Infrastructure Team Meeting - September 10, 2024

Attendees :busts_in_silhouette:

Announcements :loudspeaker:

  1. Jenkins Weekly Releases:
    • Last Week: 2.475 succesfully released Wednesday 4 Sept. (instead of Tuesday 3 as initially planned).
    • This Week: 2.476 started in time
      • Also an important one: ship a fix for a few plugins related to Spring Security
  2. Jenkins LTS 2.462.2 succesfully released Wednesday 4 Sept.
    • LTS issue not created as part of the process: gotta check. But delivered on Jenkins Infra. anyway.
  3. Next LTS baseline will be selected 18 Sep 2024
    • Will include Spring Security 6 Update (2.475 or later)
    • Will requires JDK17
  4. Suspicious PRs last weekend
    • It was a penetration test
    • Remediation actions:
      • Website previews are disabled
    • Immediate actions:
      • Let’s get rid of jenkins4eval (use GHCR instead if needed)
      • ci.jenkins.io: remove credentials for Docker
      • infra.ci:
        • Split Website jobs (and credentials) PR from production (e.g. main branch) deployments
        • Apply Kubernetes PSA to our container agents
        • Split namespace + nodepools + subnets for agents
    • Medium term actions
      • Shared Library for websites or at least readTrusted() / OR find a non infra.ci way to deploy preview (Netlify or back to ci.jio + incremental-like deploy webservice)

Upcoming Calendar :calendar:

Cloud Budgets

Notes :book: