Kubernetes SIG/Meetings/2024-08-27
Agenda:
- SIG administrivia:
- [Alex] Question: We started this in a closed format 1.5 years ago until we got it in a working state, should we open it more ? - From last time
- Mostly this is about opening the virtual meeting for everybody/publishing the link. Same for the meeting notes.
- Maybe publish the meeting url and accept people from the outside ad hoc
- Allow view-only access to the meeting notes for anonymous
- Nobody seems to be generally against opening the meeting to the community
- [Alex] Question: We started this in a closed format 1.5 years ago until we got it in a working state, should we open it more ? - From last time
- Misc:
- Please check if you can help with migrating the remaining charts to external-services https://phabricator.wikimedia.org/T359423 (might be a good first task in some cases)
- [Ben] I will look at the flink cases
- [Tobias] kserve-inference is on my nearterm todolist, once I got our new GPU hosts all settled.
- aux and dse cluster: Please plan for PSP deprecation
- Migrate aux cluster off of Pod Security Policies
- Migrate dse cluster off of Pod Security Policies
- [Ben] I just added the #data-platform-sre tag and we will expedite ❤️
- ValidatingAdmissionPolicy “framework” has been implemented, will be unused until the next k8s upgrade (as our current version does not support it). https://phabricator.wikimedia.org/T368251, README.md
- Reverse DNS for k8s pods IPs
- GL: Maybe we should change mediawiki logging to no longer use hostnames/ips but groups instead
- Would be nice to make the DNS servers forward/recurse to CoreDNS
- We could expose CoreDNS via NodePort 53 (on all k8s nodes)
- AK: Good solution would be to delegate the particular zones to CoreDNS
- Use a outside k8s CoreDNS
- Expose the inside k8s CoreDNS via NodePort
- Hardcode the CoreDNS Pod-IPs (using calico)
- TK: Using plain DNS would be most useful
- Ownership of Docker images.
- LT: It is often difficult to ascertain who is the owner of a docker image
- GL: What is the scope? Is it all services, or just k8s? There are lots of
- Could we change the maintainer of production-images to always be a team?
- Attach opencontainers image metadata to docker images
- Publish more metadata tags with docker registry images
- Container image lifecycle management
- Please check if you can help with migrating the remaining charts to external-services https://phabricator.wikimedia.org/T359423 (might be a good first task in some cases)
Action items
- Actually do the things needed to open the meeting (publish the meet URL and read only link to this doc on mediawiki.org and our mailing list)
- Ben to expedite the PSP and external-services (flink related) tasks