Infrastructure Team Meeting - Mar 22, 2022

Participants

Damien Duportal (@dduportal ), Hervé Le Meur (@hlemeur ), Stephane Merle (@smerle), Mark Waite (@MarkEWaite )

Official minutes on GitHub.

Notes

• Done (infra-team-sync-2022-03-22 Milestone · GitHub)

  • AWS key exposure
    • Root cause fixed, key rotated: closed as the “most important part” is fixed, but 1 wip and 1 todo
  • Manage Fastly with Terraform
    • Great job @lemeurherve
    • Q: is the cache invalidation requiring a Terraform PR? A: should not, as it an API call. Token used should be identified though?
    • Next step: see it in action with a PR when Gavin will publish “Jenkins is the way” website
  • Manage (again) Azure with Terraform
    • Empty state, ready to add/import resource (we got rid of 1-year old resources)
  • Add a new GitHub team for terraform
    • Easier review process for terraform jobs (aws, azure, do, fastly, etc.)
  • Tracking terraform with updatecli + bump Terraform projects from 1.0.x to 1.1x
    • Great job @smerle
  • Auto-label issues on helpdesk
    • Easier management \o/ thanks @lemeurherve @timja @kB_yaTxnRYiRgiB6BgSZvA
  • Maven 3.8.5 rollback: Upgrade to Maven 3.8.5 blocks Jenkins core development · Issue #2835 · jenkins-infra/helpdesk · GitHub
    • TODO: Synchronized Maven version update between container agents, VM packer templates and Jenkins tools
    • New rule: Do not deploy on friday for tools of ci.jenkins.io (except security updates). Would be a temp. rule until we are able to canary/edge deploy
    • Healthchek job to run a “dummy” mvn clean to improve? Should be lightweight. Current job checks for agents, but no more
    • Ask Basil for advice idea on “how could we caught that”
  • Add a DockerHub credential to avoid API rate limit in Kubernetes
    • Related to the WiP [DockerHub API Rate Limit on ci.jenkins.io](DockerHub credential for vm agents ci.jenkins.io)

• WiP

  • DockerHub API Rate Limit on VMs for ci.jenkins.io

    • Reached the rate limit of the authenticated account !!
    • Apply to Docker Open Source Program · Issue #2842 · jenkins-infra/helpdesk · GitHub => check which account are / could be added to our OpenSource subscription at DockerHub

  • Email alias for press releases

    • Email sent to Tyler + KK. Tyler does not have the access to mailgun
    • Without any answer next emeetin, we try to contact mailgun

  • Templatize the job definition list to generate DSL with per-folder/job credentials (Part of AWS key exposure)

    • Blocks Migrate infra-report from trusted.ci to infra.ci

  • Switch from Github Actions to Jenkins for updatecli tasks updatecli

    • No progress yet, the concerned pipelines aren’t simple ones

  • Email notifications from JFrog Cloud Status

    • Status?
  • • Migrate ratings.jenkins.io from AWS to Azure
      • Next step: add managed PgSQL database to azure terraform

• New:

  • Monitor builds on our private Jenkins instances
  • Migrate Docker builds from trusted.j to release.ci.j
  • Add privatek8s AKS cluster

• ToDo (infra-team-sync-2022-03-29 Milestone · GitHub)