Skip to content

staging: Deploy graphql service

  • (vse) create a dedicated repository sysadm-environment/k8s-clusters-config:argo-workflows:/poc-argoworkflow (repo:branch:/directory)

  • (vse) Publish workflow code in ^ directory: "/workflows" [1]

  • (vse) Deployment doc on argoWorkflow

  • (ath) Deployment doc on argoCD

  • (ath) Publish argocd deployment code related to graphql in sysadm-environment/k8s-clusters-config:argocd:/

  • (ard) Deploy graphql locally (using minikube as cluster)

    • Create dockerhub image softwareheritage/graphql:latest
    • Deploy it from the swh-charts/swh-graphql helm chart

  • (ard) Deploy staging kubernetes cluster

    • Iinventory planification on new nodes and ip
    • infra/puppet/puppet-swh-site!537: Prepare puppet manifest to add correct role to new cluster nodes
    • infra/swh-sysadmin-provisioning!83: Prepare terraform manifest for cluster and nodes creation
    • Deploy new graphql rancher cluster ^

  • (ard) Deploy graphql on the cluster

    • Manually Deploy graphql from the swh-charts/swh-graphql helm chart
    • infra/puppet/puppet-swh-site!538: Expose graphql instance through reverse proxy to one cluster member
    • 703bd22: Fix with varnish configuration so the graphql application is reached [2]
    • #4135 (closed): Fight with graphql-worker{1,2} so they properly register on the cluster rancher

  • (ard/ath) #4413 (closed) Deploy argocd on admin vlan

  • (ard/ath) Decomission cluster-graphql to the benefit of cluster-graphql3

    • Register graphql-worker{3,2,1} on cluster-graphql3
    • Unregister graphql-worker0 from cluster-graphql (and clean up docker leftovers)
    • Register graphql-worker0 to cluster-graphql3
    • Destroy "cluster-graphql" (terraform)

  • rSPSITE0921c2b: Remove http basic auth currently configured which does not work [4]

  • Install load-balancer to access the graphql backend instead of a hard-coded member of the ingress (implementation needs to be determined first)

  • infra/puppet/puppet-swh-site!539: Monitoring / Alerting: Add a puppet icinga check to raise if the service is down

  • D8423: Update the documentation with new service url

  • [1] rSKCONFf89d3a7a6bc43290829b62cf139ebb54f31a1873

  • [2] https://graphql.staging.swh.network/

  • [3] https://argo-worker01.internal.admin.swh.network/

  • [4] The main page is served ok (with the proper creds). But after that, the actual queries to the backend are failing to fetch the data through POST without authentication (so pretty much graphql is useless with that http auth). Currently, puppet is deactivated on rp0.staging with a hot-patched varnish to deactivate http auth for graphql.

Migrated from T4135 (view on Phabricator)

Edited by Antoine R. Dumont