Wikimedia Release Engineering Team/MediaWiki on Kubernetes/Meeting notes/2021-01-27

= 2021-01-27 =

Always

 * Core_Platform_Team/Initiatives/MediaWiki_on_Kubernetes
 * Wikimedia_Release_Engineering_Team/MediaWiki_on_Kubernetes
 * Workboard
 * IRC:

TODOs from last time

 * What to do about /srv/mediawiki-staging/private?
 * See https://phabricator.wikimedia.org/T271475
 * How do we get these into a k8s secret so they can be mounted in the helm chart?

General

 * Request from Wolfgang: How do we increase the Pipeline's Discoverability ?
 * Erika did a k8s survey, people are using k8s but they are not aware of the pipeline, how do we advertise/evangelise that to people ?
 * Jeena: (announcing the) Office hours (when they are happening) might be a good idea
 * T-Shirts

RelEng

 * Dan: We are leaning towards a releases Jenkins, have run into issues.
 * Dan: the image size is in the ~3GB radius
 * Ahmon: experimenting with generating localisation cache; we could have one per node generated
 * Ahmon: One of the pods in a node will aquire a lock and start generating the localisation cache, so far it looks like it will work. It is better than shipping that into the image, I have a PoC
 * While the localisation cache is being generated, requests will be served from the already deploy pods (previous version)
 * Jeena: I will start experimenting with the secrets/private settings, but I will wait for Ahmon

Serviceops

 * Joe: Planning a way to manage apache configuration
 * Right now, it's in puppet but we need it in both systems
 * When we deploy an apache change on puppet, it will have to be generated for k8s, using the same data, we will have one more step on the SRE side, for the period where both systems will be running
 * Apache changes are not frequent
 * It is more cumbersome when it comes to scap, whatever we deploy with scap, we have to deploy to k8s
 * Alex: Logs, we are reaching out to observability to come up with a recommendation, we are still exploring
 * We can not send them to kibana, it would crumble under the load, but they do need to be greppable

Platform Engineering

 * Bill: Shellbox security review is scheduled

TODOs for next time

 * Announce/post Pipeline Office Hours meeting in Slack
 * Continue conversatino about CD (?)
 * We're in the middle-ish of a migration to GitLab. Do we need to wait?
 * What are the mechanisms of deployment now? The trustworthy parts, the not so much? Etc.