Page MenuHomePhabricator
Create Task
Maniphest T326340

Update staging-codfw to k8s 1.23
Closed, ResolvedPublic
Actions

Description

Update staging-codfw

sudo cookbook sre.hosts.downtime -r 'Reinitialize staging-codfw with k8s 1.23' -t T326340 -H 24 'A:wikikube-staging-etcd-codfw or A:wikikube-staging-master-codfw or A:wikikube-staging-worker-codfw'

sudo cumin 'A:wikikube-staging-etcd-codfw or A:wikikube-staging-master-codfw or A:wikikube-staging-worker-codfw' "disable-puppet 'Reinitialize staging-codfw with k8s 1.23 - T326340 - ${USER}'"

Reimage etcd hosts

Change dhcp pxe config to bullseye: https://gerrit.wikimedia.org/r/c/operations/puppet/+/878047

sudo cookbook -c spicerack_config.yaml sre.ganeti.reimage --no-downtime --os bullseye kubestagetcd2001
sudo cookbook -c spicerack_config.yaml sre.ganeti.reimage --no-downtime --os bullseye kubestagetcd2002
sudo cookbook -c spicerack_config.yaml sre.ganeti.reimage --no-downtime --os bullseye kubestagetcd2003

...etcd needed a manual restart (on 2003 at least) to pick up certs.

etcd v2 and v3 healthy?
etcdctl -C https://$(hostname -f):2379 cluster-health
ETCDCTL_API=3 etcdctl --endpoints https://$(hostname -f):2379 member list

Reimage master & nodes

https://gerrit.wikimedia.org/r/877990

sudo cookbook -c spicerack_config.yaml sre.ganeti.reimage --no-downtime --os bullseye kubestagemaster2001
sudo cookbook sre.hosts.reimage --os bullseye --no-downtime kubestage2001
sudo cookbook sre.hosts.reimage --os bullseye --no-downtime kubestage2002

In-cluster components

https://gerrit.wikimedia.org/r/868389
https://gerrit.wikimedia.org/r/c/operations/deployment-charts/+/878190
https://gerrit.wikimedia.org/r/c/operations/deployment-charts/+/878184 no longer required, included in new coredns chart version

# Label master(s)
kube_env admin staging-codfw
kubectl label nodes kubestagemaster2001.codfw.wmnet node-role.kubernetes.io/master=""

helmfile -e staging-codfw -l name=rbac-rules -i apply
helmfile -e staging-codfw -l name=pod-security-policies -i apply
helmfile -e staging-codfw -l name=namespaces -i apply
helmfile -e staging-codfw -l name=calico-crds -i apply
helmfile -e staging-codfw -l name=calico -i apply
kubectl -n kube-system delete svc calico-typha # it had blocked the ip reserved for CoreDNS
helmfile -e staging-codfw -l name=coredns -i apply
helmfile -e staging-codfw -l name=calico -i apply # to get calico-typha service back, coredns should probably go before calico
helmfile -e staging-codfw -l name=istio-gateways-networkpolicies -i apply
istioctl-1.15.3 manifest apply -f /srv/deployment-charts/custom_deploy.d/istio/main/config_k8s_1.23.yaml
helmfile -e staging-codfw -l name=eventrouter -i apply
helmfile -e staging-codfw -l name=cert-manager-networkpolicies -i apply
helmfile -e staging-codfw -l name=cert-manager -i apply
helmfile -e staging-codfw -l name=cfssl-issuer-crds -i apply
helmfile -e staging-codfw -l name=cfssl-issuer -i apply
helmfile -e staging-codfw -i apply

Todos:

Alerts that where still firing

Details

SubjectRepoBranchLines +/-
admin_ng: Don't pin image version of corednsoperations/deployment-chartsmaster+0 -1
staging-codfw: Unpin eventrouter, helm-state-metrics, corednsoperations/deployment-chartsmaster+3 -0
Add istio config for main/wikikube clusters on k8s 1.23operations/deployment-chartsmaster+99 -0
cert-manager: Set leader election namespace to cert-manageroperations/deployment-chartsmaster+4 -0
staging-codfw: Update coredns to 1.8.7-1operations/deployment-chartsmaster+3 -0
k8s: Update staging-codfw to kubernetes 1.23operations/puppetproduction+47 -2
install_server: Update kubestagetcd2* to bullseyeoperations/puppetproduction+3 -0
Customize query in gerrit

Related Objects
Search...

Event Timeline

JMeybohm created this task.Jan 5 2023, 5:48 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJan 5 2023, 5:48 PM
gerritbot added a comment.Jan 10 2023, 10:42 AM

Change 877990 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/puppet@production] k8s: Update staging-codfw to kubernetes 1.23

https://gerrit.wikimedia.org/r/877990

gerritbot added a project: Patch-For-Review.Jan 10 2023, 10:42 AM
JMeybohm moved this task from Incoming 🐫 to Doing 😎 on the serviceops board.Jan 10 2023, 10:50 AM
JMeybohm updated the task description. (Show Details)
ops-monitoring-bot added a comment.Jan 10 2023, 2:07 PM

Icinga downtime and Alertmanager silence (ID=eff8a645-166c-412e-8f27-b7169d6aa830) set by jayme@cumin1001 for 1 day, 0:00:00 on 6 host(s) and their services with reason: Reinitialize staging-codfw with k8s 1.23

kubestage[2001-2002].codfw.wmnet,kubestagemaster2001.codfw.wmnet,kubestagetcd[2001-2003].codfw.wmnet
ops-monitoring-bot added a comment.Jan 10 2023, 2:28 PM

Cookbook cookbooks.sre.ganeti.reimage was started by jayme@cumin1001 for host kubestagetcd2001.codfw.wmnet with OS bullseye

ops-monitoring-bot added a comment.Jan 10 2023, 2:28 PM

Cookbook cookbooks.sre.ganeti.reimage started by jayme@cumin1001 for host kubestagetcd2001.codfw.wmnet with OS bullseye executed with errors:

  • kubestagetcd2001 (FAIL)
    • Disabled Puppet
    • Removed from Puppet and PuppetDB if present
    • Deleted any existing Puppet certificate
    • Removed from Debmonitor if present
    • The reimage failed, see the cookbook logs for the details
gerritbot added a comment.Jan 10 2023, 2:48 PM

Change 878047 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/puppet@production] install_server: Update kubestagetcd2* to bullseye

https://gerrit.wikimedia.org/r/878047

gerritbot added a comment.Jan 10 2023, 2:52 PM

Change 878047 merged by JMeybohm:

[operations/puppet@production] install_server: Update kubestagetcd2* to bullseye

https://gerrit.wikimedia.org/r/878047

gerritbot added a comment.Jan 10 2023, 5:10 PM

Change 877990 merged by JMeybohm:

[operations/puppet@production] k8s: Update staging-codfw to kubernetes 1.23

https://gerrit.wikimedia.org/r/877990

Maintenance_bot removed a project: Patch-For-Review.Jan 10 2023, 5:29 PM
gerritbot added a comment.Jan 10 2023, 7:47 PM

Change 878184 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/deployment-charts@master] staging-codfw: Update coredns to 1.8.7-1

https://gerrit.wikimedia.org/r/878184

gerritbot added a project: Patch-For-Review.Jan 10 2023, 7:47 PM
gerritbot added a comment.Jan 10 2023, 8:03 PM

Change 878184 merged by jenkins-bot:

[operations/deployment-charts@master] staging-codfw: Update coredns to 1.8.7-1

https://gerrit.wikimedia.org/r/878184

gerritbot added a comment.Jan 10 2023, 8:16 PM

Change 878190 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/deployment-charts@master] Add istio config for main/wikikube clusters on k8s 1.23

https://gerrit.wikimedia.org/r/878190

gerritbot added a comment.Jan 11 2023, 7:58 AM

Change 878752 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/deployment-charts@master] cert-manager: Set leader election namespace to cert-manager

https://gerrit.wikimedia.org/r/878752

JMeybohm updated the task description. (Show Details)Jan 11 2023, 8:10 AM
JMeybohm updated the task description. (Show Details)
JMeybohm added a subscriber: elukey.
gerritbot added a comment.Jan 11 2023, 11:09 AM

Change 878752 abandoned by JMeybohm:

[operations/deployment-charts@master] cert-manager: Set leader election namespace to cert-manager

Reason:

https://gerrit.wikimedia.org/r/878752

gerritbot added a comment.Jan 11 2023, 4:47 PM

Change 878190 merged by jenkins-bot:

[operations/deployment-charts@master] Add istio config for main/wikikube clusters on k8s 1.23

https://gerrit.wikimedia.org/r/878190

gerritbot added a comment.Jan 11 2023, 5:30 PM

Change 879063 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/deployment-charts@master] staging-codfw: Unpin eventrouter, helm-state-metrics, coredns

https://gerrit.wikimedia.org/r/879063

gerritbot added a comment.Jan 11 2023, 5:42 PM

Change 879063 merged by jenkins-bot:

[operations/deployment-charts@master] staging-codfw: Unpin eventrouter, helm-state-metrics, coredns

https://gerrit.wikimedia.org/r/879063

gerritbot added a comment.Jan 11 2023, 6:07 PM

Change 879112 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/deployment-charts@master] admin_ng: Don't pin image version of coredns

https://gerrit.wikimedia.org/r/879112

gerritbot added a comment.Jan 11 2023, 6:26 PM

Change 879112 merged by jenkins-bot:

[operations/deployment-charts@master] admin_ng: Don't pin image version of coredns

https://gerrit.wikimedia.org/r/879112

JMeybohm updated the task description. (Show Details)Jan 11 2023, 6:36 PM
JMeybohm updated the task description. (Show Details)
JMeybohm updated the task description. (Show Details)Jan 12 2023, 12:28 PM
JMeybohm updated the task description. (Show Details)Jan 12 2023, 4:11 PM
JMeybohm updated the task description. (Show Details)Jan 13 2023, 10:33 AM
JMeybohm updated the task description. (Show Details)Jan 13 2023, 10:40 AM
JMeybohm updated the task description. (Show Details)Jan 23 2023, 1:28 PM
Maintenance_bot removed a project: Patch-For-Review.Jan 23 2023, 1:30 PM
JMeybohm mentioned this in T307943: Update Kubernetes clusters to v1.23.Jan 23 2023, 3:52 PM
JMeybohm mentioned this in T327664: Update staging-eqiad to k8s 1.23.
elukey mentioned this in T327767: Upgrade the ml-staging-codfw cluster to k8s 1.23.Jan 24 2023, 11:15 AM
BTullis subscribed.Jan 24 2023, 5:18 PM
bking subscribed.Jan 24 2023, 5:19 PM
JMeybohm added a subtask: T327799: Datahub errors in staging-codfw.Jan 24 2023, 5:54 PM
JMeybohm added a subtask: T327786: Update toolhub helm chart to use the mcrouter helm chart module.Jan 24 2023, 6:07 PM
Jelto subscribed.Jan 25 2023, 2:13 PM
BTullis closed subtask T327799: Datahub errors in staging-codfw as Resolved.Jan 27 2023, 1:56 PM
JMeybohm closed this task as Resolved.Jan 30 2023, 2:08 PM
JMeybohm updated the task description. (Show Details)

Moved the rest of the open action items to T328291: Post Kubernetes v1.23 cleanup.
The "failed to update managedFields" I've not seen again. This seems to happen only once during the initial join of the node.

CDanis subscribed.Jan 31 2023, 4:29 PM
CDanis mentioned this in T329633: Upgrade the aux-eqiad cluster to k8s 1.23.Feb 14 2023, 3:23 PM
JMeybohm mentioned this in T329664: Update wikikube codfw to k8s 1.23.Feb 14 2023, 6:31 PM
JMeybohm updated the task description. (Show Details)Feb 17 2023, 12:48 PM
akosiaris mentioned this in T331126: Update wikikube eqiad to k8s 1.23.Mar 3 2023, 1:33 PM
JMeybohm mentioned this in T313871: kubernetes202[34] implementation tracking.Mar 3 2023, 1:53 PM
JMeybohm removed a subtask: T327786: Update toolhub helm chart to use the mcrouter helm chart module.Mar 7 2023, 10:24 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL