Page MenuHomePhabricator

Rename the envoy's uses_ingress option to sets_sni
Closed, ResolvedPublic

Description

In profile::service_proxy::envoy the uses_ingress option adds the TLS SNI setting to the TLS connections to the backend services. In T339890 the ML team used the option to force the TLS SNI to connect a service to Thanos Swift (via local envoy proxy), but the naming is not ideal since there is no (Istio) ingress involved.

My proposal is to rename uses_ingress to sets_sni. This is not an easy work since we'll need to support both for some time, to allow all charts to migrate away from it.

Details

SubjectRepoBranchLines +/-
operations/deployment-chartsmaster+24 -16
operations/puppetproduction+0 -23
operations/deployment-chartsmaster+250 -108
operations/deployment-chartsmaster+262 -115
operations/deployment-chartsmaster+291 -126
operations/deployment-chartsmaster+266 -103
operations/deployment-chartsmaster+272 -108
operations/deployment-chartsmaster+175 -85
operations/deployment-chartsmaster+1 K -1 K
operations/deployment-chartsmaster+286 -128
operations/deployment-chartsmaster+141 -43
operations/deployment-chartsmaster+141 -43
operations/deployment-chartsmaster+214 -79
operations/deployment-chartsmaster+162 -49
operations/deployment-chartsmaster+235 -114
operations/deployment-chartsmaster+287 -102
operations/deployment-chartsmaster+144 -79
operations/deployment-chartsmaster+149 -82
operations/deployment-chartsmaster+277 -179
operations/deployment-chartsmaster+159 -96
operations/deployment-chartsmaster+201 -102
operations/deployment-chartsmaster+172 -79
operations/deployment-chartsmaster+79 -172
operations/deployment-chartsmaster+172 -79
operations/deployment-chartsmaster+161 -96
operations/deployment-chartsmaster+67 -19
operations/deployment-chartsmaster+257 -139
operations/deployment-chartsmaster+138 -71
operations/deployment-chartsmaster+151 -86
operations/deployment-chartsmaster+121 -75
operations/deployment-chartsmaster+123 -73
operations/deployment-chartsmaster+214 -94
operations/deployment-chartsmaster+214 -94
operations/deployment-chartsmaster+733 -1 K
operations/deployment-chartsmaster+336 -132
operations/deployment-chartsmaster+336 -132
operations/deployment-chartsmaster+342 -132
operations/deployment-chartsmaster+339 -133
operations/deployment-chartsmaster+336 -132
operations/deployment-chartsmaster+341 -77
operations/deployment-chartsmaster+360 -153
operations/deployment-chartsmaster+337 -137
operations/deployment-chartsmaster+336 -132
operations/deployment-chartsmaster+336 -132
operations/deployment-chartsmaster+336 -132
operations/deployment-chartsmaster+337 -133
operations/deployment-chartsmaster+336 -132
operations/deployment-chartsmaster+319 -119
operations/deployment-chartsmaster+334 -134
operations/deployment-chartsmaster+244 -64
operations/deployment-chartsmaster+4 -1
operations/deployment-chartsmaster+553 -0
operations/puppetproduction+17 -3
operations/deployment-chartsmaster+72 -2
operations/deployment-chartsmaster+553 -0
Show related patches Customize query in gerrit

Event Timeline

There are a very large number of changes, so older changes are hidden. Show Older Changes

Change 958479 merged by jenkins-bot:

[operations/deployment-charts@master] Update developer-portal to use certmanager certs

https://gerrit.wikimedia.org/r/958479

Change 969343 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/deployment-charts@master] Update flink-session-cluster to use certmanager certs

https://gerrit.wikimedia.org/r/969343

Change 969345 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/deployment-charts@master] Update datahub to use certmanager certs

https://gerrit.wikimedia.org/r/969345

Change 969366 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/deployment-charts@master] Update benthos to use certmanager certs

https://gerrit.wikimedia.org/r/969366

Change 969343 merged by Bking:

[operations/deployment-charts@master] Update flink-session-cluster to use certmanager certs

https://gerrit.wikimedia.org/r/969343

Change 969366 merged by jenkins-bot:

[operations/deployment-charts@master] Update benthos to use certmanager certs

https://gerrit.wikimedia.org/r/969366

Change 967412 merged by jenkins-bot:

[operations/deployment-charts@master] Update termbox to use certmanager certs

https://gerrit.wikimedia.org/r/967412

Change 959181 merged by jenkins-bot:

[operations/deployment-charts@master] eventgate: Update mesh module

https://gerrit.wikimedia.org/r/959181

Mentioned in SAL (#wikimedia-operations) [2023-11-06T16:41:11Z] <ottomata> beginning deployments of eventgate clusters: mesh and cert chart updates, as well as sleep timeout values for graceful envoy+eventgate container termination - T349823 T300033 T346638

Change 967402 merged by jenkins-bot:

[operations/deployment-charts@master] Update eventstreams to use certmanager certs

https://gerrit.wikimedia.org/r/967402

Change 967414 merged by jenkins-bot:

[operations/deployment-charts@master] Update wikifeeds to use certmanager certs

https://gerrit.wikimedia.org/r/967414

Change 967415 merged by jenkins-bot:

[operations/deployment-charts@master] Update zotero to use certmanager certs

https://gerrit.wikimedia.org/r/967415

Change 969345 merged by jenkins-bot:

[operations/deployment-charts@master] Update datahub to use certmanager certs

https://gerrit.wikimedia.org/r/969345

elukey removed elukey as the assignee of this task.Dec 5 2023, 2:17 PM

Change #1017258 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/deployment-charts@master] Update apertium chart to mesh.deployment:1.3.0

https://gerrit.wikimedia.org/r/1017258

Change #1017259 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/deployment-charts@master] Update blubberoid chart to mesh.deployment:1.3.0

https://gerrit.wikimedia.org/r/1017259

Change #1017259 merged by jenkins-bot:

[operations/deployment-charts@master] Update blubberoid chart to mesh.deployment:1.3.0

https://gerrit.wikimedia.org/r/1017259

Change #1017258 merged by jenkins-bot:

[operations/deployment-charts@master] Update apertium chart to mesh.deployment:1.3.0

https://gerrit.wikimedia.org/r/1017258

JMeybohm subscribed.

Unfortunately version 1.4.3 of mesh.configuration still uses uses_ingress in one if-block. So the initially assumed version requirement was not correct and there are still a bunch of charts to update. :/

Change #1019007 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/deployment-charts@master] eventgate: Update mesh modules

https://gerrit.wikimedia.org/r/1019007

Change #1023824 had a related patch set uploaded (by JMeybohm; author: Alexandros Kosiaris):

[operations/deployment-charts@master] wikifeeds: Use mesh modules version enabling IPv6

https://gerrit.wikimedia.org/r/1023824

Change #1019007 merged by jenkins-bot:

[operations/deployment-charts@master] eventgate: Update mesh modules

https://gerrit.wikimedia.org/r/1019007

Change #1023824 merged by jenkins-bot:

[operations/deployment-charts@master] wikifeeds: Use mesh modules version enabling IPv6

https://gerrit.wikimedia.org/r/1023824

Change #1027050 had a related patch set uploaded (by Scott French; author: Scott French):

[operations/deployment-charts@master] mathoid: add securityContext to all containers

https://gerrit.wikimedia.org/r/1027050

Change #1027050 merged by jenkins-bot:

[operations/deployment-charts@master] mathoid: add securityContext to all containers

https://gerrit.wikimedia.org/r/1027050

Change #1028605 had a related patch set uploaded (by Scott French; author: Scott French):

[operations/deployment-charts@master] api-gateway: add securityContext to all containers

https://gerrit.wikimedia.org/r/1028605

Change #1028605 merged by jenkins-bot:

[operations/deployment-charts@master] api-gateway: add securityContext to all containers

https://gerrit.wikimedia.org/r/1028605

Change #1030191 had a related patch set uploaded (by Scott French; author: Scott French):

[operations/deployment-charts@master] citoid: add securityContext to all containers

https://gerrit.wikimedia.org/r/1030191

Change #1031105 had a related patch set uploaded (by Scott French; author: Scott French):

[operations/deployment-charts@master] DNM: ipiod: ensure all containers have securityContext

https://gerrit.wikimedia.org/r/1031105

Change #1031497 had a related patch set uploaded (by Scott French; author: Scott French):

[operations/deployment-charts@master] aqs-http-gateway: add securityContext to all containers

https://gerrit.wikimedia.org/r/1031497

Change #1032519 had a related patch set uploaded (by Scott French; author: Scott French):

[operations/deployment-charts@master] push-notifications: add securityContext to all containers

https://gerrit.wikimedia.org/r/1032519

Change #1032523 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/deployment-charts@master] zotero: Ensure containers have a securityContext

https://gerrit.wikimedia.org/r/1032523

Change #1032523 merged by jenkins-bot:

[operations/deployment-charts@master] zotero: Ensure containers have a securityContext

https://gerrit.wikimedia.org/r/1032523

Change #1032779 had a related patch set uploaded (by Alexandros Kosiaris; author: Alexandros Kosiaris):

[operations/deployment-charts@master] mobileapps: Use mesh modules version enabling IPv6

https://gerrit.wikimedia.org/r/1032779

Change #1032779 merged by jenkins-bot:

[operations/deployment-charts@master] mobileapps: Use mesh modules version enabling IPv6

https://gerrit.wikimedia.org/r/1032779

Change #1030191 merged by jenkins-bot:

[operations/deployment-charts@master] citoid: add securityContext to all containers

https://gerrit.wikimedia.org/r/1030191

Change #1031497 merged by jenkins-bot:

[operations/deployment-charts@master] aqs-http-gateway: add securityContext to all containers

https://gerrit.wikimedia.org/r/1031497

Change #1035017 had a related patch set uploaded (by Scott French; author: Scott French):

[operations/deployment-charts@master] Revert "aqs-http-gateway: add securityContext to all containers"

https://gerrit.wikimedia.org/r/1035017

Change #1035017 merged by jenkins-bot:

[operations/deployment-charts@master] Revert "aqs-http-gateway: add securityContext to all containers"

https://gerrit.wikimedia.org/r/1035017

Change #1035466 had a related patch set uploaded (by Scott French; author: Scott French):

[operations/deployment-charts@master] aqs-http-gateway: add securityContext to all containers (attempt 2)

https://gerrit.wikimedia.org/r/1035466

Change #1035466 merged by jenkins-bot:

[operations/deployment-charts@master] aqs-http-gateway: add securityContext to all containers (attempt 2)

https://gerrit.wikimedia.org/r/1035466

Change #1032525 had a related patch set uploaded (by Clément Goubert; author: Clément Goubert):

[operations/deployment-charts@master] miscweb: Update various modules

https://gerrit.wikimedia.org/r/1032525

Change #1037194 had a related patch set uploaded (by Scott French; author: Scott French):

[operations/deployment-charts@master] similar-users: add securityContext to all containers

https://gerrit.wikimedia.org/r/1037194

Change #1037196 had a related patch set uploaded (by Scott French; author: Scott French):

[operations/deployment-charts@master] chromium-render: add securityContext to all containers

https://gerrit.wikimedia.org/r/1037196

Change #1037165 had a related patch set uploaded (by Scott French; author: Scott French):

[operations/deployment-charts@master] toolhub: ensure all containers have securityContext

https://gerrit.wikimedia.org/r/1037165

Change #1037166 had a related patch set uploaded (by Scott French; author: Scott French):

[operations/deployment-charts@master] thumbor: add securityContext to all containers

https://gerrit.wikimedia.org/r/1037166

Change #1031105 merged by jenkins-bot:

[operations/deployment-charts@master] ipoid: ensure all containers have securityContext

https://gerrit.wikimedia.org/r/1031105

Change #1039727 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/deployment-charts@master] flink-app: Update various modules

https://gerrit.wikimedia.org/r/1039727

Change #1037194 abandoned by Scott French:

[operations/deployment-charts@master] similar-users: add securityContext to all containers

Reason:

Turndown planned in https://phabricator.wikimedia.org/T345274

https://gerrit.wikimedia.org/r/1037194

Change #1039727 merged by jenkins-bot:

[operations/deployment-charts@master] flink-app: Update various modules

https://gerrit.wikimedia.org/r/1039727

Change #1032525 merged by jenkins-bot:

[operations/deployment-charts@master] miscweb: Update various modules

https://gerrit.wikimedia.org/r/1032525

Change #1037196 merged by jenkins-bot:

[operations/deployment-charts@master] chromium-render: add securityContext to all containers

https://gerrit.wikimedia.org/r/1037196

Change #1032519 merged by jenkins-bot:

[operations/deployment-charts@master] push-notifications: add securityContext to all containers

https://gerrit.wikimedia.org/r/1032519

Change #1041076 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/deployment-charts@master] calculator-service: add securityContext to all containers

https://gerrit.wikimedia.org/r/1041076

Change #1041070 merged by Brouberol:

[operations/deployment-charts@master] spark-history: add securityContext to all containers

https://gerrit.wikimedia.org/r/1041070

Change #1041071 merged by Brouberol:

[operations/deployment-charts@master] echoserver: add securityContext to all containers

https://gerrit.wikimedia.org/r/1041071

Change #1041068 merged by Brouberol:

[operations/deployment-charts@master] superset: add securityContext to all containers

https://gerrit.wikimedia.org/r/1041068

Change #1041119 had a related patch set uploaded (by Brouberol; author: Brouberol):

[operations/deployment-charts@master] datasets-config: add securityContext to all containers

https://gerrit.wikimedia.org/r/1041119

Change #1041120 had a related patch set uploaded (by Brouberol; author: Brouberol):

[operations/deployment-charts@master] mpic: add securityContext to all containers

https://gerrit.wikimedia.org/r/1041120

Change #1041120 merged by Brouberol:

[operations/deployment-charts@master] mpic: add securityContext to all containers

https://gerrit.wikimedia.org/r/1041120

Change #1041119 merged by Brouberol:

[operations/deployment-charts@master] datasets-config: add securityContext to all containers

https://gerrit.wikimedia.org/r/1041119

Change #1037165 merged by jenkins-bot:

[operations/deployment-charts@master] toolhub: ensure all containers have securityContext

https://gerrit.wikimedia.org/r/1037165

Change #1041049 merged by jenkins-bot:

[operations/deployment-charts@master] linkrecommendation: add securityContext to all containers

https://gerrit.wikimedia.org/r/1041049

Change #1041039 merged by jenkins-bot:

[operations/deployment-charts@master] developer-portal: add securityContext to all containers

https://gerrit.wikimedia.org/r/1041039

Change #1041055 merged by jenkins-bot:

[operations/deployment-charts@master] machinetranslation: add securityContext to all containers

https://gerrit.wikimedia.org/r/1041055

Change #1041072 merged by jenkins-bot:

[operations/deployment-charts@master] python-webapp: add securityContext to all containers

https://gerrit.wikimedia.org/r/1041072

Change #1041644 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/puppet@production] Remove deprecated uses_ingress option from service-proxy

https://gerrit.wikimedia.org/r/1041644

Change #1041646 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/deployment-charts@master] refresh_fixtures: Remove code that mocks listener upstreams

https://gerrit.wikimedia.org/r/1041646

Change #1041076 merged by jenkins-bot:

[operations/deployment-charts@master] calculator-service: add securityContext to all containers

https://gerrit.wikimedia.org/r/1041076

Change #1041644 merged by JMeybohm:

[operations/puppet@production] Remove deprecated uses_ingress option from service-proxy

https://gerrit.wikimedia.org/r/1041644

Change #1041646 merged by JMeybohm:

[operations/deployment-charts@master] refresh_fixtures: Remove code that mocks listener upstreams

https://gerrit.wikimedia.org/r/1041646

JMeybohm updated the task description. (Show Details)