io/region=codfw
node/ml-serve2004.codfw.wmnet labeled
root@deploy1002:~# kubectl label nodes ml-serve2005.codfw.wmnet failure-domain.beta.kubernetes.io/region=codfw
node/ml-serve2005.codfw.wmnet labeled
root@deploy1002:~# kubectl label nodes ml-serve2006.codfw.wmnet failure-domain.beta.kubernetes.io/region=codfw
node/ml-serve2006.codfw.wmnet labeled
root@deploy1002:~# kubectl label nodes ml-serve2007.codfw.wmnet failure-domain.beta.kubernetes.io/region=codfw
node/ml-serve2007.codfw.wmnet labeled
root@deploy1002:~# kubectl label nodes ml-serve2008.codfw.wmnet failure-domain.beta.kubernetes.io/region=codfw
node/ml-serve2008.codfw.wmnet labeled

root@deploy1002:~# kubectl label nodes ml-serve2001.codfw.wmnet failure-domain.beta.kubernetes.io/zone=row-a
node/ml-serve2001.codfw.wmnet labeled
root@deploy1002:~# kubectl label nodes ml-serve2002.codfw.wmnet failure-domain.beta.kubernetes.io/zone=row-b
node/ml-serve2002.codfw.wmnet labeled
root@deploy1002:~# kubectl label nodes ml-serve2003.codfw.wmnet failure-domain.beta.kubernetes.io/zone=row-c
node/ml-serve2003.codfw.wmnet labeled
root@deploy1002:~# kubectl label nodes ml-serve2004.codfw.wmnet failure-domain.beta.kubernetes.io/zone=row-d
node/ml-serve2004.codfw.wmnet labeled
root@deploy1002:~# kubectl label nodes ml-serve2005.codfw.wmnet failure-domain.beta.kubernetes.io/zone=row-a
node/ml-serve2005.codfw.wmnet labeled
root@deploy1002:~# kubectl label nodes ml-serve2006.codfw.wmnet failure-domain.beta.kubernetes.io/zone=row-b
node/ml-serve2006.codfw.wmnet labeled
root@deploy1002:~# kubectl label nodes ml-serve2006.codfw.wmnet failure-domain.beta.kubernetes.io/zone=row-b
node/ml-serve2001.codfw.wmnet labeled
root@deploy1002:~# kubectl label nodes ml-serve2007.codfw.wmnet failure-domain.beta.kubernetes.io/zone=row-c
node/ml-serve2007.codfw.wmnet labeled
root@deploy1002:~# kubectl label nodes ml-serve2008.codfw.wmnet failure-domain.beta.kubernetes.io/zone=row-d
node/ml-serve2008.codfw.wmnet labeled
elukey added a comment.May 18 2022, 7:35 AM
root@deploy1002:~# kubectl label nodes ml-serve-ctrl2001.codfw.wmnet node-role.kubernetes.io/master=""
node/ml-serve-ctrl2001.codfw.wmnet labeled
root@deploy1002:~# kubectl label nodes ml-serve-ctrl2002.codfw.wmnet node-role.kubernetes.io/master=""
node/ml-serve-ctrl2002.codfw.wmnet labeled
gerritbot added a comment.May 18 2022, 7:38 AM

Change 792970 had a related patch set uploaded (by Elukey; author: Elukey):

[operations/puppet@production] Add comments related to kubelet labels used in ml-serve clusters

https://gerrit.wikimedia.org/r/792970

gerritbot added a project: Patch-For-Review.May 18 2022, 7:38 AM
gerritbot added a comment.May 18 2022, 1:47 PM

Change 792970 merged by Elukey:

[operations/puppet@production] Add kubelet labels used in ml-serve clusters

https://gerrit.wikimedia.org/r/792970

gerritbot added a comment.May 18 2022, 2:03 PM

Change 793059 had a related patch set uploaded (by Elukey; author: Elukey):

[operations/puppet@production] role::ml_k8s::master: remove node labels for kubelet

https://gerrit.wikimedia.org/r/793059

gerritbot added a comment.May 18 2022, 2:05 PM

Change 793059 merged by Elukey:

[operations/puppet@production] role::ml_k8s::master: remove node labels for kubelet

https://gerrit.wikimedia.org/r/793059

elukey closed this task as Resolved.May 18 2022, 2:08 PM
Maintenance_bot removed a project: Patch-For-Review.May 18 2022, 2:30 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL