User:Majavah/Toolforge wishlist

From Wikitech

This is a random collection of project ideas that would make Toolforge a more reliable platform that's easier to maintain.

  • Finish ongoing work on some important projects
    • jobs framework
    • build service
  • Ensure everything is deployed through the jobs framework
    • Remove all mentions of manual jobs from documentation
    • Make webservice internally work with the jobs framework
  • Make the APIs less reliant on a single k8s cluster
    • Store state on an external database, support re-deploying to an empty cluster
    • Separate authentication from K8s API certificates (draft proposal)
  • Remove dependencies on NFS
    • Secret management
    • Logging
  • Remove direct user access to the K8s cluster
  • Add ability to spread tools to multiple clusters, and move them between each other
  • Make the APIs available externally
  • Allow managing tools from a web interface (likely Striker)
  • Primary database of tools is not LDAP
    • Lets us store other metadata (for example, data for the k8s clusters used) more easily and in a single place
    • (LDAP would still be needed for unix groups for bastions etc)
  • Encrypt all internal traffic
    • for this we probably need an internal CA, this could be backed by cfssl and the wikimedia puppetization for it
  • For cronjobs, the tooling should encourage more randomized run times instead of top of hour or midnight
Retrieved from "https://wikitech.wikimedia.org/w/index.php?title=User:Majavah/Toolforge_wishlist&oldid=2151374"