--- Class[Profile::Kubernetes::Deployment_server::Global_config].orig
+++ Class[Profile::Kubernetes::Deployment_server::Global_config]
@@
- service_listeners => [{'name': 'mathoid', 'port': 6003, 'timeout': '3s', 'service': 'mathoid'}, {'name': 'eventgate-analytics', 'port': 6004, 'timeout': '10s', 'service': 'eventgate-analytics', 'keepalive': '4.5s', 'retry': {'retry_on': '5xx', 'num_retries': 1}}, {'name': 'eventgate-main', 'port': 6005, 'timeout': '61s', 'service': 'eventgate-main', 'keepalive': '4.5s', 'retry': {'retry_on': '5xx', 'num_retries': 2, 'per_try_timeout': '20s'}}, {'name': 'sessionstore', 'port': 6006, 'service': 'sessionstore', 'timeout': '2.5s'}, {'name': 'echostore', 'port': 6007, 'service': 'echostore', 'timeout': '2.5s'}, {'name': 'termbox', 'port': 6008, 'service': 'termbox', 'keepalive': '4.5s', 'retry': {'retry_on': '5xx', 'num_retries': 2}, 'timeout': '25s'}, {'name': 'restbase', 'port': 6011, 'service': 'restbase-https', 'upstream': 'restbase.discovery.wmnet', 'timeout': '30s', 'keepalive': '4s', 'xfp': 'https'}, {'name': 'push-notifications', 'port': 6012, 'service': 'push-notifications', 'keepalive': '4.5s', 'timeout': '2.5s'}, {'name': 'mobileapps', 'port': 6012, 'service': 'mobileapps', 'timeout': '120s'}, {'name': 'eventgate-analytics-external', 'port': 6013, 'timeout': '5s', 'service': 'eventgate-analytics-external', 'keepalive': '4.5s', 'retry': {'retry_on': '5xx', 'num_retries': 1}}, {'name': 'proton', 'port': 6013, 'service': 'proton', 'timeout': '120s'}, {'name': 'citoid', 'port': 6014, 'service': 'citoid', 'timeout': '120s', 'keepalive': '4.5s'}, {'name': 'cxserver', 'port': 6015, 'service': 'cxserver', 'timeout': '120s'}, {'name': 'recommendation', 'port': 6016, 'service': 'recommendation-api', 'timeout': '120s'}, {'name': 'wikifeeds', 'port': 6017, 'service': 'wikifeeds', 'timeout': '120s'}, {'name': 'zotero', 'port': 6018, 'service': 'zotero', 'timeout': '120s', 'keepalive': '4.5s'}, {'name': 'apertium', 'port': 6019, 'service': 'apertium', 'timeout': '120s', 'keepalive': '4.5s'}, {'name': 'thanos-query', 'port': 6021, 'service': 'thanos-query', 'timeout': '120s'}, {'name': 'thanos-swift', 'port': 6022, 'service': 'thanos-swift', 'timeout': '120s', 'sets_sni': True}, {'name': 'schema', 'port': 6023, 'service': 'schema', 'timeout': '120s', 'keepalive': '10s', 'retry': {'retry_on': '5xx', 'num_retries': 1}}, {'name': 'shellbox', 'port': 6024, 'timeout': '60s', 'service': 'shellbox', 'keepalive': '4s', 'retry': {'retry_on': '5xx', 'num_retries': 1}}, {'name': 'shellbox-constraints', 'port': 6025, 'timeout': '10s', 'service': 'shellbox-constraints', 'keepalive': '4s', 'retry': {'retry_on': '5xx', 'num_retries': 1}}, {'name': 'shellbox-media', 'port': 6026, 'timeout': '60s', 'service': 'shellbox-media', 'keepalive': '4s', 'retry': {'retry_on': '5xx', 'num_retries': 1}}, {'name': 'shellbox-syntaxhighlight', 'port': 6027, 'timeout': '60s', 'service': 'shellbox-syntaxhighlight', 'keepalive': '4s', 'retry': {'retry_on': '5xx', 'num_retries': 1}}, {'name': 'shellbox-timeline', 'port': 6028, 'timeout': '60s', 'service': 'shellbox-timeline', 'keepalive': '4s', 'retry': {'retry_on': '5xx', 'num_retries': 1}}, {'name': 'linkrecommendation', 'port': 6029, 'service': 'linkrecommendation', 'timeout': '10s'}, {'name': 'inference', 'port': 6031, 'service': 'inference', 'timeout': '60s'}, {'name': 'device-analytics', 'port': 6032, 'service': 'device-analytics', 'timeout': '10s', 'keepalive': '4s'}, {'name': 'rest-gateway', 'port': 6033, 'service': 'rest-gateway', 'timeout': '10s', 'keepalive': '4s'}, {'name': 'wikifunctions', 'port': 6034, 'service': 'wikifunctions', 'timeout': '15.5s', 'sets_sni': True}, {'name': 'ipoid', 'port': 6035, 'service': 'ipoid', 'timeout': '5s', 'upstream': 'ipoid.discovery.wmnet', 'sets_sni': True, 'keepalive': '4s'}, {'name': 'shellbox-video', 'port': 6036, 'timeout': '86400s', 'idle_timeout': '86400s', 'service': 'shellbox-video', 'keepalive': '4s', 'tcp_keepalive': {'keepalive_time': 300}}, {'name': 'test-kitchen', 'port': 6037, 'service': 'test-kitchen', 'timeout': '30s', 'sets_sni': True, 'keepalive': '4s'}, {'name': 'data-gateway', 'port': 6038, 'service': 'data-gateway', 'timeout': '10s', 'keepalive': '4s', 'sets_sni': True}, {'name': 'chart-renderer', 'port': 6039, 'service': 'chart-renderer', 'timeout': '30s', 'keepalive': '4s', 'sets_sni': True}, {'name': 'tegola-vector-tiles', 'port': 6040, 'service': 'tegola-vector-tiles', 'timeout': '10s', 'keepalive': '4s', 'sets_sni': True}, {'name': 'wdqs-internal-main', 'port': 6041, 'service': 'wdqs-internal-main', 'timeout': '10s'}, {'name': 'wdqs-internal-scholarly', 'port': 6042, 'service': 'wdqs-internal-scholarly', 'timeout': '10s'}, {'name': 'eventgate-logging-external', 'port': 6043, 'timeout': '5s', 'service': 'eventgate-logging-external', 'keepalive': '4.5s', 'retry': {'retry_on': '5xx', 'num_retries': 1}}, {'name': 'swift-eqiad', 'port': 6101, 'service': 'swift-https', 'idle_timeout': '180s', 'timeout': '90s', 'upstream': 'ms-fe.svc.eqiad.wmnet', 'keepalive': '10s', 'retry': {'retry_on': '5xx', 'num_retries': 1}}, {'name': 'swift-codfw', 'port': 6201, 'service': 'swift-https', 'idle_timeout': '180s', 'timeout': '90s', 'upstream': 'ms-fe.svc.codfw.wmnet', 'keepalive': '10s', 'retry': {'retry_on': '5xx', 'num_retries': 1}}, {'name': 'search-chi-eqiad', 'port': 6102, 'service': 'search-https', 'timeout': '50s', 'upstream': 'search.svc.eqiad.wmnet', 'keepalive': '50s'}, {'name': 'search-chi-codfw', 'port': 6202, 'service': 'search-https', 'timeout': '50s', 'upstream': 'search.svc.codfw.wmnet', 'keepalive': '50s'}, {'name': 'search-chi', 'port': 6302, 'service': 'search-https', 'timeout': '50s', 'upstream': 'search.discovery.wmnet', 'keepalive': '50s', 'retry': {'retry_on': 'gateway-error'}}, {'name': 'search-omega-eqiad', 'port': 6103, 'service': 'search-omega-https', 'timeout': '50s', 'upstream': 'search.svc.eqiad.wmnet', 'keepalive': '50s'}, {'name': 'search-omega-codfw', 'port': 6203, 'service': 'search-omega-https', 'timeout': '50s', 'upstream': 'search.svc.codfw.wmnet', 'keepalive': '50s'}, {'name': 'search-omega', 'port': 6303, 'service': 'search-omega-https', 'timeout': '50s', 'upstream': 'search-omega.discovery.wmnet', 'keepalive': '50s', 'retry': {'retry_on': 'gateway-error'}}, {'name': 'search-psi-eqiad', 'port': 6104, 'service': 'search-psi-https', 'timeout': '50s', 'upstream': 'search.svc.eqiad.wmnet', 'keepalive': '50s'}, {'name': 'search-psi-codfw', 'port': 6204, 'service': 'search-psi-https', 'timeout': '50s', 'upstream': 'search.svc.codfw.wmnet', 'keepalive': '50s'}, {'name': 'search-psi', 'port': 6304, 'service': 'search-psi-https', 'timeout': '50s', 'upstream': 'search-psi.discovery.wmnet', 'keepalive': '50s', 'retry': {'retry_on': 'gateway-error'}}, {'name': 'cloudelastic-chi-eqiad', 'port': 6105, 'service': 'cloudelastic-chi-https', 'timeout': '50s', 'upstream': 'cloudelastic.wikimedia.org', 'keepalive': '50s'}, {'name': 'cloudelastic-omega-eqiad', 'port': 6106, 'service': 'cloudelastic-omega-https', 'timeout': '50s', 'upstream': 'cloudelastic.wikimedia.org', 'keepalive': '50s'}, {'name': 'cloudelastic-psi-eqiad', 'port': 6107, 'service': 'cloudelastic-psi-https', 'timeout': '50s', 'upstream': 'cloudelastic.wikimedia.org', 'keepalive': '50s'}, {'name': 'inference-staging', 'port': 6205, 'service': 'inference-staging', 'timeout': '60s', 'upstream': 'inference-staging.svc.codfw.wmnet'}, {'name': 'analytics-web', 'port': 6206, 'service': 'analytics-web', 'timeout': '60s', 'upstream': 'analytics-web.discovery.wmnet', 'sets_sni': True, 'http_host': 'analytics.wikimedia.org'}, {'name': 'eventgate-analytics-eqiad', 'port': 6108, 'timeout': '10s', 'service': 'eventgate-analytics', 'upstream': 'eventgate-analytics.svc.eqiad.wmnet', 'keepalive': '4.5s', 'retry': {'retry_on': '5xx', 'num_retries': 1}}, {'name': 'eventgate-analytics-codfw', 'port': 6208, 'timeout': '10s', 'service': 'eventgate-analytics', 'upstream': 'eventgate-analytics.svc.codfw.wmnet', 'keepalive': '4.5s', 'retry': {'retry_on': '5xx', 'num_retries': 1}}, {'name': 'eventgate-main-eqiad', 'port': 6109, 'timeout': '61s', 'service': 'eventgate-main', 'upstream': 'eventgate-main.svc.eqiad.wmnet', 'keepalive': '4.5s', 'retry': {'retry_on': '5xx', 'num_retries': 2, 'per_try_timeout': '20s'}}, {'name': 'eventgate-main-codfw', 'port': 6209, 'timeout': '61s', 'service': 'eventgate-main', 'upstream': 'eventgate-main.svc.codfw.wmnet', 'keepalive': '4.5s', 'retry': {'retry_on': '5xx', 'num_retries': 2, 'per_try_timeout': '20s'}}, {'name': 'eventgate-analytics-external-eqiad', 'port': 6110, 'timeout': '5s', 'service': 'eventgate-analytics-external', 'upstream': 'eventgate-analytics-external.svc.eqiad.wmnet', 'keepalive': '4.5s', 'retry': {'retry_on': '5xx', 'num_retries': 1}}, {'name': 'eventgate-analytics-external-codfw', 'port': 6210, 'timeout': '5s', 'service': 'eventgate-analytics-external', 'upstream': 'eventgate-analytics-external.svc.codfw.wmnet', 'keepalive': '4.5s', 'retry': {'retry_on': '5xx', 'num_retries': 1}}, {'name': 'eventgate-logging-external-eqiad', 'port': 6111, 'timeout': '5s', 'service': 'eventgate-logging-external', 'upstream': 'eventgate-logging-external.svc.eqiad.wmnet', 'keepalive': '4.5s', 'retry': {'retry_on': '5xx', 'num_retries': 1}}, {'name': 'eventgate-logging-external-codfw', 'port': 6211, 'timeout': '5s', 'service': 'eventgate-logging-external', 'upstream': 'eventgate-logging-external.svc.codfw.wmnet', 'keepalive': '4.5s', 'retry': {'retry_on': '5xx', 'num_retries': 1}}, {'name': 'page-analytics', 'port': 6073, 'service': 'page-analytics', 'timeout': '10s', 'keepalive': '4s', 'sets_sni': True}, {'name': 'mwapi-async', 'port': 6500, 'service': 'mw-api-int', 'upstream': 'mw-api-int.discovery.wmnet', 'keepalive': '4s', 'timeout': '120s', 'xfp': 'https'}, {'name': 'mwapi', 'port': 6501, 'service': 'mw-api-int', 'upstream': 'mw-api-int.discovery.wmnet', 'keepalive': '4s', 'timeout': '60s', 'xfp': 'https'}, {'name': 'mw-api-int-async', 'port': 6500, 'service': 'mw-api-int', 'upstream': 'mw-api-int.discovery.wmnet', 'keepalive': '4s', 'timeout': '120s', 'xfp': 'https'}, {'name': 'mw-api-int', 'port': 6501, 'service': 'mw-api-int', 'upstream': 'mw-api-int.discovery.wmnet', 'keepalive': '4s', 'timeout': '60s', 'xfp': 'https'}, {'name': 'mw-api-int-async-ro', 'port': 6500, 'service': 'mw-api-int', 'upstream': 'mw-api-int-ro.discovery.wmnet', 'keepalive': '4s', 'timeout': '120s', 'xfp': 'https', 'retry': {'retry_on': '5xx', 'num_retries': 1}}, {'name': 'restbase-for-services', 'port': 6503, 'service': 'restbase-https', 'timeout': '122s', 'keepalive': '4s', 'upstream': 'restbase.discovery.wmnet', 'xfp': 'https'}, {'name': 'machinetranslation', 'port': 6504, 'service': 'machinetranslation', 'timeout': '120s', 'sets_sni': True}, {'name': 'mw-wikifunctions-ro', 'port': 6501, 'service': 'mw-wikifunctions', 'upstream': 'mw-wikifunctions-ro.discovery.wmnet', 'keepalive': '4s', 'timeout': '60s', 'xfp': 'https', 'sets_sni': True, 'sni_rewrites_host_header': False}, {'name': 'mw-jobrunner', 'port': 6506, 'service': 'mw-jobrunner', 'timeout': '30s', 'keepalive': '4s', 'retry': {'retry_on': '5xx', 'num_retries': 1}, 'xfp': 'https'}, {'name': 'mw-misc', 'port': 6508, 'service': 'mw-misc', 'timeout': '30s', 'sets_sni': True, 'keepalive': '4s'}, {'name': 'noc', 'port': 6509, 'service': 'mw-misc', 'timeout': '30s', 'sets_sni': True, 'http_host': 'noc.wikimedia.org', 'keepalive': '4s'}, {'name': 'data-gateway-staging', 'port': 6510, 'service': 'data-gateway-staging', 'timeout': '10s', 'keepalive': '4s', 'sets_sni': True, 'upstream': 'data-gateway.k8s-staging.discovery.wmnet'}, {'name': 'recommendation-api-ng', 'port': 6511, 'service': 'recommendation-api-ng', 'timeout': '30s', 'keepalive': '4s', 'sets_sni': True}, {'name': 'wikifunctions-python-evaluator-staging', 'port': 6512, 'service': 'wikifunctions-python-evaluator-staging', 'timeout': '9.5s', 'keepalive': '60s', 'sets_sni': True, 'upstream': 'wikifunctions-python-evaluator.k8s-staging.discovery.wmnet'}, {'name': 'wikifunctions-javascript-evaluator-staging', 'port': 6513, 'service': 'wikifunctions-javascript-evaluator-staging', 'timeout': '9.5s', 'keepalive': '60s', 'sets_sni': True, 'upstream': 'wikifunctions-javascript-evaluator.k8s-staging.discovery.wmnet'}, {'name': 'wikifunctions-python-evaluator', 'port': 6514, 'service': 'wikifunctions-python-evaluator', 'timeout': '9.5s', 'keepalive': '60s', 'sets_sni': True, 'upstream': 'wikifunctions-python-evaluator.discovery.wmnet'}, {'name': 'wikifunctions-javascript-evaluator', 'port': 6515, 'service': 'wikifunctions-javascript-evaluator', 'timeout': '9.5s', 'keepalive': '60s', 'sets_sni': True, 'upstream': 'wikifunctions-javascript-evaluator.discovery.wmnet'}, {'name': 'opensearch-semantic-search', 'port': 6044, 'service': 'opensearch-semantic-search', 'timeout': '50s', 'keepalive': '50s', 'sets_sni': True, 'upstream': 'opensearch-semantic-search.discovery.wmnet', 'retry': {'retry_on': 'gateway-error'}}, {'name': 'opensearch-ipoid', 'port': 6045, 'service': 'opensearch-ipoid', 'timeout': '50s', 'keepalive': '50s', 'sets_sni': True, 'upstream': 'opensearch-ipoid.discovery.wmnet', 'retry': {'retry_on': 'gateway-error'}}, {'name': 'opensearch-ttmserver-test', 'port': 6046, 'service': 'opensearch-ttmserver-test', 'timeout': '50s', 'keepalive': '50s', 'sets_sni': True, 'upstream': 'opensearch-ttmserver-test.discovery.wmnet', 'retry': {'retry_on': 'gateway-error'}}, {'name': 'opensearch-toolhub-test', 'port': 6047, 'service': 'opensearch-toolhub-test', 'timeout': '50s', 'keepalive': '50s', 'sets_sni': True, 'upstream': 'opensearch-toolhub-test.discovery.wmnet', 'retry': {'retry_on': 'gateway-error'}}]
+ service_listeners => [{'name': 'mathoid', 'port': 6003, 'timeout': '3s', 'service': 'mathoid'}, {'name': 'eventgate-analytics', 'port': 6004, 'timeout': '10s', 'service': 'eventgate-analytics', 'keepalive': '4.5s', 'retry': {'retry_on': '5xx', 'num_retries': 1}}, {'name': 'eventgate-main', 'port': 6005, 'timeout': '61s', 'service': 'eventgate-main', 'keepalive': '4.5s', 'retry': {'retry_on': '5xx', 'num_retries': 2, 'per_try_timeout': '20s'}}, {'name': 'sessionstore', 'port': 6006, 'service': 'sessionstore', 'timeout': '2.5s'}, {'name': 'echostore', 'port': 6007, 'service': 'echostore', 'timeout': '2.5s'}, {'name': 'termbox', 'port': 6008, 'service': 'termbox', 'keepalive': '4.5s', 'retry': {'retry_on': '5xx', 'num_retries': 2}, 'timeout': '25s'}, {'name': 'restbase', 'port': 6011, 'service': 'restbase-https', 'upstream': 'restbase.discovery.wmnet', 'timeout': '30s', 'keepalive': '4s', 'xfp': 'https'}, {'name': 'push-notifications', 'port': 6012, 'service': 'push-notifications', 'keepalive': '4.5s', 'timeout': '2.5s'}, {'name': 'mobileapps', 'port': 6012, 'service': 'mobileapps', 'timeout': '120s'}, {'name': 'eventgate-analytics-external', 'port': 6013, 'timeout': '5s', 'service': 'eventgate-analytics-external', 'keepalive': '4.5s', 'retry': {'retry_on': '5xx', 'num_retries': 1}}, {'name': 'proton', 'port': 6013, 'service': 'proton', 'timeout': '120s'}, {'name': 'citoid', 'port': 6014, 'service': 'citoid', 'timeout': '120s', 'keepalive': '4.5s'}, {'name': 'cxserver', 'port': 6015, 'service': 'cxserver', 'timeout': '120s'}, {'name': 'recommendation', 'port': 6016, 'service': 'recommendation-api', 'timeout': '120s'}, {'name': 'wikifeeds', 'port': 6017, 'service': 'wikifeeds', 'timeout': '120s'}, {'name': 'zotero', 'port': 6018, 'service': 'zotero', 'timeout': '120s', 'keepalive': '4.5s'}, {'name': 'apertium', 'port': 6019, 'service': 'apertium', 'timeout': '120s', 'keepalive': '4.5s'}, {'name': 'thanos-query', 'port': 6021, 'service': 'thanos-query', 'timeout': '120s'}, {'name': 'thanos-swift', 'port': 6022, 'service': 'thanos-swift', 'timeout': '120s', 'sets_sni': True}, {'name': 'schema', 'port': 6023, 'service': 'schema', 'timeout': '120s', 'keepalive': '10s', 'retry': {'retry_on': '5xx', 'num_retries': 1}}, {'name': 'shellbox', 'port': 6024, 'timeout': '60s', 'service': 'shellbox', 'keepalive': '4s', 'retry': {'retry_on': '5xx', 'num_retries': 1}}, {'name': 'shellbox-constraints', 'port': 6025, 'timeout': '10s', 'service': 'shellbox-constraints', 'keepalive': '4s', 'retry': {'retry_on': '5xx', 'num_retries': 1}}, {'name': 'shellbox-media', 'port': 6026, 'timeout': '60s', 'service': 'shellbox-media', 'keepalive': '4s', 'retry': {'retry_on': '5xx', 'num_retries': 1}}, {'name': 'shellbox-syntaxhighlight', 'port': 6027, 'timeout': '60s', 'service': 'shellbox-syntaxhighlight', 'keepalive': '4s', 'retry': {'retry_on': '5xx', 'num_retries': 1}}, {'name': 'shellbox-timeline', 'port': 6028, 'timeout': '60s', 'service': 'shellbox-timeline', 'keepalive': '4s', 'retry': {'retry_on': '5xx', 'num_retries': 1}}, {'name': 'linkrecommendation', 'port': 6029, 'service': 'linkrecommendation', 'timeout': '10s'}, {'name': 'inference', 'port': 6031, 'service': 'inference', 'timeout': '60s'}, {'name': 'device-analytics', 'port': 6032, 'service': 'device-analytics', 'timeout': '10s', 'keepalive': '4s'}, {'name': 'rest-gateway', 'port': 6033, 'service': 'rest-gateway', 'timeout': '10s', 'keepalive': '4s'}, {'name': 'wikifunctions', 'port': 6034, 'service': 'wikifunctions', 'timeout': '15.5s', 'sets_sni': True}, {'name': 'ipoid', 'port': 6035, 'service': 'ipoid', 'timeout': '5s', 'upstream': 'ipoid.discovery.wmnet', 'sets_sni': True, 'keepalive': '4s'}, {'name': 'shellbox-video', 'port': 6036, 'timeout': '86400s', 'idle_timeout': '86400s', 'service': 'shellbox-video', 'keepalive': '4s', 'tcp_keepalive': {'keepalive_time': 300}}, {'name': 'test-kitchen', 'port': 6037, 'service': 'test-kitchen', 'timeout': '30s', 'sets_sni': True, 'keepalive': '4s'}, {'name': 'data-gateway', 'port': 6038, 'service': 'data-gateway', 'timeout': '10s', 'keepalive': '4s', 'sets_sni': True}, {'name': 'chart-renderer', 'port': 6039, 'service': 'chart-renderer', 'timeout': '30s', 'keepalive': '4s', 'sets_sni': True}, {'name': 'tegola-vector-tiles', 'port': 6040, 'service': 'tegola-vector-tiles', 'timeout': '10s', 'keepalive': '4s', 'sets_sni': True}, {'name': 'wdqs-internal-main', 'port': 6041, 'service': 'wdqs-internal-main', 'timeout': '10s'}, {'name': 'wdqs-internal-scholarly', 'port': 6042, 'service': 'wdqs-internal-scholarly', 'timeout': '10s'}, {'name': 'eventgate-logging-external', 'port': 6043, 'timeout': '5s', 'service': 'eventgate-logging-external', 'keepalive': '4.5s', 'retry': {'retry_on': '5xx', 'num_retries': 1}}, {'name': 'swift-eqiad', 'port': 6101, 'service': 'swift-https', 'idle_timeout': '180s', 'timeout': '90s', 'upstream': 'ms-fe.svc.eqiad.wmnet', 'keepalive': '10s', 'retry': {'retry_on': '5xx', 'num_retries': 1}}, {'name': 'swift-codfw', 'port': 6201, 'service': 'swift-https', 'idle_timeout': '180s', 'timeout': '90s', 'upstream': 'ms-fe.svc.codfw.wmnet', 'keepalive': '10s', 'retry': {'retry_on': '5xx', 'num_retries': 1}}, {'name': 'search-chi-eqiad', 'port': 6102, 'service': 'search-https', 'timeout': '50s', 'upstream': 'search.svc.eqiad.wmnet', 'keepalive': '50s'}, {'name': 'search-chi-codfw', 'port': 6202, 'service': 'search-https', 'timeout': '50s', 'upstream': 'search.svc.codfw.wmnet', 'keepalive': '50s'}, {'name': 'search-chi', 'port': 6302, 'service': 'search-https', 'timeout': '50s', 'upstream': 'search.discovery.wmnet', 'keepalive': '50s', 'retry': {'retry_on': 'gateway-error'}}, {'name': 'search-omega-eqiad', 'port': 6103, 'service': 'search-omega-https', 'timeout': '50s', 'upstream': 'search.svc.eqiad.wmnet', 'keepalive': '50s'}, {'name': 'search-omega-codfw', 'port': 6203, 'service': 'search-omega-https', 'timeout': '50s', 'upstream': 'search.svc.codfw.wmnet', 'keepalive': '50s'}, {'name': 'search-omega', 'port': 6303, 'service': 'search-omega-https', 'timeout': '50s', 'upstream': 'search-omega.discovery.wmnet', 'keepalive': '50s', 'retry': {'retry_on': 'gateway-error'}}, {'name': 'search-psi-eqiad', 'port': 6104, 'service': 'search-psi-https', 'timeout': '50s', 'upstream': 'search.svc.eqiad.wmnet', 'keepalive': '50s'}, {'name': 'search-psi-codfw', 'port': 6204, 'service': 'search-psi-https', 'timeout': '50s', 'upstream': 'search.svc.codfw.wmnet', 'keepalive': '50s'}, {'name': 'search-psi', 'port': 6304, 'service': 'search-psi-https', 'timeout': '50s', 'upstream': 'search-psi.discovery.wmnet', 'keepalive': '50s', 'retry': {'retry_on': 'gateway-error'}}, {'name': 'cloudelastic-chi-eqiad', 'port': 6105, 'service': 'cloudelastic-chi-https', 'timeout': '50s', 'upstream': 'cloudelastic.wikimedia.org', 'keepalive': '50s'}, {'name': 'cloudelastic-omega-eqiad', 'port': 6106, 'service': 'cloudelastic-omega-https', 'timeout': '50s', 'upstream': 'cloudelastic.wikimedia.org', 'keepalive': '50s'}, {'name': 'cloudelastic-psi-eqiad', 'port': 6107, 'service': 'cloudelastic-psi-https', 'timeout': '50s', 'upstream': 'cloudelastic.wikimedia.org', 'keepalive': '50s'}, {'name': 'inference-staging', 'port': 6205, 'service': 'inference-staging', 'timeout': '60s', 'upstream': 'inference-staging.svc.codfw.wmnet'}, {'name': 'analytics-web', 'port': 6206, 'service': 'analytics-web', 'timeout': '60s', 'upstream': 'analytics-web.discovery.wmnet', 'sets_sni': True, 'http_host': 'analytics.wikimedia.org'}, {'name': 'eventgate-analytics-eqiad', 'port': 6108, 'timeout': '10s', 'service': 'eventgate-analytics', 'upstream': 'eventgate-analytics.svc.eqiad.wmnet', 'keepalive': '4.5s', 'retry': {'retry_on': '5xx', 'num_retries': 1}}, {'name': 'eventgate-analytics-codfw', 'port': 6208, 'timeout': '10s', 'service': 'eventgate-analytics', 'upstream': 'eventgate-analytics.svc.codfw.wmnet', 'keepalive': '4.5s', 'retry': {'retry_on': '5xx', 'num_retries': 1}}, {'name': 'eventgate-main-eqiad', 'port': 6109, 'timeout': '61s', 'service': 'eventgate-main', 'upstream': 'eventgate-main.svc.eqiad.wmnet', 'keepalive': '4.5s', 'retry': {'retry_on': '5xx', 'num_retries': 2, 'per_try_timeout': '20s'}}, {'name': 'eventgate-main-codfw', 'port': 6209, 'timeout': '61s', 'service': 'eventgate-main', 'upstream': 'eventgate-main.svc.codfw.wmnet', 'keepalive': '4.5s', 'retry': {'retry_on': '5xx', 'num_retries': 2, 'per_try_timeout': '20s'}}, {'name': 'eventgate-analytics-external-eqiad', 'port': 6110, 'timeout': '5s', 'service': 'eventgate-analytics-external', 'upstream': 'eventgate-analytics-external.svc.eqiad.wmnet', 'keepalive': '4.5s', 'retry': {'retry_on': '5xx', 'num_retries': 1}}, {'name': 'eventgate-analytics-external-codfw', 'port': 6210, 'timeout': '5s', 'service': 'eventgate-analytics-external', 'upstream': 'eventgate-analytics-external.svc.codfw.wmnet', 'keepalive': '4.5s', 'retry': {'retry_on': '5xx', 'num_retries': 1}}, {'name': 'eventgate-logging-external-eqiad', 'port': 6111, 'timeout': '5s', 'service': 'eventgate-logging-external', 'upstream': 'eventgate-logging-external.svc.eqiad.wmnet', 'keepalive': '4.5s', 'retry': {'retry_on': '5xx', 'num_retries': 1}}, {'name': 'eventgate-logging-external-codfw', 'port': 6211, 'timeout': '5s', 'service': 'eventgate-logging-external', 'upstream': 'eventgate-logging-external.svc.codfw.wmnet', 'keepalive': '4.5s', 'retry': {'retry_on': '5xx', 'num_retries': 1}}, {'name': 'page-analytics', 'port': 6073, 'service': 'page-analytics', 'timeout': '10s', 'keepalive': '4s', 'sets_sni': True}, {'name': 'shellbox-eqiad', 'port': 6124, 'timeout': '60s', 'service': 'shellbox', 'upstream': 'shellbox.svc.eqiad.wmnet', 'keepalive': '4s', 'retry': {'retry_on': '5xx', 'num_retries': 1}}, {'name': 'shellbox-constraints-eqiad', 'port': 6125, 'timeout': '10s', 'service': 'shellbox-constraints', 'upstream': 'shellbox-constraints.svc.eqiad.wmnet', 'keepalive': '4s', 'retry': {'retry_on': '5xx', 'num_retries': 1}}, {'name': 'shellbox-media-eqiad', 'port': 6126, 'timeout': '60s', 'service': 'shellbox-media', 'upstream': 'shellbox-media.svc.eqiad.wmnet', 'keepalive': '4s', 'retry': {'retry_on': '5xx', 'num_retries': 1}}, {'name': 'shellbox-syntaxhighlight-eqiad', 'port': 6127, 'timeout': '60s', 'service': 'shellbox-syntaxhighlight', 'upstream': 'shellbox-syntaxhighlight.svc.eqiad.wmnet', 'keepalive': '4s', 'retry': {'retry_on': '5xx', 'num_retries': 1}}, {'name': 'shellbox-timeline-eqiad', 'port': 6128, 'timeout': '60s', 'service': 'shellbox-timeline', 'upstream': 'shellbox-timeline.svc.eqiad.wmnet', 'keepalive': '4s', 'retry': {'retry_on': '5xx', 'num_retries': 1}}, {'name': 'shellbox-video-eqiad', 'port': 6136, 'timeout': '86400s', 'idle_timeout': '86400s', 'service': 'shellbox-video', 'upstream': 'shellbox-video.svc.eqiad.wmnet', 'keepalive': '4s', 'tcp_keepalive': {'keepalive_time': 300}}, {'name': 'shellbox-codfw', 'port': 6224, 'timeout': '60s', 'service': 'shellbox', 'upstream': 'shellbox.svc.codfw.wmnet', 'keepalive': '4s', 'retry': {'retry_on': '5xx', 'num_retries': 1}}, {'name': 'shellbox-constraints-codfw', 'port': 6225, 'timeout': '10s', 'service': 'shellbox-constraints', 'upstream': 'shellbox-constraints.svc.codfw.wmnet', 'keepalive': '4s', 'retry': {'retry_on': '5xx', 'num_retries': 1}}, {'name': 'shellbox-media-codfw', 'port': 6226, 'timeout': '60s', 'service': 'shellbox-media', 'upstream': 'shellbox-media.svc.codfw.wmnet', 'keepalive': '4s', 'retry': {'retry_on': '5xx', 'num_retries': 1}}, {'name': 'shellbox-syntaxhighlight-codfw', 'port': 6227, 'timeout': '60s', 'service': 'shellbox-syntaxhighlight', 'upstream': 'shellbox-syntaxhighlight.svc.codfw.wmnet', 'keepalive': '4s', 'retry': {'retry_on': '5xx', 'num_retries': 1}}, {'name': 'shellbox-timeline-codfw', 'port': 6228, 'timeout': '60s', 'service': 'shellbox-timeline', 'upstream': 'shellbox-timeline.svc.codfw.wmnet', 'keepalive': '4s', 'retry': {'retry_on': '5xx', 'num_retries': 1}}, {'name': 'shellbox-video-codfw', 'port': 6236, 'timeout': '86400s', 'idle_timeout': '86400s', 'service': 'shellbox-video', 'upstream': 'shellbox-video.svc.codfw.wmnet', 'keepalive': '4s', 'tcp_keepalive': {'keepalive_time': 300}}, {'name': 'mwapi-async', 'port': 6500, 'service': 'mw-api-int', 'upstream': 'mw-api-int.discovery.wmnet', 'keepalive': '4s', 'timeout': '120s', 'xfp': 'https'}, {'name': 'mwapi', 'port': 6501, 'service': 'mw-api-int', 'upstream': 'mw-api-int.discovery.wmnet', 'keepalive': '4s', 'timeout': '60s', 'xfp': 'https'}, {'name': 'mw-api-int-async', 'port': 6500, 'service': 'mw-api-int', 'upstream': 'mw-api-int.discovery.wmnet', 'keepalive': '4s', 'timeout': '120s', 'xfp': 'https'}, {'name': 'mw-api-int', 'port': 6501, 'service': 'mw-api-int', 'upstream': 'mw-api-int.discovery.wmnet', 'keepalive': '4s', 'timeout': '60s', 'xfp': 'https'}, {'name': 'mw-api-int-async-ro', 'port': 6500, 'service': 'mw-api-int', 'upstream': 'mw-api-int-ro.discovery.wmnet', 'keepalive': '4s', 'timeout': '120s', 'xfp': 'https', 'retry': {'retry_on': '5xx', 'num_retries': 1}}, {'name': 'restbase-for-services', 'port': 6503, 'service': 'restbase-https', 'timeout': '122s', 'keepalive': '4s', 'upstream': 'restbase.discovery.wmnet', 'xfp': 'https'}, {'name': 'machinetranslation', 'port': 6504, 'service': 'machinetranslation', 'timeout': '120s', 'sets_sni': True}, {'name': 'mw-wikifunctions-ro', 'port': 6501, 'service': 'mw-wikifunctions', 'upstream': 'mw-wikifunctions-ro.discovery.wmnet', 'keepalive': '4s', 'timeout': '60s', 'xfp': 'https', 'sets_sni': True, 'sni_rewrites_host_header': False}, {'name': 'mw-jobrunner', 'port': 6506, 'service': 'mw-jobrunner', 'timeout': '30s', 'keepalive': '4s', 'retry': {'retry_on': '5xx', 'num_retries': 1}, 'xfp': 'https'}, {'name': 'mw-misc', 'port': 6508, 'service': 'mw-misc', 'timeout': '30s', 'sets_sni': True, 'keepalive': '4s'}, {'name': 'noc', 'port': 6509, 'service': 'mw-misc', 'timeout': '30s', 'sets_sni': True, 'http_host': 'noc.wikimedia.org', 'keepalive': '4s'}, {'name': 'data-gateway-staging', 'port': 6510, 'service': 'data-gateway-staging', 'timeout': '10s', 'keepalive': '4s', 'sets_sni': True, 'upstream': 'data-gateway.k8s-staging.discovery.wmnet'}, {'name': 'recommendation-api-ng', 'port': 6511, 'service': 'recommendation-api-ng', 'timeout': '30s', 'keepalive': '4s', 'sets_sni': True}, {'name': 'wikifunctions-python-evaluator-staging', 'port': 6512, 'service': 'wikifunctions-python-evaluator-staging', 'timeout': '9.5s', 'keepalive': '60s', 'sets_sni': True, 'upstream': 'wikifunctions-python-evaluator.k8s-staging.discovery.wmnet'}, {'name': 'wikifunctions-javascript-evaluator-staging', 'port': 6513, 'service': 'wikifunctions-javascript-evaluator-staging', 'timeout': '9.5s', 'keepalive': '60s', 'sets_sni': True, 'upstream': 'wikifunctions-javascript-evaluator.k8s-staging.discovery.wmnet'}, {'name': 'wikifunctions-python-evaluator', 'port': 6514, 'service': 'wikifunctions-python-evaluator', 'timeout': '9.5s', 'keepalive': '60s', 'sets_sni': True, 'upstream': 'wikifunctions-python-evaluator.discovery.wmnet'}, {'name': 'wikifunctions-javascript-evaluator', 'port': 6515, 'service': 'wikifunctions-javascript-evaluator', 'timeout': '9.5s', 'keepalive': '60s', 'sets_sni': True, 'upstream': 'wikifunctions-javascript-evaluator.discovery.wmnet'}, {'name': 'opensearch-semantic-search', 'port': 6044, 'service': 'opensearch-semantic-search', 'timeout': '50s', 'keepalive': '50s', 'sets_sni': True, 'upstream': 'opensearch-semantic-search.discovery.wmnet', 'retry': {'retry_on': 'gateway-error'}}, {'name': 'opensearch-ipoid', 'port': 6045, 'service': 'opensearch-ipoid', 'timeout': '50s', 'keepalive': '50s', 'sets_sni': True, 'upstream': 'opensearch-ipoid.discovery.wmnet', 'retry': {'retry_on': 'gateway-error'}}, {'name': 'opensearch-ttmserver-test', 'port': 6046, 'service': 'opensearch-ttmserver-test', 'timeout': '50s', 'keepalive': '50s', 'sets_sni': True, 'upstream': 'opensearch-ttmserver-test.discovery.wmnet', 'retry': {'retry_on': 'gateway-error'}}, {'name': 'opensearch-toolhub-test', 'port': 6047, 'service': 'opensearch-toolhub-test', 'timeout': '50s', 'keepalive': '50s', 'sets_sni': True, 'upstream': 'opensearch-toolhub-test.discovery.wmnet', 'retry': {'retry_on': 'gateway-error'}}]
File[/etc/envoy/listeners.d/50-shellbox_video_eqiad.yaml]
- Parameters differences:
--- File[/etc/envoy/listeners.d/50-shellbox_video_eqiad.yaml].orig
+++ File[/etc/envoy/listeners.d/50-shellbox_video_eqiad.yaml]
+ owner => root
+ ensure => present
+ group => root
+ notify => Exec[verify-envoy-config]
+ mode => 0444
- Content differences:
--- /etc/envoy/listeners.d/50-shellbox_video_eqiad.yaml.orig
+++ /etc/envoy/listeners.d/50-shellbox_video_eqiad.yaml
@@ -0,0 +1,92 @@
+- address:
+ socket_address: {protocol: TCP, address: "::", port_value: 6136}
+ filter_chains:
+ - filters:
+ - name: envoy.filters.network.http_connection_manager
+ typed_config:
+ "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
+ access_log:
+ - filter:
+ status_code_filter:
+ comparison:
+ op: "GE"
+ value:
+ default_value: 500
+ runtime_key: shellbox-video-eqiad_min_log_code
+ typed_config:
+ "@type": type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog
+ path: "/var/log/envoy/shellbox-video-eqiad.log"
+ stat_prefix: shellbox-video-eqiad_egress
+ http_filters:
+ - name: envoy.filters.http.router
+ typed_config:
+ "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
+ route_config:
+ name: shellbox-video-eqiad_route
+ virtual_hosts:
+ - name: shellbox-video-eqiad
+ domains: ["*"]
+ routes:
+ - match:
+ prefix: "/"
+ route:
+ cluster: shellbox-video_eqiad
+ timeout: 86400s
+ idle_timeout: 86400s
+ retry_policy:
+ num_retries: 0
+ internal_address_config:
+ unix_sockets: true
+ cidr_ranges:
+ - address_prefix: 10.0.0.0
+ prefix_len: 8
+ - address_prefix: 127.0.0.1
+ prefix_len: 32
+ - address_prefix: ::1
+ prefix_len: 128
+- address:
+ socket_address: {protocol: TCP, address: 0.0.0.0, port_value: 6136}
+ filter_chains:
+ - filters:
+ - name: envoy.filters.network.http_connection_manager
+ typed_config:
+ "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
+ access_log:
+ - filter:
+ status_code_filter:
+ comparison:
+ op: "GE"
+ value:
+ default_value: 500
+ runtime_key: shellbox-video-eqiad_min_log_code
+ typed_config:
+ "@type": type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog
+ path: "/var/log/envoy/shellbox-video-eqiad.log"
+ stat_prefix: shellbox-video-eqiad_egress
+ http_filters:
+ - name: envoy.filters.http.router
+ typed_config:
+ "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
+ route_config:
+ name: shellbox-video-eqiad_route
+ virtual_hosts:
+ - name: shellbox-video-eqiad
+ domains: ["*"]
+ routes:
+ - match:
+ prefix: "/"
+ route:
+ cluster: shellbox-video_eqiad
+ timeout: 86400s
+ idle_timeout: 86400s
+ retry_policy:
+ num_retries: 0
+ internal_address_config:
+ unix_sockets: true
+ cidr_ranges:
+ - address_prefix: 10.0.0.0
+ prefix_len: 8
+ - address_prefix: 127.0.0.1
+ prefix_len: 32
+ - address_prefix: ::1
+ prefix_len: 128
- File[/etc/helmfile-defaults/general-aux-k8s-eqiad.yaml]
- Content differences:
--- /etc/helmfile-defaults/general-aux-k8s-eqiad.yaml.orig
+++ /etc/helmfile-defaults/general-aux-k8s-eqiad.yaml
@@ -1755,6 +1755,174 @@
port: 30443
encryption: true
sets_sni: true
+ keepalive: 4s
+ shellbox-eqiad:
+ port: 6124
+ timeout: 60s
+ retry_policy:
+ retry_on: 5xx
+ num_retries: 1
+ upstream:
+ ips:
+ - 10.2.1.51/32
+ - 10.2.2.51/32
+ address: shellbox.svc.eqiad.wmnet
+ port: 4008
+ encryption: true
+ keepalive: 4s
+ shellbox-constraints-eqiad:
+ port: 6125
+ timeout: 10s
+ retry_policy:
+ retry_on: 5xx
+ num_retries: 1
+ upstream:
+ ips:
+ - 10.2.1.61/32
+ - 10.2.2.61/32
+ address: shellbox-constraints.svc.eqiad.wmnet
+ port: 4010
+ encryption: true
+ keepalive: 4s
+ shellbox-media-eqiad:
+ port: 6126
+ timeout: 60s
+ retry_policy:
+ retry_on: 5xx
+ num_retries: 1
+ upstream:
+ ips:
+ - 10.2.1.64/32
+ - 10.2.2.64/32
+ address: shellbox-media.svc.eqiad.wmnet
+ port: 4015
+ encryption: true
+ keepalive: 4s
+ shellbox-syntaxhighlight-eqiad:
+ port: 6127
+ timeout: 60s
+ retry_policy:
+ retry_on: 5xx
+ num_retries: 1
+ upstream:
+ ips:
+ - 10.2.1.65/32
+ - 10.2.2.65/32
+ address: shellbox-syntaxhighlight.svc.eqiad.wmnet
+ port: 4014
+ encryption: true
+ keepalive: 4s
+ shellbox-timeline-eqiad:
+ port: 6128
+ timeout: 60s
+ retry_policy:
+ retry_on: 5xx
+ num_retries: 1
+ upstream:
+ ips:
+ - 10.2.1.66/32
+ - 10.2.2.66/32
+ address: shellbox-timeline.svc.eqiad.wmnet
+ port: 4012
+ encryption: true
+ keepalive: 4s
+ shellbox-video-eqiad:
+ port: 6136
+ timeout: 86400s
+ upstream:
+ ips:
+ - 10.2.1.68/32
+ - 10.2.2.68/32
+ address: shellbox-video.svc.eqiad.wmnet
+ port: 4080
+ encryption: true
+ tcp_keepalive:
+ keepalive_time: 300
+ idle_timeout: 86400s
+ keepalive: 4s
+ shellbox-codfw:
+ port: 6224
+ timeout: 60s
+ retry_policy:
+ retry_on: 5xx
+ num_retries: 1
+ upstream:
+ ips:
+ - 10.2.1.51/32
+ - 10.2.2.51/32
+ address: shellbox.svc.codfw.wmnet
+ port: 4008
+ encryption: true
+ keepalive: 4s
+ shellbox-constraints-codfw:
+ port: 6225
+ timeout: 10s
+ retry_policy:
+ retry_on: 5xx
+ num_retries: 1
+ upstream:
+ ips:
+ - 10.2.1.61/32
+ - 10.2.2.61/32
+ address: shellbox-constraints.svc.codfw.wmnet
+ port: 4010
+ encryption: true
+ keepalive: 4s
+ shellbox-media-codfw:
+ port: 6226
+ timeout: 60s
+ retry_policy:
+ retry_on: 5xx
+ num_retries: 1
+ upstream:
+ ips:
+ - 10.2.1.64/32
+ - 10.2.2.64/32
+ address: shellbox-media.svc.codfw.wmnet
+ port: 4015
+ encryption: true
+ keepalive: 4s
+ shellbox-syntaxhighlight-codfw:
+ port: 6227
+ timeout: 60s
+ retry_policy:
+ retry_on: 5xx
+ num_retries: 1
+ upstream:
+ ips:
+ - 10.2.1.65/32
+ - 10.2.2.65/32
+ address: shellbox-syntaxhighlight.svc.codfw.wmnet
+ port: 4014
+ encryption: true
+ keepalive: 4s
+ shellbox-timeline-codfw:
+ port: 6228
+ timeout: 60s
+ retry_policy:
+ retry_on: 5xx
+ num_retries: 1
+ upstream:
+ ips:
+ - 10.2.1.66/32
+ - 10.2.2.66/32
+ address: shellbox-timeline.svc.codfw.wmnet
+ port: 4012
+ encryption: true
+ keepalive: 4s
+ shellbox-video-codfw:
+ port: 6236
+ timeout: 86400s
+ upstream:
+ ips:
+ - 10.2.1.68/32
+ - 10.2.2.68/32
+ address: shellbox-video.svc.codfw.wmnet
+ port: 4080
+ encryption: true
+ tcp_keepalive:
+ keepalive_time: 300
+ idle_timeout: 86400s
keepalive: 4s
mwapi-async:
port: 6500
- Envoyproxy::Listener[shellbox-video-codfw]
- Parameters differences:
--- Envoyproxy::Listener[shellbox-video-codfw].orig
+++ Envoyproxy::Listener[shellbox-video-codfw]
+ priority => 50
- Envoyproxy::Cluster[shellbox-video_eqiad_cluster]
- Parameters differences:
--- Envoyproxy::Cluster[shellbox-video_eqiad_cluster].orig
+++ Envoyproxy::Cluster[shellbox-video_eqiad_cluster]
+ priority => 50
- Envoyproxy::Conf[shellbox-media_eqiad_cluster]
- Parameters differences:
--- Envoyproxy::Conf[shellbox-media_eqiad_cluster].orig
+++ Envoyproxy::Conf[shellbox-media_eqiad_cluster]
+ conf_type => cluster
+ priority => 50
- Envoyproxy::Cluster[shellbox_codfw_cluster]
- Parameters differences:
--- Envoyproxy::Cluster[shellbox_codfw_cluster].orig
+++ Envoyproxy::Cluster[shellbox_codfw_cluster]
+ priority => 50
- File[/etc/helmfile-defaults/general-aux-k8s-codfw.yaml]
- Content differences:
--- /etc/helmfile-defaults/general-aux-k8s-codfw.yaml.orig
+++ /etc/helmfile-defaults/general-aux-k8s-codfw.yaml
@@ -1755,6 +1755,174 @@
port: 30443
encryption: true
sets_sni: true
+ keepalive: 4s
+ shellbox-eqiad:
+ port: 6124
+ timeout: 60s
+ retry_policy:
+ retry_on: 5xx
+ num_retries: 1
+ upstream:
+ ips:
+ - 10.2.1.51/32
+ - 10.2.2.51/32
+ address: shellbox.svc.eqiad.wmnet
+ port: 4008
+ encryption: true
+ keepalive: 4s
+ shellbox-constraints-eqiad:
+ port: 6125
+ timeout: 10s
+ retry_policy:
+ retry_on: 5xx
+ num_retries: 1
+ upstream:
+ ips:
+ - 10.2.1.61/32
+ - 10.2.2.61/32
+ address: shellbox-constraints.svc.eqiad.wmnet
+ port: 4010
+ encryption: true
+ keepalive: 4s
+ shellbox-media-eqiad:
+ port: 6126
+ timeout: 60s
+ retry_policy:
+ retry_on: 5xx
+ num_retries: 1
+ upstream:
+ ips:
+ - 10.2.1.64/32
+ - 10.2.2.64/32
+ address: shellbox-media.svc.eqiad.wmnet
+ port: 4015
+ encryption: true
+ keepalive: 4s
+ shellbox-syntaxhighlight-eqiad:
+ port: 6127
+ timeout: 60s
+ retry_policy:
+ retry_on: 5xx
+ num_retries: 1
+ upstream:
+ ips:
+ - 10.2.1.65/32
+ - 10.2.2.65/32
+ address: shellbox-syntaxhighlight.svc.eqiad.wmnet
+ port: 4014
+ encryption: true
+ keepalive: 4s
+ shellbox-timeline-eqiad:
+ port: 6128
+ timeout: 60s
+ retry_policy:
+ retry_on: 5xx
+ num_retries: 1
+ upstream:
+ ips:
+ - 10.2.1.66/32
+ - 10.2.2.66/32
+ address: shellbox-timeline.svc.eqiad.wmnet
+ port: 4012
+ encryption: true
+ keepalive: 4s
+ shellbox-video-eqiad:
+ port: 6136
+ timeout: 86400s
+ upstream:
+ ips:
+ - 10.2.1.68/32
+ - 10.2.2.68/32
+ address: shellbox-video.svc.eqiad.wmnet
+ port: 4080
+ encryption: true
+ tcp_keepalive:
+ keepalive_time: 300
+ idle_timeout: 86400s
+ keepalive: 4s
+ shellbox-codfw:
+ port: 6224
+ timeout: 60s
+ retry_policy:
+ retry_on: 5xx
+ num_retries: 1
+ upstream:
+ ips:
+ - 10.2.1.51/32
+ - 10.2.2.51/32
+ address: shellbox.svc.codfw.wmnet
+ port: 4008
+ encryption: true
+ keepalive: 4s
+ shellbox-constraints-codfw:
+ port: 6225
+ timeout: 10s
+ retry_policy:
+ retry_on: 5xx
+ num_retries: 1
+ upstream:
+ ips:
+ - 10.2.1.61/32
+ - 10.2.2.61/32
+ address: shellbox-constraints.svc.codfw.wmnet
+ port: 4010
+ encryption: true
+ keepalive: 4s
+ shellbox-media-codfw:
+ port: 6226
+ timeout: 60s
+ retry_policy:
+ retry_on: 5xx
+ num_retries: 1
+ upstream:
+ ips:
+ - 10.2.1.64/32
+ - 10.2.2.64/32
+ address: shellbox-media.svc.codfw.wmnet
+ port: 4015
+ encryption: true
+ keepalive: 4s
+ shellbox-syntaxhighlight-codfw:
+ port: 6227
+ timeout: 60s
+ retry_policy:
+ retry_on: 5xx
+ num_retries: 1
+ upstream:
+ ips:
+ - 10.2.1.65/32
+ - 10.2.2.65/32
+ address: shellbox-syntaxhighlight.svc.codfw.wmnet
+ port: 4014
+ encryption: true
+ keepalive: 4s
+ shellbox-timeline-codfw:
+ port: 6228
+ timeout: 60s
+ retry_policy:
+ retry_on: 5xx
+ num_retries: 1
+ upstream:
+ ips:
+ - 10.2.1.66/32
+ - 10.2.2.66/32
+ address: shellbox-timeline.svc.codfw.wmnet
+ port: 4012
+ encryption: true
+ keepalive: 4s
+ shellbox-video-codfw:
+ port: 6236
+ timeout: 86400s
+ upstream:
+ ips:
+ - 10.2.1.68/32
+ - 10.2.2.68/32
+ address: shellbox-video.svc.codfw.wmnet
+ port: 4080
+ encryption: true
+ tcp_keepalive:
+ keepalive_time: 300
+ idle_timeout: 86400s
keepalive: 4s
mwapi-async:
port: 6500
- Envoyproxy::Conf[shellbox-timeline_codfw_cluster]
- Parameters differences:
--- Envoyproxy::Conf[shellbox-timeline_codfw_cluster].orig
+++ Envoyproxy::Conf[shellbox-timeline_codfw_cluster]
+ conf_type => cluster
+ priority => 50
- File[/etc/helmfile-defaults/general-codfw.yaml]
- Content differences:
--- /etc/helmfile-defaults/general-codfw.yaml.orig
+++ /etc/helmfile-defaults/general-codfw.yaml
@@ -1755,6 +1755,174 @@
port: 30443
encryption: true
sets_sni: true
+ keepalive: 4s
+ shellbox-eqiad:
+ port: 6124
+ timeout: 60s
+ retry_policy:
+ retry_on: 5xx
+ num_retries: 1
+ upstream:
+ ips:
+ - 10.2.1.51/32
+ - 10.2.2.51/32
+ address: shellbox.svc.eqiad.wmnet
+ port: 4008
+ encryption: true
+ keepalive: 4s
+ shellbox-constraints-eqiad:
+ port: 6125
+ timeout: 10s
+ retry_policy:
+ retry_on: 5xx
+ num_retries: 1
+ upstream:
+ ips:
+ - 10.2.1.61/32
+ - 10.2.2.61/32
+ address: shellbox-constraints.svc.eqiad.wmnet
+ port: 4010
+ encryption: true
+ keepalive: 4s
+ shellbox-media-eqiad:
+ port: 6126
+ timeout: 60s
+ retry_policy:
+ retry_on: 5xx
+ num_retries: 1
+ upstream:
+ ips:
+ - 10.2.1.64/32
+ - 10.2.2.64/32
+ address: shellbox-media.svc.eqiad.wmnet
+ port: 4015
+ encryption: true
+ keepalive: 4s
+ shellbox-syntaxhighlight-eqiad:
+ port: 6127
+ timeout: 60s
+ retry_policy:
+ retry_on: 5xx
+ num_retries: 1
+ upstream:
+ ips:
+ - 10.2.1.65/32
+ - 10.2.2.65/32
+ address: shellbox-syntaxhighlight.svc.eqiad.wmnet
+ port: 4014
+ encryption: true
+ keepalive: 4s
+ shellbox-timeline-eqiad:
+ port: 6128
+ timeout: 60s
+ retry_policy:
+ retry_on: 5xx
+ num_retries: 1
+ upstream:
+ ips:
+ - 10.2.1.66/32
+ - 10.2.2.66/32
+ address: shellbox-timeline.svc.eqiad.wmnet
+ port: 4012
+ encryption: true
+ keepalive: 4s
+ shellbox-video-eqiad:
+ port: 6136
+ timeout: 86400s
+ upstream:
+ ips:
+ - 10.2.1.68/32
+ - 10.2.2.68/32
+ address: shellbox-video.svc.eqiad.wmnet
+ port: 4080
+ encryption: true
+ tcp_keepalive:
+ keepalive_time: 300
+ idle_timeout: 86400s
+ keepalive: 4s
+ shellbox-codfw:
+ port: 6224
+ timeout: 60s
+ retry_policy:
+ retry_on: 5xx
+ num_retries: 1
+ upstream:
+ ips:
+ - 10.2.1.51/32
+ - 10.2.2.51/32
+ address: shellbox.svc.codfw.wmnet
+ port: 4008
+ encryption: true
+ keepalive: 4s
+ shellbox-constraints-codfw:
+ port: 6225
+ timeout: 10s
+ retry_policy:
+ retry_on: 5xx
+ num_retries: 1
+ upstream:
+ ips:
+ - 10.2.1.61/32
+ - 10.2.2.61/32
+ address: shellbox-constraints.svc.codfw.wmnet
+ port: 4010
+ encryption: true
+ keepalive: 4s
+ shellbox-media-codfw:
+ port: 6226
+ timeout: 60s
+ retry_policy:
+ retry_on: 5xx
+ num_retries: 1
+ upstream:
+ ips:
+ - 10.2.1.64/32
+ - 10.2.2.64/32
+ address: shellbox-media.svc.codfw.wmnet
+ port: 4015
+ encryption: true
+ keepalive: 4s
+ shellbox-syntaxhighlight-codfw:
+ port: 6227
+ timeout: 60s
+ retry_policy:
+ retry_on: 5xx
+ num_retries: 1
+ upstream:
+ ips:
+ - 10.2.1.65/32
+ - 10.2.2.65/32
+ address: shellbox-syntaxhighlight.svc.codfw.wmnet
+ port: 4014
+ encryption: true
+ keepalive: 4s
+ shellbox-timeline-codfw:
+ port: 6228
+ timeout: 60s
+ retry_policy:
+ retry_on: 5xx
+ num_retries: 1
+ upstream:
+ ips:
+ - 10.2.1.66/32
+ - 10.2.2.66/32
+ address: shellbox-timeline.svc.codfw.wmnet
+ port: 4012
+ encryption: true
+ keepalive: 4s
+ shellbox-video-codfw:
+ port: 6236
+ timeout: 86400s
+ upstream:
+ ips:
+ - 10.2.1.68/32
+ - 10.2.2.68/32
+ address: shellbox-video.svc.codfw.wmnet
+ port: 4080
+ encryption: true
+ tcp_keepalive:
+ keepalive_time: 300
+ idle_timeout: 86400s
keepalive: 4s
mwapi-async:
port: 6500
- File[/etc/envoy/clusters.d/50-shellbox_media_eqiad_cluster.yaml]
- Parameters differences:
--- File[/etc/envoy/clusters.d/50-shellbox_media_eqiad_cluster.yaml].orig
+++ File[/etc/envoy/clusters.d/50-shellbox_media_eqiad_cluster.yaml]
+ owner => root
+ ensure => present
+ group => root
+ notify => Exec[verify-envoy-config]
+ mode => 0444
- Content differences:
--- /etc/envoy/clusters.d/50-shellbox_media_eqiad_cluster.yaml.orig
+++ /etc/envoy/clusters.d/50-shellbox_media_eqiad_cluster.yaml
@@ -0,0 +1,37 @@
+name: shellbox-media_eqiad
+connect_timeout: 0.25s
+typed_extension_protocol_options:
+ envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
+ "@type": type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions
+ common_http_protocol_options:
+ idle_timeout: 4s
+ # Given we go through a load-balancer, we want to keep the number of requests that go through a single connection pool small
+ max_requests_per_connection: 1000
+ use_downstream_protocol_config: {}
+type: STRICT_DNS
+dns_lookup_family: V4_ONLY
+lb_policy: ROUND_ROBIN
+load_assignment:
+ cluster_name: cluster_shellbox-media_eqiad
+ endpoints:
+ - lb_endpoints:
+ - endpoint:
+ address:
+ socket_address:
+ address: shellbox-media.svc.eqiad.wmnet
+ port_value: 4015
+# Let's not enable circuit-breaking for now. It would look something like
+#circuit_breakers:
+# thresholds:
+# - max_pending_requests: 30
+transport_socket:
+ name: envoy.transport_sockets.tls
+ typed_config:
+ "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext
+ common_tls_context:
+ tls_params:
+ cipher_suites: ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384
+ validation_context:
+ trusted_ca:
+ filename: /etc/ssl/certs/ca-certificates.crt
+
- File[/etc/envoy/listeners.d/50-shellbox_syntaxhighlight_codfw.yaml]
- Parameters differences:
--- File[/etc/envoy/listeners.d/50-shellbox_syntaxhighlight_codfw.yaml].orig
+++ File[/etc/envoy/listeners.d/50-shellbox_syntaxhighlight_codfw.yaml]
+ owner => root
+ ensure => present
+ group => root
+ notify => Exec[verify-envoy-config]
+ mode => 0444
- Content differences:
--- /etc/envoy/listeners.d/50-shellbox_syntaxhighlight_codfw.yaml.orig
+++ /etc/envoy/listeners.d/50-shellbox_syntaxhighlight_codfw.yaml
@@ -0,0 +1,92 @@
+- address:
+ socket_address: {protocol: TCP, address: "::", port_value: 6227}
+ filter_chains:
+ - filters:
+ - name: envoy.filters.network.http_connection_manager
+ typed_config:
+ "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
+ access_log:
+ - filter:
+ status_code_filter:
+ comparison:
+ op: "GE"
+ value:
+ default_value: 500
+ runtime_key: shellbox-syntaxhighlight-codfw_min_log_code
+ typed_config:
+ "@type": type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog
+ path: "/var/log/envoy/shellbox-syntaxhighlight-codfw.log"
+ stat_prefix: shellbox-syntaxhighlight-codfw_egress
+ http_filters:
+ - name: envoy.filters.http.router
+ typed_config:
+ "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
+ route_config:
+ name: shellbox-syntaxhighlight-codfw_route
+ virtual_hosts:
+ - name: shellbox-syntaxhighlight-codfw
+ domains: ["*"]
+ routes:
+ - match:
+ prefix: "/"
+ route:
+ cluster: shellbox-syntaxhighlight_codfw
+ timeout: 60s
+ retry_policy:
+ retry_on: "5xx"
+ num_retries: 1
+ internal_address_config:
+ unix_sockets: true
+ cidr_ranges:
+ - address_prefix: 10.0.0.0
+ prefix_len: 8
+ - address_prefix: 127.0.0.1
+ prefix_len: 32
+ - address_prefix: ::1
+ prefix_len: 128
+- address:
+ socket_address: {protocol: TCP, address: 0.0.0.0, port_value: 6227}
+ filter_chains:
+ - filters:
+ - name: envoy.filters.network.http_connection_manager
+ typed_config:
+ "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
+ access_log:
+ - filter:
+ status_code_filter:
+ comparison:
+ op: "GE"
+ value:
+ default_value: 500
+ runtime_key: shellbox-syntaxhighlight-codfw_min_log_code
+ typed_config:
+ "@type": type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog
+ path: "/var/log/envoy/shellbox-syntaxhighlight-codfw.log"
+ stat_prefix: shellbox-syntaxhighlight-codfw_egress
+ http_filters:
+ - name: envoy.filters.http.router
+ typed_config:
+ "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
+ route_config:
+ name: shellbox-syntaxhighlight-codfw_route
+ virtual_hosts:
+ - name: shellbox-syntaxhighlight-codfw
+ domains: ["*"]
+ routes:
+ - match:
+ prefix: "/"
+ route:
+ cluster: shellbox-syntaxhighlight_codfw
+ timeout: 60s
+ retry_policy:
+ retry_on: "5xx"
+ num_retries: 1
+ internal_address_config:
+ unix_sockets: true
+ cidr_ranges:
+ - address_prefix: 10.0.0.0
+ prefix_len: 8
+ - address_prefix: 127.0.0.1
+ prefix_len: 32
+ - address_prefix: ::1
+ prefix_len: 128
- Envoyproxy::Cluster[shellbox-video_codfw_cluster]
- Parameters differences:
--- Envoyproxy::Cluster[shellbox-video_codfw_cluster].orig
+++ Envoyproxy::Cluster[shellbox-video_codfw_cluster]
+ priority => 50
- Envoyproxy::Conf[shellbox-media_codfw_cluster]
- Parameters differences:
--- Envoyproxy::Conf[shellbox-media_codfw_cluster].orig
+++ Envoyproxy::Conf[shellbox-media_codfw_cluster]
+ conf_type => cluster
+ priority => 50
- File[/etc/envoy/clusters.d/50-shellbox_timeline_eqiad_cluster.yaml]
- Parameters differences:
--- File[/etc/envoy/clusters.d/50-shellbox_timeline_eqiad_cluster.yaml].orig
+++ File[/etc/envoy/clusters.d/50-shellbox_timeline_eqiad_cluster.yaml]
+ owner => root
+ ensure => present
+ group => root
+ notify => Exec[verify-envoy-config]
+ mode => 0444
- Content differences:
--- /etc/envoy/clusters.d/50-shellbox_timeline_eqiad_cluster.yaml.orig
+++ /etc/envoy/clusters.d/50-shellbox_timeline_eqiad_cluster.yaml
@@ -0,0 +1,37 @@
+name: shellbox-timeline_eqiad
+connect_timeout: 0.25s
+typed_extension_protocol_options:
+ envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
+ "@type": type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions
+ common_http_protocol_options:
+ idle_timeout: 4s
+ # Given we go through a load-balancer, we want to keep the number of requests that go through a single connection pool small
+ max_requests_per_connection: 1000
+ use_downstream_protocol_config: {}
+type: STRICT_DNS
+dns_lookup_family: V4_ONLY
+lb_policy: ROUND_ROBIN
+load_assignment:
+ cluster_name: cluster_shellbox-timeline_eqiad
+ endpoints:
+ - lb_endpoints:
+ - endpoint:
+ address:
+ socket_address:
+ address: shellbox-timeline.svc.eqiad.wmnet
+ port_value: 4012
+# Let's not enable circuit-breaking for now. It would look something like
+#circuit_breakers:
+# thresholds:
+# - max_pending_requests: 30
+transport_socket:
+ name: envoy.transport_sockets.tls
+ typed_config:
+ "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext
+ common_tls_context:
+ tls_params:
+ cipher_suites: ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384
+ validation_context:
+ trusted_ca:
+ filename: /etc/ssl/certs/ca-certificates.crt
+
- Envoyproxy::Conf[shellbox-video-eqiad]
- Parameters differences:
--- Envoyproxy::Conf[shellbox-video-eqiad].orig
+++ Envoyproxy::Conf[shellbox-video-eqiad]
+ conf_type => listener
+ priority => 50
- Envoyproxy::Conf[shellbox-video_eqiad_cluster]
- Parameters differences:
--- Envoyproxy::Conf[shellbox-video_eqiad_cluster].orig
+++ Envoyproxy::Conf[shellbox-video_eqiad_cluster]
+ conf_type => cluster
+ priority => 50
- Envoyproxy::Listener[shellbox-constraints-eqiad]
- Parameters differences:
--- Envoyproxy::Listener[shellbox-constraints-eqiad].orig
+++ Envoyproxy::Listener[shellbox-constraints-eqiad]
+ priority => 50
- File[/etc/envoy/clusters.d/50-shellbox_codfw_cluster.yaml]
- Parameters differences:
--- File[/etc/envoy/clusters.d/50-shellbox_codfw_cluster.yaml].orig
+++ File[/etc/envoy/clusters.d/50-shellbox_codfw_cluster.yaml]
+ owner => root
+ ensure => present
+ group => root
+ notify => Exec[verify-envoy-config]
+ mode => 0444
- Content differences:
--- /etc/envoy/clusters.d/50-shellbox_codfw_cluster.yaml.orig
+++ /etc/envoy/clusters.d/50-shellbox_codfw_cluster.yaml
@@ -0,0 +1,37 @@
+name: shellbox_codfw
+connect_timeout: 0.25s
+typed_extension_protocol_options:
+ envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
+ "@type": type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions
+ common_http_protocol_options:
+ idle_timeout: 4s
+ # Given we go through a load-balancer, we want to keep the number of requests that go through a single connection pool small
+ max_requests_per_connection: 1000
+ use_downstream_protocol_config: {}
+type: STRICT_DNS
+dns_lookup_family: V4_ONLY
+lb_policy: ROUND_ROBIN
+load_assignment:
+ cluster_name: cluster_shellbox_codfw
+ endpoints:
+ - lb_endpoints:
+ - endpoint:
+ address:
+ socket_address:
+ address: shellbox.svc.codfw.wmnet
+ port_value: 4008
+# Let's not enable circuit-breaking for now. It would look something like
+#circuit_breakers:
+# thresholds:
+# - max_pending_requests: 30
+transport_socket:
+ name: envoy.transport_sockets.tls
+ typed_config:
+ "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext
+ common_tls_context:
+ tls_params:
+ cipher_suites: ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384
+ validation_context:
+ trusted_ca:
+ filename: /etc/ssl/certs/ca-certificates.crt
+
- File[/etc/helmfile-defaults/general-dse-k8s-eqiad.yaml]
- Content differences:
--- /etc/helmfile-defaults/general-dse-k8s-eqiad.yaml.orig
+++ /etc/helmfile-defaults/general-dse-k8s-eqiad.yaml
@@ -1755,6 +1755,174 @@
port: 30443
encryption: true
sets_sni: true
+ keepalive: 4s
+ shellbox-eqiad:
+ port: 6124
+ timeout: 60s
+ retry_policy:
+ retry_on: 5xx
+ num_retries: 1
+ upstream:
+ ips:
+ - 10.2.1.51/32
+ - 10.2.2.51/32
+ address: shellbox.svc.eqiad.wmnet
+ port: 4008
+ encryption: true
+ keepalive: 4s
+ shellbox-constraints-eqiad:
+ port: 6125
+ timeout: 10s
+ retry_policy:
+ retry_on: 5xx
+ num_retries: 1
+ upstream:
+ ips:
+ - 10.2.1.61/32
+ - 10.2.2.61/32
+ address: shellbox-constraints.svc.eqiad.wmnet
+ port: 4010
+ encryption: true
+ keepalive: 4s
+ shellbox-media-eqiad:
+ port: 6126
+ timeout: 60s
+ retry_policy:
+ retry_on: 5xx
+ num_retries: 1
+ upstream:
+ ips:
+ - 10.2.1.64/32
+ - 10.2.2.64/32
+ address: shellbox-media.svc.eqiad.wmnet
+ port: 4015
+ encryption: true
+ keepalive: 4s
+ shellbox-syntaxhighlight-eqiad:
+ port: 6127
+ timeout: 60s
+ retry_policy:
+ retry_on: 5xx
+ num_retries: 1
+ upstream:
+ ips:
+ - 10.2.1.65/32
+ - 10.2.2.65/32
+ address: shellbox-syntaxhighlight.svc.eqiad.wmnet
+ port: 4014
+ encryption: true
+ keepalive: 4s
+ shellbox-timeline-eqiad:
+ port: 6128
+ timeout: 60s
+ retry_policy:
+ retry_on: 5xx
+ num_retries: 1
+ upstream:
+ ips:
+ - 10.2.1.66/32
+ - 10.2.2.66/32
+ address: shellbox-timeline.svc.eqiad.wmnet
+ port: 4012
+ encryption: true
+ keepalive: 4s
+ shellbox-video-eqiad:
+ port: 6136
+ timeout: 86400s
+ upstream:
+ ips:
+ - 10.2.1.68/32
+ - 10.2.2.68/32
+ address: shellbox-video.svc.eqiad.wmnet
+ port: 4080
+ encryption: true
+ tcp_keepalive:
+ keepalive_time: 300
+ idle_timeout: 86400s
+ keepalive: 4s
+ shellbox-codfw:
+ port: 6224
+ timeout: 60s
+ retry_policy:
+ retry_on: 5xx
+ num_retries: 1
+ upstream:
+ ips:
+ - 10.2.1.51/32
+ - 10.2.2.51/32
+ address: shellbox.svc.codfw.wmnet
+ port: 4008
+ encryption: true
+ keepalive: 4s
+ shellbox-constraints-codfw:
+ port: 6225
+ timeout: 10s
+ retry_policy:
+ retry_on: 5xx
+ num_retries: 1
+ upstream:
+ ips:
+ - 10.2.1.61/32
+ - 10.2.2.61/32
+ address: shellbox-constraints.svc.codfw.wmnet
+ port: 4010
+ encryption: true
+ keepalive: 4s
+ shellbox-media-codfw:
+ port: 6226
+ timeout: 60s
+ retry_policy:
+ retry_on: 5xx
+ num_retries: 1
+ upstream:
+ ips:
+ - 10.2.1.64/32
+ - 10.2.2.64/32
+ address: shellbox-media.svc.codfw.wmnet
+ port: 4015
+ encryption: true
+ keepalive: 4s
+ shellbox-syntaxhighlight-codfw:
+ port: 6227
+ timeout: 60s
+ retry_policy:
+ retry_on: 5xx
+ num_retries: 1
+ upstream:
+ ips:
+ - 10.2.1.65/32
+ - 10.2.2.65/32
+ address: shellbox-syntaxhighlight.svc.codfw.wmnet
+ port: 4014
+ encryption: true
+ keepalive: 4s
+ shellbox-timeline-codfw:
+ port: 6228
+ timeout: 60s
+ retry_policy:
+ retry_on: 5xx
+ num_retries: 1
+ upstream:
+ ips:
+ - 10.2.1.66/32
+ - 10.2.2.66/32
+ address: shellbox-timeline.svc.codfw.wmnet
+ port: 4012
+ encryption: true
+ keepalive: 4s
+ shellbox-video-codfw:
+ port: 6236
+ timeout: 86400s
+ upstream:
+ ips:
+ - 10.2.1.68/32
+ - 10.2.2.68/32
+ address: shellbox-video.svc.codfw.wmnet
+ port: 4080
+ encryption: true
+ tcp_keepalive:
+ keepalive_time: 300
+ idle_timeout: 86400s
keepalive: 4s
mwapi-async:
port: 6500
- File[/etc/envoy/clusters.d/50-shellbox_syntaxhighlight_eqiad_cluster.yaml]
- Parameters differences:
--- File[/etc/envoy/clusters.d/50-shellbox_syntaxhighlight_eqiad_cluster.yaml].orig
+++ File[/etc/envoy/clusters.d/50-shellbox_syntaxhighlight_eqiad_cluster.yaml]
+ owner => root
+ ensure => present
+ group => root
+ notify => Exec[verify-envoy-config]
+ mode => 0444
- Content differences:
--- /etc/envoy/clusters.d/50-shellbox_syntaxhighlight_eqiad_cluster.yaml.orig
+++ /etc/envoy/clusters.d/50-shellbox_syntaxhighlight_eqiad_cluster.yaml
@@ -0,0 +1,37 @@
+name: shellbox-syntaxhighlight_eqiad
+connect_timeout: 0.25s
+typed_extension_protocol_options:
+ envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
+ "@type": type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions
+ common_http_protocol_options:
+ idle_timeout: 4s
+ # Given we go through a load-balancer, we want to keep the number of requests that go through a single connection pool small
+ max_requests_per_connection: 1000
+ use_downstream_protocol_config: {}
+type: STRICT_DNS
+dns_lookup_family: V4_ONLY
+lb_policy: ROUND_ROBIN
+load_assignment:
+ cluster_name: cluster_shellbox-syntaxhighlight_eqiad
+ endpoints:
+ - lb_endpoints:
+ - endpoint:
+ address:
+ socket_address:
+ address: shellbox-syntaxhighlight.svc.eqiad.wmnet
+ port_value: 4014
+# Let's not enable circuit-breaking for now. It would look something like
+#circuit_breakers:
+# thresholds:
+# - max_pending_requests: 30
+transport_socket:
+ name: envoy.transport_sockets.tls
+ typed_config:
+ "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext
+ common_tls_context:
+ tls_params:
+ cipher_suites: ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384
+ validation_context:
+ trusted_ca:
+ filename: /etc/ssl/certs/ca-certificates.crt
+
- Envoyproxy::Conf[shellbox_codfw_cluster]
- Parameters differences:
--- Envoyproxy::Conf[shellbox_codfw_cluster].orig
+++ Envoyproxy::Conf[shellbox_codfw_cluster]
+ conf_type => cluster
+ priority => 50
- File[/etc/envoy/listeners.d/50-shellbox_codfw.yaml]
- Parameters differences:
--- File[/etc/envoy/listeners.d/50-shellbox_codfw.yaml].orig
+++ File[/etc/envoy/listeners.d/50-shellbox_codfw.yaml]
+ owner => root
+ ensure => present
+ group => root
+ notify => Exec[verify-envoy-config]
+ mode => 0444
- Content differences:
--- /etc/envoy/listeners.d/50-shellbox_codfw.yaml.orig
+++ /etc/envoy/listeners.d/50-shellbox_codfw.yaml
@@ -0,0 +1,92 @@
+- address:
+ socket_address: {protocol: TCP, address: "::", port_value: 6224}
+ filter_chains:
+ - filters:
+ - name: envoy.filters.network.http_connection_manager
+ typed_config:
+ "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
+ access_log:
+ - filter:
+ status_code_filter:
+ comparison:
+ op: "GE"
+ value:
+ default_value: 500
+ runtime_key: shellbox-codfw_min_log_code
+ typed_config:
+ "@type": type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog
+ path: "/var/log/envoy/shellbox-codfw.log"
+ stat_prefix: shellbox-codfw_egress
+ http_filters:
+ - name: envoy.filters.http.router
+ typed_config:
+ "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
+ route_config:
+ name: shellbox-codfw_route
+ virtual_hosts:
+ - name: shellbox-codfw
+ domains: ["*"]
+ routes:
+ - match:
+ prefix: "/"
+ route:
+ cluster: shellbox_codfw
+ timeout: 60s
+ retry_policy:
+ retry_on: "5xx"
+ num_retries: 1
+ internal_address_config:
+ unix_sockets: true
+ cidr_ranges:
+ - address_prefix: 10.0.0.0
+ prefix_len: 8
+ - address_prefix: 127.0.0.1
+ prefix_len: 32
+ - address_prefix: ::1
+ prefix_len: 128
+- address:
+ socket_address: {protocol: TCP, address: 0.0.0.0, port_value: 6224}
+ filter_chains:
+ - filters:
+ - name: envoy.filters.network.http_connection_manager
+ typed_config:
+ "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
+ access_log:
+ - filter:
+ status_code_filter:
+ comparison:
+ op: "GE"
+ value:
+ default_value: 500
+ runtime_key: shellbox-codfw_min_log_code
+ typed_config:
+ "@type": type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog
+ path: "/var/log/envoy/shellbox-codfw.log"
+ stat_prefix: shellbox-codfw_egress
+ http_filters:
+ - name: envoy.filters.http.router
+ typed_config:
+ "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
+ route_config:
+ name: shellbox-codfw_route
+ virtual_hosts:
+ - name: shellbox-codfw
+ domains: ["*"]
+ routes:
+ - match:
+ prefix: "/"
+ route:
+ cluster: shellbox_codfw
+ timeout: 60s
+ retry_policy:
+ retry_on: "5xx"
+ num_retries: 1
+ internal_address_config:
+ unix_sockets: true
+ cidr_ranges:
+ - address_prefix: 10.0.0.0
+ prefix_len: 8
+ - address_prefix: 127.0.0.1
+ prefix_len: 32
+ - address_prefix: ::1
+ prefix_len: 128
- Envoyproxy::Listener[shellbox-media-eqiad]
- Parameters differences:
--- Envoyproxy::Listener[shellbox-media-eqiad].orig
+++ Envoyproxy::Listener[shellbox-media-eqiad]
+ priority => 50
- File[/etc/helmfile-defaults/general-ml-serve-codfw.yaml]
- Content differences:
--- /etc/helmfile-defaults/general-ml-serve-codfw.yaml.orig
+++ /etc/helmfile-defaults/general-ml-serve-codfw.yaml
@@ -1755,6 +1755,174 @@
port: 30443
encryption: true
sets_sni: true
+ keepalive: 4s
+ shellbox-eqiad:
+ port: 6124
+ timeout: 60s
+ retry_policy:
+ retry_on: 5xx
+ num_retries: 1
+ upstream:
+ ips:
+ - 10.2.1.51/32
+ - 10.2.2.51/32
+ address: shellbox.svc.eqiad.wmnet
+ port: 4008
+ encryption: true
+ keepalive: 4s
+ shellbox-constraints-eqiad:
+ port: 6125
+ timeout: 10s
+ retry_policy:
+ retry_on: 5xx
+ num_retries: 1
+ upstream:
+ ips:
+ - 10.2.1.61/32
+ - 10.2.2.61/32
+ address: shellbox-constraints.svc.eqiad.wmnet
+ port: 4010
+ encryption: true
+ keepalive: 4s
+ shellbox-media-eqiad:
+ port: 6126
+ timeout: 60s
+ retry_policy:
+ retry_on: 5xx
+ num_retries: 1
+ upstream:
+ ips:
+ - 10.2.1.64/32
+ - 10.2.2.64/32
+ address: shellbox-media.svc.eqiad.wmnet
+ port: 4015
+ encryption: true
+ keepalive: 4s
+ shellbox-syntaxhighlight-eqiad:
+ port: 6127
+ timeout: 60s
+ retry_policy:
+ retry_on: 5xx
+ num_retries: 1
+ upstream:
+ ips:
+ - 10.2.1.65/32
+ - 10.2.2.65/32
+ address: shellbox-syntaxhighlight.svc.eqiad.wmnet
+ port: 4014
+ encryption: true
+ keepalive: 4s
+ shellbox-timeline-eqiad:
+ port: 6128
+ timeout: 60s
+ retry_policy:
+ retry_on: 5xx
+ num_retries: 1
+ upstream:
+ ips:
+ - 10.2.1.66/32
+ - 10.2.2.66/32
+ address: shellbox-timeline.svc.eqiad.wmnet
+ port: 4012
+ encryption: true
+ keepalive: 4s
+ shellbox-video-eqiad:
+ port: 6136
+ timeout: 86400s
+ upstream:
+ ips:
+ - 10.2.1.68/32
+ - 10.2.2.68/32
+ address: shellbox-video.svc.eqiad.wmnet
+ port: 4080
+ encryption: true
+ tcp_keepalive:
+ keepalive_time: 300
+ idle_timeout: 86400s
+ keepalive: 4s
+ shellbox-codfw:
+ port: 6224
+ timeout: 60s
+ retry_policy:
+ retry_on: 5xx
+ num_retries: 1
+ upstream:
+ ips:
+ - 10.2.1.51/32
+ - 10.2.2.51/32
+ address: shellbox.svc.codfw.wmnet
+ port: 4008
+ encryption: true
+ keepalive: 4s
+ shellbox-constraints-codfw:
+ port: 6225
+ timeout: 10s
+ retry_policy:
+ retry_on: 5xx
+ num_retries: 1
+ upstream:
+ ips:
+ - 10.2.1.61/32
+ - 10.2.2.61/32
+ address: shellbox-constraints.svc.codfw.wmnet
+ port: 4010
+ encryption: true
+ keepalive: 4s
+ shellbox-media-codfw:
+ port: 6226
+ timeout: 60s
+ retry_policy:
+ retry_on: 5xx
+ num_retries: 1
+ upstream:
+ ips:
+ - 10.2.1.64/32
+ - 10.2.2.64/32
+ address: shellbox-media.svc.codfw.wmnet
+ port: 4015
+ encryption: true
+ keepalive: 4s
+ shellbox-syntaxhighlight-codfw:
+ port: 6227
+ timeout: 60s
+ retry_policy:
+ retry_on: 5xx
+ num_retries: 1
+ upstream:
+ ips:
+ - 10.2.1.65/32
+ - 10.2.2.65/32
+ address: shellbox-syntaxhighlight.svc.codfw.wmnet
+ port: 4014
+ encryption: true
+ keepalive: 4s
+ shellbox-timeline-codfw:
+ port: 6228
+ timeout: 60s
+ retry_policy:
+ retry_on: 5xx
+ num_retries: 1
+ upstream:
+ ips:
+ - 10.2.1.66/32
+ - 10.2.2.66/32
+ address: shellbox-timeline.svc.codfw.wmnet
+ port: 4012
+ encryption: true
+ keepalive: 4s
+ shellbox-video-codfw:
+ port: 6236
+ timeout: 86400s
+ upstream:
+ ips:
+ - 10.2.1.68/32
+ - 10.2.2.68/32
+ address: shellbox-video.svc.codfw.wmnet
+ port: 4080
+ encryption: true
+ tcp_keepalive:
+ keepalive_time: 300
+ idle_timeout: 86400s
keepalive: 4s
mwapi-async:
port: 6500
- Envoyproxy::Cluster[shellbox-constraints_codfw_cluster]
- Parameters differences:
--- Envoyproxy::Cluster[shellbox-constraints_codfw_cluster].orig
+++ Envoyproxy::Cluster[shellbox-constraints_codfw_cluster]
+ priority => 50
- File[/etc/envoy/listeners.d/50-shellbox_media_codfw.yaml]
- Parameters differences:
--- File[/etc/envoy/listeners.d/50-shellbox_media_codfw.yaml].orig
+++ File[/etc/envoy/listeners.d/50-shellbox_media_codfw.yaml]
+ owner => root
+ ensure => present
+ group => root
+ notify => Exec[verify-envoy-config]
+ mode => 0444
- Content differences:
--- /etc/envoy/listeners.d/50-shellbox_media_codfw.yaml.orig
+++ /etc/envoy/listeners.d/50-shellbox_media_codfw.yaml
@@ -0,0 +1,92 @@
+- address:
+ socket_address: {protocol: TCP, address: "::", port_value: 6226}
+ filter_chains:
+ - filters:
+ - name: envoy.filters.network.http_connection_manager
+ typed_config:
+ "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
+ access_log:
+ - filter:
+ status_code_filter:
+ comparison:
+ op: "GE"
+ value:
+ default_value: 500
+ runtime_key: shellbox-media-codfw_min_log_code
+ typed_config:
+ "@type": type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog
+ path: "/var/log/envoy/shellbox-media-codfw.log"
+ stat_prefix: shellbox-media-codfw_egress
+ http_filters:
+ - name: envoy.filters.http.router
+ typed_config:
+ "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
+ route_config:
+ name: shellbox-media-codfw_route
+ virtual_hosts:
+ - name: shellbox-media-codfw
+ domains: ["*"]
+ routes:
+ - match:
+ prefix: "/"
+ route:
+ cluster: shellbox-media_codfw
+ timeout: 60s
+ retry_policy:
+ retry_on: "5xx"
+ num_retries: 1
+ internal_address_config:
+ unix_sockets: true
+ cidr_ranges:
+ - address_prefix: 10.0.0.0
+ prefix_len: 8
+ - address_prefix: 127.0.0.1
+ prefix_len: 32
+ - address_prefix: ::1
+ prefix_len: 128
+- address:
+ socket_address: {protocol: TCP, address: 0.0.0.0, port_value: 6226}
+ filter_chains:
+ - filters:
+ - name: envoy.filters.network.http_connection_manager
+ typed_config:
+ "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
+ access_log:
+ - filter:
+ status_code_filter:
+ comparison:
+ op: "GE"
+ value:
+ default_value: 500
+ runtime_key: shellbox-media-codfw_min_log_code
+ typed_config:
+ "@type": type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog
+ path: "/var/log/envoy/shellbox-media-codfw.log"
+ stat_prefix: shellbox-media-codfw_egress
+ http_filters:
+ - name: envoy.filters.http.router
+ typed_config:
+ "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
+ route_config:
+ name: shellbox-media-codfw_route
+ virtual_hosts:
+ - name: shellbox-media-codfw
+ domains: ["*"]
+ routes:
+ - match:
+ prefix: "/"
+ route:
+ cluster: shellbox-media_codfw
+ timeout: 60s
+ retry_policy:
+ retry_on: "5xx"
+ num_retries: 1
+ internal_address_config:
+ unix_sockets: true
+ cidr_ranges:
+ - address_prefix: 10.0.0.0
+ prefix_len: 8
+ - address_prefix: 127.0.0.1
+ prefix_len: 32
+ - address_prefix: ::1
+ prefix_len: 128
- Class[Profile::Kubernetes::Deployment_server::Mediawiki::Config]
- Parameters differences:
--- Class[Profile::Kubernetes::Deployment_server::Mediawiki::Config].orig
+++ Class[Profile::Kubernetes::Deployment_server::Mediawiki::Config]
@@
- enabled_listeners => ['mathoid', 'eventgate-analytics', 'eventgate-analytics-external', 'eventgate-main', 'sessionstore', 'echostore', 'termbox', 'push-notifications', 'restbase', 'rest-gateway', 'cxserver', 'shellbox', 'shellbox-constraints', 'shellbox-media', 'shellbox-syntaxhighlight', 'shellbox-timeline', 'shellbox-video', 'swift-eqiad', 'swift-codfw', 'search-chi-eqiad', 'search-chi-codfw', 'search-chi', 'search-omega-eqiad', 'search-omega-codfw', 'search-omega', 'search-psi-eqiad', 'search-psi-codfw', 'search-psi', 'cloudelastic-chi-eqiad', 'cloudelastic-omega-eqiad', 'cloudelastic-psi-eqiad', 'mw-api-int', 'linkrecommendation', 'device-analytics', 'inference', 'wikifunctions', 'ipoid', 'test-kitchen', 'chart-renderer', 'wdqs-internal-main', 'wdqs-internal-scholarly', 'data-gateway', 'analytics-web', 'page-analytics', 'opensearch-semantic-search', 'opensearch-ipoid', 'opensearch-ttmserver-test', 'opensearch-toolhub-test']
+ enabled_listeners => ['mathoid', 'eventgate-analytics', 'eventgate-analytics-external', 'eventgate-main', 'sessionstore', 'echostore', 'termbox', 'push-notifications', 'restbase', 'rest-gateway', 'cxserver', 'shellbox', 'shellbox-constraints', 'shellbox-media', 'shellbox-syntaxhighlight', 'shellbox-timeline', 'shellbox-video', 'shellbox-eqiad', 'shellbox-constraints-eqiad', 'shellbox-media-eqiad', 'shellbox-syntaxhighlight-eqiad', 'shellbox-timeline-eqiad', 'shellbox-video-eqiad', 'shellbox-codfw', 'shellbox-constraints-codfw', 'shellbox-media-codfw', 'shellbox-syntaxhighlight-codfw', 'shellbox-timeline-codfw', 'shellbox-video-codfw', 'swift-eqiad', 'swift-codfw', 'search-chi-eqiad', 'search-chi-codfw', 'search-chi', 'search-omega-eqiad', 'search-omega-codfw', 'search-omega', 'search-psi-eqiad', 'search-psi-codfw', 'search-psi', 'cloudelastic-chi-eqiad', 'cloudelastic-omega-eqiad', 'cloudelastic-psi-eqiad', 'mw-api-int', 'linkrecommendation', 'device-analytics', 'inference', 'wikifunctions', 'ipoid', 'test-kitchen', 'chart-renderer', 'wdqs-internal-main', 'wdqs-internal-scholarly', 'data-gateway', 'analytics-web', 'page-analytics', 'opensearch-semantic-search', 'opensearch-ipoid', 'opensearch-ttmserver-test', 'opensearch-toolhub-test']
- File[/etc/envoy/listeners.d/50-shellbox_media_eqiad.yaml]
- Parameters differences:
--- File[/etc/envoy/listeners.d/50-shellbox_media_eqiad.yaml].orig
+++ File[/etc/envoy/listeners.d/50-shellbox_media_eqiad.yaml]
+ owner => root
+ ensure => present
+ group => root
+ notify => Exec[verify-envoy-config]
+ mode => 0444
- Content differences:
--- /etc/envoy/listeners.d/50-shellbox_media_eqiad.yaml.orig
+++ /etc/envoy/listeners.d/50-shellbox_media_eqiad.yaml
@@ -0,0 +1,92 @@
+- address:
+ socket_address: {protocol: TCP, address: "::", port_value: 6126}
+ filter_chains:
+ - filters:
+ - name: envoy.filters.network.http_connection_manager
+ typed_config:
+ "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
+ access_log:
+ - filter:
+ status_code_filter:
+ comparison:
+ op: "GE"
+ value:
+ default_value: 500
+ runtime_key: shellbox-media-eqiad_min_log_code
+ typed_config:
+ "@type": type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog
+ path: "/var/log/envoy/shellbox-media-eqiad.log"
+ stat_prefix: shellbox-media-eqiad_egress
+ http_filters:
+ - name: envoy.filters.http.router
+ typed_config:
+ "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
+ route_config:
+ name: shellbox-media-eqiad_route
+ virtual_hosts:
+ - name: shellbox-media-eqiad
+ domains: ["*"]
+ routes:
+ - match:
+ prefix: "/"
+ route:
+ cluster: shellbox-media_eqiad
+ timeout: 60s
+ retry_policy:
+ retry_on: "5xx"
+ num_retries: 1
+ internal_address_config:
+ unix_sockets: true
+ cidr_ranges:
+ - address_prefix: 10.0.0.0
+ prefix_len: 8
+ - address_prefix: 127.0.0.1
+ prefix_len: 32
+ - address_prefix: ::1
+ prefix_len: 128
+- address:
+ socket_address: {protocol: TCP, address: 0.0.0.0, port_value: 6126}
+ filter_chains:
+ - filters:
+ - name: envoy.filters.network.http_connection_manager
+ typed_config:
+ "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
+ access_log:
+ - filter:
+ status_code_filter:
+ comparison:
+ op: "GE"
+ value:
+ default_value: 500
+ runtime_key: shellbox-media-eqiad_min_log_code
+ typed_config:
+ "@type": type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog
+ path: "/var/log/envoy/shellbox-media-eqiad.log"
+ stat_prefix: shellbox-media-eqiad_egress
+ http_filters:
+ - name: envoy.filters.http.router
+ typed_config:
+ "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
+ route_config:
+ name: shellbox-media-eqiad_route
+ virtual_hosts:
+ - name: shellbox-media-eqiad
+ domains: ["*"]
+ routes:
+ - match:
+ prefix: "/"
+ route:
+ cluster: shellbox-media_eqiad
+ timeout: 60s
+ retry_policy:
+ retry_on: "5xx"
+ num_retries: 1
+ internal_address_config:
+ unix_sockets: true
+ cidr_ranges:
+ - address_prefix: 10.0.0.0
+ prefix_len: 8
+ - address_prefix: 127.0.0.1
+ prefix_len: 32
+ - address_prefix: ::1
+ prefix_len: 128
- File[/etc/envoy/listeners.d/50-shellbox_constraints_eqiad.yaml]
- Parameters differences:
--- File[/etc/envoy/listeners.d/50-shellbox_constraints_eqiad.yaml].orig
+++ File[/etc/envoy/listeners.d/50-shellbox_constraints_eqiad.yaml]
+ owner => root
+ ensure => present
+ group => root
+ notify => Exec[verify-envoy-config]
+ mode => 0444
- Content differences:
--- /etc/envoy/listeners.d/50-shellbox_constraints_eqiad.yaml.orig
+++ /etc/envoy/listeners.d/50-shellbox_constraints_eqiad.yaml
@@ -0,0 +1,92 @@
+- address:
+ socket_address: {protocol: TCP, address: "::", port_value: 6125}
+ filter_chains:
+ - filters:
+ - name: envoy.filters.network.http_connection_manager
+ typed_config:
+ "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
+ access_log:
+ - filter:
+ status_code_filter:
+ comparison:
+ op: "GE"
+ value:
+ default_value: 500
+ runtime_key: shellbox-constraints-eqiad_min_log_code
+ typed_config:
+ "@type": type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog
+ path: "/var/log/envoy/shellbox-constraints-eqiad.log"
+ stat_prefix: shellbox-constraints-eqiad_egress
+ http_filters:
+ - name: envoy.filters.http.router
+ typed_config:
+ "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
+ route_config:
+ name: shellbox-constraints-eqiad_route
+ virtual_hosts:
+ - name: shellbox-constraints-eqiad
+ domains: ["*"]
+ routes:
+ - match:
+ prefix: "/"
+ route:
+ cluster: shellbox-constraints_eqiad
+ timeout: 10s
+ retry_policy:
+ retry_on: "5xx"
+ num_retries: 1
+ internal_address_config:
+ unix_sockets: true
+ cidr_ranges:
+ - address_prefix: 10.0.0.0
+ prefix_len: 8
+ - address_prefix: 127.0.0.1
+ prefix_len: 32
+ - address_prefix: ::1
+ prefix_len: 128
+- address:
+ socket_address: {protocol: TCP, address: 0.0.0.0, port_value: 6125}
+ filter_chains:
+ - filters:
+ - name: envoy.filters.network.http_connection_manager
+ typed_config:
+ "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
+ access_log:
+ - filter:
+ status_code_filter:
+ comparison:
+ op: "GE"
+ value:
+ default_value: 500
+ runtime_key: shellbox-constraints-eqiad_min_log_code
+ typed_config:
+ "@type": type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog
+ path: "/var/log/envoy/shellbox-constraints-eqiad.log"
+ stat_prefix: shellbox-constraints-eqiad_egress
+ http_filters:
+ - name: envoy.filters.http.router
+ typed_config:
+ "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
+ route_config:
+ name: shellbox-constraints-eqiad_route
+ virtual_hosts:
+ - name: shellbox-constraints-eqiad
+ domains: ["*"]
+ routes:
+ - match:
+ prefix: "/"
+ route:
+ cluster: shellbox-constraints_eqiad
+ timeout: 10s
+ retry_policy:
+ retry_on: "5xx"
+ num_retries: 1
+ internal_address_config:
+ unix_sockets: true
+ cidr_ranges:
+ - address_prefix: 10.0.0.0
+ prefix_len: 8
+ - address_prefix: 127.0.0.1
+ prefix_len: 32
+ - address_prefix: ::1
+ prefix_len: 128
- Envoyproxy::Listener[shellbox-timeline-eqiad]
- Parameters differences:
--- Envoyproxy::Listener[shellbox-timeline-eqiad].orig
+++ Envoyproxy::Listener[shellbox-timeline-eqiad]
+ priority => 50
- Envoyproxy::Conf[shellbox-timeline-eqiad]
- Parameters differences:
--- Envoyproxy::Conf[shellbox-timeline-eqiad].orig
+++ Envoyproxy::Conf[shellbox-timeline-eqiad]
+ conf_type => listener
+ priority => 50
- Envoyproxy::Conf[shellbox-syntaxhighlight-codfw]
- Parameters differences:
--- Envoyproxy::Conf[shellbox-syntaxhighlight-codfw].orig
+++ Envoyproxy::Conf[shellbox-syntaxhighlight-codfw]
+ conf_type => listener
+ priority => 50
- Envoyproxy::Listener[shellbox-timeline-codfw]
- Parameters differences:
--- Envoyproxy::Listener[shellbox-timeline-codfw].orig
+++ Envoyproxy::Listener[shellbox-timeline-codfw]
+ priority => 50
- Envoyproxy::Conf[shellbox_eqiad_cluster]
- Parameters differences:
--- Envoyproxy::Conf[shellbox_eqiad_cluster].orig
+++ Envoyproxy::Conf[shellbox_eqiad_cluster]
+ conf_type => cluster
+ priority => 50
- Class[Mediawiki::Tlsproxy::Yaml_defs]