Participants
Hervé Le Meur (@hlemeur ), Stephane Merle (@smerle), Mark Waite (@MarkEWaite ), Tim Jacomb (@timja )
Official minutes on GitHub.
Notes
-
Digital Ocean: @lemeurherve is finishing the first path
- Path 1: Kubernetes cluster (managed by Terraform) with 2 node.
- Tracked in [INFRA-3102] Add a Digital Ocean Kubernetes cluster to ci.jenkins.io · Issue #2651 · jenkins-infra/helpdesk · GitHub
- Target: ci.jenkins.io Linux container workloads (out from EKS)
- Using as supplementary agents for ci.jenkins.io
- 2 nodes pools:
- one with one node on the smallest size
- the other more beefy with autoscaling enabled in order to be able to increase capacity of this nodes pool without recreating the cluster)
- Path 2 (to be done) VM agent for ci.jenkins.io (suggested by Gavin if Kubernetes costs us too much in maintenance time)
- Path 1: Kubernetes cluster (managed by Terraform) with 2 node.
-
Scaleway: same as Digital Ocean, @lemeurherve will look into it after DO
-
Work on the private AKS cluster
- Need to finish the “terraform shared library” to ensure AWS, datadog, DO and Azure have the same behavior. (WIP by @dduportal)
-
Building Docker Images on infra.ci/release.ci
- Docker Linux AMD64: move from “docker-less” to docker VMs
- @smerle working on this, see the GitHub issue to track it
-
infra.ci’s credentials
-
ci.jenkins.io timeouts for aws-secrets-manager-secret-source & aws-secrets-manager-credentials-provider plugins
-
Alibaba mirror
- https://groups.google.com/g/jenkins-infra/c/jAS3wawXeqY
- Mark had a location question that had no reply
- Created a new thread in the mailing list, no reply
- Proceed with adding the mirror
-
census.jenkins.io: Damien still has to ask Tyler/Olivier about the “what does it do?”
-
Day 2 day operations:
- Disable anti spam for cert team: [INFRA-3162] Disable all anti-spam protection on cert.ci · Issue #2703 · jenkins-infra/helpdesk · GitHub
- Move ci.jenkins.io auth (since matrix-auth-plugin 3.0) config to CasC: [INFRA-3167] Move security settings to configuration-as-code for puppet managed instances · Issue #2708 · jenkins-infra/helpdesk · GitHub
- Ambiguous groups need to be made precise
- Mark Waite blocked a ci.jenkins.io API spammer at the Linux kernel
- Gavin Mogan suggested using redirects instead
- Arnaud Heritier suggested using fail2ban to monitor logs
- See issue 2759 for details
- Azure public-network-datatier security group could be used to block an IP address easier than iptables
-
GitHub issues for INFRA
- For hosting requests on RPU: Sign in to GitHub · GitHub
- For infra: GitHub - jenkins-infra/helpdesk: Open your Infrastructure related issues here for the Jenkins project
- “New Issues” can have link to discourse, mailing list, or predefined forms
- Nexts steps:
- Start using it as jenkins-infra team
- Import existing issues from JIRA’s INFRA
- “EPIC” in GH issues: either milestones, cross repo or projects
- Next steps: @lemeurherve
-
Network issues on the Kubernetes cluster
prodpublick8s
- Open Azure support ticket to rollback
- See notes and plan from last meeting
- https://hackmd.io/v2VSDa8KT_C28TYnmN6fjQ
-
Jenkins Kubernetes agents issues
- Issues with AKS control plane and the latest kubernetes plugin
- Moved to JNLP single-container (updating all images)
- kubernetes/helm ok
- docker ok
- terraform/packer ok
- Todo: ruby/nodejs for jenkins.io/plugins.jenkins.io
-
Updatecli 0.17.0 issues
- Latest 0.17.2
-
Incremental Updates not updating plugins
- 1.4.2 fixed an issue but wasn’t delivered to production because of infra issues (net/kube/updatecli)