Page MenuHomePhabricator
Create Task
Maniphest T383553

Set cert-manager leader election namespace to cert-manager
Open, HighPublic
Actions

Description

Currently cert-manager does create leases in kube-system namespace. This is the upstream default to prevent multiple cert-manager installations per cluster.
In out setup it's rater counter-intuitive because one has to know about this in order to be able to find the leases and might be mislead during debugging etc.

It's not safe to change the leader election namespace with a simple deployment as that would mean two elected leaders for a short period of time. So I propose changing .Values.global.leaderElection.namespace to cert-manager when updating the clusters.

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
Update eqiad to k8s 1.31operations/deployment-chartsmaster+34 -15
Update codfw to k8s 1.31operations/deployment-chartsmaster+37 -19
admin_ng: Create cert-manager leases in cert-manager namespaceoperations/deployment-chartsmaster+9 -1
Customize query in gerrit

Related Objects
Search...

Event Timeline

JMeybohm created this task.Jan 13 2025, 11:16 AM
Gehel moved this task from Incoming to Watching on the Data-Platform-SRE board.Jan 17 2025, 9:08 AM
LSobanski moved this task from Incoming to K8s on the collaboration-services board.Mar 4 2025, 9:36 AM
JMeybohm triaged this task as High priority.Mar 5 2025, 6:07 PM
gerritbot added a comment.Mar 7 2025, 3:52 PM

Change #1125462 had a related patch set uploaded (by JMeybohm; author: JMeybohm):

[operations/deployment-charts@master] admin_ng: Create cert-manager leases in cert-manager namespace

https://gerrit.wikimedia.org/r/1125462

gerritbot added a project: Patch-For-Review.Mar 7 2025, 3:52 PM
gerritbot added a comment.Mar 11 2025, 9:37 AM

Change #1125462 merged by jenkins-bot:

[operations/deployment-charts@master] admin_ng: Create cert-manager leases in cert-manager namespace

https://gerrit.wikimedia.org/r/1125462

Maintenance_bot removed a project: Patch-For-Review.Mar 11 2025, 10:31 AM
gerritbot added a comment.Jun 23 2025, 7:50 AM

Change #1161945 had a related patch set uploaded (by JMeybohm; author: Kamila Součková):

[operations/deployment-charts@master] Update codfw to k8s 1.31

https://gerrit.wikimedia.org/r/1161945

gerritbot added a project: Patch-For-Review.Jun 23 2025, 7:50 AM
gerritbot added a comment.Jun 23 2025, 10:59 AM

Change #1161945 merged by jenkins-bot:

[operations/deployment-charts@master] Update codfw to k8s 1.31

https://gerrit.wikimedia.org/r/1161945

Maintenance_bot removed a project: Patch-For-Review.Jun 23 2025, 11:32 AM
gerritbot added a comment.Sep 26 2025, 9:17 AM

Change #1191656 had a related patch set uploaded (by Jelto; author: Jelto):

[operations/deployment-charts@master] Update eqiad to k8s 1.31

https://gerrit.wikimedia.org/r/1191656

gerritbot added a project: Patch-For-Review.Sep 26 2025, 9:17 AM
gerritbot added a comment.Oct 1 2025, 1:20 PM

Change #1191656 merged by jenkins-bot:

[operations/deployment-charts@master] Update eqiad to k8s 1.31

https://gerrit.wikimedia.org/r/1191656

Maintenance_bot removed a project: Patch-For-Review.Oct 1 2025, 1:32 PM
LSobanski removed a project: collaboration-services.Dec 8 2025, 4:50 PM
MLechvien-WMF edited projects, added ServiceOps new; removed serviceops.Sun, Jan 25, 10:31 PM
MLechvien-WMF moved this task from Inbox to Needs Info / Blocked on the ServiceOps new board.
MLechvien-WMF subscribed.

@JMeybohm could you please confirm the urgency of this task?

JMeybohm moved this task from Needs Info / Blocked to Radar on the ServiceOps new board.Thu, Feb 5, 10:05 AM
JMeybohm added projects: Infrastructure-Foundations, Machine-Learning-Team.

This is done for all wikikube clusters, so we can move this to radar on our side. Still relevant for:

elukey subscribed.Thu, Feb 5, 10:12 AM
elukey mentioned this in T414484: Upgrade DSE clusters to kubernetes 1.31.Thu, Feb 5, 10:20 AM
elukey mentioned this in T414485: Upgrade ML clusters to kubernetes 1.31.
elukey mentioned this in T414486: Upgrade AUX clusters to kubernetes 1.31.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits