Announcement: Container registry PDMs can now be executed via CI pipeline

Summary

Container registry post deployment migrations (PDMs) used to be executed using a manual method of executing commands on a container registry pod, which had a number of disadvantages.

In gitlab-org&17933, we developed automation to execute container registry PDMs on pre, staging and production environments using a CI pipeline.

What is changing?

Container registry PDMs will no longer be executed manually, but will be executed using a CI pipeline. The CI pipeline runs in the https://ops.gitlab.net/gitlab-com/gl-infra/k8s-workloads/gitlab-com project. The Container Registry team were given developer access to that project by access request https://gitlab.com/gitlab-com/team-member-epics/access-requests/-/issues/39811. This will allow you to view pipelines run in that project.

The CI pipeline executes PDMs on pre, staging and production, in that order. The job to execute PDMs on production needs to be manually triggered. This will be made automatic after we have used this automation a few times.

What does the Container Registry team need to do differently?

When you would like to execute PDMs on all environment:

• Open a C4 CR. This is only required to make it easy to schedule the execution.
• Request an SRE to execute the CR. Any SRE should be able to follow the runbook at https://runbooks.gitlab-static.net/registry/db-post-deployment-migrations/#applying-post-deployment-migrations and execute the migrations.

Where can the logs of migration execution be seen?

Logs are visible in Kibana. https://runbooks.gitlab-static.net/registry/db-post-deployment-migrations/#logs contains links to see the logs for each environment.