Wikimedia Release Engineering Team/Deployment pipeline/2017-05-02

= 2017-05-02 =

Who's here: thcipriani marxarelli hashar jrbranaa akosiaris

Last Time

 * Agreed we all hate json
 * Talked a bit about the security needed in a container, creating files as root is bad
 * Dan + Mako to sync-up on blubber and service-runner
 * Async work on Requirements doc

Topics

 * Service runner and blubber
 * node-service-builder github (https://github.com/wikimedia/node-service-builder)


 * Requirement doc questions
 * Uniform structure of containers /data, /src, logging, etc


 * Deployment and release management for developers
 * elacticity enabled in k8s 1.4, running k8s 1.5, not really to do with deployment pipeline
 * Resources vs unit is up to developer to define
 * resource definitions/information can live inside pipeline configuration
 * Deployment via k8s covers the canary case automagically (lots of unknowns)
 * Sha1 rollback and deployment -- what's the front-end look like (scap maybe?) -- helm is the default currently


 * Config changes as code deploys
 * Many RelEng requirements are Ipso Facto done because of nature of pipeline (pulled from nodepool work, I think)
 * compatibility with production env
 * "arbitrary sudo"
 * isolated (from one another) (not in the networking sense, but rather as a test after test sense)


 * Prepare and maintain base container images
 * Anything to talk about outside the ticket/here?

Team Updates

 * Releng
 * antoine just upgraded Jenkins so now pipeline available on the live instance
 * translate work done on ci-staging to jjb


 * Ops
 * datacenter switch back


 * Services
 * marko at tech mangers meeting

For next time
= As Always =
 * Release Pipeline Workboard
 * Meeting notes