Page MenuHomePhabricator
Create Task
Maniphest T361343

Create the MPIC Kubernetes chart
Open, HighPublic
Actions

Description

Goal

Starting from the chart template that the SRE team has created, we have to customize it with the specific details of this project

This is something that should be tackled by the Metrics Platform team, with help from the Data Platform SREs, as a way to share knowledge and experience.

AC

  • The SRE Team has created a chart template (merged)
  • The chart has been customized according to the project details
    • We have customized the general behaviour for this chart (merged)
    • We have added the monitoring configuration to this chart (not ready yet)

Notes

  • See below comments

Details

SubjectRepoBranchLines +/-
MPIC Chart: Fixing single quotes and bumping the versionoperations/deployment-chartsmaster+4 -4
MPIC chart and helmfiles: Some fixesoperations/deployment-chartsmaster+4 -5
mpic: specify extra TLS SAN for each releaseoperations/deployment-chartsmaster+6 -2
global_config: add analytics mariadb/postgresql instancesoperations/puppetproduction+28 -1
Create the MPIC Kubernetes chartoperations/deployment-chartsmaster+96 -18
mpic: scaffold chartoperations/deployment-chartsmaster+2 K -0
Customize query in gerrit

Related Objects
Search...

Event Timeline

brouberol created this task.Mar 29 2024, 8:14 AM
brouberol added projects: Metrics Platform Backlog, Data Products (Data Products Sprint 11).Wed, Apr 3, 7:58 AM
gerritbot added a comment.Thu, Apr 4, 10:07 AM

Change #1017034 had a related patch set uploaded (by Brouberol; author: Brouberol):

[operations/deployment-charts@master] mpic: scaffold chart

https://gerrit.wikimedia.org/r/1017034

gerritbot added a project: Patch-For-Review.Thu, Apr 4, 10:07 AM
brouberol added a comment.EditedThu, Apr 4, 10:12 AM

https://gerrit.wikimedia.org/r/1017034 introduces a lot of YAML, but bear in mind that this is fully automatically generated, via the following command:

~/wmf/deployment-charts mpic-chart *17 ?3 ❯ ./create_new_service.sh
What will be the name of your chart? mpic
INFO:sextant:Loading available components
INFO:sextant:Creating the chart from /Users/brouberol/wmf/deployment-charts/_scaffold/service
===> Available components:

* generic-application
  Basic component for generic (non-LAMP) applications

* LAMP
  Basic LAMP application component.

* ingress
  Kubernetes ingress setup with istio.

* service-mesh
  Sets up the service mesh and the TLS termination (if needed)

* prometheus-statsd
  sets up prometheus-statsd-exporter

* mcrouter
  sets up mcrouter
==> Please select a component by name (q to quit)
> generic-application
INFO:wmflib.interactive:User input is: "generic-application"
===> Available components:

* ingress
  Kubernetes ingress setup with istio.

* service-mesh
  Sets up the service mesh and the TLS termination (if needed)

* prometheus-statsd
  sets up prometheus-statsd-exporter

* mcrouter
  sets up mcrouter
Already selected: generic-application
==> Please select a component by name (q to quit)
> ingress
INFO:wmflib.interactive:User input is: "ingress"
===> Available components:

* service-mesh
  Sets up the service mesh and the TLS termination (if needed)

* prometheus-statsd
  sets up prometheus-statsd-exporter

* mcrouter
  sets up mcrouter
Already selected: generic-application,ingress
==> Please select a component by name (q to quit)
> service-mesh
INFO:wmflib.interactive:User input is: "service-mesh"
===> Available components:

* prometheus-statsd
  sets up prometheus-statsd-exporter

* mcrouter
  sets up mcrouter
Already selected: generic-application,ingress,service-mesh
==> Please select a component by name (q to quit)
> q
INFO:wmflib.interactive:User input is: "q"
Selected components: generic-application,ingress,service-mesh


===> Please answer the following questions:

* Please input the complete name of the image (without the registry)

> repos/data-engineering/mpic
* Please input the port that this service will live on. If this service
  is not behind an ingress (i.e. you didn't select the "ingress"
  component), please reserve a port at
  https://wikitech.wikimedia.org/wiki/Kubernetes/Service_ports
> 8000
Chart mpic created, now vendoring dependencies.
INFO:sextant:Copied modules/app/generic_1.0.1.tpl => charts/mpic/templates/vendor/app/generic_1.0.1.tpl
INFO:sextant:Copied modules/base/helper_1.1.1.tpl => charts/mpic/templates/vendor/base/helper_1.1.1.tpl
INFO:sextant:Copied modules/base/meta_2.0.0.tpl => charts/mpic/templates/vendor/base/meta_2.0.0.tpl
INFO:sextant:Copied modules/base/name_1.0.0.tpl => charts/mpic/templates/vendor/base/name_1.0.0.tpl
INFO:sextant:Copied modules/app/job_1.0.0.tpl => charts/mpic/templates/vendor/app/job_1.0.0.tpl
INFO:sextant:Copied modules/base/external-services-networkpolicy_1.0.1.tpl => charts/mpic/templates/vendor/base/external-services-networkpolicy_1.0.1.tpl
INFO:sextant:Copied modules/base/networkpolicy_1.2.0.tpl => charts/mpic/templates/vendor/base/networkpolicy_1.2.0.tpl
INFO:sextant:Copied modules/ingress/istio_1.0.3.tpl => charts/mpic/templates/vendor/ingress/istio_1.0.3.tpl
INFO:sextant:Copied modules/mesh/configuration_1.7.0.tpl => charts/mpic/templates/vendor/mesh/configuration_1.7.0.tpl
INFO:sextant:Copied modules/mesh/certificate_1.1.0.tpl => charts/mpic/templates/vendor/mesh/certificate_1.1.0.tpl
INFO:sextant:Copied modules/mesh/name_1.1.0.tpl => charts/mpic/templates/vendor/mesh/name_1.1.0.tpl
INFO:sextant:Copied modules/mesh/deployment_1.3.0.tpl => charts/mpic/templates/vendor/mesh/deployment_1.3.0.tpl
INFO:sextant:Copied modules/mesh/networkpolicy_1.2.0.tpl => charts/mpic/templates/vendor/mesh/networkpolicy_1.2.0.tpl
INFO:sextant:Copied modules/mesh/service_1.1.0.tpl => charts/mpic/templates/vendor/mesh/service_1.1.0.tpl

This is how we bootstrap a new chart: we scaffold it with ./create_new_service.sh (which uses sextant to manage modules), and 💥 we get a good starting point.

I chose:

  • generic-application because this is our starting point
  • ingress because the traffic intended to the mpic application will be routed via the DSE K8s cluster ingress
  • service-mesh because I found out by experience that I needed to have both ingress and service-mesh to get things working

(I'm happy to get into more gory details, but these are the general main ideas.)

The next steps are:

  • building the image (that I provisionally named repos/data-engineering/mpic)
  • defining on which port does the application listen to (currently set to 8000)
  • having a look at an example of a configuration file used by the application, to start defining default values and per-release-overrides
brouberol added a comment.Thu, Apr 4, 10:19 AM

The philosophy of the scaffolding tools is that is most cases, you should mostly need to tweak things in values.yaml (the chart default values).

By default, the chart generates a couple of Kubernetes resources, a couple of which are of interest to us:

  • Deployment (from templates/deployment.yaml): (doc) Manages stateless applications in Kubernetes
  • Configmap (from templates/configmap.yaml): (doc) Stores non-confidential data in key-value pairs. Pods can consume ConfigMaps as environment variables, command-line arguments, or as configuration files in a volume.
  • NetworkPolicy (from templates/networkpolicy.yaml): Kubernetes firewalls. Determines what services/IP-ports you can talk (egress) to.

Note: we will need to create a custom Configmap resource to generate the application config.yml file from YAML configuration values

brouberol added a comment.EditedThu, Apr 4, 11:02 AM

The way the chart is rendered by injecting the values into the templates is by running (when located in ~/path/to/deployment-charts)

$ helm template test charts/mpic | head
---
# Source: mpic/templates/networkpolicy.yaml
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: mpic-test
  labels:
    app: mpic
    chart: mpic-0.0.1
    release: test
...

This requires the helm binary to be locally installed (brew install helm for macOS, or follow https://helm.sh/docs/intro/install/).

helm is a "package manager for kubernetes", meaning that it is in charge of rendering charts with templates, installing the rendered YAML to kubernetes, creating releases so you can rollback, etc.

One thing to be aware of is that you can overlay YAML variables with precedence. Say I create a values-overrides.yaml file containing

app:
  image: repos/data-engineering/OVERRIDE

I can then run

$ helm template test charts/mpic -f charts/mpic/values-overrides.yaml | grep -C 3 image:                                                                                                     
      containers:
        # The main application container
        - name: mpic-test
          image: "docker-registry.wikimedia.org/repos/data-engineering/OVERRIDE:latest"
          imagePullPolicy: IfNotPresent
          ports:
            - containerPort: 8000

Note: when I specify charts/mpic to helm, it implicitly knows it needs to use charts/mpic/values.yaml as the lowest-precedence values.

If we now create a new values file values-overrides-highest.yaml containing

app:
  image: repos/data-engineering/OVERRIDE-THE-OVERRIDE

and run

$ helm template test charts/mpic -f charts/mpic/values-overrides.yaml -f charts/mpic/values-overrides-highest.yaml | grep -C 3 image:
      containers:
        # The main application container
        - name: mpic-test
          image: "docker-registry.wikimedia.org/repos/data-engineering/OVERRIDE-THE-OVERRIDE:latest"
          imagePullPolicy: IfNotPresent
          ports:
            - containerPort: 8000

we see that the overrides are evaluated left to right: values.yaml < values-overrides.yaml < values-overrides-highest.yaml

Gehel moved this task from Incoming to Scratch on the Data-Platform-SRE board.Thu, Apr 4, 7:04 PM
Gehel triaged this task as High priority.Thu, Apr 4, 7:05 PM
Gehel edited projects, added Data-Platform-SRE (2024.03.25 - 2024.04.14); removed Data-Platform-SRE, Epic.
gerritbot added a comment.Mon, Apr 8, 2:18 PM

Change #1017034 merged by Brouberol:

[operations/deployment-charts@master] mpic: scaffold chart

https://gerrit.wikimedia.org/r/1017034

VirginiaPoundstone edited projects, added Data Products (Data Products Sprint 12); removed Data Products (Data Products Sprint 11).Fri, Apr 12, 4:21 PM
VirginiaPoundstone moved this task from Sprint Backlog to Sprint Goals on the Data Products (Data Products Sprint 12) board.
VirginiaPoundstone moved this task from Sprint Goals to Sprint Backlog on the Data Products (Data Products Sprint 12) board.
Gehel edited projects, added Data-Platform-SRE (2024.04.15 - 2024.05.05); removed Data-Platform-SRE (2024.03.25 - 2024.04.14).Mon, Apr 15, 12:50 PM
Sfaci moved this task from Sprint Backlog to In Process on the Data Products (Data Products Sprint 12) board.Wed, Apr 17, 2:32 PM
Sfaci claimed this task.Wed, Apr 17, 3:20 PM
Sfaci merged a task: T361060: Setup k8s configuration and GitLab CI for MPIC.
Sfaci added subscribers: cjming, Sfaci.
Sfaci removed a project: Patch-For-Review.Thu, Apr 18, 8:30 AM
gerritbot added a comment.Thu, Apr 18, 2:40 PM

Change #1021494 had a related patch set uploaded (by Santiago Faci; author: Santiago Faci):

[operations/deployment-charts@master] Create the MPIC Kubernetes chart

https://gerrit.wikimedia.org/r/1021494

gerritbot added a project: Patch-For-Review.Thu, Apr 18, 2:40 PM
Sfaci moved this task from In Process to Code Review / Tech Input on the Data Products (Data Products Sprint 12) board.Thu, Apr 18, 3:15 PM
Sfaci updated the task description. (Show Details)Fri, Apr 19, 7:18 AM
Sfaci moved this task from Code Review / Tech Input to Paused on the Data Products (Data Products Sprint 12) board.Fri, Apr 19, 4:12 PM
Sfaci updated the task description. (Show Details)Tue, Apr 23, 1:14 PM
Sfaci added a comment.Tue, Apr 23, 1:17 PM

Just pausing this ticket because it seems that, so far, the current change is ok but we need to make some progress in related tasks to be sure which other parameters/configuration we need to add to the MPIC chart. For example:

  • At this time we are using some secrets to log to SAL but there is an open discussion about if it's the right way to do that
  • We'd need to add some config fields related to the login feature
  • We need to explore more about how monitoring works to be sure which parameters we need to parameterize here about it
gerritbot added a comment.Fri, Apr 26, 9:56 AM

Change #1024610 had a related patch set uploaded (by Brouberol; author: Brouberol):

[operations/puppet@production] global_config: add analytics mariadb/postgresql instances

https://gerrit.wikimedia.org/r/1024610

Sfaci moved this task from Paused to In Process on the Data Products (Data Products Sprint 12) board.Fri, Apr 26, 11:15 AM
Sfaci moved this task from In Process to Code Review / Tech Input on the Data Products (Data Products Sprint 12) board.Fri, Apr 26, 12:06 PM
gerritbot added a comment.Fri, Apr 26, 1:13 PM

Change #1021494 merged by jenkins-bot:

[operations/deployment-charts@master] Create the MPIC Kubernetes chart

https://gerrit.wikimedia.org/r/1021494

Sfaci updated the task description. (Show Details)Fri, Apr 26, 2:12 PM
Sfaci updated the task description. (Show Details)Fri, Apr 26, 2:15 PM
Sfaci added a comment.Fri, Apr 26, 2:25 PM

At this time we have a first approach for the mpic chart to try to deploy a first draft version of this webapp as soon as possible. The gitlab pipeline is now ready to publish docker images (T361345: Create the MPIC docker image build pipeline), the database is ready (T361955: Create an `mpic` MariaDB database), we have a first approach about the login (T361341: Add the MPIC idp client configuration) and we are already working on helmfiles (T361344: Create MPIC helmfiles). So our efforts right now are focused on deploying something to staging environment as soon as possible to see how/if everything is working fine there.

Monitoring configuration will be added later because it's completely done yet so, let's move this ticket to pause.

Sfaci moved this task from Code Review / Tech Input to Paused on the Data Products (Data Products Sprint 12) board.Fri, Apr 26, 2:26 PM
gerritbot added a comment.Mon, Apr 29, 12:32 PM

Change #1024610 merged by Brouberol:

[operations/puppet@production] global_config: add analytics mariadb/postgresql instances

https://gerrit.wikimedia.org/r/1024610

brouberol moved this task from Backlog to In Progress on the Data-Platform-SRE (2024.04.15 - 2024.05.05) board.Mon, Apr 29, 1:27 PM
Maintenance_bot removed a project: Patch-For-Review.Mon, Apr 29, 1:31 PM
gerritbot added a comment.Tue, Apr 30, 9:21 AM

Change #1025694 had a related patch set uploaded (by Brouberol; author: Brouberol):

[operations/deployment-charts@master] mpic: specify extra TLS SAN for each release

https://gerrit.wikimedia.org/r/1025694

gerritbot added a project: Patch-For-Review.Tue, Apr 30, 9:21 AM
gerritbot added a comment.Tue, Apr 30, 9:27 AM

Change #1025694 merged by Brouberol:

[operations/deployment-charts@master] mpic: specify extra TLS SAN for each release

https://gerrit.wikimedia.org/r/1025694

gerritbot added a comment.Tue, Apr 30, 9:28 AM

Change #1025696 had a related patch set uploaded (by Santiago Faci; author: Santiago Faci):

[operations/deployment-charts@master] MPIC chart and helmfiles: Some fixes

https://gerrit.wikimedia.org/r/1025696

gerritbot added a comment.Tue, Apr 30, 9:36 AM

Change #1025696 merged by jenkins-bot:

[operations/deployment-charts@master] MPIC chart and helmfiles: Some fixes

https://gerrit.wikimedia.org/r/1025696

Sfaci moved this task from Paused to Code Review / Tech Input on the Data Products (Data Products Sprint 12) board.Tue, Apr 30, 9:46 AM
Sfaci moved this task from Code Review / Tech Input to In Process on the Data Products (Data Products Sprint 12) board.
Maintenance_bot removed a project: Patch-For-Review.Tue, Apr 30, 10:31 AM
Sfaci moved this task from In Process to BLOCKED on the Data Products (Data Products Sprint 12) board.Tue, Apr 30, 10:50 AM
gerritbot added a comment.Tue, Apr 30, 12:53 PM

Change #1025768 had a related patch set uploaded (by Santiago Faci; author: Santiago Faci):

[operations/deployment-charts@master] MPIC Chart: Fixing single quotes and bumping the version

https://gerrit.wikimedia.org/r/1025768

gerritbot added a project: Patch-For-Review.Tue, Apr 30, 12:53 PM
gerritbot added a comment.Tue, Apr 30, 1:20 PM

Change #1025768 merged by jenkins-bot:

[operations/deployment-charts@master] MPIC Chart: Fixing single quotes and bumping the version

https://gerrit.wikimedia.org/r/1025768

Maintenance_bot removed a project: Patch-For-Review.Tue, Apr 30, 1:30 PM
Sfaci moved this task from BLOCKED to Paused on the Data Products (Data Products Sprint 12) board.Tue, Apr 30, 2:18 PM
Sfaci moved this task from Paused to Sign Off on the Data Products (Data Products Sprint 12) board.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL