Wikimedia Release Engineering Team/Deployment pipeline/2017-07-11
2017-07-11
[edit]Who's here:
Last Time
[edit]US independence day means no meeting last time
Next Time, Previous Time
[edit]We didn't do a Next Time last time we met :(
Updates on TODOs:
- Jenkins credentials store
- Dan and Tyler met, looked at Jenkins security matrix
- Proposal: https://phabricator.wikimedia.org/T169557
- tl;dr: get rid of job create/modify and node create/modify permissions for everyone except "ci admins"
- Dan went to service's meeting
Topics
[edit]- operations/docker/images/production/images
- so small!
- such makefile!
- Paths inside the container images
- Pod Network policy
- Draft proposal at https://phabricator.wikimedia.org/T170111
- explicitly whitelists any connections to/from internet that a particular pod is making
Next Time
[edit]- releng
- jenkins work (perms, credentials)
- blubber bugs for mathoid build
- services
- developer cli -- sync up with blubber work
- ops
- networking draft proposal work
- k8s upgrade to 1.5 (goal is 1.5+) https://phabricator.wikimedia.org/T170119
- 1.7 just released and seems interesting
- needs to be discussed with toollabs
- hopefully be able to drop patches for version 1.4