Jump to content

User:Taavi/Toolforge wishlist

From Wikitech
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

This is a random collection of project ideas that would make Toolforge a more reliable platform that's easier to maintain.

  • Finish ongoing work on some important projects
    • jobs framework
    • build service
  • Ensure everything is deployed through the jobs framework
    • Remove all mentions of manual jobs from documentation
    • Make webservice internally work with the jobs framework
  • Make the APIs less reliant on a single k8s cluster
    • Store state on an external database, support re-deploying to an empty cluster
    • Separate authentication from K8s API certificates (draft proposal)
  • Remove dependencies on NFS
    • Secret management
    • Logging
  • Remove direct user access to the K8s cluster
  • Add ability to spread tools to multiple clusters, and move them between each other
  • Make the APIs available externally
  • Allow managing tools from a web interface (likely Striker)
  • Primary database of tools is not LDAP
    • Lets us store other metadata (for example, data for the k8s clusters used) more easily and in a single place
    • (LDAP would still be needed for unix groups for bastions etc)
  • Encrypt all internal traffic
    • for this we probably need an internal CA, this could be backed by cfssl and the wikimedia puppetization for it
  • For cronjobs, the tooling should encourage more randomized run times instead of top of hour or midnight
Retrieved from "https://wikitech.wikimedia.org/w/index.php?title=User:Taavi/Toolforge_wishlist&oldid=2231722"