⚓ T381417 aux-k8s-codfw cluster setup

Subject	Repo	Branch	Lines +/-
conftool-data: update k8s-ingress-aux	operations/puppet	production	+2 -1
service: add k8s-ingress-aux-(ro\|rw) discovery entries	operations/puppet	production	+4 -2
create k8s-ingress-aux -ro and -rw discovery records, metafo/geodns	operations/dns	master	+5 -0
hiera: add aux-k8s-codfw to deployment_server	operations/puppet	production	+4 -0
add k8s ingress service aliases for jaeger in codfw	operations/dns	master	+3 -0
aux-k8s codfw: enable worker ingress	operations/puppet	production	+4 -35
aux-k8s-codfw: populate network subnet and constants	operations/puppet	production	+11 -0
jaeger: hooks: fix typo	operations/deployment-charts	master	+2 -2
jaeger: add aux-k8s-codfw environment	operations/deployment-charts	master	+5 -0
add aux-k8s-codfw to environment	operations/deployment-charts	master	+14 -0
Add delegations for aux-k8s POD ranges in codfw	operations/dns	master	+27 -4
aux-k8s-worker: deploy role to codfw workers	operations/puppet	production	+31 -1
aux-k8s codfw: enable worker ingress	operations/puppet	production	+4 -35
aux-k8s-ctrl codfw: enable lvs	operations/puppet	production	+4 -45
dns: add aux-k8s ingress/ctrl vips	operations/dns	master	+4 -3
KubernetesRsyslogDown: alert only if logs were sent before	operations/alerts	master	+4 -2
aux-k8s-ctrl codfw: apply role	operations/puppet	production	+90 -2
aux-k8s-etcd: set bootstrap false	operations/puppet	production	+0 -3
aux-k8s-etcd: bootstrap codfw cluster	operations/puppet	production	+3 -0
wmnet: add codfw aux-k8s-etcd SRV records	operations/dns	master	+8 -0
aux_k8s: apply etcd_aux_k8s role to aux-k8s-etcd200[345] nodes	operations/puppet	production	+2 -1
add aux-k8s-codfw cluster	operations/deployment-charts	master	+21 -0

Status	Assigned	Task
Open	None	T378742 aux-k8s: eqiad expansion, codfw creation, & future hopes and dreams
Resolved	herron	T381417 aux-k8s-codfw cluster setup
Stalled	None	T385727 etcd: adapt etcd-backup.py for etcd 3.4
Resolved	herron	T388586 aux-k8s-codfw enable bgp
Stalled	None	T268199 Graduate codesearch to production
Resolved	None	T396073 Request to increase RAM and VCPU quota in codesearch

herron mentioned this in T378742: aux-k8s: eqiad expansion, codfw creation, & future hopes and dreams.Dec 3 2024, 4:55 PM

herron mentioned this in T378986: codfw: (2x) aux-k8s-ctrl nodes.

herron mentioned this in T378988: codfw: (3x) aux-k8s-etcd nodes.

herron mentioned this in T378987: codfw: (4x) aux-k8s-worker nodes.Dec 3 2024, 4:57 PM

Change #1100153 had a related patch set uploaded (by Herron; author: Herron):

[operations/deployment-charts@master] add aux-k8s-codfw cluster

https://gerrit.wikimedia.org/r/1100153

gerritbot added a project: Patch-For-Review.Dec 3 2024, 5:18 PM

herron moved this task from Inbox to FY2024/2025-Q3 on the SRE Observability board.Dec 3 2024, 7:03 PM

herron edited projects, added SRE Observability (FY2024/2025-Q3); removed SRE Observability.

cmooney subscribed.Dec 9 2024, 3:34 PM

CDanis triaged this task as Medium priority.Dec 16 2024, 3:20 PM

Raine subscribed.Jan 17 2025, 12:51 PM

Raine mentioned this in T371214: Move mw-accesslog-metrics instance to k8s.Jan 17 2025, 12:56 PM

Change #1100153 merged by jenkins-bot:

[operations/deployment-charts@master] add aux-k8s-codfw cluster

https://gerrit.wikimedia.org/r/1100153

Change #1116825 had a related patch set uploaded (by Herron; author: Herron):

[operations/puppet@production] aux_k8s: apply etcd_aux_k8s role to aux-k8s-etcd200[345] nodes

https://gerrit.wikimedia.org/r/1116825

Change #1116825 merged by Herron:

[operations/puppet@production] aux_k8s: apply etcd_aux_k8s role to aux-k8s-etcd200[345] nodes

https://gerrit.wikimedia.org/r/1116825

Maintenance_bot removed a project: Patch-For-Review.Feb 3 2025, 6:31 PM

In T381417#10518550, @gerritbot wrote:

Change #1116825 merged by Herron:

[operations/puppet@production] aux_k8s: apply etcd_aux_k8s role to aux-k8s-etcd200[345] nodes

https://gerrit.wikimedia.org/r/1116825

Missed adding the new SRV records ahead of merging the puppet patch, will work on that next

Feb 03 18:47:22 aux-k8s-etcd2003 etcd[653149]: couldn't resolve during SRV discovery (error querying DNS SRV records for _etcd-server-ssl lookup _etcd-server-ssl._tcp.aux-k8s-etcd.codfw.wmnet on 10.3.0.1:53: no such host)
Feb 03 18:47:22 aux-k8s-etcd2003 etcd[653149]: error setting up initial cluster: error querying DNS SRV records for _etcd-server-ssl lookup _etcd-server-ssl._tcp.aux-k8s-etcd.codfw.wmnet on 10.3.0.1:53: no such host
Feb 03 18:47:22 aux-k8s-etcd2003 systemd[1]: etcd.service: Main process exited, code=exited, status=1/FAILURE
Feb 03 18:47:22 aux-k8s-etcd2003 systemd[1]: etcd.service: Failed with result 'exit-code'.
Feb 03 18:47:22 aux-k8s-etcd2003 systemd[1]: Failed to start etcd.service - etcd - highly-available key value store.

Change #1116867 had a related patch set uploaded (by Herron; author: Herron):

[operations/dns@master] wmnet: add codfw aux-k8s-etcd SRV records

https://gerrit.wikimedia.org/r/1116867

gerritbot added a project: Patch-For-Review.Feb 3 2025, 8:39 PM

Change #1116867 merged by Herron:

[operations/dns@master] wmnet: add codfw aux-k8s-etcd SRV records

https://gerrit.wikimedia.org/r/1116867

Maintenance_bot removed a project: Patch-For-Review.Feb 4 2025, 3:31 PM

Change #1117219 had a related patch set uploaded (by Herron; author: Herron):

[operations/puppet@production] aux-k8s-etcd: bootstrap codfw cluster

https://gerrit.wikimedia.org/r/1117219

gerritbot added a project: Patch-For-Review.Feb 4 2025, 4:45 PM

Change #1117219 merged by Herron:

[operations/puppet@production] aux-k8s-etcd: bootstrap codfw cluster

https://gerrit.wikimedia.org/r/1117219

Maintenance_bot removed a project: Patch-For-Review.Feb 4 2025, 5:31 PM

Change #1117235 had a related patch set uploaded (by Herron; author: Herron):

[operations/puppet@production] aux-k8s-etcd: set bootstrap false

https://gerrit.wikimedia.org/r/1117235

Change #1117235 merged by Herron:

[operations/puppet@production] aux-k8s-etcd: set bootstrap false

https://gerrit.wikimedia.org/r/1117235

Maintenance_bot removed a project: Patch-For-Review.Feb 4 2025, 6:31 PM

herron updated the task description. (Show Details)Feb 4 2025, 6:33 PM

Change #1122170 had a related patch set uploaded (by Herron; author: Herron):

[operations/puppet@production] aux-k8s-ctrl codfw: apply role

https://gerrit.wikimedia.org/r/1122170

gerritbot added a project: Patch-For-Review.Feb 24 2025, 5:34 PM

Change #1122170 merged by Herron:

[operations/puppet@production] aux-k8s-ctrl codfw: apply role

https://gerrit.wikimedia.org/r/1122170

Maintenance_bot removed a project: Patch-For-Review.Feb 27 2025, 4:30 PM

Change #1123426 had a related patch set uploaded (by Herron; author: Herron):

[operations/puppet@production] aux-k8s-ctrl codfw: enable lvs

https://gerrit.wikimedia.org/r/1123426

gerritbot added a project: Patch-For-Review.Feb 27 2025, 6:01 PM

Change #1123434 had a related patch set uploaded (by Herron; author: Herron):

[operations/puppet@production] aux-k8s-worker: deploy role to codfw workers

https://gerrit.wikimedia.org/r/1123434

Change #1124179 had a related patch set uploaded (by Herron; author: Herron):

[operations/puppet@production] aux-k8s codfw: enable worker ingress

https://gerrit.wikimedia.org/r/1124179

Change #1123434 merged by Herron:

[operations/puppet@production] aux-k8s-worker: deploy role to codfw workers

https://gerrit.wikimedia.org/r/1123434

Change #1124453 had a related patch set uploaded (by Herron; author: Herron):

[operations/alerts@master] KubernetesRsyslogDown: bump threshold to 15m

https://gerrit.wikimedia.org/r/1124453

herron updated the task description. (Show Details)Mar 5 2025, 2:54 PM

Change #1124453 abandoned by Herron:

[operations/alerts@master] KubernetesRsyslogDown: alert only if logs were sent before

Reason:

going with doc/process update instead

https://gerrit.wikimedia.org/r/1124453

Change #1126093 had a related patch set uploaded (by Herron; author: Herron):

[operations/dns@master] dns: add aux-k8s ingress/ctrl vips

https://gerrit.wikimedia.org/r/1126093

Change #1126093 merged by Herron:

[operations/dns@master] dns: add aux-k8s ingress/ctrl vips

https://gerrit.wikimedia.org/r/1126093

Change #1123426 merged by Herron:

[operations/puppet@production] aux-k8s-ctrl codfw: enable lvs

https://gerrit.wikimedia.org/r/1123426

Mentioned in SAL (#wikimedia-operations) [2025-03-10T17:45:55Z] <sukhe> sudo cumin 'A:lvs-codfw' 'disable-puppet "adding k8s-ingress-aux codfw"'T381417

jijiki mentioned this in T387900: deploy1003 reports helmfileAdminPendingChanges.Mar 10 2025, 5:46 PM

Change #1124179 merged by Herron:

[operations/puppet@production] aux-k8s codfw: enable worker ingress

https://gerrit.wikimedia.org/r/1124179

Maintenance_bot removed a project: Patch-For-Review.Mar 10 2025, 6:32 PM

herron updated the task description. (Show Details)Mar 11 2025, 2:16 PM

Quick status update here, the aux-k8s codfw cluster is running and the aux-k8s-ctrl.svc.codfw.wmnet vip is live.

deploy1003:~# kubectl get nodes
NAME                             STATUS   ROLES           AGE   VERSION
aux-k8s-ctrl2002.codfw.wmnet     Ready    control-plane   21h   v1.23.14
aux-k8s-ctrl2003.codfw.wmnet     Ready    control-plane   21h   v1.23.14
aux-k8s-worker2002.codfw.wmnet   Ready    <none>          21h   v1.23.14
aux-k8s-worker2003.codfw.wmnet   Ready    <none>          21h   v1.23.14
aux-k8s-worker2004.codfw.wmnet   Ready    <none>          21h   v1.23.14
aux-k8s-worker2005.codfw.wmnet   Ready    <none>          21h   v1.23.14

Had a false start with https://gerrit.wikimedia.org/r/1124179 which has been reverted, as I now realize there's more prep needed before activating ingress lvs for codfw. Thinking out loud -- this seems like a step that could be worth decoupling from the worker role application since its a challenge to bring everything up quickly enough to avoid triggering lvs alerts.

At any rate, up next is standing up the aux-k8s codfw ingress, to be followed by a re-try of the reverted ingress lvs patch

Change #1126568 had a related patch set uploaded (by Herron; author: Herron):

[operations/deployment-charts@master] add aux-k8s-codfw to environment

https://gerrit.wikimedia.org/r/1126568

gerritbot added a project: Patch-For-Review.Mar 11 2025, 8:21 PM

Change #1127151 had a related patch set uploaded (by Cathal Mooney; author: Cathal Mooney):

[operations/dns@master] Add delegations for aux-k8s POD ranges in codfw and missing v6 ones

https://gerrit.wikimedia.org/r/1127151

@Dzahn made me aware of these patches which I think are also needed:

https://gerrit.wikimedia.org/r/c/operations/dns/+/1126182

https://gerrit.wikimedia.org/r/c/operations/dns/+/1126180

akosiaris subscribed.Mar 12 2025, 9:48 PM

Change #1126182 had a related patch set uploaded (by Dzahn; author: Dzahn):

[operations/dns@master] create k8s-ingress-aux -ro and -rw discovery records, metafo/geodns

https://gerrit.wikimedia.org/r/1126182

Dzahn added a subtask: T268199: Graduate codesearch to production.Mar 13 2025, 2:44 AM

Change #1127151 merged by Cathal Mooney:

[operations/dns@master] Add delegations for aux-k8s POD ranges in codfw

https://gerrit.wikimedia.org/r/1127151

herron closed subtask T388586: aux-k8s-codfw enable bgp as Resolved.Mar 13 2025, 2:08 PM

Change #1126568 merged by jenkins-bot:

[operations/deployment-charts@master] add aux-k8s-codfw to environment

https://gerrit.wikimedia.org/r/1126568

Change #1128868 had a related patch set uploaded (by Herron; author: Herron):

[operations/deployment-charts@master] jaeger: add aux-k8s-codfw environment

https://gerrit.wikimedia.org/r/1128868

Change #1128869 had a related patch set uploaded (by Herron; author: Herron):

[operations/deployment-charts@master] jaeger: hooks: fix typo

https://gerrit.wikimedia.org/r/1128869

Change #1128868 merged by jenkins-bot:

[operations/deployment-charts@master] jaeger: add aux-k8s-codfw environment

https://gerrit.wikimedia.org/r/1128868

Change #1128869 merged by jenkins-bot:

[operations/deployment-charts@master] jaeger: hooks: fix typo

https://gerrit.wikimedia.org/r/1128869

Change #1126180 had a related patch set uploaded (by Dzahn; author: Dzahn):

[operations/dns@master] add k8s ingress service aliases for jaeger in codfw

https://gerrit.wikimedia.org/r/1126180

Change #1128926 had a related patch set uploaded (by Herron; author: Herron):

[operations/puppet@production] aux-k8s-codfw: populate network subnet and constants

https://gerrit.wikimedia.org/r/1128926

Change #1128926 merged by Herron:

[operations/puppet@production] aux-k8s-codfw: populate network subnet and constants

https://gerrit.wikimedia.org/r/1128926

Change #1128937 had a related patch set uploaded (by Herron; author: Herron):

[operations/puppet@production] aux-k8s codfw: enable worker ingress

https://gerrit.wikimedia.org/r/1128937

Change #1128937 merged by Ssingh:

[operations/puppet@production] aux-k8s codfw: enable worker ingress

https://gerrit.wikimedia.org/r/1128937

herron updated the task description. (Show Details)Mar 19 2025, 5:54 PM

Thanks to @ssingh the k8s-ingress-aux.svc.codfw.wmnet LVS is alive!

And with the checklist in the task desc now complete, I think we're in good shape to optimistically resolve this setup task

Dzahn changed the status of subtask T268199: Graduate codesearch to production from Open to In Progress.Mar 19 2025, 6:18 PM

Change #1126180 merged by Dzahn:

[operations/dns@master] add k8s ingress service aliases for jaeger in codfw

https://gerrit.wikimedia.org/r/1126180

Raine awarded a token.Mar 21 2025, 11:57 AM

Change #1132587 had a related patch set uploaded (by Kamila Součková; author: Kamila Součková):

[operations/puppet@production] hiera: add aux-k8s-codfw to deployment_server

https://gerrit.wikimedia.org/r/1132587

Change #1132587 merged by Kamila Součková:

[operations/puppet@production] hiera: add aux-k8s-codfw to deployment_server

https://gerrit.wikimedia.org/r/1132587

Change #1126182 merged by Dzahn:

[operations/dns@master] create k8s-ingress-aux -ro and -rw discovery records, metafo/geodns

https://gerrit.wikimedia.org/r/1126182

Maintenance_bot removed a project: Patch-For-Review.Mar 31 2025, 5:30 PM

Change #1133176 had a related patch set uploaded (by Herron; author: Herron):

[operations/puppet@production] service: add k8s-ingress-aux-(ro|rw) discovery entries

https://gerrit.wikimedia.org/r/1133176

gerritbot added a project: Patch-For-Review.Apr 1 2025, 4:14 PM

Change #1133176 merged by Herron:

[operations/puppet@production] service: add k8s-ingress-aux-(ro|rw) discovery entries

https://gerrit.wikimedia.org/r/1133176

Maintenance_bot removed a project: Patch-For-Review.Apr 1 2025, 5:31 PM

Change #1133195 had a related patch set uploaded (by Herron; author: Herron):

[operations/puppet@production] conftool-data: update k8s-ingress-aux

https://gerrit.wikimedia.org/r/1133195

Change #1133195 merged by Herron:

[operations/puppet@production] conftool-data: update k8s-ingress-aux

https://gerrit.wikimedia.org/r/1133195

Maintenance_bot removed a project: Patch-For-Review.Apr 1 2025, 6:31 PM

herron changed the status of subtask T385727: etcd: adapt etcd-backup.py for etcd 3.4 from Open to Stalled.Apr 7 2025, 2:56 PM

Dzahn changed the status of subtask T268199: Graduate codesearch to production from In Progress to Open.Apr 21 2025, 11:04 PM

• lmata moved this task from Inbox to Done on the SRE Observability (FY2024/2025-Q3) board.Jun 17 2025, 1:52 PM

• Yankees199 changed the status of subtask T268199: Graduate codesearch to production from Open to In Progress.Jul 29 2025, 11:01 AM

Peachey88 changed the status of subtask T268199: Graduate codesearch to production from In Progress to Open.Jul 29 2025, 11:03 AM

Dzahn changed the status of subtask T268199: Graduate codesearch to production from Open to Stalled.Sep 29 2025, 4:48 PM

aux-k8s-codfw cluster setup
Closed, ResolvedPublic
Actions

Description

Details

Related Objects
Search...

Event Timeline

aux-k8s-codfw cluster setupClosed, ResolvedPublicActions

Description

Details

Related ObjectsSearch...

Event Timeline

aux-k8s-codfw cluster setup
Closed, ResolvedPublic
Actions

Related Objects
Search...