Page MenuHomePhabricator
Create Task
Maniphest T351713

Add a namespace (or namespaces) for the spark-history service
Closed, ResolvedPublic
Actions

Description

We need to have at least one new namespace on the dse-k8s cluster, in order to support the spark-history service.

It is not yet decided whether we want to have a separate namespace for the test cluster, or whether we would want two deployments in the same namespace.

Either way, the process for adding a new namespace is documented here:
https://wikitech.wikimedia.org/wiki/Kubernetes/Add_a_new_service#Add_a_Kubernetes_namespace

Once it is done, we will need to deploy the changes to the admin_ng configuration as documented here.

Details

SubjectRepoBranchLines +/-
Define the spark-history/spark-history-test k8s namespacesoperations/deployment-chartsmaster+8 -0
Customize query in gerrit

Related Objects
Search...

Event Timeline

BTullis created this task.Nov 21 2023, 1:40 PM
BTullis triaged this task as High priority.Nov 21 2023, 2:23 PM
BTullis added a parent task: T351716: Decide how to handle the spark-history service for the test cluster.
BTullis mentioned this in T330176: [Data Platform] Deploy Spark History Service.Nov 21 2023, 2:26 PM
BTullis moved this task from Incoming to Quarterly Goals on the Data-Platform-SRE board.
BTullis removed BTullis as the assignee of this task.Nov 22 2023, 10:25 AM
brouberol claimed this task.Nov 22 2023, 1:12 PM
gerritbot added a comment.Nov 22 2023, 1:19 PM

Change 976731 had a related patch set uploaded (by Brouberol; author: Brouberol):

[operations/deployment-charts@master] Define the spark-history/spark-history-test k8s namespaces

https://gerrit.wikimedia.org/r/976731

gerritbot added a project: Patch-For-Review.Nov 22 2023, 1:19 PM
gerritbot added a comment.Nov 23 2023, 1:21 PM

Change 976731 merged by Brouberol:

[operations/deployment-charts@master] Define the spark-history/spark-history-test k8s namespaces

https://gerrit.wikimedia.org/r/976731

Maintenance_bot removed a project: Patch-For-Review.Nov 23 2023, 1:30 PM
brouberol moved this task from Quarterly Goals to In Progress on the Data-Platform-SRE board.Nov 24 2023, 1:13 PM
brouberol added a comment.Nov 24 2023, 1:19 PM
root@deploy2002:/srv/deployment-charts/helmfile.d/admin_ng# helmfile -e dse-k8s-eqiad -i apply
helmfile.yaml: basePath=.
skipping missing values file matching "calico/values.yaml"
skipping missing values file matching "/etc/helmfile-defaults/private/admin/calico/dse-k8s-eqiad.yaml"
skipping missing values file matching "/etc/helmfile-defaults/private/admin/coredns/dse-k8s-eqiad.yaml"
skipping missing values file matching "values/dse-k8s-eqiad/cert-manager-values.yaml"
skipping missing values file matching "/etc/helmfile-defaults/private/admin/cert-manager/dse-k8s-eqiad.yaml"
skipping missing values file matching "values/dse-k8s-eqiad/eventrouter-values.yaml"
skipping missing values file matching "/etc/helmfile-defaults/private/admin/eventrouter/dse-k8s-eqiad.yaml"
skipping missing values file matching "/etc/helmfile-defaults/private/admin/flink-operator/dse-k8s-eqiad.yaml"
skipping missing values file matching "values/dse-k8s-eqiad/helm-state-metrics-values.yaml"
skipping missing values file matching "/etc/helmfile-defaults/private/admin/helm-state-metrics/dse-k8s-eqiad.yaml"
skipping missing values file matching "values/dse-k8s-eqiad/spark-operator-values.yaml"
skipping missing values file matching "/etc/helmfile-defaults/private/admin/spark-operator/dse-k8s-eqiad.yaml"
Comparing release=calico, chart=wmf-stable/calico
Comparing release=pod-security-policies, chart=wmf-stable/raw
Comparing release=rbac-rules, chart=wmf-stable/raw
Comparing release=coredns, chart=wmf-stable/coredns
Comparing release=namespaces, chart=wmf-stable/raw
Comparing release=cert-manager-networkpolicies, chart=wmf-stable/raw
Comparing release=calico-crds, chart=wmf-stable/calico-crds
Comparing release=istio-gateways-networkpolicies, chart=wmf-stable/raw
Comparing release=cert-manager, chart=wmf-stable/cert-manager
Comparing release=cfssl-issuer, chart=wmf-stable/cfssl-issuer
Comparing release=istio-proxy-settings, chart=wmf-stable/raw
Comparing release=namespace-certificates, chart=wmf-stable/raw
Comparing release=flink-operator, chart=wmf-stable/flink-kubernetes-operator
Comparing release=spark-operator, chart=wmf-stable/spark-operator
Comparing release=cfssl-issuer-crds, chart=wmf-stable/cfssl-issuer-crds
Comparing release=flink-operator-crds, chart=wmf-stable/flink-kubernetes-operator-crds
Comparing release=eventrouter, chart=wmf-stable/eventrouter
Comparing release=helm-state-metrics, chart=wmf-stable/helm-state-metrics
kube-system, spark-history, Namespace (v1) has been added:
- 
+ # Source: raw/templates/resources.yaml
+ apiVersion: v1
+ kind: Namespace
+ metadata:
+   annotations:
+     net.beta.kubernetes.io/network-policy: '{"ingress":{"isolation":"DefaultDeny"}}'
+   labels:
+     app: raw
+     chart: raw-0.3.0
+     heritage: Helm
+     istio-injection: disabled
+     kubernetes.io/metadata.name: spark-history
+     release: namespaces
+   name: spark-history
kube-system, spark-history-test, Namespace (v1) has been added:
- 
+ # Source: raw/templates/resources.yaml
+ apiVersion: v1
+ kind: Namespace
+ metadata:
+   annotations:
+     net.beta.kubernetes.io/network-policy: '{"ingress":{"isolation":"DefaultDeny"}}'
+   labels:
+     app: raw
+     chart: raw-0.3.0
+     heritage: Helm
+     istio-injection: disabled
+     kubernetes.io/metadata.name: spark-history-test
+     release: namespaces
+   name: spark-history-test
spark-history, allow-psp, RoleBinding (rbac.authorization.k8s.io) has been added:
- 
+ # Source: raw/templates/resources.yaml
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: RoleBinding
+ metadata:
+   labels:
+     app: raw
+     chart: raw-0.3.0
+     heritage: Helm
+     release: namespaces
+   name: allow-psp
+   namespace: spark-history
+ roleRef:
+   apiGroup: rbac.authorization.k8s.io
+   kind: ClusterRole
+   name: allow-restricted-psp
+ subjects:
+ - apiGroup: rbac.authorization.k8s.io
+   kind: Group
+   name: system:serviceaccounts:spark-history
+ - apiGroup: rbac.authorization.k8s.io
+   kind: User
+   name: spark-history-deploy
spark-history, deploy, RoleBinding (rbac.authorization.k8s.io) has been added:
- 
+ # Source: raw/templates/resources.yaml
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: RoleBinding
+ metadata:
+   labels:
+     app: raw
+     chart: raw-0.3.0
+     heritage: Helm
+     release: namespaces
+   name: deploy
+   namespace: spark-history
+ roleRef:
+   apiGroup: rbac.authorization.k8s.io
+   kind: ClusterRole
+   name: deploy
+ subjects:
+ - apiGroup: rbac.authorization.k8s.io
+   kind: User
+   name: spark-history-deploy
spark-history, general-limits, LimitRange (v1) has been added:
- 
+ # Source: raw/templates/resources.yaml
+ apiVersion: v1
+ kind: LimitRange
+ metadata:
+   labels:
+     app: raw
+     chart: raw-0.3.0
+     heritage: Helm
+     release: namespaces
+   name: general-limits
+   namespace: spark-history
+ spec:
+   limits:
+   - default:
+       cpu: 100m
+       memory: 100Mi
+     defaultRequest:
+       cpu: 100m
+       memory: 100Mi
+     max:
+       cpu: "8"
+       memory: 3Gi
+     min:
+       cpu: 25m
+       memory: 50Mi
+     type: Container
+   - max:
+       cpu: "10"
+       memory: 5Gi
+     min:
+       cpu: 100m
+       memory: 50Mi
+     type: Pod
spark-history, quota-compute-resources, ResourceQuota (v1) has been added:
- 
+ # Source: raw/templates/resources.yaml
+ apiVersion: v1
+ kind: ResourceQuota
+ metadata:
+   labels:
+     app: raw
+     chart: raw-0.3.0
+     heritage: Helm
+     release: namespaces
+   name: quota-compute-resources
+   namespace: spark-history
+ spec:
+   hard:
+     limits.cpu: "150"
+     limits.memory: 150Gi
+     requests.cpu: "150"
+     requests.memory: 150Gi
spark-history, view, RoleBinding (rbac.authorization.k8s.io) has been added:
- 
+ # Source: raw/templates/resources.yaml
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: RoleBinding
+ metadata:
+   labels:
+     app: raw
+     chart: raw-0.3.0
+     heritage: Helm
+     release: namespaces
+   name: view
+   namespace: spark-history
+ roleRef:
+   apiGroup: rbac.authorization.k8s.io
+   kind: ClusterRole
+   name: view
+ subjects:
+ - apiGroup: rbac.authorization.k8s.io
+   kind: User
+   name: spark-history
spark-history-test, allow-psp, RoleBinding (rbac.authorization.k8s.io) has been added:
- 
+ # Source: raw/templates/resources.yaml
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: RoleBinding
+ metadata:
+   labels:
+     app: raw
+     chart: raw-0.3.0
+     heritage: Helm
+     release: namespaces
+   name: allow-psp
+   namespace: spark-history-test
+ roleRef:
+   apiGroup: rbac.authorization.k8s.io
+   kind: ClusterRole
+   name: allow-restricted-psp
+ subjects:
+ - apiGroup: rbac.authorization.k8s.io
+   kind: Group
+   name: system:serviceaccounts:spark-history-test
+ - apiGroup: rbac.authorization.k8s.io
+   kind: User
+   name: spark-history-test-deploy
spark-history-test, deploy, RoleBinding (rbac.authorization.k8s.io) has been added:
- 
+ # Source: raw/templates/resources.yaml
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: RoleBinding
+ metadata:
+   labels:
+     app: raw
+     chart: raw-0.3.0
+     heritage: Helm
+     release: namespaces
+   name: deploy
+   namespace: spark-history-test
+ roleRef:
+   apiGroup: rbac.authorization.k8s.io
+   kind: ClusterRole
+   name: deploy
+ subjects:
+ - apiGroup: rbac.authorization.k8s.io
+   kind: User
+   name: spark-history-test-deploy
spark-history-test, general-limits, LimitRange (v1) has been added:
- 
+ # Source: raw/templates/resources.yaml
+ apiVersion: v1
+ kind: LimitRange
+ metadata:
+   labels:
+     app: raw
+     chart: raw-0.3.0
+     heritage: Helm
+     release: namespaces
+   name: general-limits
+   namespace: spark-history-test
+ spec:
+   limits:
+   - default:
+       cpu: 100m
+       memory: 100Mi
+     defaultRequest:
+       cpu: 100m
+       memory: 100Mi
+     max:
+       cpu: "8"
+       memory: 3Gi
+     min:
+       cpu: 25m
+       memory: 50Mi
+     type: Container
+   - max:
+       cpu: "10"
+       memory: 5Gi
+     min:
+       cpu: 100m
+       memory: 50Mi
+     type: Pod
spark-history-test, quota-compute-resources, ResourceQuota (v1) has been added:
- 
+ # Source: raw/templates/resources.yaml
+ apiVersion: v1
+ kind: ResourceQuota
+ metadata:
+   labels:
+     app: raw
+     chart: raw-0.3.0
+     heritage: Helm
+     release: namespaces
+   name: quota-compute-resources
+   namespace: spark-history-test
+ spec:
+   hard:
+     limits.cpu: "150"
+     limits.memory: 150Gi
+     requests.cpu: "150"
+     requests.memory: 150Gi
spark-history-test, view, RoleBinding (rbac.authorization.k8s.io) has been added:
- 
+ # Source: raw/templates/resources.yaml
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: RoleBinding
+ metadata:
+   labels:
+     app: raw
+     chart: raw-0.3.0
+     heritage: Helm
+     release: namespaces
+   name: view
+   namespace: spark-history-test
+ roleRef:
+   apiGroup: rbac.authorization.k8s.io
+   kind: ClusterRole
+   name: view
+ subjects:
+ - apiGroup: rbac.authorization.k8s.io
+   kind: User
+   name: spark-history-test

Listing releases matching ^knative-serving-crds$
Listing releases matching ^knative-serving$
Listing releases matching ^kserve$
Listing releases matching ^kube-state-metrics$
Affected releases are:
  namespaces (wmf-stable/raw) UPDATED

Do you really want to apply?
  Helmfile will apply all your changes, as shown above.

 [y/n]: y
Upgrading release=namespaces, chart=wmf-stable/raw
Release "namespaces" has been upgraded. Happy Helming!
NAME: namespaces
LAST DEPLOYED: Fri Nov 24 13:19:16 2023
NAMESPACE: kube-system
STATUS: deployed
REVISION: 18
TEST SUITE: None

Listing releases matching ^namespaces$
namespaces	kube-system	18      	2023-11-24 13:19:16.40900842 +0000 UTC	deployed	raw-0.3.0	0.2.3      


UPDATED RELEASES:
NAME         CHART            VERSION
namespaces   wmf-stable/raw     0.3.0

helmfile.yaml: basePath=.
brouberol closed this task as Resolved.Nov 24 2023, 1:19 PM
brouberol@deploy2002:~$ kubectl get namespaces | grep spark-history
spark-history           Active   54s
spark-history-test      Active   54s
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL