Page MenuHomePhabricator
Create Task
Maniphest T243436

Refine Seakeeper proposal for Security/SRE review
Closed, DeclinedPublic
Actions

Description

Recent feedback in T240943#5820996 as well as feedback given in various meetings with SRE indicates a need for greater refinement of the Seakeeper proposal.

  1. Removal of orthogonal sections such as that on compute resourcing.
  2. Scenarios detailing specific developer workflows from conception to production, using broadly illustrative examples such as:
    1. Service development
    2. MediaWiki development
    3. Debian packaging
  3. Threat modeling for such scenarios that includes specific roles (patchset author, merger, artifact deployer, etc.), process flow, and data flow.
  4. Details on how workflows can be sequestered based on such source event payloads and use of k8s annotations, including both physical (node level) and logical (namespace) segmentation.
  5. Give examples on how artifacts might be promoted.
  6. Clarify what is in and out of scope for this proposal (Seakeeper CI platform vs. future Deployment Pipeline that runs on CI)

Draft proposal: https://www.mediawiki.org/wiki/Draft:Wikimedia_Release_Engineering_Team/Seakeeper_proposal_(FY2019-20Q4_rework)

Related Objects
Search...

Event Timeline

dduvall created this task.Jan 22 2020, 6:10 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJan 22 2020, 6:10 PM
dduvall triaged this task as High priority.Jan 22 2020, 6:10 PM
dduvall claimed this task.Jan 22 2020, 6:13 PM
dduvall moved this task from INBOX to New Work on the Release-Engineering-Team-TODO (2020-01 to 2020-03 (Q3)) board.
LarsWirzenius subscribed.Jan 23 2020, 3:18 PM
dduvall edited projects, added: Release-Engineering-Team (CI & Testing services); removed: Release-Engineering-Team (Pipeline).Jan 24 2020, 6:04 PM
Krinkle mentioned this in T192217: Remove the "check" pipeline and Zuul's user-filter.Feb 11 2020, 1:11 AM
thcipriani lowered the priority of this task from High to Medium.Feb 12 2020, 6:29 PM
chasemp added a project: Security-Team.Feb 20 2020, 7:18 PM
chasemp moved this task from Incoming to Watching on the Security-Team board.
chasemp subscribed.

linking T240943: Security Concept Review For new CI

dduvall updated the task description. (Show Details)Mar 11 2020, 4:22 PM

See the task description for a draft (and very WIP) rewrite of the Seakeeper proposal.

Jdforrester-WMF edited projects, added: Release-Engineering-Team-TODO (2020-04 to 2020-06 (Q4)); removed: Release-Engineering-Team-TODO (2020-01 to 2020-03 (Q3)).Apr 1 2020, 3:05 PM
Jdforrester-WMF moved this task from INBOX to New Work on the Release-Engineering-Team-TODO (2020-04 to 2020-06 (Q4)) board.
dduvall changed the task status from Open to Stalled.May 5 2020, 6:27 PM
dduvall removed dduvall as the assignee of this task.
dduvall changed the status of subtask T244384: Research available third-party Argo and Kubernetes cloud providers from Open to Stalled.
thcipriani edited projects, added: Release-Engineering-Team-TODO (2020-07-01 to 2020-09-30 (Q1)); removed: Release-Engineering-Team-TODO (2020-04 to 2020-06 (Q4)).Jul 8 2020, 5:34 PM
chasemp removed a project: Security-Team.Jul 9 2020, 3:37 PM
chasemp unsubscribed.

Stepping Security-Team back from this as our understanding is this is potentially indefinitely stalled, and we are trying to be diligent with containing our 'watching' elements.

LarsWirzenius unsubscribed.Jul 14 2020, 2:51 PM
thcipriani edited projects, added: Release-Engineering-Team-TODO (2020-10-01 to 2020-12-31 (Q2)); removed: Release-Engineering-Team-TODO (2020-07-01 to 2020-09-30 (Q1)).Oct 21 2020, 1:07 AM
thcipriani removed a project: Release-Engineering-Team-TODO (2020-10-01 to 2020-12-31 (Q2)).Apr 20 2021, 12:21 AM
thcipriani added a project: Release-Engineering-Team-TODO (2021-04-01 to 2021-06-30 (Q4)).Apr 20 2021, 12:34 AM
thcipriani removed a project: Release-Engineering-Team (CI & Testing services).Apr 20 2021, 1:09 AM
thcipriani edited projects, added: Release-Engineering-Team (Doing); removed: Release-Engineering-Team-TODO (2021-04-01 to 2021-06-30 (Q4)).Apr 20 2021, 4:25 AM
thcipriani closed this task as Declined.May 4 2021, 4:30 PM
thcipriani closed subtask T244384: Research available third-party Argo and Kubernetes cloud providers as Declined.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits