Infrastructure Team Meeting - Apr 19, 2022

Attendees

Announcements :loudspeaker:

  1. Weekly - 2.344 package + Docker Image. Still some release checks to be done.
  2. Digital Ocean credential exposure leading to unwanted VMs created
    • Confirmed with Digital Ocean and GitHub that no other sensitive information was accessed
    • Thanks to the Jenkins security team for their help
    • Further improvements planned for areas that may have been source of problem
    • Thanks to @lemeurherve for the call on Sunday and rapid response to the suspicious activity

Notes :book:

  • Done (infra-team-sync-2022-04-19 Milestone · GitHub)

    • VPN access granted, documentation improved
    • Helped Gavin Mogan on a plugins site issue
      • Automatic updates of helm charts
      • Allows contributors to deploy based on merge of pull request
    • Jenkins permission updates
      • Plugin maintainers archiving repositories on GitHub
  • Work in Progress (infra-team-sync-2022-04-19 Milestone · GitHub)

    • Digital Ocean credential exposure
      • Disabled GitHub checks from infra.ci, only publish exceptions, very specific content
      • May consider disabling even that specific contentt
      • Credential rotation and a runbook to support it
      • Thanks to @olblak for his work on it
    • Upgrade to Kubernetes 1.21 has started
      • Updating the kubectl command in our environment
      • Need a new Kubernetes cluster on Digital Ocean
        • Digital Ocean does not support 1.20, need to be on 1.21
      • Mark Waite and Herve create a blog post and add Digital Ocean image on page
    • Jira version is end of life later this year
      • Linux Foundation ticket opened
  • New/Importants infra-team-sync-next

    • LF: question about list of active maintainers emails for a survey. To be decided in Jenkins board and an issue will be opened if required to have the infra team gather its.
  • ToDo (next milestone) (infra-team-sync-2022-04-26 Milestone · GitHub)