Deploy the MP Instrumentation Configuration application to the DSE k8s cluster
Open, HighPublic
Actions

Assigned To

None

Authored By

	brouberol
	Mar 29 2024, 8:03 AM

Description

The Metrics Platform Instrumentation Configuration app (as described in T360647) will need to be deployed in the DSE Kubernetes cluster.

As @WDoranWMF explained, it will need to:

be publicly accessible under a mpic.wikimedia.org domain (specific domain to be confirmed)
have a staging and production deployment
have SSO enabled (at least for production, with a potential bypass for staging at first)
have access to the the database setup in T331516

This ticket will break down the work into infrastructure-related tasks that should be accomplished by Data Platform SREs, and application-related tasks, that should be handled by Metrics Platform, with help from Data Platform SREs.

Related Objects
Search...

Status	Assigned	Task
Open	None	T361335 Deploy the MP Instrumentation Configuration application to the DSE k8s cluster
Resolved	brouberol	T361336 Create Kubernetes view/deploy users
Resolved	brouberol	T361337 Create MPIC Kubernetes namespaces
Resolved	brouberol	T361338 Create the MPIC wikimedia.org subdomains DNS records
Resolved	brouberol	T361339 Create the internal service DNS records for the MPIC application
Resolved	brouberol	T361340 Add the MPIC wikimedia.org subdomains to the trafficserver configuration
Resolved	brouberol	T361341 Add the MPIC idp client configuration
Resolved	brouberol	T361342 Provision the MPIC secrets in the private puppet repository
Open	Sfaci	T361343 Create the MPIC Kubernetes chart
Resolved	Sfaci	T361344 Create MPIC helmfiles
Resolved	Sfaci	T361345 Create the MPIC docker image build pipeline
Open	Sfaci	T361346 Setup monitoring for the MPIC applications
Open	None	T361347 Add documentation related to the kubernetes deployment to the MPIC service page
Resolved	brouberol	T361955 Create an `mpic` MariaDB database

Event Timeline

brouberol created this task.Mar 29 2024, 8:03 AM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMar 29 2024, 8:03 AM

WDoranWMF added projects: Metrics Platform Backlog, Data Products (Data Products Sprint 11).Tue, Apr 2, 11:26 AM

@brouberol just posting the Qs we have from Slack here for visibility (cc @Sfaci):

Is there a standard way to use config files for storing environment variables (db connection creds)?

Currently there is a frontend app (vuejs) silo'd in a subdirectory of the backend app (stripped down version of service-template-node) - both are served from different ports:
- Is it reasonable to assume that we can map the different ports to separate domains or subdomains?
- Should frontend + backend be in the same container or different containers?
- Can the FE/BE container(s) be configured with a blubber file?

Is there a standard way to use config files for storing environment variables (db connection creds)?

TLDR: there is a way to commit secrets and have them be usable within your charts.

What we did for Superset was define a DB connection URI containing a <PASSWORD> placeholder that we later-on replace with the actual password. Because the password is secret, we only commit it to the private puppet repo, via which we render a special YAML file on the deployment server containing secrets/passwords only.

Is it reasonable to assume that we can map the different ports to separate domains or subdomains?

Do you mean DNS (sub)domains? If so, there is a way, but it requires just a bit of elbow grease. It can be done though.

However, what I'd do is slightly different, and it mirrors what was done for Superset. We have a single DNS domain (in our case, superset.wikimedia.org), and traffic reaches an nginx reverse proxy, that either proxies the traffic to the frontend container if the url path starts with e.g. /static and to the backend for anything else.

This is what this nginx config does.

Should frontend + backend be in the same container or different containers?

I'd tend to say different containers.

Can the FE/BE container(s) be configured with a blubber file?

Yes! In fact, we did exactly that for Superset

On slack, @Sfaci mentioned

About how the application is configured, at this moment, we have only a config.yaml file per environment but I don't know if we should declare some environment variables.

I would advise for a single way of configuring the application: either a config file _or_ environment variables. It'd be easier to maintain and override over time. Having a yaml file as a source of configuration is perfectly reasonable!

brouberol closed subtask T361337: Create MPIC Kubernetes namespaces as Resolved.Thu, Apr 4, 8:24 AM

brouberol closed subtask T361338: Create the MPIC wikimedia.org subdomains DNS records as Resolved.Thu, Apr 4, 8:26 AM

brouberol closed subtask T361339: Create the internal service DNS records for the MPIC application as Resolved.

brouberol closed subtask T361336: Create Kubernetes view/deploy users as Resolved.Thu, Apr 4, 9:41 AM

brouberol closed subtask T361340: Add the MPIC wikimedia.org subdomains to the trafficserver configuration as Resolved.Thu, Apr 4, 9:43 AM

brouberol closed subtask T361341: Add the MPIC idp client configuration as Resolved.Thu, Apr 4, 10:30 AM

Gehel moved this task from Incoming to Scratch on the Data-Platform-SRE board.Thu, Apr 4, 7:04 PM

Gehel triaged this task as High priority.Thu, Apr 4, 7:05 PM

Gehel edited projects, added Data-Platform-SRE (2024.03.25 - 2024.04.14); removed Data-Platform-SRE, Epic.

VirginiaPoundstone edited projects, added Data Products (Data Products Sprint 12); removed Data Products (Data Products Sprint 11).Fri, Apr 12, 4:21 PM

VirginiaPoundstone moved this task from Sprint Backlog to Sprint Goals on the Data Products (Data Products Sprint 12) board.

VirginiaPoundstone moved this task from Sprint Goals to Sprint Backlog on the Data Products (Data Products Sprint 12) board.