Toolforge: improve local kubernetes development setup
Open, In Progress, MediumPublic
Actions

Assigned To

None

Authored By

	aborrero
	Jan 12 2023, 10:52 AM

Description

When developing software for Toolforge, we've detected a few problems related to how we usually set up the local kubernetes environment. Example problem T325755: Bug: jobs-framework-api job run fails silently on local development environment. The goal of this ticket is to capture/describe the problem and potential solutions.

There are scattered instructions on how to setup the local development environment in several different READMEs (example1, example2), and a collection of opinionated and questionable setup.sh scripts (example). The development environment for a local kubernetes can also be different if using minikube, kind or if using Debian, Ubuntu or Mac. To overcome this situation I started experimenting with an ansible setup playbook here: https://gitlab.wikimedia.org/aborrero/cloud-toolforge-lima-kilo

The lima-kilo setup could include pieces like:

setting up the core RBAC config of Toolforge kubernetes (PSP, Roles, etc)
maintaining the [fake] context for Toolforge, like /data/project directories, fake files like /etc/wmcs-project that the different K8S components expect to exist
setting up the different admission controllers so the local kubernetes behaves like the actual Toolforge kubernetes
creating a few fake tool accounts (users) so they can be used for development/testing purposes

We could have playbooks to support the combo {debian,ubuntu,mac}-{kind,minikube}-{install,uninstall}.
I've started with the debian-kind combo because is the one @Raymond_Ndibe and I use. The experiments so far have show promising results.

NOTE: I guess if this lima-kilo project reaches critical mass, we could run a decision request to formalize adoption, meaning updating all Toolforge related repos to point to it.

Details

	Subject	Repo	Branch	Lines +/-
	jobs-framework-cli: adapt to the lima-kilo project	cloud/toolforge/jobs-framework-cli	master	+9 -2
	jobs-framework-api: adopt the lima-kilo setup	cloud/toolforge/jobs-framework-api	main	+50 -591

Customize query in gerrit

Title	Reference	Author	Source Branch	Dest Branch
lima-kilo: introduce chroot	repos/cloud/toolforge/lima-kilo!13	aborrero	arturo-isolation	main
kind: manage k8s API port	repos/cloud/toolforge/lima-kilo!11	aborrero	arturo	main
k8s: fake_maintain_kubeusers: assert if the kubernetes_ca is empty	repos/cloud/toolforge/lima-kilo!10	aborrero	arturo	main
lima-kilo: add more robust userconfig support	repos/cloud/toolforge/lima-kilo!6	aborrero	arturo	main

Customize query in GitLab

Related Objects
Search...

Status	Assigned	Task
Open	None	T220020 Action items and work for retro 20190403
Open	None	T220053 Build a dev/testing environment for webservice that would make it easier to get people involved in fixes
Resolved	aborrero	T327254 WMCS FY22/23 Q3: next steps in grid engine deprecation
In Progress	None	T326789 Toolforge: improve local kubernetes development setup
Resolved	dcaro	T338153 toolforge lima-kilo: toolforge-jobs fails to run because it can't create log files
Resolved	aborrero	T338156 toolforge lima-kilo: fails to install because updated volume-admission-controller URL
Resolved	aborrero	T338158 toolforge lima-kilo: fails to install because api-gateway fails to deploy

Event Timeline

aborrero created this task.Jan 12 2023, 10:52 AM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJan 12 2023, 10:53 AM

Change 879610 had a related patch set uploaded (by Arturo Borrero Gonzalez; author: Arturo Borrero Gonzalez):

[cloud/toolforge/jobs-framework-api@main] jobs-framework-api: adopt the lima-kilo setup

https://gerrit.wikimedia.org/r/879610

gerritbot added a project: Patch-For-Review.Jan 12 2023, 5:30 PM

With today's changes in https://gitlab.wikimedia.org/repos/cloud/toolforge/lima-kilo I was able to run the test-suite of the jobs-framework-api without errors. Meaning that we finally got the accounts, RBAC, permissions, directories etc in enough good shape to be able to run the full lifecycle of a job in a local kubernetes.

Change 879610 merged by Arturo Borrero Gonzalez:

[cloud/toolforge/jobs-framework-api@main] jobs-framework-api: adopt the lima-kilo setup

https://gerrit.wikimedia.org/r/879610

Maintenance_bot removed a project: Patch-For-Review.Jan 17 2023, 12:30 PM

aborrero mentioned this in T325755: Bug: jobs-framework-api job run fails silently on local development environment.Jan 17 2023, 1:24 PM

The current status of the lima-kilo project is the following:

the repo https://gitlab.wikimedia.org/repos/cloud/toolforge/lima-kilo is up-to-date
CI with tox and ansible-lint was deployed on the repo, so we can start adding code in a more formal fashion

aborrero changed the task status from Open to In Progress.Jan 18 2023, 11:45 AM

aborrero added a parent task: T327254: WMCS FY22/23 Q3: next steps in grid engine deprecation.

Change 881388 had a related patch set uploaded (by Arturo Borrero Gonzalez; author: Arturo Borrero Gonzalez):

[cloud/toolforge/jobs-framework-cli@master] jobs-framework-cli: adapt to the lima-kilo project

https://gerrit.wikimedia.org/r/881388

Change 881388 merged by Arturo Borrero Gonzalez:

[cloud/toolforge/jobs-framework-cli@master] jobs-framework-cli: adapt to the lima-kilo project

https://gerrit.wikimedia.org/r/881388

aborrero mentioned this in rCTKF441cf4101a44: jobs-framework-cli: adapt to the lima-kilo project.Jan 18 2023, 12:15 PM

Maintenance_bot removed a project: Patch-For-Review.Jan 18 2023, 12:30 PM

fnegri edited projects, added cloud-services-team; removed cloud-services-team (Kanban).Jan 18 2023, 6:22 PM

fnegri moved this task from Kanban to Inbox on the cloud-services-team board.