Page MenuHomePhabricator
Create Task
Maniphest T346638

Rename the envoy's uses_ingress option to sets_sni
Open, Needs TriagePublic
Actions

Description

In profile::service_proxy::envoy the uses_ingress option adds the TLS SNI setting to the TLS connections to the backend services. In T339890 the ML team used the option to force the TLS SNI to connect a service to Thanos Swift (via local envoy proxy), but the naming is not ideal since there is no (Istio) ingress involved.

My proposal is to rename uses_ingress to sets_sni. This is not an easy work since we'll need to support both for some time, to allow all charts to migrate away from it.

โž” rgrep uses_ingress . -l | sort -u
./api-gateway/templates/vendor/mesh/configuration_1.4.4.tpl
./aqs-http-gateway/templates/vendor/mesh/configuration_1.4.4.tpl
./calculator-service/templates/vendor/mesh/configuration_1.4.4.tpl
./cassandra-http-gateway/templates/vendor/mesh/configuration_1.4.4.tpl
./chromium-render/templates/vendor/mesh/configuration_1.4.4.tpl
./citoid/templates/vendor/mesh/configuration_1.4.4.tpl
./datahub/charts/datahub-frontend/templates/vendor/mesh/configuration_1.4.4.tpl
./datahub/charts/datahub-gms/templates/vendor/mesh/configuration_1.4.4.tpl
./developer-portal/templates/vendor/mesh/configuration_1.4.4.tpl
./druid-http-gateway/templates/vendor/mesh/configuration_1.4.4.tpl
./flink-app/templates/vendor/mesh/configuration_1.4.4.tpl
./ipoid/templates/vendor/mesh/configuration_1.4.4.tpl
./linkrecommendation/templates/vendor/mesh/configuration_1.4.4.tpl
./machinetranslation/templates/vendor/mesh/configuration_1.4.4.tpl
./mathoid/templates/vendor/mesh/configuration_1.4.4.tpl
./miscweb/templates/vendor/mesh/configuration_1.4.4.tpl
./push-notifications/templates/vendor/mesh/configuration_1.4.4.tpl
./python-webapp/templates/vendor/mesh/configuration_1.4.4.tpl
./similar-users/templates/vendor/mesh/configuration_1.4.4.tpl
./tegola-vector-tiles/templates/vendor/mesh/configuration_1.4.4.tpl
./thumbor/templates/vendor/mesh/configuration_1.4.4.tpl
./toolhub/templates/vendor/mesh/configuration_1.4.4.tpl
./zotero/templates/vendor/mesh/configuration_1.4.4.tpl
  • Removal of the old option

Details

SubjectRepoBranchLines +/-
api-gateway: add securityContext to all containersoperations/deployment-chartsmaster+138 -71
mathoid: add securityContext to all containersoperations/deployment-chartsmaster+151 -86
wikifeeds: Use mesh modules version enabling IPv6operations/deployment-chartsmaster+121 -75
eventgate: Update mesh modulesoperations/deployment-chartsmaster+123 -73
Update apertium chart to mesh.deployment:1.3.0operations/deployment-chartsmaster+214 -94
Update blubberoid chart to mesh.deployment:1.3.0operations/deployment-chartsmaster+214 -94
Update datahub to use certmanager certsoperations/deployment-chartsmaster+733 -1 K
Update zotero to use certmanager certsoperations/deployment-chartsmaster+336 -132
Update wikifeeds to use certmanager certsoperations/deployment-chartsmaster+336 -132
Update eventstreams to use certmanager certsoperations/deployment-chartsmaster+342 -132
eventgate: Update mesh moduleoperations/deployment-chartsmaster+339 -133
Update termbox to use certmanager certsoperations/deployment-chartsmaster+336 -132
Update benthos to use certmanager certsoperations/deployment-chartsmaster+341 -77
Update flink-session-cluster to use certmanager certsoperations/deployment-chartsmaster+360 -153
Update developer-portal to use certmanager certsoperations/deployment-chartsmaster+337 -137
Update mobileapps to use certmanager certsoperations/deployment-chartsmaster+336 -132
Update similar-users to use certmanager certsoperations/deployment-chartsmaster+336 -132
Update calculator-service to use certmanager certsoperations/deployment-chartsmaster+336 -132
Update shellbox to use certmanager certsoperations/deployment-chartsmaster+337 -133
Update recommendation-api to use certmanager certsoperations/deployment-chartsmaster+336 -132
Update machinetranslation to use certmanager certsoperations/deployment-chartsmaster+319 -119
Update chromium-render to use certmanager certsoperations/deployment-chartsmaster+334 -134
Update mathoid to use certmanager certsoperations/deployment-chartsmaster+244 -64
modules: rename uses_ingress to uses_sni in mesh:configurationoperations/deployment-chartsmaster+4 -1
modules: copy mesh:configuration 1.4.1 to 1.4.2 to facilitate reviewsoperations/deployment-chartsmaster+553 -0
profile::service_proxy::envoy: rename uses_ingress to sets_snioperations/puppetproduction+17 -3
modules: add configuration 1.5.0 to meshoperations/deployment-chartsmaster+72 -2
modules: copy configuration 1.4.1 to 1.5.0 for meshoperations/deployment-chartsmaster+553 -0
Show related patches Customize query in gerrit

Related Objects

Event Timeline

elukey created this task.Sep 18 2023, 2:10 PM
Restricted Application added a subscriber: Aklapper. ยท View Herald TranscriptSep 18 2023, 2:10 PM
gerritbot added a comment.Sep 18 2023, 2:13 PM

Change 956379 had a related patch set uploaded (by Elukey; author: Elukey):

[operations/puppet@production] profile::service_proxy::envoy: rename uses_ingress to sets_sni

https://gerrit.wikimedia.org/r/956379

gerritbot added a project: Patch-For-Review.Sep 18 2023, 2:13 PM

Change 956440 had a related patch set uploaded (by Elukey; author: Elukey):

[operations/deployment-charts@master] modules: copy configuration 1.4.1 to 1.5.0 for mesh

https://gerrit.wikimedia.org/r/956440

gerritbot added a comment.Sep 18 2023, 2:15 PM

Change 956441 had a related patch set uploaded (by Elukey; author: Elukey):

[operations/deployment-charts@master] modules: add configuration 1.5.0 to mesh

https://gerrit.wikimedia.org/r/956441

JMeybohm updated the task description. (Show Details)Sep 18 2023, 2:58 PM
calbon assigned this task to elukey.Sep 19 2023, 2:38 PM
calbon moved this task from Unsorted to Watching on the Machine-Learning-Team board.
gerritbot added a comment.Sep 20 2023, 3:59 PM

Change 956440 abandoned by Elukey:

[operations/deployment-charts@master] modules: copy configuration 1.4.1 to 1.5.0 for mesh

Reason:

https://gerrit.wikimedia.org/r/956440

gerritbot added a comment.Sep 20 2023, 3:59 PM

Change 956441 abandoned by Elukey:

[operations/deployment-charts@master] modules: add configuration 1.5.0 to mesh

Reason:

https://gerrit.wikimedia.org/r/956441

gerritbot added a comment.Sep 20 2023, 4:03 PM

Change 959279 had a related patch set uploaded (by Elukey; author: Elukey):

[operations/deployment-charts@master] modules: copy mesh:configuration 1.4.1 to 1.4.2 to facilitate reviews

https://gerrit.wikimedia.org/r/959279

gerritbot added a comment.Sep 20 2023, 4:03 PM

Change 959280 had a related patch set uploaded (by Elukey; author: Elukey):

[operations/deployment-charts@master] modules: rename uses_ingress to uses_sni in mesh:configuration

https://gerrit.wikimedia.org/r/959280

gerritbot added a comment.Sep 20 2023, 4:12 PM

Change 956379 merged by Elukey:

[operations/puppet@production] profile::service_proxy::envoy: rename uses_ingress to sets_sni

https://gerrit.wikimedia.org/r/956379

gerritbot added a comment.Sep 20 2023, 4:21 PM

Change 959279 merged by Elukey:

[operations/deployment-charts@master] modules: copy mesh:configuration 1.4.1 to 1.4.2 to facilitate reviews

https://gerrit.wikimedia.org/r/959279

gerritbot added a comment.Sep 20 2023, 4:24 PM

Change 959280 merged by Elukey:

[operations/deployment-charts@master] modules: rename uses_ingress to uses_sni in mesh:configuration

https://gerrit.wikimedia.org/r/959280

Maintenance_bot removed a project: Patch-For-Review.Sep 20 2023, 4:31 PM
gerritbot added a comment.Sep 25 2023, 1:53 PM

Change 958473 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/deployment-charts@master] Update chromium-render to use certmanager certs

https://gerrit.wikimedia.org/r/958473

gerritbot added a project: Patch-For-Review.Sep 25 2023, 1:53 PM

Change 958479 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/deployment-charts@master] Update developer-portal to use certmanager certs

https://gerrit.wikimedia.org/r/958479

gerritbot added a comment.Sep 25 2023, 1:59 PM

Change 953261 had a related patch set uploaded (by JMeybohm; author: Effie Mouzeli):

[operations/deployment-charts@master] Update mathoid to use certmanager certs

https://gerrit.wikimedia.org/r/953261

gerritbot added a comment.Sep 25 2023, 2:07 PM

Change 960625 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/deployment-charts@master] Update machinetranslation to use certmanager certs

https://gerrit.wikimedia.org/r/960625

gerritbot added a comment.Sep 26 2023, 9:12 AM

Change 953261 merged by jenkins-bot:

[operations/deployment-charts@master] Update mathoid to use certmanager certs

https://gerrit.wikimedia.org/r/953261

gerritbot added a comment.Sep 28 2023, 8:08 AM

Change 958473 merged by jenkins-bot:

[operations/deployment-charts@master] Update chromium-render to use certmanager certs

https://gerrit.wikimedia.org/r/958473

gerritbot added a comment.Sep 28 2023, 9:51 AM

Change 960625 merged by jenkins-bot:

[operations/deployment-charts@master] Update machinetranslation to use certmanager certs

https://gerrit.wikimedia.org/r/960625

gerritbot added a comment.Sep 28 2023, 12:02 PM

Change 959181 had a related patch set uploaded (by JMeybohm; author: Clรฉment Goubert):

[operations/deployment-charts@master] eventgate: Update mesh module

https://gerrit.wikimedia.org/r/959181

gerritbot added a comment.Oct 20 2023, 9:35 AM

Change 967402 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/deployment-charts@master] Update eventstreams to use certmanager certs

https://gerrit.wikimedia.org/r/967402

gerritbot added a comment.Oct 20 2023, 9:39 AM

Change 967403 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/deployment-charts@master] Update calculator-service to use certmanager certs

https://gerrit.wikimedia.org/r/967403

gerritbot added a comment.Oct 20 2023, 9:41 AM

Change 967405 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/deployment-charts@master] Update mobileapps to use certmanager certs

https://gerrit.wikimedia.org/r/967405

gerritbot added a comment.Oct 20 2023, 9:48 AM

Change 967406 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/deployment-charts@master] Update recommendation-api to use certmanager certs

https://gerrit.wikimedia.org/r/967406

gerritbot added a comment.Oct 20 2023, 9:57 AM

Change 967410 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/deployment-charts@master] Update shellbox to use certmanager certs

https://gerrit.wikimedia.org/r/967410

gerritbot added a comment.Oct 20 2023, 10:00 AM

Change 967412 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/deployment-charts@master] Update termbox to use certmanager certs

https://gerrit.wikimedia.org/r/967412

gerritbot added a comment.Oct 20 2023, 10:03 AM

Change 967414 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/deployment-charts@master] Update wikifeeds to use certmanager certs

https://gerrit.wikimedia.org/r/967414

gerritbot added a comment.Oct 20 2023, 10:05 AM

Change 967415 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/deployment-charts@master] Update zotero to use certmanager certs

https://gerrit.wikimedia.org/r/967415

gerritbot added a comment.Oct 20 2023, 3:48 PM

Change 967473 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/deployment-charts@master] Update similar-users to use certmanager certs

https://gerrit.wikimedia.org/r/967473

gerritbot added a comment.Oct 24 2023, 10:07 AM

Change 967406 merged by jenkins-bot:

[operations/deployment-charts@master] Update recommendation-api to use certmanager certs

https://gerrit.wikimedia.org/r/967406

gerritbot added a comment.Oct 24 2023, 10:38 AM

Change 967410 merged by jenkins-bot:

[operations/deployment-charts@master] Update shellbox to use certmanager certs

https://gerrit.wikimedia.org/r/967410

gerritbot added a comment.Oct 26 2023, 1:53 PM

Change 967403 merged by jenkins-bot:

[operations/deployment-charts@master] Update calculator-service to use certmanager certs

https://gerrit.wikimedia.org/r/967403

gerritbot added a comment.Oct 26 2023, 2:03 PM

Change 967473 merged by jenkins-bot:

[operations/deployment-charts@master] Update similar-users to use certmanager certs

https://gerrit.wikimedia.org/r/967473

gerritbot added a comment.Oct 27 2023, 10:09 AM

Change 967405 merged by jenkins-bot:

[operations/deployment-charts@master] Update mobileapps to use certmanager certs

https://gerrit.wikimedia.org/r/967405

gerritbot added a comment.Oct 27 2023, 1:59 PM

Change 958479 merged by jenkins-bot:

[operations/deployment-charts@master] Update developer-portal to use certmanager certs

https://gerrit.wikimedia.org/r/958479

gerritbot added a comment.Oct 27 2023, 2:27 PM

Change 969343 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/deployment-charts@master] Update flink-session-cluster to use certmanager certs

https://gerrit.wikimedia.org/r/969343

gerritbot added a comment.Oct 27 2023, 2:50 PM

Change 969345 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/deployment-charts@master] Update datahub to use certmanager certs

https://gerrit.wikimedia.org/r/969345

gerritbot added a comment.Oct 27 2023, 2:52 PM

Change 969366 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/deployment-charts@master] Update benthos to use certmanager certs

https://gerrit.wikimedia.org/r/969366

gerritbot added a comment.Oct 31 2023, 1:22 PM

Change 969343 merged by Bking:

[operations/deployment-charts@master] Update flink-session-cluster to use certmanager certs

https://gerrit.wikimedia.org/r/969343

JMeybohm updated the task description. (Show Details)Nov 1 2023, 9:40 AM
gerritbot added a comment.Nov 1 2023, 3:26 PM

Change 969366 merged by jenkins-bot:

[operations/deployment-charts@master] Update benthos to use certmanager certs

https://gerrit.wikimedia.org/r/969366

gerritbot added a comment.Nov 6 2023, 2:34 PM

Change 967412 merged by jenkins-bot:

[operations/deployment-charts@master] Update termbox to use certmanager certs

https://gerrit.wikimedia.org/r/967412

gerritbot added a comment.Nov 6 2023, 4:22 PM

Change 959181 merged by jenkins-bot:

[operations/deployment-charts@master] eventgate: Update mesh module

https://gerrit.wikimedia.org/r/959181

Stashbot mentioned this in T300033: Use cert-manager for service-proxy certificate creation.Nov 6 2023, 4:41 PM
Stashbot mentioned this in T349823: [Event Platform] Gracefully handle pod termination in eventgate Helm chart.

Mentioned in SAL (#wikimedia-operations) [2023-11-06T16:41:11Z] <ottomata> beginning deployments of eventgate clusters: mesh and cert chart updates, as well as sleep timeout values for graceful envoy+eventgate container termination - T349823 T300033 T346638

gerritbot added a comment.Nov 7 2023, 9:45 AM

Change 967402 merged by jenkins-bot:

[operations/deployment-charts@master] Update eventstreams to use certmanager certs

https://gerrit.wikimedia.org/r/967402

gerritbot added a comment.Nov 7 2023, 10:59 AM

Change 967414 merged by jenkins-bot:

[operations/deployment-charts@master] Update wikifeeds to use certmanager certs

https://gerrit.wikimedia.org/r/967414

gerritbot added a comment.Nov 7 2023, 11:15 AM

Change 967415 merged by jenkins-bot:

[operations/deployment-charts@master] Update zotero to use certmanager certs

https://gerrit.wikimedia.org/r/967415

gerritbot added a comment.Nov 7 2023, 11:28 AM

Change 969345 merged by jenkins-bot:

[operations/deployment-charts@master] Update datahub to use certmanager certs

https://gerrit.wikimedia.org/r/969345

Maintenance_bot removed a project: Patch-For-Review.Nov 7 2023, 11:30 AM
elukey removed elukey as the assignee of this task.Dec 5 2023, 2:17 PM
JMeybohm updated the task description. (Show Details)Apr 5 2024, 10:15 AM
gerritbot added a comment.Apr 5 2024, 10:21 AM

Change #1017258 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/deployment-charts@master] Update apertium chart to mesh.deployment:1.3.0

https://gerrit.wikimedia.org/r/1017258

gerritbot added a project: Patch-For-Review.Apr 5 2024, 10:21 AM
gerritbot added a comment.Apr 5 2024, 10:23 AM

Change #1017259 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/deployment-charts@master] Update blubberoid chart to mesh.deployment:1.3.0

https://gerrit.wikimedia.org/r/1017259

gerritbot added a comment.Mon, Apr 8, 8:28 AM

Change #1017259 merged by jenkins-bot:

[operations/deployment-charts@master] Update blubberoid chart to mesh.deployment:1.3.0

https://gerrit.wikimedia.org/r/1017259

gerritbot added a comment.Mon, Apr 8, 8:29 AM

Change #1017258 merged by jenkins-bot:

[operations/deployment-charts@master] Update apertium chart to mesh.deployment:1.3.0

https://gerrit.wikimedia.org/r/1017258

JMeybohm updated the task description. (Show Details)Mon, Apr 8, 9:53 AM
JMeybohm updated the task description. (Show Details)Wed, Apr 10, 12:34 PM
JMeybohm subscribed.

Unfortunately version 1.4.3 of mesh.configuration still uses uses_ingress in one if-block. So the initially assumed version requirement was not correct and there are still a bunch of charts to update. :/

JMeybohm mentioned this in T359423: Migrate charts to Calico Network Policies.Wed, Apr 10, 12:44 PM
gerritbot added a comment.Thu, Apr 11, 11:41 AM

Change #1019007 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/deployment-charts@master] eventgate: Update mesh modules

https://gerrit.wikimedia.org/r/1019007

JMeybohm mentioned this in T362978: Update all helm modules and charts to be compatible with the restricted PSS.Fri, Apr 19, 1:20 PM
gerritbot added a comment.Wed, Apr 24, 10:54 AM

Change #1023824 had a related patch set uploaded (by JMeybohm; author: Alexandros Kosiaris):

[operations/deployment-charts@master] wikifeeds: Use mesh modules version enabling IPv6

https://gerrit.wikimedia.org/r/1023824

gerritbot added a comment.Thu, Apr 25, 8:06 AM

Change #1019007 merged by jenkins-bot:

[operations/deployment-charts@master] eventgate: Update mesh modules

https://gerrit.wikimedia.org/r/1019007

JMeybohm updated the task description. (Show Details)Thu, Apr 25, 9:34 AM
gerritbot added a comment.Mon, Apr 29, 9:24 AM

Change #1023824 merged by jenkins-bot:

[operations/deployment-charts@master] wikifeeds: Use mesh modules version enabling IPv6

https://gerrit.wikimedia.org/r/1023824

Maintenance_bot removed a project: Patch-For-Review.Mon, Apr 29, 9:31 AM
JMeybohm updated the task description. (Show Details)Mon, Apr 29, 2:20 PM
Scott_French subscribed.Fri, May 3, 10:26 PM
gerritbot added a comment.Fri, May 3, 10:27 PM

Change #1027050 had a related patch set uploaded (by Scott French; author: Scott French):

[operations/deployment-charts@master] mathoid: add securityContext to all containers

https://gerrit.wikimedia.org/r/1027050

gerritbot added a project: Patch-For-Review.Fri, May 3, 10:27 PM
gerritbot added a comment.Mon, May 6, 2:56 PM

Change #1027050 merged by jenkins-bot:

[operations/deployment-charts@master] mathoid: add securityContext to all containers

https://gerrit.wikimedia.org/r/1027050

Maintenance_bot removed a project: Patch-For-Review.Mon, May 6, 3:30 PM
gerritbot added a comment.Mon, May 6, 9:54 PM

Change #1028605 had a related patch set uploaded (by Scott French; author: Scott French):

[operations/deployment-charts@master] api-gateway: add securityContext to all containers

https://gerrit.wikimedia.org/r/1028605

gerritbot added a project: Patch-For-Review.Mon, May 6, 9:54 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. ยท Wikimedia Foundation ยท Privacy Policy ยท Code of Conduct ยท Terms of Use ยท Disclaimer ยท CC-BY-SA ยท GPL