Beta Themes:

• Recoverability
• Zero Downtime Deploy
• Spike: Private registry Support
• Workflow Manager
• Test Infrastructure Improvements

Recoverability

• Operators need to have confidence that they can recover from complete cluster failure. We need to test and validate cluster recovery from off-cluster object storage to working install of Deis Workflow.
• Reproducible helm install Alter charts to allow 100% reproducibility charts#199 (all vars templatable)
  • Vars file used by helm will be hand-generated for the beta3 period.
• Assumes a brand-new k8s cluster as the destination with no conflicting or lingering application namespaces.
• This should be tested on both S3 and GCS-backed clusters.
  • AWS: us-east-1, us-west-2
  • GKE: us-central-1x, us-east-1x
• Builder ssh-key as secret ([Proposal]: add a secret to store the builder ssh keys builder#157)

Zero Downtime Deploy

• Validate zero-downtime-deploy
  • Options: when healthcheck is not given:
    • default tcp health check to pod PORT
    • exec-based health check to ensure slugrunner is finished
  • Options: when healthcheck is given:
    • use customer-provided health checks
• On deploy, via new-code, config:set or scale
  * should work with process scaled to 1 and scaled to many
• Acceptance: receive no unexpected 5XX requests during deploy or scale up, request rate should be >= 200 req/s
• Scale-down is known to cause 5XX due to no pod draining, will not be addressed by this work

Spike: Private Registry Support

• Investigate:
  • performance, security and controller impact of pulling (or not pulling) private images into on-cluster managed registry, authentication once the image has been copied to the local registry, we don’t need further authentication
• Desired Functionality:
  • deis pull should support images from private repositories
  • pull secrets should be provided on a per-app basis as part of application configuration
  • deis config:set IMAGE_AUTH_USER=jhansen@deis.com
  • deis config:set IMAGE_AUTH_PASSWORD=secret
  • Tested configurations:
    • dockerhub private images
    • quay.io private images
      • auth via user/pass
      • auth via robot account
    • Google Container Registry
    • AWS Elastic Container Registry

Workflow Manager

• Versioning and release train support implemented
• All beta2 + workflow-dev clusters able to register
• Basic version information available on-cluster
• Basic reporting: cluster count, cluster age

Test / Delivery Infrastructure Improvements

• Integrate our Jenkins-driven testing (PRs and master) with the k8s-claimer project
• Add k8s workers to our Jenkins setup (adding Jenkins Kubernetes plugin + adding connection from master
• Automate pain points from beta2 release