Proton is currently running in the Beta Cluster on the [[ https://openstack-browser.toolforge.org/server/deployment-chromium01.deployment-prep.eqiad1.wikimedia.cloud | deployment-chromium01 ]] instance. We should create a new instance, using the `role::beta::docker_services` Puppet role, to host the Dockerized service using images from the deployment pipeline. The configuration will be similar to that used on [[ https://openstack-browser.toolforge.org/server/deployment-push-notifications01.deployment-prep.eqiad1.wikimedia.cloud | deployment-push-notifications01 ]].
I would suggest updating the naming convention to use the common name 'proton' to match the service name in k8s, making this new instance deployment-proton01 (or, for additional clarity, deployment-docker-proton01).
**AC**
[] Create new instance deployment-proton01 (or deployment-docker-proton01) from the latest Debian Buster image
[] Update the Puppet SSL cert to get Puppet running successfully with the Beta Cluster puppetmaster
[] Add required hiera config, including the service configuration
[] Apply the `role::beta::docker_services` and ensure Puppet still runs successfully
[] Verify that the service is correctly serving internal requests
[] Create a security group (if needed) to expose the service port (3030) to incoming traffic, and apply it to deployment-[docker-]proton01
[] Migrate any existing references to deployment-chromium01 to deployment-[docker-]proton01
[] Delete the existing proton-beta.wmflabs.org web proxy and create new a web proxy from proton-beta.wmflabs.org to port 3030 on deployment-[docker-]proton01
[] Ensure that proton-beta.wmflabs.org correctly serves external requests
[] Destroy deployment-chromium01