The k8s haproxy being the replacement for the current k8s control plane, I think it should follow the same pattern. The current one is k8s-master.tools.wmflabs.org http://k8s-master.tools.wmflabs.org/ in tools. That suggests the next one would be k8s-control.tools.wmflabs.org http://k8s-control.tools.wmflabs.org/ or wmcloud.org http://wmcloud.org/ In toolsbeta it would be the same pattern, which is what we were doing, but we haven’t changed master to control yet. That seems to follow the rest of our tooling fine?
Brooke Storm Senior SRE Wikimedia Cloud Services bstorm@wikimedia.org mailto:bstorm@wikimedia.org IRC: bstorm_
On Oct 16, 2019, at 7:56 AM, Bryan Davis bd808@wikimedia.org wrote:
On Wed, Oct 16, 2019 at 6:30 AM Arturo Borrero Gonzalez <aborrero@wikimedia.org mailto:aborrero@wikimedia.org> wrote:
Hi,
I have a proposal.
The new k8s haproxy is in front of the api-server and the ingress [0]. In toolsbeta we have been using the following:
toolsbeta-k8s-master.toolsbeta.wmflabs.org:6443 (api-server) toolsbeta-k8s-master.toolsbeta.wmflabs.org:30000 (ingress)
This haproxy knows which k8s nodes/controllers are UP and proxy the queries for them. Right now, this FQDN is not using a floating IP, is a simple A record pointing to the haproxy VM. This record is in the 'toolsbeta' CloudVPS project.
I've been wondering which FQDN would be nice to have in the final deployment. We have 'toolforge.org', but `whatever.toolforge.org` is intended to be a tool webservice, so I've been re-reading our DNS domains plans [1] and my proposal is to introduce a new FQDN like this:
k8s.toolforge.wmcloud.org
Then we can use it this way:
k8s.toolforge.wmcloud.org:6443 (api-server) k8s.toolforge.wmcloud.org:30000 (ingress)
This is because 'wmcloud.org' is set to become the replacement for 'wmflabs.org' which is what we are currently using for 'toolsbeta-k8s-master.toolsbeta.wmflabs.org'. We could also create k8s.toolsbeta.wmcloud.org (or whatever) in case we want to retain the toolsbeta setup online.
I hope this proposal is not increasing our naming confusion and complexity. Ideally we would use something like `k8s.toolforge.org` but that seems even more confusing in the long term.
I already requested the wmcloud.org domains to be pointed to designate [2].
Let me know!
[0] https://wikitech.wikimedia.org/wiki/Portal:Toolforge/Admin/Networking_and_in... [1] https://wikitech.wikimedia.org/wiki/Wikimedia_Cloud_Services_team/Enhancemen... [2] https://phabricator.wikimedia.org/T235630
Using *.tools.wmcloud.org http://tools.wmcloud.org/ (or *.tools.eqiad1.wmcloud.org http://tools.eqiad1.wmcloud.org/?) for these names might be a better match for the future plans for wmcloud.org http://wmcloud.org/. 'tools' is the name of the Cloud VPS project for Toolforge. It is not likely that we will grant a new Cloud VPS project named 'toolforge' due to the very real confusion it would cause to us and others, but breaking from the project name == subdomain convention seems like it would also be confusing.
Another option would be *.tools.wikimedia.cloud (or *.tools.eqiad1.wikimedia.cloud?) which I believe is the naming convention we have agreed on for replacing *.wmflabs internal DNS.
Bryan
Bryan Davis Technical Engagement Wikimedia Foundation Principal Software Engineer Boise, ID USA [[m:User:BDavis_(WMF)]] irc: bd808