production/vault: Migrate to dynamic infrastructure vault instance
This migrates the following services to use the new dynamic vault instance:
- webapp instances
- cooker instances
Which allows to decommission the vangogh vault instance & the cooker workers running in the static infra.
make swh-helm-diff
[swh] Comparing changes between branches production and deploy-vault-workload (per environment)...
Your branch is up to date with 'origin/production'.
[swh] Generate config in production branch for environment staging, namespace swh...
[swh] Generate config in production branch for environment staging, namespace swh-cassandra...
[swh] Generate config in production branch for environment staging, namespace swh-cassandra-next-version...
[swh] Generate config in deploy-vault-workload branch for environment staging...
[swh] Generate config in deploy-vault-workload branch for environment staging...
[swh] Generate config in deploy-vault-workload branch for environment staging...
Your branch is up to date with 'origin/production'.
[swh] Generate config in production branch for environment production, namespace swh...
[swh] Generate config in production branch for environment production, namespace swh-cassandra...
[swh] Generate config in production branch for environment production, namespace swh-cassandra-next-version...
[swh] Generate config in deploy-vault-workload branch for environment production...
[swh] Generate config in deploy-vault-workload branch for environment production...
[swh] Generate config in deploy-vault-workload branch for environment production...
------------- diff for environment staging namespace swh -------------
No differences
------------- diff for environment staging namespace swh-cassandra -------------
No differences
------------- diff for environment staging namespace swh-cassandra-next-version -------------
No differences
------------- diff for environment production namespace swh -------------
--- /tmp/swh-chart.swh.TsVkQRcf/production-swh.before 2024-01-17 16:09:05.605189245 +0100
+++ /tmp/swh-chart.swh.TsVkQRcf/production-swh.after 2024-01-17 16:09:06.085188575 +0100
@@ -278,21 +278,21 @@
data:
config.yml.template: |
storage:
cls: pipeline
steps:
- cls: retry
- cls: remote
url: http://storage-azure-read-only-rpc-ingress
vault:
cls: remote
- url: http://vangogh.euwest.azure.internal.softwareheritage.org:5005/
+ url: http://vault-rpc-ingress
max_bundle_size: 1073741824
celery:
task_broker: amqp://swhconsumer:${AMQP_PASSWORD}@rabbitmq.internal.softwareheritage.org:5672/%2f
task_acks_late: false
task_modules:
- swh.vault.cooking_tasks
task_queues:
- swh.vault.cooking_tasks.SWHBatchCookingTask
sentry_settings_for_celery_tasks:
@@ -361,21 +361,21 @@
data:
config.yml.template: |
storage:
cls: pipeline
steps:
- cls: retry
- cls: remote
url: http://storage-azure-read-only-rpc-ingress
vault:
cls: remote
- url: http://vangogh.euwest.azure.internal.softwareheritage.org:5005/
+ url: http://vault-rpc-ingress
max_bundle_size: 1073741824
celery:
task_broker: amqp://swhconsumer:${AMQP_PASSWORD}@rabbitmq.internal.softwareheritage.org:5672/%2f
task_acks_late: true
task_modules:
- swh.vault.cooking_tasks
task_queues:
- swh.vault.cooking_tasks.SWHCookingTask
sentry_settings_for_celery_tasks:
@@ -6542,21 +6542,21 @@
cls: remote
url: http://storage-azure-read-only-rpc-ingress
search:
cls: remote
url: http://search-rpc-ingress
scheduler:
cls: remote
url: http://scheduler.internal.softwareheritage.org
vault:
cls: remote
- url: http://vangogh.euwest.azure.internal.softwareheritage.org:5005/
+ url: http://vault-rpc-ingress
indexer_storage:
cls: remote
url: http://indexer-storage-read-only-rpc-ingress
counters_backend: swh-counters
counters:
cls: remote
url: http://counters1.internal.softwareheritage.org:5011/
deposit:
private_api_url: https://deposit.softwareheritage.org/1/private/
private_api_user: ${DEPOSIT_USERNAME}
@@ -6683,21 +6683,21 @@
cls: remote
url: http://storage-azure-read-only-rpc-ingress
search:
cls: remote
url: http://search-rpc-ingress
scheduler:
cls: remote
url: http://scheduler.internal.softwareheritage.org
vault:
cls: remote
- url: http://vangogh.euwest.azure.internal.softwareheritage.org:5005/
+ url: http://vault-rpc-ingress
indexer_storage:
cls: remote
url: http://indexer-storage-read-only-rpc-ingress
counters_backend: swh-counters
counters:
cls: remote
url: http://counters1.internal.softwareheritage.org:5011/
deposit:
private_api_url: https://deposit.softwareheritage.org/1/private/
private_api_user: ${DEPOSIT_USERNAME}
@@ -17160,21 +17160,21 @@
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
template:
metadata:
labels:
app: cooker-batch
annotations:
# Force a rollout upgrade if the configuration changes
- checksum/config: 972ed564a029662395876a997363d787fa37c304f7dd258425e3f8db9fe546ab
+ checksum/config: 2b0daa6a9ea2ee84007fc3d7edc020d2bfd4449c369d39f955659c9f6b1e8f53
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: swh/cooker
operator: In
values:
@@ -17304,21 +17304,21 @@
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
template:
metadata:
labels:
app: cooker-simple
annotations:
# Force a rollout upgrade if the configuration changes
- checksum/config: 972ed564a029662395876a997363d787fa37c304f7dd258425e3f8db9fe546ab
+ checksum/config: 2b0daa6a9ea2ee84007fc3d7edc020d2bfd4449c369d39f955659c9f6b1e8f53
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: swh/cooker
operator: In
values:
@@ -30233,21 +30233,21 @@
app: web-app1
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
template:
metadata:
labels:
app: web-app1
annotations:
- checksum/config: 076132c051a27592aee11224437f481ad84d9c414b7616bb1b9027b2a8e2ba16
+ checksum/config: e04dd74170c62c0f8a05f3d87605269f91e74d0febd3aea6bd9cda8020f1a514
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: swh/web
operator: In
values:
- "true"
@@ -30486,21 +30486,21 @@
app: web-archive
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
template:
metadata:
labels:
app: web-archive
annotations:
- checksum/config: a1ef43f2c9770131b61a0f281f7c9596e12622e0beaadd541410b13a2dfb3afa
+ checksum/config: 81b8043350e108cd0797a858bc7f6f3db3b86447152e25671877260fc035bbd4
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: swh/web
operator: In
values:
- "true"
------------- diff for environment production namespace swh-cassandra -------------
--- /tmp/swh-chart.swh.TsVkQRcf/production-swh-cassandra.before 2024-01-17 16:09:05.765189022 +0100
+++ /tmp/swh-chart.swh.TsVkQRcf/production-swh-cassandra.after 2024-01-17 16:09:06.245188352 +0100
@@ -1546,21 +1546,21 @@
cls: remote
url: http://storage-cassandra:5002
search:
cls: remote
url: http://search-rpc-ingress
scheduler:
cls: remote
url: http://scheduler.internal.softwareheritage.org
vault:
cls: remote
- url: http://vangogh.euwest.azure.internal.softwareheritage.org:5005/
+ url: http://vault-rpc-ingress
indexer_storage:
cls: remote
url: http://indexer-storage-read-only-rpc-ingress
counters_backend: swh-counters
counters:
cls: remote
url: http://counters1.internal.softwareheritage.org:5011/
deposit:
private_api_url: https://deposit.softwareheritage.org/1/private/
private_api_user: ${DEPOSIT_USERNAME}
@@ -14756,21 +14756,21 @@
app: web-cassandra
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
template:
metadata:
labels:
app: web-cassandra
annotations:
- checksum/config: db61590218eda62741ceff615c94b360ed2bf5355b9654c238dc732503f154ce
+ checksum/config: 386d95924feb76f743333b7057e55b328269cfb2b92bf0a71b2343da5efdb06e
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: swh/web
operator: In
values:
- "true"Edited by Antoine R. Dumont