From Wikitech
Jump to navigation Jump to search


For a variety of reasons, we deploy our kubernetes components in WMF production (Tools/Toolforge is a completely different environment) using Debian packages. Those are:

kubernetes-client one has kubectl in it, kubernetes-master has kube-apiserver, kube-scheduler, kube-controller-manager and kuberetes-node has kubelet and kube-proxy components.


We don't actually build kubernetes but package it's components from upstream binary releases as described above.

Part of the process is to download the release tarball and verify its sha512 hash against the one found in the current git master CHANGELOG.

Because of that, you will need to set HTTP proxy variables for internet access on the build host.

The general process to follow is:

  • Check out operations/debs/kubernetes on your workstation
  • Decide if you want to package a new master (production) or future (potential next production) version
  • Create a patch to bump the debian changelog
export NEW_VERSION=1.19.3 # Kubernetes version you want to packae
dch -v ${NEW_VERSION}-1 -D unstable "Update to v${NEW_VERSION}"
git commit debian/changelog

# If you're packaging a new future version, make sure to submit the patch to the correct branch
git review future
  • Merge
git checkout future # If you want to build a new version not directly to be released to production

# Ensure you allow networking in pbuilder
# This option needs to be in the file, an environment variable will *not* work!
echo "USENETWORKING=yes" >> ~/.pbuilderrc

# Build the package
https_proxy=http://webproxy.$(hostname -d):8080 DIST=buster pdebuild


# On apt1001, copy the packages from the build host
rsync -vaz deneb.codfw.wmnet::pbuilder-result/buster-amd64/kubernetes*<PACKAGE VERSION>* .

# If you want to import a new production version, import to component main
sudo -i reprepro -C main --ignore=wrongdistribution include buster-wikimedia /path/to/<PACKAGE>.changes

# If you want to import a test/pre-production version, import to component kubernetes-future
sudo -i reprepro -C component/kubernetes-future --ignore=wrongdistribution include buster-wikimedia /path/to/<PACKAGE>.changes

# As we build on buster, but still have kubernetes nodes running strech, packages will need to be copied between distros:
sudo -i reprepro -C component/kubernetes-future copysrc stretch-wikimedia buster-wikimedia kubernetes