[ci] Update pulumi k8s operator to v2

[nicu-da]

Pull Request Checklist

Cluster Testing

• If a cluster test is required, comment /cluster_test on this PR to request it, and ping someone with access to the DA-internal system to approve it.
• If a hard-migration test is required (from the latest release), comment /hdm_test on this PR to request it, and ping someone with access to the DA-internal system to approve it.

PR Guidelines

• Include any change that might be observable by our partners or affect their deployment in the release notes.
• Specify fixed issues with Fixes #n, and mention issues worked on using #n
• Include a screenshot for frontend-related PRs - see README or use your favorite screenshot tool

Merge Guidelines

• Make the git commit message look sensible when squash-merging on GitHub (most likely: just copy your PR description).

[nicu-da]

/hdm_test

[nicu-da]

/hdm_test

[nicu-da]

/hdm_test

[moritzkiefer-da]

Thanks! Do you have a link to a successful HDM test?

I am slightly nervous about just replacing this. It seems ideally we would get a few weeks of experience running this in internal clusters instead of just forcibly rolling it out to dev/test/mainnet with the next upgrade.

How hard is it to keep this is an option that we only enable on internal clusters for now?

[moritzkiefer-da]

why do we have this stuff at all?

[nicu-da]

It does not make sense indeed, let me clean it up

[moritzkiefer-da]

does this still go through our cache?

[nicu-da]

My understanding is that yes as we basically cache everything as it always goes through that proxy. @isegall-da is that correct?

[isegall-da]

I don't think so, I think only the DinD is configured to use the cache, so that images we pull in "docker pull" in tests are pulled from there.
But I'm not sure we care. How often do we expect this to be re-pulled per cluster? (the rate limit is per IP AFAIK)

[isegall-da]

We needed the cache for jobs in CI that were pulling multiple images per each CI run, hence hit rate limits on docker.io

[moritzkiefer-da]

But I'm not sure we care. How often do we expect this to be re-pulled per cluster? (the rate limit is per IP AFAIK)

I guess ciperiodic might be the most with one pod per stack? Hopefully still infrequent enough

[isegall-da]

Rate limit seems to be 100 per IP address per 6 hours. I think we should be ok. Famous last words...

[isegall-da]

And I think that k8s has some internal cache too, doesn't it? (didn't help with docker pull in DinD, but will for the image for a pod)

[nicu-da]

Thanks! Do you have a link to a successful HDM test?

I have one where the steps that were touched by this did succeed but the full workflow failed because it was during the switch to splice.
I will trigger a new one though to test it out with the new repo.

I am slightly nervous about just replacing this. It seems ideally we would get a few weeks of experience running this in internal clusters instead of just forcibly rolling it out to dev/test/mainnet with the next upgrade.

How hard is it to keep this is an option that we only enable on internal clusters for now?

It's actually fairly simple as we can keep the operator deployment on an old reference if needed. Though I wouldn't postpone it more than required tbh. Once it's merged to main updating CILR should provide the feedback we need in a few days of testing.

[moritzkiefer-da]

It's actually fairly simple as we can keep the operator deployment on an old reference if needed. Though I wouldn't postpone it more than required tbh. Once it's merged to main updating CILR should provide the feedback we need in a few days of testing.

fair, I guess we could just revert if needed reasonably easily as well.

[moritzkiefer-da]

thanks!

[nicu-da]

/hdm_test

[nicu-da]

/hdm_test

[isegall-da]

This is now per stack, which is why we need 80% less, right?

[nicu-da]

Yes, will update it as well after we deploy to prod and see actual usage but the main container should be fairly light

[isegall-da]

LGTM, thank you!