Wikimedia Release Engineering Team/MediaWiki on Kubernetes/Meeting notes/2021-01-13

= 2021-01-13 =

Always

 * Core_Platform_Team/Initiatives/MediaWiki_on_Kubernetes
 * Wikimedia_Release_Engineering_Team/MediaWiki_on_Kubernetes
 * Workboard
 * IRC:

TODOs from last time

 * RelEng: Outline model for security patch application and deployment
 * There was discussion about having a private registry, but when is that pushed to?
 * SRE folks?:
 * Using an isolated Jenkins is important. Don't use the CI one.
 * Private registry:
 * Joe: Clarifying that current registry is private for pushes, not for read access. May be easy to create a private namespace in the current registry. Making auth work differently internally vs. externally may be tricky.
 * Alex: Right about namespaces. Subpaths can be private and have different access control. They would not duplicate layers.
 * Alex: Re authn, k8s boxes would need un/pw to authenticate. Dependent on Docker and its future is not certain (we are thinking about moving away from docker in the future).


 * What we are working on is captured in https://phabricator.wikimedia.org/T238771
 * We are working towards differend methods of constructing an image anc see if we can utilise jecking, using an isolated worklflow
 * Ahmon is working on that, has a proof of concept but no help charts yet, but soon!
 * Joe: We have new images for php and apache we can use

RelEng

 * Dan: Task tree defined for this quarter's work. Everything is under https://phabricator.wikimedia.org/T238771
 * Comprises multi-version image (w/ config), security patch workflow, and setup of release-jenkins for driving both
 * Ahmon: Working on prototype local environment for MediaWiki + config + some prod services

Serviceops

 * Joe: What we did last Q we created the base images of what we have in production, http-fastcgi, php-fpm-fastcgi and they have configs similar to production. The apache image does nto have the config for mediawiki but it should work for shellbox. We are working on helm charts which will include the configuration. We are putting everytghing together and our goal is to release a version of shellbox and start having a chart for mediawiki. We can also work on having a Dev ENV which will have additional components like MariaDB


 * https://dockerregistry.toolforge.org/php7.2-fpm/tags/
 * Logging is still a problem as we generate 30G if logs per day. Some apps log to stdout and others to syslog. This part is TBA


 * Joe: For this quarter, hoping to get shellbox deployed and one MediaWiki box accessing it
 * And hoping to get a basic helm chart working for MediaWiki

Platform Engineering

 * We have been working on Shellbox
 * Joe: we would like to see shellbox ready by next month if that can happen, so we can enable music scoring again