Wikimedia Release Engineering Team/Deployment pipeline/2017-06-27
2017-06-27
editWho's here:
Last Time
editNext Time, Last Time
edit- Ops will be looking into network policies for pods (multi-week)
- Also looking into upgrading to version 1.5.5 (we got 1.4.6)
- thcipriani/antoine to pair on secret storage options
- we talked...
- thcipriani working on docker escaping
- Doneish initial work
- services/Marko:
- work on tooling continues (meeting this week or next)
- document minikube setup
- dan env var stuff for blubber
- Done landed
- dan hacking on mathoid with blubber
- dan attending meeting today
Topics
edit- Creds for Jenkins: Two real options:
- Setup another Jenkins/Zuul
- Run outside of Jenkins
- Run outside of Jenkins
- Run directly on contint1001
- Register a worker with the Zuul gearman server
- Possibly run some command with the existing Jenkins that has credentials access
- In scope for blubber? Dan?
- Setup another Jenkins/Zuul
- Don't know where I would put this
TODO gearman/zuul plugin dan/tyler to pair
- Use cases
- Developer merges change, wants to do a deploy
- Moritz wants to make security updates
- Maybe this kicks off jenkins jobs/maybe not
- Work for moving to k8s 1.5.5/1.6 next quarter
- probably paired with moving to stretch
- Ops working out security upgrades
- deb monitor https://phabricator.wikimedia.org/T167504
- operations/docker/production-images
- for packaging base images next week
- blubber maybe overkill for base images
- has different needs than blubber
- PS to be merged soon (TM) https://gerrit.wikimedia.org/r/#/c/360813/
- toollabs should use same build system -- maybe be a tree of this
- this work should be helpful for security upgrades