Wikimedia Release Engineering Team/Deployment pipeline/2017-06-27

= 2017-06-27 =

Who's here:

Last Time
2017-06-20

Next Time, Last Time

 * Ops will be looking into network policies for pods (multi-week)
 * Also looking into upgrading to version 1.5.5 (we got 1.4.6)
 * thcipriani/antoine to pair on secret storage options
 * we talked...
 * thcipriani working on docker escaping
 * ✅ish initial work
 * services/Marko:
 * work on tooling continues (meeting this week or next)
 * document minikube setup
 * dan env var stuff for blubber
 * ✅ landed
 * dan hacking on mathoid with blubber
 * dan attending meeting today

Topics
TODO gearman/zuul plugin dan/tyler to pair
 * Creds for Jenkins: Two real options:
 * Setup another Jenkins/Zuul
 * Run outside of Jenkins
 * Run outside of Jenkins
 * Run directly on contint1001
 * Register a worker with the Zuul gearman server
 * Possibly run some command with the existing Jenkins that has credentials access
 * In scope for blubber? Dan?
 * Setup another Jenkins/Zuul
 * Don't know where I would put this


 * Use cases
 * Developer merges change, wants to do a deploy
 * Moritz wants to make security updates
 * Maybe this kicks off jenkins jobs/maybe not


 * Work for moving to k8s 1.5.5/1.6 next quarter
 * probably paired with moving to stretch


 * Ops working out security upgrades
 * deb monitor https://phabricator.wikimedia.org/T167504


 * operations/docker/production-images
 * for packaging base images next week
 * blubber maybe overkill for base images
 * has different needs than blubber
 * PS to be merged soon (TM) https://gerrit.wikimedia.org/r/#/c/360813/
 * toollabs should use same build system -- maybe be a tree of this
 * this work should be helpful for security upgrades

Next Time
= As Always =
 * Release Pipeline Workboard
 * Meeting notes