Page MenuHomePhabricator
Create Task
Maniphest T365855

Stop hardcoding k8s master (k8s API) endpoint IP addresses
Closed, ResolvedPublic
Actions

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
otelcol: use proper Calico selector syntax part2operations/deployment-chartsmaster+2 -2
otelcol: use proper Calico selector syntaxoperations/deployment-chartsmaster+2 -2
otelcol: Stop hardcoding k8s master IP addressesoperations/deployment-chartsmaster+39 -25
Fix opentelemetry-collector chart CIoperations/deployment-chartsmaster+5 -2
otelcol: update hardcoded k8s master IPs for the last timeoperations/deployment-chartsmaster+6 -14
freshen hardcoded IDP addressesoperations/deployment-chartsmaster+2 -6
otelcol: deploy k8sattributes processoroperations/deployment-chartsmaster+36 -1
Customize query in gerrit

Related Objects
Search...

Event Timeline

CDanis created this task.May 24 2024, 5:57 PM
gerritbot added a comment.May 24 2024, 6:19 PM

Change #1035756 had a related patch set uploaded (by CDanis; author: CDanis):

[operations/deployment-charts@master] otelcol: deploy k8s attributes processor

https://gerrit.wikimedia.org/r/1035756

gerritbot added a project: Patch-For-Review.May 24 2024, 6:19 PM
gerritbot added a comment.May 24 2024, 6:31 PM

Change #1035756 merged by jenkins-bot:

[operations/deployment-charts@master] otelcol: deploy k8sattributes processor

https://gerrit.wikimedia.org/r/1035756

Maintenance_bot removed a project: Patch-For-Review.May 24 2024, 7:30 PM
gerritbot added a comment.May 29 2024, 9:38 PM

Change #1037179 had a related patch set uploaded (by CDanis; author: CDanis):

[operations/deployment-charts@master] freshen hardcoded IDP addresses

https://gerrit.wikimedia.org/r/1037179

gerritbot added a project: Patch-For-Review.May 29 2024, 9:38 PM
gerritbot added a comment.May 29 2024, 9:41 PM

Change #1037179 merged by jenkins-bot:

[operations/deployment-charts@master] freshen hardcoded IDP addresses

https://gerrit.wikimedia.org/r/1037179

Maintenance_bot removed a project: Patch-For-Review.May 29 2024, 10:31 PM
JMeybohm subscribed.Jun 3 2024, 9:36 AM

This is basically T287491: Allow to address Kubernetes API servers from NetworkPolicy
IMHO the easiest and less intrusive way to do this with an upstream helm chart is to just add a calico networkpolicy template to the chart (the file could even be prefixed with wmf-) that just creates that one policy. The linked phab task should contain some examples for that.

JMeybohm triaged this task as High priority.Jun 21 2024, 3:45 PM

I'm triaging this to high as this is the only place where wikikube k8s control-plane IPs are hardcoded and we already forgot about it once. Also it's pretty easy to fix.

CDanis added a comment.Jun 21 2024, 4:48 PM

@JMeybohm The best way to fix this is by adding a calico definition to the chart directory in a file whose name starts with wmf-, correct?

JMeybohm added a comment.Jun 24 2024, 8:57 AM
In T365855#9913970, @CDanis wrote:

@JMeybohm The best way to fix this is by adding a calico definition to the chart directory in a file whose name starts with wmf-, correct?

I think so, yes. Something like https://gerrit.wikimedia.org/r/c/operations/deployment-charts/+/974158

gerritbot added a comment.Jul 3 2024, 6:28 PM

Change #1051820 had a related patch set uploaded (by CDanis; author: CDanis):

[operations/deployment-charts@master] otelcol: update hardcoded k8s master IPs for the last time

https://gerrit.wikimedia.org/r/1051820

gerritbot added a project: Patch-For-Review.Jul 3 2024, 6:28 PM
gerritbot added a comment.Jul 3 2024, 6:34 PM

Change #1051820 merged by jenkins-bot:

[operations/deployment-charts@master] otelcol: update hardcoded k8s master IPs for the last time

https://gerrit.wikimedia.org/r/1051820

gerritbot added a comment.Jul 15 2024, 8:07 PM

Change #1054394 had a related patch set uploaded (by CDanis; author: CDanis):

[operations/deployment-charts@master] otelcol: Stop hardcoding k8s master IP addresses

https://gerrit.wikimedia.org/r/1054394

jijiki added a parent task: T287491: Allow to address Kubernetes API servers from NetworkPolicy.Jul 16 2024, 3:19 PM
gerritbot added a comment.Jul 16 2024, 3:31 PM

Change #1054594 had a related patch set uploaded (by CDanis; author: CDanis):

[operations/deployment-charts@master] Fix opentelemetry-collector chart CI

https://gerrit.wikimedia.org/r/1054594

gerritbot added a comment.Jul 16 2024, 3:44 PM

Change #1054594 merged by jenkins-bot:

[operations/deployment-charts@master] Fix opentelemetry-collector chart CI

https://gerrit.wikimedia.org/r/1054594

gerritbot added a comment.Jul 16 2024, 3:44 PM

Change #1054394 merged by jenkins-bot:

[operations/deployment-charts@master] otelcol: Stop hardcoding k8s master IP addresses

https://gerrit.wikimedia.org/r/1054394

Maintenance_bot removed a project: Patch-For-Review.Jul 16 2024, 4:31 PM
gerritbot added a comment.Jul 16 2024, 6:22 PM

Change #1054637 had a related patch set uploaded (by CDanis; author: CDanis):

[operations/deployment-charts@master] otelcol: use proper Calico selector syntax

https://gerrit.wikimedia.org/r/1054637

gerritbot added a project: Patch-For-Review.Jul 16 2024, 6:22 PM
gerritbot added a comment.Jul 16 2024, 6:47 PM

Change #1054637 merged by CDanis:

[operations/deployment-charts@master] otelcol: use proper Calico selector syntax

https://gerrit.wikimedia.org/r/1054637

gerritbot added a comment.Jul 16 2024, 7:09 PM

Change #1054650 had a related patch set uploaded (by CDanis; author: CDanis):

[operations/deployment-charts@master] otelcol: use proper Calico selector syntax part2

https://gerrit.wikimedia.org/r/1054650

gerritbot added a comment.Jul 16 2024, 7:13 PM

Change #1054650 merged by CDanis:

[operations/deployment-charts@master] otelcol: use proper Calico selector syntax part2

https://gerrit.wikimedia.org/r/1054650

CDanis closed this task as Resolved.Jul 16 2024, 7:24 PM
CDanis claimed this task.

As I learned today, there's apparently no validation for the supposed-to-be-internal-only crd.projectcalico.org/v1 object type. This required a few iterations in production to get right, but we're done now.

https://github.com/projectcalico/calico/issues/6412

Maintenance_bot removed a project: Patch-For-Review.Jul 16 2024, 7:30 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits