Wikimedia Release Engineering Team/Deployment pipeline/2018-03-15

= 2018-03-15 =

Last Time

 * 2018-03-01

RelEng

 * noticed helm is packaged -- unblocked \o/
 * Blubber updates
 * Support for python in addition to npm
 * Changes in permissions scheme to lockdown production images (more at https://phabricator.wikimedia.org/T187372 )
 * internal simplification/refactoring
 * Upcoming: Probably about time to move blubber to gerrit
 * https://phabricator.wikimedia.org/D999 blubber policy
 * thcipriani officially worried about quarterly goals
 * Minikube packaging
 * requires golang 1.9 to build
 * https://gerrit.wikimedia.org/g/operations/debs/minikube
 * https://phabricator.wikimedia.org/T184457
 * puppet work for integration (install helm, minikube, k8s-client on integration docker machines, ensure minikube started)
 * Update pipeline to include helm test for minikube

Note: for building images for production do not use the cache at all, layers fine, cache bad

Random neat thing

 * Blue Ocean makes pipline look fancy :)  https://integration.wikimedia.org/ci/blue/organizations/jenkins/service-pipeline/detail/service-pipeline/41/pipeline

Fuzzy Future thinking

 * What/Who triggers new deployments?
 * Click a button on Jenkins
 * Automagic deployment via Jenkins after tagging
 * Git wrangle/manually run helm on a helmdeployment1001
 * Where is this run from?
 * Who's jenkins? Our jenkins? Contint1001?
 * we currently push from there
 * that box does a lot, probably too much


 * Split off things that do the work from things that do the testing

SREs

 * mathoid deployed on kubernetes@eqiad cluster
 * working on the configuration a bit
 * tiller can be a pain (client-go kubernetes libraries in general)
 * Enabled ServiceAccount admission controller for that
 * pybal ready to push traffic
 * docker-ce from 17.06.2 to 17.12.1 for CI

Services
= As Always =
 * Release Pipeline Workboard
 * Meeting notes