Kubernetes SIG/Meetings/2024-09-24
Appearance
Agenda:
- Introductions for new members (if any):
- SIG administrivia:
- mediawiki.org SIG page updated with links to read only notes and Gmeet. Still missing a proper way to publish the gcal event
- Misc
- Topics:
- Context at https://phabricator.wikimedia.org/T373526, 2 questions:
- Could we use the SIG's email as Maintainer field for âcoreâ images?
- Could we assign the duty to the SIG to update/assign the right maintainer fields periodically
- [CD] How about if we have a team as maintainer and perhaps 1-2 individuals recorded as "expert of last resort"?
- [JM] Or the sig as the expert of last resort for core stuff, maybe without promising maintenance?
- Probably okay to have the SIG as maintainer for some images, but not for everything
- How would we design a round-robin core image update duty?
- Race condition in iptables rules during puppet runs on k8s nodes
- Situation/Number of ferm reloads should improve with the outstanding patch
- Moving to nftables (which kube-proxy does not yet support) will probably fix this
- Reverse DNS for k8s pods IPs
- Running an additional CoreDNS daemonset on k8s apiservers and using their nodeport is probably the easiest option to integrate - if DNS servers can pull the apiservers APIs automatically via puppet
- What would be the challenges involved in a rolling upgrade of the dse-k8s cluster, as opposed to a full reimage and reinitialisation?
- Probably not supported by https://kubernetes.io/releases/version-skew-policy/
- Def. not tested on other clusters
- Might still be possible to do
- Maybe easier (required anyways if more production services are onboarded) to have a codfw cluster for dse
- Context at https://phabricator.wikimedia.org/T373526, 2 questions: