Page MenuHomePhabricator

toolforge: new k8s: introduce more robust controls for deb pkg versions
Closed, ResolvedPublic

Description

We currently import relevant .deb pkgs into reprepro. But we don't have strict controls on what's installed into VMs.

Right now, if you upgrade, for example, kubeadm in the repo, VMs would probably update it by means of unattended-upgrades. Which will mess future upgrades.
Same affects other key packages, like kubelet, kubectl, etc.

We need to introduce more robust controls for this. Probably simple apt-pinning configuration should be enough.

Event Timeline

aborrero claimed this task.Dec 2 2019, 2:15 PM
aborrero triaged this task as Medium priority.
aborrero moved this task from Inbox to Doing on the cloud-services-team (Kanban) board.

Change 554076 had a related patch set uploaded (by Arturo Borrero Gonzalez; owner: Arturo Borrero Gonzalez):
[operations/puppet@production] toolforge: new k8s: introduce apt pinning configurations

https://gerrit.wikimedia.org/r/554076

Change 554076 merged by Arturo Borrero Gonzalez:
[operations/puppet@production] toolforge: new k8s: introduce apt pinning configurations

https://gerrit.wikimedia.org/r/554076

aborrero closed this task as Resolved.Dec 5 2019, 12:50 PM

This should be done now. Please reopen if required.