Rename the envoy's uses_ingress option to sets_sni
Open, Needs TriagePublic
Actions

Assigned To

Authored By

	elukey
	Mon, Sep 18, 2:10 PM

Description

In profile::service_proxy::envoy the uses_ingress option adds the TLS SNI setting to the TLS connections to the backend services. In T339890 the ML team used the option to force the TLS SNI to connect a service to Thanos Swift (via local envoy proxy), but the naming is not ideal since there is no (Istio) ingress involved.

My proposal is to rename uses_ingress to sets_sni. This is not an easy work since we'll need to support both for some time, to allow all charts to migrate away from it.

Puppet change to allow the new setting: https://gerrit.wikimedia.org/r/c/operations/puppet/+/956379
Deployment-charts change to modify the mesh module: https://gerrit.wikimedia.org/r/c/operations/deployment-charts/+/956441
Rollout of the mesh module change to all charts (+ deployment)
Removal of the old option

Details

Project	Branch	Lines +/-	Subject
operations/deployment-charts	master	+4 -1	modules: rename uses_ingress to uses_sni in mesh:configuration
operations/deployment-charts	master	+553 -0	modules: copy mesh:configuration 1.4.1 to 1.4.2 to facilitate reviews
operations/puppet	production	+17 -3	profile::service_proxy::envoy: rename uses_ingress to sets_sni
operations/deployment-charts	master	+72 -2	modules: add configuration 1.5.0 to mesh
operations/deployment-charts	master	+553 -0	modules: copy configuration 1.4.1 to 1.5.0 for mesh

Customize query in gerrit

Related Objects

Mentioned Here: T339890: Host the recommendation-api container on LiftWing

Event Timeline

elukey created this task.Mon, Sep 18, 2:10 PM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMon, Sep 18, 2:10 PM

Change 956379 had a related patch set uploaded (by Elukey; author: Elukey):

[operations/puppet@production] profile::service_proxy::envoy: rename uses_ingress to sets_sni

https://gerrit.wikimedia.org/r/956379

Change 956440 had a related patch set uploaded (by Elukey; author: Elukey):

[operations/deployment-charts@master] modules: copy configuration 1.4.1 to 1.5.0 for mesh

https://gerrit.wikimedia.org/r/956440

Change 956441 had a related patch set uploaded (by Elukey; author: Elukey):

[operations/deployment-charts@master] modules: add configuration 1.5.0 to mesh

https://gerrit.wikimedia.org/r/956441

JMeybohm updated the task description. (Show Details)Mon, Sep 18, 2:58 PM

calbon assigned this task to elukey.Tue, Sep 19, 2:38 PM

calbon moved this task from Unsorted to Watching on the Machine-Learning-Team board.

Change 956440 abandoned by Elukey:

[operations/deployment-charts@master] modules: copy configuration 1.4.1 to 1.5.0 for mesh

Reason:

https://gerrit.wikimedia.org/r/956440

Change 956441 abandoned by Elukey:

[operations/deployment-charts@master] modules: add configuration 1.5.0 to mesh

Reason:

https://gerrit.wikimedia.org/r/956441

Change 959279 had a related patch set uploaded (by Elukey; author: Elukey):

[operations/deployment-charts@master] modules: copy mesh:configuration 1.4.1 to 1.4.2 to facilitate reviews

https://gerrit.wikimedia.org/r/959279

Change 959280 had a related patch set uploaded (by Elukey; author: Elukey):

[operations/deployment-charts@master] modules: rename uses_ingress to uses_sni in mesh:configuration

https://gerrit.wikimedia.org/r/959280

Change 956379 merged by Elukey: