production: Deploy compressed graph to kubernetes as main instance
This triggers the change to use the kubernetes compressed graph instance as the production instance (instead of granet's [1]) for:
- web-archive (archive.s.o)
- provenance
- vault
This still exposes granet's compressed graph rpc instance [1] through the webapp-postgres web instance. Granet's compressed graph won't be disabled immediately to provide a way to compare and to rollback if something goes wrong.
To ease the maintenance, I've moved and grouped together the graph configuration in the same location.
[1] http://graph.internal.softwareheritage.org:5009/graph
helm diff
[swh] Comparing changes between branches production and mr/production-switch-compressed-graph-to-kube (per environment)...
Your branch is up to date with 'origin/production'.
[swh] Generate config in production branch for environment staging, namespace swh...
[swh] Generate config in production branch for environment staging, namespace swh-cassandra...
[swh] Generate config in production branch for environment staging, namespace swh-cassandra-next-version...
[swh] Generate config in mr/production-switch-compressed-graph-to-kube branch for environment staging...
[swh] Generate config in mr/production-switch-compressed-graph-to-kube branch for environment staging...
[swh] Generate config in mr/production-switch-compressed-graph-to-kube branch for environment staging...
Your branch is up to date with 'origin/production'.
[swh] Generate config in production branch for environment production, namespace swh...
[swh] Generate config in production branch for environment production, namespace swh-cassandra...
[swh] Generate config in production branch for environment production, namespace swh-cassandra-next-version...
[swh] Generate config in mr/production-switch-compressed-graph-to-kube branch for environment production...
[swh] Generate config in mr/production-switch-compressed-graph-to-kube branch for environment production...
[swh] Generate config in mr/production-switch-compressed-graph-to-kube branch for environment production...
------------- diff for environment staging namespace swh -------------
No differences
------------- diff for environment staging namespace swh-cassandra -------------
No differences
------------- diff for environment staging namespace swh-cassandra-next-version -------------
No differences
------------- diff for environment production namespace swh -------------
--- /tmp/swh-chart.swh.5OCsaxv9/production-swh.before 2024-10-23 16:06:20.152604345 +0200
+++ /tmp/swh-chart.swh.5OCsaxv9/production-swh.after 2024-10-23 16:06:20.620604353 +0200
@@ -243,21 +243,21 @@
# Source: swh/templates/alter/configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: alter-template
namespace: swh
data:
config.yml.template: |
graph:
timeout: null
- url: http://graph.internal.softwareheritage.org:5009/graph
+ url: http://graph-rpc-20240331-ingress/graph
recovery_bundles:
secret_sharing:
groups:
legal:
minimum_required_shares: 1
recipient_keys:
Ali: age123hpq9m25xsmx7caqvyv8k3fxaqastc3evyq9q7myur7l9ukj4dsnp7a5v
Bob: age1mrhte5tlpzpz57gg85nzcefqc5pm5usmakqpuurxux7ry2rmhdgs7r9u68
sysadmins:
minimum_required_shares: 1
@@ -2419,21 +2419,21 @@
cls: remote
url: http://scheduler-rpc-ingress-swh-cassandra
vault:
cls: remote
url: http://vault-rpc-ingress-swh-cassandra
graph:
max_edges:
anonymous: 1000
staff: 0
user: 100000
- server_url: http://graph-rpc-20240331-ingress/graph/
+ server_url: http://graph.internal.softwareheritage.org:5009/graph/
indexer_storage:
cls: remote
url: http://indexer-storage-read-only-rpc-ingress-swh-cassandra
counters_backend: swh-counters
counters:
cls: remote
url: http://counters-rpc-ingress-swh-cassandra
deposit:
private_api_url: https://deposit.softwareheritage.org/1/private/
private_api_user: ${DEPOSIT_USERNAME}
@@ -3080,21 +3080,21 @@
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
template:
metadata:
labels:
app: alter
annotations:
# Force a rollout upgrade if the configuration changes
- checksum/config: 01ff1b3f8ca9de69c60593a28bc043baffa413696d99741901e43913f158499a
+ checksum/config: a12f5ae9e7b268239975f3820e4dcf05e6f6c440fea51b963ac61b6a7c122b9a
spec:
securityContext:
fsGroup: 1000
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
@@ -6078,21 +6078,21 @@
app: web-postgresql
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
template:
metadata:
labels:
app: web-postgresql
annotations:
- checksum/config: f21a42eaa7148a923ef943b32ff715cfe05aeb1c90a4c74c489e0ae2f109133f
+ checksum/config: 09e33427c0792e1c30a50df400bfccc5420c9acbdc87c8ca166bdf0c19cee199
checksum/config-logging: 81fb24577eb1777be8690f58c1e92d701777fe4ff045bb8445feb924947b9f84
checksum/config-utils: d75ca13b805bce6a8ab59c8e24c938f2283108f6a79134f6e71db86308651dc6
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: swh/web
operator: In
------------- diff for environment production namespace swh-cassandra -------------
--- /tmp/swh-chart.swh.5OCsaxv9/production-swh-cassandra.before 2024-10-23 16:06:20.464604351 +0200
+++ /tmp/swh-chart.swh.5OCsaxv9/production-swh-cassandra.after 2024-10-23 16:06:20.940604359 +0200
@@ -337,21 +337,21 @@
cls: azure-prefixed
name: azure
- cls: remote
name: saam
url: http://objstorage-ro-saam-zfs-rpc-ingress-swh-cassandra
- cls: remote
name: banco
url: http://objstorage-ro-banco-xfs-rpc-ingress-swh-cassandra
readonly: true
graph:
- url: http://graph.internal.softwareheritage.org:5009/graph
+ url: http://graph-rpc-20240331-ingress/graph
max_bundle_size: 1073741824
celery:
task_broker: amqp://swhconsumer:${AMQP_PASSWORD}@rabbitmq.internal.softwareheritage.org:5672/%2f
task_acks_late: false
task_modules:
- swh.vault.cooking_tasks
task_queues:
- swh.vault.cooking_tasks.SWHBatchCookingTask
sentry_settings_for_celery_tasks:
@@ -461,21 +461,21 @@
cls: azure-prefixed
name: azure
- cls: remote
name: saam
url: http://objstorage-ro-saam-zfs-rpc-ingress-swh-cassandra
- cls: remote
name: banco
url: http://objstorage-ro-banco-xfs-rpc-ingress-swh-cassandra
readonly: true
graph:
- url: http://graph.internal.softwareheritage.org:5009/graph
+ url: http://graph-rpc-20240331-ingress/graph
max_bundle_size: 1073741824
celery:
task_broker: amqp://swhconsumer:${AMQP_PASSWORD}@rabbitmq.internal.softwareheritage.org:5672/%2f
task_acks_late: true
task_modules:
- swh.vault.cooking_tasks
task_queues:
- swh.vault.cooking_tasks.SWHCookingTask
sentry_settings_for_celery_tasks:
@@ -7106,21 +7106,21 @@
namespace: swh-cassandra
name: provenance-graph-granet-configuration-template
data:
config.yml.template: |
provenance:
cls: known_swhid_filter
filter_licenses: false
provenance:
cls: graph
max_edges: 100000
- url: graph.internal.softwareheritage.org:50091
+ url: graph-grpc-20240331-ingress:80
---
# Source: swh/templates/provenance/configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
namespace: swh-cassandra
name: provenance-graph-granet-configuration-logging
data:
logging-gunicorn.json: |
{
@@ -9444,21 +9444,21 @@
cls: remote
url: http://scheduler-rpc-ingress-swh-cassandra
vault:
cls: remote
url: http://vault-rpc-ingress-swh-cassandra
graph:
max_edges:
anonymous: 1000
staff: 0
user: 100000
- server_url: http://graph.internal.softwareheritage.org:5009/graph/
+ server_url: http://graph-rpc-20240331-ingress/graph/
indexer_storage:
cls: remote
url: http://indexer-storage-read-only-rpc-ingress-swh-cassandra
counters_backend: swh-counters
counters:
cls: remote
url: http://counters-rpc-ingress-swh-cassandra
deposit:
private_api_url: https://deposit.softwareheritage.org/1/private/
private_api_user: ${DEPOSIT_USERNAME}
@@ -10851,21 +10851,21 @@
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
template:
metadata:
labels:
app: cooker-batch
annotations:
# Force a rollout upgrade if the configuration changes
- checksum/config: aa56ca2d4ce650222df2c8706431540831d9446a7557c42f21cea7e446755f43
+ checksum/config: e8bf953def8446b28c03cfa9c2921777cc0ff6a025f6e99a117a25f0b929e770
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: swh/cooker
operator: In
values:
@@ -11090,21 +11090,21 @@
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
template:
metadata:
labels:
app: cooker-simple
annotations:
# Force a rollout upgrade if the configuration changes
- checksum/config: aa56ca2d4ce650222df2c8706431540831d9446a7557c42f21cea7e446755f43
+ checksum/config: e8bf953def8446b28c03cfa9c2921777cc0ff6a025f6e99a117a25f0b929e770
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: swh/cooker
operator: In
values:
@@ -23027,21 +23027,21 @@
app: provenance-graph-granet
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
template:
metadata:
labels:
app: provenance-graph-granet
annotations:
- checksum/config: efc6933069d30442c937aeedba25e7a0c2555e1ca65aea52be04b618e9d33d40
+ checksum/config: aed387babd93015157fd884294f2ed7cd99f9747c628794449e050d03e59b056
checksum/config-logging: ddcd27d991938c46f4fc0ad7ee028cb3005f186b3db022596c9ae94363881e4f
checksum/config-utils: 13a26f6add17e96ce01550153c77dcd48de60241a3f4db3c93d5467234be2a7f
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: swh/rpc
operator: In
@@ -26757,21 +26757,21 @@
app: web-archive
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
template:
metadata:
labels:
app: web-archive
annotations:
- checksum/config: 9f6038d63c8dec98af392ca46c9aaaaa491b261d76bd9d036974ac1588ae073a
+ checksum/config: ed1c0975463dd9284cd20ff8953c98d31a2ded8761d2c86534914f59a06ffa2d
checksum/config-logging: af7bf52757798a2fcd4c237ed3de9df87c15b7f38419128a8d67d02b8a485097
checksum/config-utils: 13a26f6add17e96ce01550153c77dcd48de60241a3f4db3c93d5467234be2a7f
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: swh/web
operator: In
Edited by Antoine R. Dumont