Page MenuHomePhabricator
Create Task
Maniphest T402584

Upgrade Envoy to v1.26.8 and drop buster
Closed, ResolvedPublic
Actions

Description

For T380211 we're upgrading from 1.23 (July 2022) all the way to something from this year. Because we've gotten so far behind, I'll be making the upgrade in a few steps, starting with a move to 1.26.

We were also unable to build 1.24 or better on buster's version of libc. Now that no buster hosts are left running Envoy, this will move the build (and minimum supported distribution) to bullseye.

This update will also fix the following security issues:

Crash in proxy protocol when command type of LOCAL (CVE-2024-23327)
https://github.com/envoyproxy/envoy/security/advisories/GHSA-4h5x-x9vh-m29j
https://github.com/envoyproxy/envoy/commit/63895ea8e3cca9c5d3ab4c5c128ed1369969d54a

Envoy crashes when using an address type that isn’t supported by the OS (CVE-2024-23325)
https://github.com/envoyproxy/envoy/security/advisories/GHSA-5m7c-mrwr-pm26
https://github.com/envoyproxy/envoy/commit/bacd3107455b8d387889467725eb72aa0d5b5237

Ext_authz can be bypassed when Proxy protocol filter sets invalid UTF-8 metadata (CVE-2024-23324)
https://github.com/envoyproxy/envoy/security/advisories/GHSA-gq3v-vvhj-96j6
https://github.com/envoyproxy/envoy/commit/29989f6cc8bfd8cd2ffcb7c42711eb02c7a5168a

Excessive CPU usage when URI template matcher is configured using regex (CVE-2024-23323)
https://github.com/envoyproxy/envoy/security/advisories/GHSA-x278-4w4x-r7ch
https://github.com/envoyproxy/envoy/commit/71eeee8f0f0132f39e402b0ee23b361ee2f4e645

Envoy crashes when idle and request per try timeout occur within the backoff interval (CVE-2024-23322)
https://github.com/envoyproxy/envoy/security/advisories/GHSA-6p83-mfmh-qv38
https://github.com/envoyproxy/envoy/commit/843f9e6a123ed47ce139b421c14e7126f2ac685e

Abnormal termination when using auto_sni with :authority header longer than 255 characters (CVE-2024-32475)
https://github.com/envoyproxy/envoy/security/advisories/GHSA-3mh5-6q8v-25wj
https://github.com/envoyproxy/envoy/commit/b47fc6648d7c2dfe0093a601d44cb704b7bad382

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
wikifeeds: Remove envoy image_version overrideoperations/deployment-chartsmaster+0 -2
cleanup: Remove Envoy 1.26.8 overrides now that it's the defaultoperations/deployment-chartsmaster+0 -9
mw-videoscaler: Upgrade to envoy 1.26.8operations/deployment-chartsmaster+4 -2
{api,rest}-gateway: Upgrade to Envoy 1.26.8 in productionoperations/deployment-chartsmaster+2 -4
mw-*: Upgrade to Envoy 1.26.8operations/deployment-chartsmaster+7 -14
{api,rest}-gateway: Upgrade to Envoy 1.26.8 in stagingoperations/deployment-chartsmaster+2 -0
envoy: Update to v1.26.8operations/docker-images/production-imagesmaster+6 -0
Failover idp.w.o to idp2004operations/dnsmaster+1 -1
mathoid: Upgrade to envoy-future:1.26.8-3 for validationoperations/deployment-chartsmaster+1 -1
envoy-future: Sync dockerfile changes from envoy image to envoy-futureoperations/docker-images/production-imagesmaster+12 -2
mathoid: Upgrade to envoy-future:1.26.8-2 for validationoperations/deployment-chartsmaster+2 -0
jjb: Update to helm-linter:0.7.3 to pick up envoy-future 1.26.8integration/configmaster+1 -1
helm-linter: Bump for envoy 1.26.8 and switch to bullseye-wikimediaintegration/configmaster+8 -1
envoy-future: Update to 1.26.8 for realoperations/docker-images/production-imagesmaster+7 -0
envoy-future: Update to 1.26.8 and bump envoy-future.list to bullseyeoperations/docker-images/production-imagesmaster+7 -1
Rewrite checksum paths to filenames in get-envoy-release.shoperations/debs/envoyproxyv1.26+4 -1
Update to v1.26.8 and drop busteroperations/debs/envoyproxyv1.26+19 -10
Show related patches Customize query in gerrit

Related Objects
Search...

Event Timeline

There are a very large number of changes, so older changes are hidden. Show Older Changes
gerritbot added a comment.Aug 26 2025, 8:52 PM

Change #1182209 merged by RLazarus:

[operations/docker-images/production-images@master] envoy-future: Sync dockerfile changes from envoy image to envoy-future

https://gerrit.wikimedia.org/r/1182209

gerritbot added a comment.Aug 26 2025, 9:43 PM

Change #1182210 merged by jenkins-bot:

[operations/deployment-charts@master] mathoid: Upgrade to envoy-future:1.26.8-3 for validation

https://gerrit.wikimedia.org/r/1182210

Maintenance_bot removed a project: Patch-For-Review.Aug 26 2025, 10:31 PM
RLazarus added a comment.Aug 26 2025, 10:57 PM

Validated on mathoid and mw-debug (mathoid still on envoy-future, mw-debug back on 1.23 for now).

One config warning in the logs from mw-debug:

[2025-08-26 22:40:20.622][1][warning][misc] [source/common/protobuf/message_validator_impl.cc:21] Deprecated field: type envoy.config.core.v3.HeaderValueOption Using deprecated option 'envoy.config.core.v3.HeaderValueOption.append' from file base.proto. This configuration will be removed from Envoy soon. Please see https://www.envoyproxy.io/docs/envoy/latest/version_history/version_history for details. If continued use of this field is absolutely necessary, see https://www.envoyproxy.io/docs/envoy/latest/configuration/operations/runtime#using-runtime-overrides-for-deprecated-features for how to apply a temporary and highly discouraged override.

That doesn't block us from deploying 1.26, but I'll update the config templates before upgrading further. No complaints in the mathoid envoy logs.

Stashbot added a comment.Aug 26 2025, 11:01 PM

Mentioned in SAL (#wikimedia-operations) [2025-08-26T23:01:15Z] <rzl> reprepro -C main includedeb bullseye-wikimedia /srv/wikimedia/pool/component/envoy-future/e/envoyproxy/envoyproxy_1.26.8-1_amd64.deb # T402584

RLazarus added a comment.Aug 26 2025, 11:34 PM

More deprecation warnings from the API Gateway (started locally after modifying charts/api-gateway/values-devel.yaml to use envoy-future:

[source/common/protobuf/message_validator_impl.cc:21] Deprecated field: type envoy.config.bootstrap.v3.Admin Using deprecated option 'envoy.config.bootstrap.v3.Admin.access_log_path' from file bootstrap.proto.  [...]
[source/common/protobuf/message_validator_impl.cc:21] Deprecated field: type envoy.config.cluster.v3.Cluster Using deprecated option 'envoy.config.cluster.v3.Cluster.common_http_protocol_options' from file cluster.proto.  [...]
[source/common/protobuf/message_validator_impl.cc:21] Deprecated field: type envoy.config.cluster.v3.Cluster Using deprecated option 'envoy.config.cluster.v3.Cluster.http2_protocol_options' from file cluster.proto.  [...]
[source/common/protobuf/message_validator_impl.cc:21] Deprecated field: type envoy.config.cluster.v3.Cluster Using deprecated option 'envoy.config.cluster.v3.Cluster.max_requests_per_connection' from file cluster.proto.  [...]
[source/common/protobuf/message_validator_impl.cc:21] Deprecated field: type envoy.config.core.v3.HeaderValueOption Using deprecated option 'envoy.config.core.v3.HeaderValueOption.append' from file base.proto.  [...]
[source/common/protobuf/message_validator_impl.cc:21] Deprecated field: type envoy.config.route.v3.HeaderMatcher Using deprecated option 'envoy.config.route.v3.HeaderMatcher.exact_match' from file route_components.proto.  [...]
[source/common/protobuf/message_validator_impl.cc:21] Deprecated field: type envoy.config.route.v3.HeaderMatcher Using deprecated option 'envoy.config.route.v3.HeaderMatcher.safe_regex_match' from file route_components.proto.  [...]
[source/common/protobuf/message_validator_impl.cc:21] Deprecated field: type envoy.config.route.v3.RouteAction Using deprecated option 'envoy.config.route.v3.RouteAction.cors' from file route_components.proto.  [...]
[source/common/protobuf/message_validator_impl.cc:21] Deprecated field: type envoy.type.matcher.v3.RegexMatcher Using deprecated option 'envoy.type.matcher.v3.RegexMatcher.google_re2' from file regex.proto.  [...]

But nothing blocking here either.

Stashbot added a comment.Aug 27 2025, 10:49 AM

Mentioned in SAL (#wikimedia-operations) [2025-08-27T10:49:32Z] <slyngs> idm2001.wikimedia.org - Update EnvoyProxy to version 1.26.8 - https://phabricator.wikimedia.org/T402584

Stashbot added a comment.Aug 27 2025, 10:54 AM

Mentioned in SAL (#wikimedia-operations) [2025-08-27T10:54:03Z] <slyngs> idm1001.wikimedia.org - Update EnvoyProxy to version 1.26.8 - https://phabricator.wikimedia.org/T402584

gerritbot added a comment.Aug 27 2025, 12:20 PM

Change #1182521 had a related patch set uploaded (by Muehlenhoff; author: Muehlenhoff):

[operations/dns@master] Failover idp.w.o to idp2004

https://gerrit.wikimedia.org/r/1182521

gerritbot added a project: Patch-For-Review.Aug 27 2025, 12:20 PM
gerritbot added a comment.Aug 27 2025, 12:53 PM

Change #1182521 merged by Muehlenhoff:

[operations/dns@master] Failover idp.w.o to idp2004

https://gerrit.wikimedia.org/r/1182521

Stashbot added a comment.Aug 27 2025, 12:58 PM

Mentioned in SAL (#wikimedia-operations) [2025-08-27T12:58:49Z] <moritzm> upgrading envoy on testreduce T402584

Maintenance_bot removed a project: Patch-For-Review.Aug 27 2025, 1:31 PM
Stashbot added a comment.Aug 27 2025, 4:58 PM

Mentioned in SAL (#wikimedia-operations) [2025-08-27T16:58:46Z] <mutante> upgrading envoyproxy on people* hosts T402584

Stashbot added a comment.Aug 27 2025, 5:05 PM

Mentioned in SAL (#wikimedia-operations) [2025-08-27T17:05:12Z] <mutante> upgrading envoyproxy on aphlict* and zuul* hosts T402584

Stashbot added a comment.Aug 27 2025, 5:21 PM

Mentioned in SAL (#wikimedia-operations) [2025-08-27T17:21:02Z] <mutante> upgrading envoyproxy on releases* and planet* hosts T402584

RLazarus mentioned this in T403101: Envoy config updates from v1.26.Aug 27 2025, 5:45 PM
Stashbot added a comment.Aug 27 2025, 5:46 PM

Mentioned in SAL (#wikimedia-operations) [2025-08-27T17:46:15Z] <mutante> upgrading envoyproxy on doc* and etherpad* hosts T402584

Stashbot added a comment.Aug 27 2025, 6:05 PM

Mentioned in SAL (#wikimedia-operations) [2025-08-27T18:05:23Z] <mutante> upgrading envoyproxy on phab2002, lists2001, contint2002 T402584

Stashbot added a comment.Aug 27 2025, 6:21 PM

Mentioned in SAL (#wikimedia-operations) [2025-08-27T18:21:02Z] <arnoldokoth> Upgrade envoyproxy on vrts2002 T402584

ssingh removed a project: Traffic.Aug 27 2025, 6:40 PM
gerritbot added a comment.Aug 27 2025, 9:51 PM

Change #1182659 had a related patch set uploaded (by RLazarus; author: RLazarus):

[operations/docker-images/production-images@master] envoy: Update to v1.26.8

https://gerrit.wikimedia.org/r/1182659

gerritbot added a project: Patch-For-Review.Aug 27 2025, 9:51 PM
gerritbot added a comment.Aug 27 2025, 10:02 PM

Change #1182659 merged by RLazarus:

[operations/docker-images/production-images@master] envoy: Update to v1.26.8

https://gerrit.wikimedia.org/r/1182659

Maintenance_bot removed a project: Patch-For-Review.Aug 27 2025, 10:30 PM
gerritbot added a comment.Aug 28 2025, 12:28 AM

Change #1182680 had a related patch set uploaded (by RLazarus; author: RLazarus):

[operations/deployment-charts@master] api-gateway: Upgrade to Envoy 1.26.8 in staging

https://gerrit.wikimedia.org/r/1182680

gerritbot added a project: Patch-For-Review.Aug 28 2025, 12:28 AM

Change #1182681 had a related patch set uploaded (by RLazarus; author: RLazarus):

[operations/deployment-charts@master] api-gateway: Upgrade to Envoy 1.26.8 in production

https://gerrit.wikimedia.org/r/1182681

Stashbot added a comment.Aug 28 2025, 12:04 PM

Mentioned in SAL (#wikimedia-operations) [2025-08-28T12:04:16Z] <moritzm> upgrading debmonitor to Envoy 1.26.8 T402584

Stashbot added a comment.Aug 28 2025, 1:45 PM

Mentioned in SAL (#wikimedia-operations) [2025-08-28T13:45:25Z] <moritzm> upgrading puppetboard to Envoy 1.26.8 T402584

Clement_Goubert closed subtask T402668: provide envoyproxy package on trixie as Resolved.Aug 28 2025, 1:50 PM
gerritbot added a comment.Aug 28 2025, 4:59 PM

Change #1182680 merged by jenkins-bot:

[operations/deployment-charts@master] {api,rest}-gateway: Upgrade to Envoy 1.26.8 in staging

https://gerrit.wikimedia.org/r/1182680

gerritbot added a comment.Aug 28 2025, 10:07 PM

Change #1182945 had a related patch set uploaded (by RLazarus; author: RLazarus):

[operations/deployment-charts@master] mw-*: Upgrade to Envoy 1.26.8

https://gerrit.wikimedia.org/r/1182945

gerritbot added a comment.Aug 28 2025, 10:28 PM

Change #1182945 merged by jenkins-bot:

[operations/deployment-charts@master] mw-*: Upgrade to Envoy 1.26.8

https://gerrit.wikimedia.org/r/1182945

gerritbot added a comment.Aug 28 2025, 10:54 PM

Change #1182681 merged by jenkins-bot:

[operations/deployment-charts@master] {api,rest}-gateway: Upgrade to Envoy 1.26.8 in production

https://gerrit.wikimedia.org/r/1182681

Maintenance_bot removed a project: Patch-For-Review.Aug 28 2025, 11:30 PM
MatthewVernon closed subtask T403374: Data-persistence envoy upgrades to 1.26.8-1 as Resolved.Sep 1 2025, 10:45 AM
Stashbot added a comment.Sep 3 2025, 1:35 PM

Mentioned in SAL (#wikimedia-operations) [2025-09-03T13:35:50Z] <urandom> upgrading envoyproxy to 1.26.8-1, restbase/eqiad (cassandra) rack 'a' — T402584

Stashbot added a comment.Sep 3 2025, 1:45 PM

Mentioned in SAL (#wikimedia-operations) [2025-09-03T13:45:16Z] <urandom> upgrading envoyproxy to 1.26.8-1, restbase/eqiad (cassandra) rack 'b' — T402584

Stashbot added a comment.Sep 3 2025, 1:49 PM

Mentioned in SAL (#wikimedia-operations) [2025-09-03T13:49:36Z] <urandom> upgrading envoyproxy to 1.26.8-1, restbase/eqiad (cassandra) rack 'd' — T402584

Stashbot added a comment.Sep 3 2025, 3:00 PM

Mentioned in SAL (#wikimedia-operations) [2025-09-03T15:00:54Z] <urandom> upgrading envoyproxy to 1.26.8-1, restbase/codfw — T402584

Dzahn changed the status of subtask T402596: upgrade people servers to trixie from Stalled to In Progress.Sep 3 2025, 4:09 PM
RLazarus mentioned this in T403663: Upgrade Envoy to v1.29.12.Sep 3 2025, 8:04 PM
Stashbot added a comment.Sep 4 2025, 12:14 PM

Mentioned in SAL (#wikimedia-operations) [2025-09-04T12:14:01Z] <arnoldokoth> Upgrade envoyproxy on vrts1003 T402584

Stashbot added a comment.Sep 4 2025, 2:25 PM

Mentioned in SAL (#wikimedia-operations) [2025-09-04T14:25:54Z] <moritzm> upgrade Envoyproxy on webperf* T402584

bking subscribed.Sep 4 2025, 2:51 PM
Stashbot added a comment.Sep 4 2025, 2:51 PM

Mentioned in SAL (#wikimedia-operations) [2025-09-04T14:51:34Z] <moritzm> upgrade Envoyproxy on Puppet servers T402584

Stashbot added a comment.Sep 4 2025, 3:22 PM

Mentioned in SAL (#wikimedia-operations) [2025-09-04T15:22:21Z] <moritzm> upgrade Envoyproxy on cloudweb servers T402584

Stashbot added a comment.Sep 4 2025, 4:35 PM

Mentioned in SAL (#wikimedia-operations) [2025-09-04T16:35:04Z] <btullis> upgrading and restarting envoyproxy on cephosd1001 for T402584

Stashbot added a comment.Sep 4 2025, 4:39 PM

Mentioned in SAL (#wikimedia-operations) [2025-09-04T16:39:50Z] <btullis> upgrading and restarting envoyproxy on cephosd100[2-5] for T402584

Stashbot added a comment.Sep 4 2025, 4:44 PM

Mentioned in SAL (#wikimedia-operations) [2025-09-04T16:44:49Z] <btullis> upgrading and restarting envoyproxy on cephosd200[1-3] for T402584

gerritbot added a comment.Sep 4 2025, 7:58 PM

Change #1184918 had a related patch set uploaded (by RLazarus; author: RLazarus):

[operations/deployment-charts@master] mw-videoscaler: Upgrade to envoy 1.26.8

https://gerrit.wikimedia.org/r/1184918

gerritbot added a project: Patch-For-Review.Sep 4 2025, 7:58 PM
Stashbot added a comment.Sep 8 2025, 7:46 AM

Mentioned in SAL (#wikimedia-operations) [2025-09-08T07:46:13Z] <moritzm> upgrading Envoy on an-web, an-tool1007 (turnilo), an-tool1008 (yarn) T402584

MoritzMuehlenhoff updated the task description. (Show Details)Sep 8 2025, 3:08 PM
gerritbot added a comment.Sep 8 2025, 4:03 PM

Change #1184918 merged by jenkins-bot:

[operations/deployment-charts@master] mw-videoscaler: Upgrade to envoy 1.26.8

https://gerrit.wikimedia.org/r/1184918

Maintenance_bot removed a project: Patch-For-Review.Sep 8 2025, 4:31 PM
Stashbot added a comment.Sep 8 2025, 4:40 PM

Mentioned in SAL (#wikimedia-operations) [2025-09-08T16:40:27Z] <denisse> Upgrade envoyproxy on grafana2001 - T402584

Stashbot added a comment.Sep 8 2025, 4:41 PM

Mentioned in SAL (#wikimedia-operations) [2025-09-08T16:41:21Z] <denisse> Upgrade envoyproxy on grafana1002 - T402584

Stashbot added a comment.Sep 8 2025, 4:43 PM

Mentioned in SAL (#wikimedia-operations) [2025-09-08T16:43:24Z] <denisse> Upgrade envoyproxy on prometheus1005 - T402584

gerritbot added a comment.Sep 8 2025, 4:58 PM

Change #1185995 had a related patch set uploaded (by RLazarus; author: RLazarus):

[operations/deployment-charts@master] cleanup: Remove Envoy 1.26.8 overrides now that it's the default

https://gerrit.wikimedia.org/r/1185995

gerritbot added a project: Patch-For-Review.Sep 8 2025, 4:58 PM
Stashbot added a comment.Sep 8 2025, 5:17 PM

Mentioned in SAL (#wikimedia-operations) [2025-09-08T17:17:22Z] <denisse> Upgrade envoyproxy on prometheus[1006-1008] and [2005-2008] - T402584

Stashbot added a comment.Sep 8 2025, 5:21 PM

Mentioned in SAL (#wikimedia-operations) [2025-09-08T17:21:48Z] <denisse> Upgrade envoyproxy on prometheus::pop hosts - T402584

Stashbot added a comment.Sep 8 2025, 5:23 PM

Mentioned in SAL (#wikimedia-operations) [2025-09-08T17:23:30Z] <denisse> Upgrade envoyproxy on titan1001 - T402584

Stashbot added a comment.Sep 8 2025, 5:26 PM

Mentioned in SAL (#wikimedia-operations) [2025-09-08T17:26:25Z] <denisse> Upgrade envoyproxy on titan hosts - T402584

Stashbot added a comment.Sep 8 2025, 5:28 PM

Mentioned in SAL (#wikimedia-operations) [2025-09-08T17:28:42Z] <denisse> Upgrade envoyproxy on graphite hosts - T402584

gerritbot added a comment.Sep 8 2025, 11:01 PM

Change #1185995 merged by jenkins-bot:

[operations/deployment-charts@master] cleanup: Remove Envoy 1.26.8 overrides now that it's the default

https://gerrit.wikimedia.org/r/1185995

elukey subscribed.Sep 9 2025, 10:03 AM
This comment was removed by elukey.
elukey added a subscriber: BTullis.Sep 9 2025, 10:11 AM

I noticed the following occurrences of Buster images:

dse-k8s-eqiad-152-namespace: datasets-config
dse-k8s-eqiad-157-namespace: datasets-config-next

eqiad: device-analytics
eqiad: edit-analytics
eqiad: editor-analytics
eqiad: geo-analytics
eqiad: image-suggestion
eqiad: media-analytics
eqiad: page-analytics

@RLazarus Hi! Is there a plan for those or it is the usual "no-owners" etc.. zone? I can help if the case is the latter :)

@BTullis Hi! Could you take care of the dse ones? Should be just a matter of doing a deploy :)

Stashbot added a comment.Sep 9 2025, 1:53 PM

Mentioned in SAL (#wikimedia-operations) [2025-09-09T13:53:14Z] <moritzm> upgrading Envoy on config-master* T402584

Stashbot added a comment.Sep 9 2025, 2:03 PM

Mentioned in SAL (#wikimedia-operations) [2025-09-09T14:03:07Z] <moritzm> upgrading Envoy on schema* T402584

Maintenance_bot removed a project: Patch-For-Review.Sep 9 2025, 2:31 PM
RLazarus added a comment.Sep 9 2025, 3:49 PM

@elukey Thank you! Looks like an ownership issue, and yes please if you're comfortable deploying those, I'll take you up on it. (We were just talking in serviceops about the general problem of keeping the state of the world up to date with the state of the repo. In the general case it's hard and we'll need to figure it out; in the specific case your help would make a big difference!)

Dzahn changed the status of subtask T402596: upgrade people servers to trixie from In Progress to Stalled.Sep 9 2025, 5:57 PM
gerritbot added a comment.Sep 10 2025, 2:39 AM

Change #1186676 had a related patch set uploaded (by RLazarus; author: RLazarus):

[operations/deployment-charts@master] {api,rest}-gateway: Upgrade to Envoy 1.29.12 in staging

https://gerrit.wikimedia.org/r/1186676

gerritbot added a project: Patch-For-Review.Sep 10 2025, 2:39 AM
elukey added a comment.Sep 10 2025, 7:19 AM

Ack! Upgraded staging, and pinged the DSE SREs as well on slack to gather their opinion about ownership etc..

Stashbot added a comment.Sep 10 2025, 7:49 AM

Mentioned in SAL (#wikimedia-operations) [2025-09-10T07:49:10Z] <moritzm> upgrading Envoy on chartmuseum* T402584

Stashbot added a comment.Sep 10 2025, 7:50 AM

Mentioned in SAL (#wikimedia-operations) [2025-09-10T07:50:18Z] <brouberol> upgraded envoy on dse-k8s-eqiad/dataset-config(-next) - T402584

Stashbot added a comment.Sep 10 2025, 9:38 AM

Mentioned in SAL (#wikimedia-operations) [2025-09-10T09:38:26Z] <moritzm> upgrading Envoy on Logstash T402584

Stashbot added a comment.Sep 10 2025, 9:47 AM

Mentioned in SAL (#wikimedia-operations) [2025-09-10T09:47:42Z] <moritzm> upgrading Envoy on contint T402584

Stashbot added a comment.Sep 10 2025, 9:56 AM

Mentioned in SAL (#wikimedia-operations) [2025-09-10T09:56:41Z] <moritzm> upgrading Envoy on lists T402584

MoritzMuehlenhoff added a comment.Sep 10 2025, 10:06 AM

All baremetal installations of Envoy have been upgraded

Stashbot added a comment.Sep 10 2025, 10:06 AM

Mentioned in SAL (#wikimedia-operations) [2025-09-10T10:06:30Z] <moritzm> upgrading Envoy on lists T402584

Stashbot added a comment.Sep 10 2025, 10:06 AM

Mentioned in SAL (#wikimedia-operations) [2025-09-10T10:06:42Z] <moritzm> upgrading Envoy on Phabricator T402584

elukey added a comment.Sep 11 2025, 3:02 PM
In T402584#11166132, @elukey wrote:

Ack! Upgraded staging, and pinged the DSE SREs as well on slack to gather their opinion about ownership etc..

I ended up deploying the namespaces and Santiago Faci tested them, all good!

Dzahn changed the status of subtask T402596: upgrade people servers to trixie from Stalled to Open.Sep 11 2025, 4:29 PM
Dzahn closed subtask T402596: upgrade people servers to trixie as Resolved.Sep 15 2025, 7:10 PM
Bugreporter mentioned this in T402952: Move user_editcount into its own table, and shard it.Sep 16 2025, 2:50 AM
gerritbot added a comment.Sep 23 2025, 1:19 AM

Change #1190376 had a related patch set uploaded (by RLazarus; author: RLazarus):

[operations/deployment-charts@master] {api,rest}-gateway: Upgrade to Envoy 1.29.12 in production

https://gerrit.wikimedia.org/r/1190376

gerritbot added a comment.Sep 25 2025, 12:25 AM

Change #1191203 had a related patch set uploaded (by RLazarus; author: RLazarus):

[operations/deployment-charts@master] wikifeeds: Remove envoy image_version override

https://gerrit.wikimedia.org/r/1191203

RLazarus added a comment.Sep 25 2025, 1:13 AM

I deployed most services in wikikube (in part to test https://gerrit.wikimedia.org/r/1188456). Remaining services with an Envoy upgrade to go:

commons-impact-analyticsstaging
eventstreams-internalcodfw
rdf-streaming-updatereqiad
wikifeedsstaging, eqiad, codfw

The first three had some other outstanding diff that wasn't obviously impact-free (in each case, only in one cluster). I've pinged Data Platform SRE for all three of those. For wikifeeds see https://gerrit.wikimedia.org/r/1191203.

After that we can consider this complete.

gerritbot added a comment.Sep 25 2025, 9:20 PM

Change #1191203 merged by jenkins-bot:

[operations/deployment-charts@master] wikifeeds: Remove envoy image_version override

https://gerrit.wikimedia.org/r/1191203

RLazarus closed this task as Resolved.Sep 25 2025, 9:34 PM

1.23 is gone. 🎉

RLazarus closed subtask T403101: Envoy config updates from v1.26 as Resolved.Sep 25 2025, 9:50 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits