Wikimedia Release Engineering Team/Deployment pipeline/2017-06-27

2017-06-27 edit

Who's here:

Last Time edit

2017-06-20

Next Time, Last Time edit

  • Ops will be looking into network policies for pods (multi-week)
  • Also looking into upgrading to version 1.5.5 (we got 1.4.6)
  • thcipriani/antoine to pair on secret storage options
    • we talked...
  • thcipriani working on docker escaping
  • services/Marko:
    • work on tooling continues (meeting this week or next)
    • document minikube setup
  • dan env var stuff for blubber
  • dan hacking on mathoid with blubber
    • dan attending meeting today

Topics edit

  • Creds for Jenkins: Two real options:
    • Setup another Jenkins/Zuul
    • Run outside of Jenkins
  • Run outside of Jenkins
    • Run directly on contint1001
    • Register a worker with the Zuul gearman server
    • Possibly run some command with the existing Jenkins that has credentials access
      • In scope for blubber? Dan?
  • Setup another Jenkins/Zuul
    • Don't know where I would put this

TODO gearman/zuul plugin dan/tyler to pair

  • Use cases
    • Developer merges change, wants to do a deploy
    • Moritz wants to make security updates
      • Maybe this kicks off jenkins jobs/maybe not
  • Work for moving to k8s 1.5.5/1.6 next quarter
    • probably paired with moving to stretch
  • operations/docker/production-images
    • for packaging base images next week
    • blubber maybe overkill for base images
    • has different needs than blubber
    • PS to be merged soon (TM) https://gerrit.wikimedia.org/r/#/c/360813/
    • toollabs should use same build system -- maybe be a tree of this
    • this work should be helpful for security upgrades

Next Time edit

As Always edit