Tracking ticket for initial deployment of Kubernetes to Tool Labs.
The initial deployment will allow whitelisted tools to run arbitrary docker containers in NFS-free instances directly via the `kubectl` tool.
Should have:
# Debian packages
# Authentication setup
## Helper scripts to create authentication tokens and namespace
# Authorization setup
## ABAC rules to restrict users to their own namespace only
# DNS for services, available from rest of toollabs
# Webproxy from tools.wmflabs.org/<toolname> to a running webservice container, if there is one.
## Define what are web services and what are not.
Things that will be missing:
# NFS access - Kubernetes doesn't allow gid to be specified explicitly, preventing us from writing an admission controller for this
# One-off jobs
# Scheduled jobs (cron-like)
# Compatibility layer for current commands (jsub, webservice, jstart)
# Custom docker image building + local docker repository