Wikimedia Release Engineering Team/Deployment pipeline/2017-07-11
2017-07-11
editWho's here:
Last Time
editUS independence day means no meeting last time
Next Time, Previous Time
editWe didn't do a Next Time last time we met :(
Updates on TODOs:
- Jenkins credentials store
- Dan and Tyler met, looked at Jenkins security matrix
- Proposal: https://phabricator.wikimedia.org/T169557
- tl;dr: get rid of job create/modify and node create/modify permissions for everyone except "ci admins"
- Dan went to service's meeting
Topics
edit- operations/docker/images/production/images
- so small!
- such makefile!
- Paths inside the container images
- Pod Network policy
- Draft proposal at https://phabricator.wikimedia.org/T170111
- explicitly whitelists any connections to/from internet that a particular pod is making
Next Time
edit- releng
- jenkins work (perms, credentials)
- blubber bugs for mathoid build
- services
- developer cli -- sync up with blubber work
- ops
- networking draft proposal work
- k8s upgrade to 1.5 (goal is 1.5+) https://phabricator.wikimedia.org/T170119
- 1.7 just released and seems interesting
- needs to be discussed with toollabs
- hopefully be able to drop patches for version 1.4