Attendees 
- @dduportal (Damien Duportal)
- @jayfranco999 (Jay Reddy)
- @smerle33 (Stéphane Merle)
- @kmartens27 (Kevin Martens)
- @onenashev (Oleg Nenashev)
Announcements 
- Jenkins Weekly Releases
- Announcements:
- Infra Roadmap
- Jenkins Roadmap
- Update on the roadmap, waiting for review: feat(roadmap) update jenkins-infra roadmap tasks by dduportal · Pull Request #8419 · jenkins-infra/jenkins.io · GitHub
- Next Priority: Azure CDF costs / pkg.origin to Azure CDF (less data transfer)
- Kubernetes 1.32 (network setup)
- trusted/VPN/cert.ci VMs (size and network)
- Infra Roadmap
Upcoming Calendar 
- Next Weekly: 2.528
- Next LTS: 2025-09-17 - 2.516.3 (Hervé le Meur is release lead)
- Next Security Release as per jenkinsci-advisories: N/A (last one the 3rd of september plugin security release)
- Upcoming credentials expirations (~3 weeks): N/A
Cloud Budgets
-
Azure CDF - Remaining: ~$24k for 2025: - max Monthly threshold is now $6.0k
- June: $3,474 (invoice)
- July: $4,289 (invoice)
- August: $5,816 (expecting invoice of $5.9k with support)
- September: $3170 (forecast at $6,5k
)
-
DigitalOcean - Remaining $13,064 until January 02, 2026
- June: $252 (invoice)
- July: $196 (invoice)
- August: $226 (invoice)
- September: $90 (forecast $301)
- Slight increase due to the new Usage VM (expected)
-
AWS:
-
CloudBees:
- June: $606
- July: $635.75
- August: $662.80
- September: $310 (forecast at $626)
-
Sponsored account (83,398.55 lefts until 2027 => ~16 months remaining)
- June: $367.47
- July: $4,899.99
- August: $6,072.47
- September: $2,463.61 (forecast $4,768.30): no more EC2 overprovisioning (for now) we’re good
-
-
Jfrog Artifactory Usage
- Storage: 1.43TB (+0.08TB)
- Increase in access logs?
- Bandwidth:
- June: 22.94 TB (21.44 Tb for ‘releases’ repository)
- July: 24.96 Tb (23.45 Tb for ‘releases’ repository)
- August: 21.09 Tb - (18.77 Tb for ‘releases’ repository)
- September: 11.28 Tb - (10.01 Tb for ‘releases’ repository)
- Forecast at 20Tb
- Forecast at 20Tb
- Storage: 1.43TB (+0.08TB)
Notes 
-
Done:
-
Keep platform up to date:
-
Support:
-
-
-
Keep platform up to date:
- Tombstone Puppet (and replace it by something else)
- On hold: first step is now to use Ansible on packer-images (instead of shell) to ensure that the team learns basics of Ansible before going full scale.
- Update Jira LTS from 9.12.x to 10.3.x
- On hold. Delayed for after the 16th => back to triage until then
- Tombstone Puppet (and replace it by something else)
-
Support:
- Monitor builds on our private instances (trusted.ci.jenkins.io / infra.ci.jenkins.io / release.ci.jenkins.io)
- On hold: delayed until October (Jay trains on Linux/Kubernetes and need his new laptop).
- Back to triage until then.
- Add support for Windows 2025 agents
- Initial implementation is good in CI, but…
- pipeline rewrite is required (declarative → scripted) to handle the “too many elemements” from matrix build.
- Was on hold: resuming work this milestone.
- Implement a retry mechanism with non-spot instance in
jenkinsci/jenkinspipeline- Infra part done (labels). Waiting for Herve (on hold)
- ci.jenkins.io pages are slow to respond
- We are still being hammered randomly by LLM scrapers.
- Most of the scraping comes from ZScaler public blocks.
- Discussion on the issue about potnetial solutions
- Blocking IPs from attackers and/or public cloud IP blocks. Need to allow exceptions.
- Enabling login
- Install CSP plugin on trusted.ci, infra.ci, etc.
- Almost closeable (only ci.jio remains, quick one)
- [release.ci.jenkins.io/trusted.ci.jenkins.io] Ensure Core Package build only copy package indexes/websites to
pkg.origin.jenkins.ioVM- Step 1 done (Windows, WAR and Deb packages but not Deb indexes)
- On hold: back to triage, un til pkg.origin VM is migrated (see below)
- [pkg.jenkins.io] migrate the pkg.origin.jenkins.io service from AWS VM to Azure
publick8s- We can resume work on this one next week (we need to focus on Azure network as requirement now)
- On hold, we keep it in current milestone
- usage-in-plugins doesn’t run daily => back to backlog
- [ci.jenkins.io] Pipelines are stuck in RPU (Agents slow to allocate / build timeouts due to agent reclaimed)
- Was an AWS EC2 AZ issue (missing capacity).
- Ondemand is used as fallback but it slows down agents allocations
- Problem is still there.
- Need multi AZ support: requires huge AWS work.
- Planning right after Kubernetes 1.32 and Azure network
- Short term: we can move the ATH agents (highmem) from spot to ondemand => todo @NcsAFaT0TjqYFMTxhfAidg smerle
- [Azure] Merge webservices data storage accounts into a single one with NFS v4.1
- WiP on www.jenkins.io: helm-chart moving to nginx-webserver (instead ot its own www.jenkins.io with missing features related to storage)
- Low priority but we keep working on the go
- javadoc is blocked (really heavy htdocs content)
- Reduce artifactory bandwidth used by ci.jenkins.io
- On hold: waiting for Mark and Hervé to fix the jenkinsci/docker pipeline on CI (to use get.jio instead of Artifactory)
- Reduce artifactory bandwidth used by infra.ci.jenkins.io
- Back to backlog: waiting for stats. from Darin
- Admin access for Jenkins GSoC org admins to GSoC SiG Gitter channel
- Support ticket opened (we had an ACK) but no answer
- @dduportal to gently ping them
- [INFRA-1972] Migrate usage.jenkins.io VM from AWS CloudBees to DigitalOcean
- VM is up and running (Terraform managed)!
- Small disk: we need to ensure we can increase its size without downtime
- VPN access is good
- WIP on puppet (role for usage)
- VM is up and running (Terraform managed)!
- [stats.jenkins.io/infra-statistics] Move “data for the usage stats site” generation (from anonymized data) out from Andrew machine
- Blocked by issue above (usage.jenkins.io migration on DigitalOcean)
- We collected requirements for using usages.jio for this.
- Next step: add a new role/profile to allow it to act as a trusted. permanent agent to integrate logs for us.
- [ci.jenkins.io] Monitor and Garbage collect data volume of the DockerHub registry mirror and EC pull through cache
- Back to backlog until 16 (part of the “cron jobs” project, same as Geoipupdat, usage-in-plugins and others)
- Not urgent: problem won’t appear again until July 2026
- Monitor builds on our private instances (trusted.ci.jenkins.io / infra.ci.jenkins.io / release.ci.jenkins.io)
-
-
Issues staying in backlog/triage:
- [updates.jenkins.io] set up mirrorbits to keep serving update-center from mirrors even if outdated
- No emergency (nice to have)
- private docker image registry for staging core security releases
- For October
- [Azure]: credentials less Service Principal
- No emergency (nice to have)
- Tracking Issue for Groovy Script Conversion in RPU
- No emergency (nice to have)
- Migrate
census.jenkins.ioVM from AWS CloudBees to DigitalOcean- After usage.jio
- Chinese jenkins site incorrect site redirection
- Project delayed until October, no immediate need
- Add a real-world job to weekly.ci.jenkins.io
- Move collection of stats out from Kohsuke’s home
- Support [skip ci] on default branch
- Create build for jenkinsci/winp on release ci server
- [Update Center] HTTP/404 on
/current/updates/*.json*links - dnf5 update fails with gpgcheck=1
- Add monitoring for CD secrets updates
- [INFRA-3046] Monitor Jenkins mirrors Age
- [updates.jenkins.io] set up mirrorbits to keep serving update-center from mirrors even if outdated
-
Issues added to the next milestone:
- [Azure] Migrate (e.g. re-create) AKS clusters
publick8sandprivatek8swith modern settings (private API, Azure Linux, NAT outbound) - [cert.ci/trusted.ci/private.vpn] Default outbound access for VMs in Azure will be retired
- [private.vpn.jenkins.io] Azure deprecates Public IPs of type “Basic” the 30 September 2025
- [Azure] Migrate (e.g. re-create) AKS clusters
Jenkins’ official Account on Gradle Plugin Portal
- Devlist Discussion
- Feedback the Infra team is needed
- An issue on the helpdesk to scope is needed