Page MenuHomePhabricator
Create Task
Maniphest T373000

Suffix all our docker image tags with their sha256 checksum
Closed, ResolvedPublic
Actions

Description

This will guarantee that we're always using the exact same version of our code, and that it hasn't been tampered with.

Details

Show related patches Customize query in gerrit

Related Objects

Event Timeline

brouberol created this task.Aug 21 2024, 9:40 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptAug 21 2024, 9:40 AM
gerritbot added a comment.Aug 21 2024, 9:46 AM

Change #1064338 had a related patch set uploaded (by Brouberol; author: Brouberol):

[operations/deployment-charts@master] datahub: add digest to image tag, ensuring the image immutability

https://gerrit.wikimedia.org/r/1064338

gerritbot added a project: Patch-For-Review.Aug 21 2024, 9:46 AM

Change #1064339 had a related patch set uploaded (by Brouberol; author: Brouberol):

[operations/deployment-charts@master] spark-history: add digest to image tag, ensuring the image immutability

https://gerrit.wikimedia.org/r/1064339

gerritbot added a comment.Aug 21 2024, 9:46 AM

Change #1064340 had a related patch set uploaded (by Brouberol; author: Brouberol):

[operations/deployment-charts@master] superset: add digest to image tag, ensuring the image immutability

https://gerrit.wikimedia.org/r/1064340

gerritbot added a comment.Aug 21 2024, 9:46 AM

Change #1064341 had a related patch set uploaded (by Brouberol; author: Brouberol):

[operations/deployment-charts@master] airflow-test-k8s: add digest to image tag, ensuring the image immutability

https://gerrit.wikimedia.org/r/1064341

gerritbot added a comment.Aug 21 2024, 9:46 AM

Change #1064342 had a related patch set uploaded (by Brouberol; author: Brouberol):

[operations/deployment-charts@master] growthbook: add digest to image tag, ensuring the image immutability

https://gerrit.wikimedia.org/r/1064342

CodeReviewBot added a comment.Aug 21 2024, 11:08 AM

brouberol opened https://gitlab.wikimedia.org/repos/data-engineering/superset/-/merge_requests/37

Publish extra image tags based off the build timestamp

CodeReviewBot added a comment.Aug 21 2024, 11:13 AM

brouberol opened https://gitlab.wikimedia.org/repos/data-engineering/datahub/-/merge_requests/9

Publish extra image tags based off the build timestamp

CodeReviewBot added a comment.Aug 21 2024, 11:15 AM

brouberol opened https://gitlab.wikimedia.org/repos/data-engineering/spark/-/merge_requests/9

Publish extra image tags based off the build timestamp

CodeReviewBot added a comment.Aug 21 2024, 11:18 AM

brouberol opened https://gitlab.wikimedia.org/repos/data-engineering/growthbook/-/merge_requests/16

Remove latest tag

CodeReviewBot added a comment.Aug 21 2024, 11:41 AM

brouberol merged https://gitlab.wikimedia.org/repos/data-engineering/datahub/-/merge_requests/9

Publish extra image tags based off the build timestamp

CodeReviewBot added a comment.Aug 21 2024, 11:49 AM

brouberol merged https://gitlab.wikimedia.org/repos/data-engineering/superset/-/merge_requests/37

Publish extra image tags based off the build timestamp

CodeReviewBot added a comment.Aug 21 2024, 12:13 PM

brouberol merged https://gitlab.wikimedia.org/repos/data-engineering/spark/-/merge_requests/9

Publish extra image tags based off the build timestamp

CodeReviewBot added a comment.Aug 21 2024, 12:13 PM

brouberol merged https://gitlab.wikimedia.org/repos/data-engineering/growthbook/-/merge_requests/16

Remove latest tag

CodeReviewBot added a comment.Aug 21 2024, 12:18 PM

brouberol opened https://gitlab.wikimedia.org/repos/data-engineering/kerberos-kinit/-/merge_requests/4

Publish extra image tags based off the build timestamp

CodeReviewBot added a comment.Aug 21 2024, 12:21 PM

brouberol opened https://gitlab.wikimedia.org/repos/data-engineering/postgresql-kubernetes/-/merge_requests/12

Publish extra image tags based off the build timestamp

CodeReviewBot added a comment.Aug 21 2024, 12:23 PM

brouberol opened https://gitlab.wikimedia.org/repos/data-engineering/pgbouncer/-/merge_requests/2

Stop publishing images under the mutable latest tag

CodeReviewBot added a comment.Aug 21 2024, 12:23 PM

brouberol merged https://gitlab.wikimedia.org/repos/data-engineering/kerberos-kinit/-/merge_requests/4

Publish extra image tags based off the build timestamp

CodeReviewBot added a comment.Aug 21 2024, 12:41 PM

brouberol merged https://gitlab.wikimedia.org/repos/data-engineering/postgresql-kubernetes/-/merge_requests/12

Publish extra image tags based off the build timestamp

CodeReviewBot added a comment.Aug 21 2024, 12:42 PM

brouberol merged https://gitlab.wikimedia.org/repos/data-engineering/pgbouncer/-/merge_requests/2

Stop publishing images under the mutable latest tag

gerritbot added a comment.Aug 21 2024, 12:45 PM

Change #1064372 had a related patch set uploaded (by Brouberol; author: Brouberol):

[operations/deployment-charts@master] cloudnative-pg-cluster: add digest to image tag, ensuring the image immutability

https://gerrit.wikimedia.org/r/1064372

gerritbot added a comment.Aug 21 2024, 12:45 PM

Change #1064373 had a related patch set uploaded (by Brouberol; author: Brouberol):

[operations/deployment-charts@master] cloudnative-pg-operator: add digest to image tag, ensuring the image immutability

https://gerrit.wikimedia.org/r/1064373

gerritbot added a comment.Aug 21 2024, 12:48 PM

Change #1064375 had a related patch set uploaded (by Brouberol; author: Brouberol):

[operations/puppet@production] deployment_server: change the PG image tag to timestamp@digest

https://gerrit.wikimedia.org/r/1064375

gerritbot added a comment.Aug 21 2024, 12:50 PM

Change #1064375 merged by Brouberol:

[operations/puppet@production] deployment_server: change the PG image tag to timestamp@digest

https://gerrit.wikimedia.org/r/1064375

brouberol moved this task from Backlog - project to In Progress on the Data-Platform-SRE (2024.08.17 - 2024.09.06) board.Aug 21 2024, 1:33 PM
brouberol moved this task from In Progress to To Be Deployed on the Data-Platform-SRE (2024.08.17 - 2024.09.06) board.Aug 21 2024, 3:56 PM
CodeReviewBot added a comment.Aug 22 2024, 9:11 AM

brouberol opened https://gitlab.wikimedia.org/repos/data-engineering/superset/-/merge_requests/38

Combine timetsamp and git sha in a unique image tag

CodeReviewBot added a comment.Aug 22 2024, 9:12 AM

brouberol opened https://gitlab.wikimedia.org/repos/data-engineering/datahub/-/merge_requests/10

Combine timetsamp and git sha in a unique image tag

CodeReviewBot added a comment.Aug 22 2024, 9:13 AM

brouberol opened https://gitlab.wikimedia.org/repos/data-engineering/growthbook/-/merge_requests/17

Combine timetsamp and git sha in a unique image tag

CodeReviewBot added a comment.Aug 22 2024, 9:14 AM

brouberol opened https://gitlab.wikimedia.org/repos/data-engineering/kerberos-kinit/-/merge_requests/5

Combine timetsamp and git sha in a unique image tag

CodeReviewBot added a comment.Aug 22 2024, 9:14 AM

brouberol opened https://gitlab.wikimedia.org/repos/data-engineering/postgresql-kubernetes/-/merge_requests/13

Combine timetsamp and git sha in a unique image tag

CodeReviewBot added a comment.Aug 22 2024, 9:15 AM

brouberol opened https://gitlab.wikimedia.org/repos/data-engineering/spark/-/merge_requests/10

Combine timetsamp and git sha in a unique image tag

CodeReviewBot added a comment.Aug 22 2024, 9:44 AM

brouberol opened https://gitlab.wikimedia.org/repos/data-engineering/pgbouncer/-/merge_requests/3

Combine timetsamp and git sha in a unique image tag

CodeReviewBot added a comment.Aug 22 2024, 11:57 AM

brouberol opened https://gitlab.wikimedia.org/repos/data-engineering/ceph-csi/-/merge_requests/9

Combine timetsamp and git sha in a unique image tag

CodeReviewBot added a comment.Aug 22 2024, 11:59 AM

brouberol opened https://gitlab.wikimedia.org/repos/data-engineering/kubernetes/csi/-/merge_requests/2

Combine timetsamp and git sha in a unique image tag

CodeReviewBot added a comment.Aug 22 2024, 11:59 AM

brouberol opened https://gitlab.wikimedia.org/repos/data-engineering/ferretdb/-/merge_requests/2

Combine timetsamp and git sha in a unique image tag

CodeReviewBot added a comment.Aug 22 2024, 12:01 PM

brouberol opened https://gitlab.wikimedia.org/repos/data-engineering/git-sync/-/merge_requests/16

Combine timetsamp and git sha in a unique image tag

CodeReviewBot added a comment.Aug 22 2024, 12:03 PM

brouberol opened https://gitlab.wikimedia.org/repos/data-engineering/airflow/-/merge_requests/11

Combine timetsamp and git sha in a unique image tag

CodeReviewBot added a comment.Aug 22 2024, 12:07 PM

brouberol merged https://gitlab.wikimedia.org/repos/data-engineering/superset/-/merge_requests/38

Combine timetsamp and git sha in a unique image tag

CodeReviewBot added a comment.Aug 22 2024, 12:07 PM

brouberol merged https://gitlab.wikimedia.org/repos/data-engineering/datahub/-/merge_requests/10

Combine timetsamp and git sha in a unique image tag

CodeReviewBot added a comment.Aug 22 2024, 12:07 PM

brouberol merged https://gitlab.wikimedia.org/repos/data-engineering/growthbook/-/merge_requests/17

Combine timetsamp and git sha in a unique image tag

CodeReviewBot added a comment.Aug 22 2024, 12:07 PM

brouberol merged https://gitlab.wikimedia.org/repos/data-engineering/kerberos-kinit/-/merge_requests/5

Combine timetsamp and git sha in a unique image tag

CodeReviewBot added a comment.Aug 22 2024, 12:07 PM

brouberol merged https://gitlab.wikimedia.org/repos/data-engineering/postgresql-kubernetes/-/merge_requests/13

Combine timetsamp and git sha in a unique image tag

CodeReviewBot added a comment.Aug 22 2024, 12:07 PM

brouberol merged https://gitlab.wikimedia.org/repos/data-engineering/spark/-/merge_requests/10

Combine timetsamp and git sha in a unique image tag

CodeReviewBot added a comment.Aug 22 2024, 12:07 PM

brouberol merged https://gitlab.wikimedia.org/repos/data-engineering/pgbouncer/-/merge_requests/3

Combine timetsamp and git sha in a unique image tag

CodeReviewBot added a comment.Aug 22 2024, 12:07 PM

brouberol merged https://gitlab.wikimedia.org/repos/data-engineering/ceph-csi/-/merge_requests/9

Combine timetsamp and git sha in a unique image tag

CodeReviewBot added a comment.Aug 22 2024, 12:07 PM

brouberol merged https://gitlab.wikimedia.org/repos/data-engineering/kubernetes/csi/-/merge_requests/2

Combine timetsamp and git sha in a unique image tag

CodeReviewBot added a comment.Aug 22 2024, 12:08 PM

brouberol merged https://gitlab.wikimedia.org/repos/data-engineering/ferretdb/-/merge_requests/2

Combine timetsamp and git sha in a unique image tag

CodeReviewBot added a comment.Aug 22 2024, 12:08 PM

brouberol merged https://gitlab.wikimedia.org/repos/data-engineering/git-sync/-/merge_requests/16

Combine timetsamp and git sha in a unique image tag

CodeReviewBot added a comment.Aug 22 2024, 12:09 PM

brouberol merged https://gitlab.wikimedia.org/repos/data-engineering/airflow/-/merge_requests/11

Combine timetsamp and git sha in a unique image tag

gerritbot added a comment.Aug 22 2024, 1:34 PM

Change #1064761 had a related patch set uploaded (by Brouberol; author: Brouberol):

[operations/deployment-charts@master] ceph-csi-rbd: add digest to image tag, ensuring the image immutability

https://gerrit.wikimedia.org/r/1064761

gerritbot added a comment.Aug 22 2024, 2:25 PM

Change #1064338 merged by Brouberol:

[operations/deployment-charts@master] datahub: add digest to image tag, ensuring the image immutability

https://gerrit.wikimedia.org/r/1064338

gerritbot added a comment.Aug 22 2024, 2:39 PM

Change #1064339 merged by Brouberol:

[operations/deployment-charts@master] spark-history: add digest to image tag, ensuring the image immutability

https://gerrit.wikimedia.org/r/1064339

gerritbot added a comment.Aug 22 2024, 2:45 PM

Change #1064340 merged by jenkins-bot:

[operations/deployment-charts@master] superset: add digest to image tag, ensuring the image immutability

https://gerrit.wikimedia.org/r/1064340

gerritbot added a comment.Aug 22 2024, 2:50 PM

Change #1064341 merged by Brouberol:

[operations/deployment-charts@master] airflow-test-k8s: add digest to image tag, ensuring the image immutability

https://gerrit.wikimedia.org/r/1064341

gerritbot added a comment.Aug 22 2024, 2:52 PM

Change #1064342 merged by Brouberol:

[operations/deployment-charts@master] growthbook: add digest to image tag, ensuring the image immutability

https://gerrit.wikimedia.org/r/1064342

gerritbot added a comment.Aug 22 2024, 2:54 PM

Change #1064779 had a related patch set uploaded (by Brouberol; author: Brouberol):

[operations/puppet@production] deployment_server: change the PG image tag to timestamp-sha@checksum

https://gerrit.wikimedia.org/r/1064779

gerritbot added a comment.Aug 22 2024, 3:01 PM

Change #1064372 merged by Brouberol:

[operations/deployment-charts@master] cloudnative-pg-cluster: add digest to image tag, ensuring the image immutability

https://gerrit.wikimedia.org/r/1064372

gerritbot added a comment.Aug 22 2024, 4:00 PM

Change #1064794 had a related patch set uploaded (by Brouberol; author: Brouberol):

[operations/deployment-charts@master] Change mongodb image tag to one that .. includes mongodb

https://gerrit.wikimedia.org/r/1064794

gerritbot added a comment.Aug 22 2024, 4:01 PM

Change #1064794 merged by Brouberol:

[operations/deployment-charts@master] Change mongodb image tag to one that .. includes mongodb

https://gerrit.wikimedia.org/r/1064794

gerritbot added a comment.Aug 23 2024, 9:36 AM

Change #1064779 merged by Brouberol:

[operations/puppet@production] deployment_server: change the PG image tag to timestamp-sha@checksum

https://gerrit.wikimedia.org/r/1064779

gerritbot added a comment.Aug 23 2024, 12:13 PM

Change #1065206 had a related patch set uploaded (by Brouberol; author: Brouberol):

[operations/deployment-charts@master] superset-next: use immutable image tags

https://gerrit.wikimedia.org/r/1065206

gerritbot added a comment.Aug 23 2024, 12:30 PM

Change #1064373 merged by Brouberol:

[operations/deployment-charts@master] cloudnative-pg-operator: add digest to image tag, ensuring the image immutability

https://gerrit.wikimedia.org/r/1064373

gerritbot added a comment.Aug 23 2024, 12:31 PM

Change #1065206 merged by Brouberol:

[operations/deployment-charts@master] superset-next: use immutable image tags

https://gerrit.wikimedia.org/r/1065206

gerritbot added a comment.Aug 27 2024, 10:07 AM

Change #1064761 merged by jenkins-bot:

[operations/deployment-charts@master] ceph-csi-rbd: add digest to image tag, ensuring the image immutability

https://gerrit.wikimedia.org/r/1064761

BTullis subscribed.Aug 27 2024, 10:13 AM

The ceph-csi-rbd plugin has been updated. All pods restarted with the new versions.

root@deploy1003:/srv/deployment-charts/helmfile.d/admin_ng# kubectl get pods -n kube-system -l release=ceph-csi-rbd
NAME                                        READY   STATUS    RESTARTS   AGE
ceph-csi-rbd-nodeplugin-4fr7w               2/2     Running   0          103s
ceph-csi-rbd-nodeplugin-br7fs               2/2     Running   0          2m25s
ceph-csi-rbd-nodeplugin-fgl7m               2/2     Running   0          2m13s
ceph-csi-rbd-nodeplugin-k89qx               2/2     Running   0          99s
ceph-csi-rbd-nodeplugin-ms87f               2/2     Running   0          111s
ceph-csi-rbd-nodeplugin-n9zlt               2/2     Running   0          2m9s
ceph-csi-rbd-nodeplugin-rq9wc               2/2     Running   0          2m7s
ceph-csi-rbd-nodeplugin-zrqtj               2/2     Running   0          2m
ceph-csi-rbd-provisioner-6558df488c-lzl5p   6/6     Running   0          2m25s
ceph-csi-rbd-provisioner-6558df488c-n29hr   6/6     Running   0          2m25s
ceph-csi-rbd-provisioner-6558df488c-trm6c   6/6     Running   0          2m13s
brouberol closed this task as Resolved.Aug 27 2024, 2:33 PM
brouberol moved this task from To Be Deployed to Done on the Data-Platform-SRE (2024.08.17 - 2024.09.06) board.

Thanks Ben!

brouberol mentioned this in T368309: Add timestamp to DPE SRE-owned container images.Sep 6 2024, 12:38 PM
Maintenance_bot removed a project: Patch-For-Review.Sep 6 2024, 1:30 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits