Page MenuHomePhabricator
Create Task
Maniphest T365855

Stop hardcoding k8s master (k8s API) endpoint IP addresses
Open, HighPublic
Actions

Details

SubjectRepoBranchLines +/-
freshen hardcoded IDP addressesoperations/deployment-chartsmaster+2 -6
otelcol: deploy k8sattributes processoroperations/deployment-chartsmaster+36 -1
Customize query in gerrit

Related Objects
Search...

Event Timeline

CDanis created this task.May 24 2024, 5:57 PM
gerritbot added a comment.May 24 2024, 6:19 PM

Change #1035756 had a related patch set uploaded (by CDanis; author: CDanis):

[operations/deployment-charts@master] otelcol: deploy k8s attributes processor

https://gerrit.wikimedia.org/r/1035756

gerritbot added a project: Patch-For-Review.May 24 2024, 6:19 PM
gerritbot added a comment.May 24 2024, 6:31 PM

Change #1035756 merged by jenkins-bot:

[operations/deployment-charts@master] otelcol: deploy k8sattributes processor

https://gerrit.wikimedia.org/r/1035756

Maintenance_bot removed a project: Patch-For-Review.May 24 2024, 7:30 PM
gerritbot added a comment.Wed, May 29, 9:38 PM

Change #1037179 had a related patch set uploaded (by CDanis; author: CDanis):

[operations/deployment-charts@master] freshen hardcoded IDP addresses

https://gerrit.wikimedia.org/r/1037179

gerritbot added a project: Patch-For-Review.Wed, May 29, 9:38 PM
gerritbot added a comment.Wed, May 29, 9:41 PM

Change #1037179 merged by jenkins-bot:

[operations/deployment-charts@master] freshen hardcoded IDP addresses

https://gerrit.wikimedia.org/r/1037179

Maintenance_bot removed a project: Patch-For-Review.Wed, May 29, 10:31 PM
JMeybohm subscribed.Mon, Jun 3, 9:36 AM

This is basically T287491: Allow to address Kubernetes API servers from NetworkPolicy
IMHO the easiest and less intrusive way to do this with an upstream helm chart is to just add a calico networkpolicy template to the chart (the file could even be prefixed with wmf-) that just creates that one policy. The linked phab task should contain some examples for that.

JMeybohm triaged this task as High priority.Fri, Jun 21, 3:45 PM

I'm triaging this to high as this is the only place where wikikube k8s control-plane IPs are hardcoded and we already forgot about it once. Also it's pretty easy to fix.

CDanis added a comment.Fri, Jun 21, 4:48 PM

@JMeybohm The best way to fix this is by adding a calico definition to the chart directory in a file whose name starts with wmf-, correct?

JMeybohm added a comment.Mon, Jun 24, 8:57 AM
In T365855#9913970, @CDanis wrote:

@JMeybohm The best way to fix this is by adding a calico definition to the chart directory in a file whose name starts with wmf-, correct?

I think so, yes. Something like https://gerrit.wikimedia.org/r/c/operations/deployment-charts/+/974158

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL