Page MenuHomePhabricator
Create Task
Maniphest T405078

Rebuild Toolforge HAProxies to support IPv6
Closed, ResolvedPublic
Actions

Description

The current Toolforge K8s HAProxy hosts run in the vlan-legacy network with a private v4 VIP. To eliminate the need for the separate front HAProxy host, we need to re-build those in the dualstack network with VIPs for both address families.

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
P:toolforge::proxy: Disable connection failure trackingoperations/puppetproduction+7 -6
P:toolforge::k8s::haproxy: Add resolver config to api-gateway-tcpoperations/puppetproduction+1 -0
P:toolforge::k8s::haproxy: Prefer IPv4 for backend nodesoperations/puppetproduction+19 -0
P:toolforge::k8s::haproxy: Fix TLS on IPv6 listeneroperations/puppetproduction+1 -1
P:toolforge::k8s::haproxy: Bind the K8s API service on v6operations/puppetproduction+1 -0
wmcs_libs: k8s: Support tofu-managed groups for HAProxycloud/wmcs-cookbooksmain+133 -8
toolforge: k8s: Resolve K8s HAProxy VIPs from Hieracloud/wmcs-cookbooksmain+44 -21
P:toolforge::k8s::haproxy: Allow passing list of IPs for VIPsoperations/puppetproduction+2 -2
Customize query in gerrit

Related Objects
Search...

Event Timeline

taavi created this task.Sep 19 2025, 11:05 AM
taavi triaged this task as Medium priority.
gerritbot added a comment.Sep 19 2025, 11:31 AM

Change #1189840 had a related patch set uploaded (by Majavah; author: Majavah):

[operations/puppet@production] P:toolforge::k8s::haproxy: Drop old TCP listener

https://gerrit.wikimedia.org/r/1189840

gerritbot added a project: Patch-For-Review.Sep 19 2025, 11:31 AM

Change #1189841 had a related patch set uploaded (by Majavah; author: Majavah):

[operations/puppet@production] P:toolforge::k8s::haproxy: Handle API gateway external access

https://gerrit.wikimedia.org/r/1189841

gerritbot added a comment.Sep 19 2025, 1:09 PM

Change #1189870 had a related patch set uploaded (by Majavah; author: Majavah):

[operations/puppet@production] P:toolforge::k8s::haproxy: Allow passing list of IPs for VIPs

https://gerrit.wikimedia.org/r/1189870

gerritbot added a comment.Sep 22 2025, 9:44 AM

Change #1189870 merged by Majavah:

[operations/puppet@production] P:toolforge::k8s::haproxy: Allow passing list of IPs for VIPs

https://gerrit.wikimedia.org/r/1189870

gerritbot added a comment.Sep 25 2025, 9:14 AM

Change #1191307 had a related patch set uploaded (by Majavah; author: Majavah):

[cloud/wmcs-cookbooks@main] wmcs_libs: k8s: Support tofu-managed groups for HAProxy

https://gerrit.wikimedia.org/r/1191307

gerritbot added a comment.Sep 25 2025, 9:14 AM

Change #1191308 had a related patch set uploaded (by Majavah; author: Majavah):

[cloud/wmcs-cookbooks@main] toolforge: k8s: Resolve K8s HAProxy VIPs from Hiera

https://gerrit.wikimedia.org/r/1191308

CodeReviewBot added a comment.Sep 25 2025, 9:27 AM

taavi opened https://gitlab.wikimedia.org/repos/cloud/toolforge/tofu-provisioning/-/merge_requests/86

shared: Allocate a VIP for HAProxy Keepalived usage

gerritbot added a comment.Sep 29 2025, 1:42 PM

Change #1191308 merged by jenkins-bot:

[cloud/wmcs-cookbooks@main] toolforge: k8s: Resolve K8s HAProxy VIPs from Hiera

https://gerrit.wikimedia.org/r/1191308

taavi mentioned this in rCCKBb58bcdad8ebd: toolforge: k8s: Resolve K8s HAProxy VIPs from Hiera.Sep 29 2025, 1:43 PM
gerritbot added a comment.Sep 29 2025, 2:32 PM

Change #1191307 merged by jenkins-bot:

[cloud/wmcs-cookbooks@main] wmcs_libs: k8s: Support tofu-managed groups for HAProxy

https://gerrit.wikimedia.org/r/1191307

jenkins-bot mentioned this in rCCKB7d542363a421: wmcs_libs: k8s: Support tofu-managed groups for HAProxy.Sep 29 2025, 2:33 PM
CodeReviewBot added a comment.Sep 29 2025, 4:46 PM

taavi merged https://gitlab.wikimedia.org/repos/cloud/toolforge/tofu-provisioning/-/merge_requests/86

shared: Allocate a VIP for HAProxy Keepalived usage

CodeReviewBot added a comment.Oct 2 2025, 1:17 PM

taavi opened https://gitlab.wikimedia.org/repos/cloud/toolforge/tofu-provisioning/-/merge_requests/89

toolsbeta: Point k8s DNS name to the new VIP

CodeReviewBot added a comment.Oct 2 2025, 1:47 PM

taavi opened https://gitlab.wikimedia.org/repos/cloud/toolforge/tofu-provisioning/-/merge_requests/90

tools: Point k8s DNS name to the new VIP

CodeReviewBot added a comment.Oct 2 2025, 2:12 PM

taavi merged https://gitlab.wikimedia.org/repos/cloud/toolforge/tofu-provisioning/-/merge_requests/89

toolsbeta: Point k8s DNS name to the new VIP

gerritbot added a comment.Oct 2 2025, 2:21 PM

Change #1193124 had a related patch set uploaded (by Majavah; author: Majavah):

[operations/puppet@production] P:toolforge::k8s::haproxy: Bind the K8s API service on v6

https://gerrit.wikimedia.org/r/1193124

gerritbot added a comment.Oct 2 2025, 2:24 PM

Change #1193124 merged by Majavah:

[operations/puppet@production] P:toolforge::k8s::haproxy: Bind the K8s API service on v6

https://gerrit.wikimedia.org/r/1193124

gerritbot added a comment.Oct 2 2025, 2:30 PM

Change #1193125 had a related patch set uploaded (by Majavah; author: Majavah):

[operations/puppet@production] P:toolforge::k8s::haproxy: Fix TLS on IPv6 listener

https://gerrit.wikimedia.org/r/1193125

gerritbot added a comment.Oct 2 2025, 2:33 PM

Change #1193125 merged by Majavah:

[operations/puppet@production] P:toolforge::k8s::haproxy: Fix TLS on IPv6 listener

https://gerrit.wikimedia.org/r/1193125

gerritbot added a comment.Oct 2 2025, 6:22 PM

Change #1193164 had a related patch set uploaded (by Majavah; author: Majavah):

[operations/puppet@production] P:toolforge::k8s::haproxy: Prefer IPv4 for backend nodes

https://gerrit.wikimedia.org/r/1193164

gerritbot added a comment.Oct 3 2025, 6:52 AM

Change #1193164 merged by Majavah:

[operations/puppet@production] P:toolforge::k8s::haproxy: Prefer IPv4 for backend nodes

https://gerrit.wikimedia.org/r/1193164

gerritbot added a comment.Oct 3 2025, 6:58 AM

Change #1193310 had a related patch set uploaded (by Majavah; author: Majavah):

[operations/puppet@production] P:toolforge::k8s::haproxy: Add resolver config to api-gateway-tcp

https://gerrit.wikimedia.org/r/1193310

gerritbot added a comment.Oct 3 2025, 7:01 AM

Change #1193310 merged by Majavah:

[operations/puppet@production] P:toolforge::k8s::haproxy: Add resolver config to api-gateway-tcp

https://gerrit.wikimedia.org/r/1193310

CodeReviewBot added a comment.Oct 3 2025, 7:09 AM

taavi merged https://gitlab.wikimedia.org/repos/cloud/toolforge/tofu-provisioning/-/merge_requests/90

tools: Point k8s DNS name to the new VIP

gerritbot added a comment.Oct 3 2025, 7:50 AM

Change #1193317 had a related patch set uploaded (by Majavah; author: Majavah):

[operations/puppet@production] P:toolforge::proxy: Disable connection failure tracking

https://gerrit.wikimedia.org/r/1193317

gerritbot added a comment.Oct 3 2025, 8:19 AM

Change #1193317 merged by Majavah:

[operations/puppet@production] P:toolforge::proxy: Disable connection failure tracking

https://gerrit.wikimedia.org/r/1193317

taavi closed this task as Resolved.Oct 3 2025, 3:05 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits