►
From YouTube: 2021 06 15 Jenkins Infra Meeting
Description
Jenkins infrastructure meeting Jun 15, 2021
A
Hi
everybody
welcome
for
this
new
jenkins
infrastructure
meeting.
We
are
one
week
before
the
jenkins
contributors
to
the
agenda.
Today.
We
have
few
interesting
things.
A
We
hesitated
to
do
the
upgraded
version
1.20,
but
because
of
the
contributor
summit
happening
next
week
at
the
silicon
we
decided
to
be
more,
I
mean
to
be
safer
to
have
a
safer
approach,
so
we
will
just
do
one
major
upgrade
at
a
time,
so
we
don't
yeah,
we
don't
introduce
too
much
risk.
B
Container,
that's
docker
shim
that
has
been
removed
and
container
d
is
specific
to
aks.
Container
d
is
used
as
docker
engine
instead
of
docker
as
container
engine.
Thank
you.
Thank
you.
There
are
also
some
changes
related
to
the
azure
storage
that
are
that
make
that
upgrade
almost
mandatory
for
us,
since
we
have
a
heavy
usage
of
that.
That
is
the
second
change
that
need
to
be
checked
before
the
upgrade,
but
everything
sounds
good.
A
So
that's
awesome
because
we
don't
have
major
releases
coming,
so
that's
that
seems
to
be
the
right
moment
to
do
it
to
do
this.
That
being
said,
we
also
any
questions
regarding
the
aks
upgrades,
so
I
I
saw
that
demian,
you
prepare
just
the
announcement
and
status
page.
A
So
once
we
merge
this,
we
are
fully
ready
to
work
on
it.
I
still
I'm
I'm
still
not
sure
about
my
time
to
commit
that
work
yet,
so
I
would
prefer
to
wait
very
until
the
very
last
moment
before
approving
the
maintenance.
Is
it
okay
for
you.
A
Oh
yes,
so
you
so,
okay!
So
once
we
once
we
once
we
merge
this
part
windows,
the
maintenance
windows
will
be
announced
on
statue
searching
kinsale
and
my
point
was:
if
we
are
ready
to
do
the
upgrade
on
thursday,
that's
fine.
We
can
launch
upgrades.
Otherwise.
We
cannot
wait,
let's
say
tomorrow,
to
see
if
we
want
to
do
it
on
friday.
What's
our
what's
your
expectation.
B
For
me,
opening
the
status
page
means
that
we
are
ready
for
that.
B
If
there
is
a
blocker
that
will
be
all
specific
to
one
service.
So
for
me
I
would
I'm
available
and
everything
should
be
planned
accordingly,
except
maybe
an
outage
on
one
of
the
specific
pods.
That's
the
only
risk
there.
B
A
Yes,
that
sounds
good.
That
sounds
good.
C
B
If
the
time
window
is
okay,
I
will
be
happy
to
do
that
even
either
it's
required
or
not
that's
a
good
thing
to
be
always
to
for
that
kind
of
things,
either
for
learning
session,
sharing
ideas,
or
at
least
to
be
sure
that
someone
else
have
a
second
parent
eye
on
the
action.
So,
yes
with
pleasure,.
C
A
Yeah,
the
editor
feel
free
to
make
comments
if
it's
okay
for
you
and
if
you,
if
you
want
us
to
start
later,
that's
fine
as
well.
You
usually
it's
I
mean
it's
pretty
straightforward,
because
we
just
have
to
go
to
the
azure
interface,
select
the
red
version
that
we
want
to
use
and
that's
it.
The
reason
why
they
take
some
time
is
because
when
you
upgrade
it
upgrade
one
node
at
a
time.
A
So
it's
like
a
node
as
in
maintenance
mode,
so
it
will
remove
one
node
at
a
time,
deploy
your
new
node,
remove
to
the
parts
to
slide
into
the
to
the
new
node
and
so
on,
and
that
process
can
take
some
time,
because
we
want
to
be
sure
that
we
don't
break
anything
in
the
process.
C
B
Exactly
don't
hesitate
to
contact
me
at
dtr
and
I
will
add
the
link
of
the
color
record
one
in
irc
and
in
the
akmd
associated
knot
for
the
iks
upgrade.
So
if
you're
interested
in
joining
and
are
available,
don't
hesitate
and
also
if
the
time
does
not
meet
your
schedule
and
you
want
to
do
it
one
or
two
hours
later.
There
is
no
problem
on
that.
Don't
decide
to
mention
on
the
irc
channel.
A
So
then
it
sounds
like
we
can
move
forward
so
first
regarding
the
lfx
security
topic.
So
several
weeks
ago,
david
came
into
this
meeting
to
present
what
we
could
have,
and
so
the
next
step
was
to
install
the
github
app
in
the
jenkins
c4
organization.
So
I
decided
to
to
install
that
github
app,
but
only
allow
access
to
five
git
repositories.
A
So
the
purpose
here
is
to
identify
how
we
can
use
that
tool
to
detect
security
issues,
and
so
I
enable
it
for
rc,
bots,
plugin
site
api
plug
inside
jenkins
version
and
docker
checking
cell
test.
So
the
goal
is
to
analyze
golang
java
and
react
codes
and
also
docker
images,
because
we
have
that
that's
what
we
wanted
to
identify.
A
To
to
have
access
to
specific
dashboards,
but
yeah
in
my
case
I
don't
have
access.
I
have
access
to
jknci,
but
not
yet
touching
it's
in
front,
so
I
have
to
double
check
that
if
people
are
interested
to
participate,
let's
say
damian
or
mark
yeah,
I
think
you
can
also
request
access
and
I
would
be
really
happy
to
support
alexis.
A
There
is
nothing
more
on
this
topic.
I
really
doubt
that
I
will
have
the
time
to
work
on
this
until
the
next
until
the
jenkins
contributor.
So
it's
next
week
any
question.
A
Thanks
for
enabling
it
next
topic
is
status
that
jenkins
lego,
so
that
was
a
small
project
and
that's
really
nothing
really
urgent,
but
I
made
several
changes
to
the
status
page,
so
the
first
one
was
to
remove
all
the
iframes.
So
that
means
that
now
the
website
loads
a
lot
faster
than
it
was
p4,
and
so,
for
instance,
in
this
case
you
see
the
announcements
that
we
generated
10
seconds
ago
to
to
announce
the
aks
upgrades.
A
C
A
Have
you
have
three
buttons,
and
so
you
can?
Let's
just
select,
get
that
jenkins
rio
and
in
the
case
of
get
the
jenkins
leo,
you
have
a
short
description
of
what
the
jenkins
layout
is
and
there
you
have
the
monitoring
on
iframe.
So
the
response
time.
So
the
idea
is
to
have
this
page
to
have
those
pages
for
every
services.
So
if
some
people
are
interested
to
help
with
this
project,
that's
really
easy
to
do.
You
just
have
to
go
to
status
to
get
jenkins
infrastructure
status.
A
So
that's
the
the
the
status
page
and
then
from
here
there
are
two
main
directories:
the
layout
content,
the
template
actually
html
template.
And
if
you
go
to
content
services,
you
have
you
see
three
three
fives,
and
so
you
can
have.
You
can
add
more.
Let's
say
for
www.js
that
I
go,
but
the
more
important
thing
is.
A
You
just
have
to
reuse
those
parameters.
So,
for
instance,
you
can
provide
a
service
url.
You
can
specify
a
service
description.
You
can
specify
monitoring
iframes
with
a
title
and
an
iframe.
You
can
provide
some
links,
and
so
what
I
would
like
to
do
is
to
do
that
for
every
schizo,
for
every
services
that
we
manage
and
usually
and
what
I'm
envisioning
is
inside
the
links.
A
The
last
element
that
I
changed
on
status
page
was,
you
can
go
to
monitoring
and
also
this
is
also
something
that
I
would
like
to
improve.
Do
you
have
a
section
monitoring?
Sorry
I've
been
a
bit
quick,
so
you
have
a
section
metering
here.
If
you
click
on
it,
you
have
a
simple
page.
You
also
have
some
link,
and
so
this
time,
if
you
click
on
the
link,
let's
say
service
actually
pay
response
time.
A
You
have
a
data
dog
dashboard
for
every
services,
so
you
can
have
a
clear
idea
of
how
the
different
services
behave.
If
you
think
that
we
should
add
more
data,
dashboards
yeah
feel
free
to
open
a
jira
ticket
to
with
your
request,
and
why
do
you
think
that
we
should
provide
that
information?
And
I
would
be
really
glad
to
bring
that
information,
the
two,
the
two
additional
dashboards
which
are
useful?
You
have
one
that
I
don't.
A
So
typically,
when
we
do
a
new
release-
and
let's
say
we
don't
publish
the
windows
package,
you
usually
see
it
here
and
the
other
is
on
call
notification.
A
A
Looks
great,
thank
you.
So
next
topic
in
the
agenda
is
aks
upgrade,
but
I
think
we
already
covered
that
topic.
So,
regarding
the
aci
configuration
and
see,
I
touching
that
you
damien,
do
you
want
to
bring
us
a
quick
update
on
this.
B
One
so
aci
issues
has
been
fixed.
There
have
been
a
few
bugs
corrected
by
tim,
so
thanks
tim
for
the
help,
because
it
was
absolutely
not
my
comfort
zone
so
that
helped
that
helped
me
to
be
sure
there
were
no
error
with
the
latest
azure
plugin,
so
we
were
able
to
upgrade
all
the
plugins
that
fixed
all
the
issues
that
were
caused
initially
by
the
initial
bug
and
then
the
whole
back.
B
B
B
So
while
we
were
at
the
task,
we
upgraded
everything
on
the
machine
jenkins
car
to
the
latest
lts
that
was
released
just
before
all
plugins
all
packages,
all
over
the
content
of
the
operating
system.
So
now
that
should
be
good.
And
finally,
we
took
the
opportunity
to
upgrade
all
the
agent
virtual
machines,
ec2
and
azure
to
the
latest
version
that
has
been
built
with
packer
during
the
path
months.
So
the
operating
system
are
up
to
date
that
allowed
us
to
quickly
deliver
maven
3.8.1,
as
requested
by
other
contributors.
B
B
I
can
quickly
say:
trusted
trusted
works
exactly
the
same.
We
did
almost
the
same
once
we
were
sure
that
ci
jenkins
worked
after
two
days,
so
everything
has
been
applied
in
the
same
way:
prepaid
certificate
upgrade
plugin,
etc
and
azure
virtual
machines
agents
configuration,
so
everything
should
be.
Okay
and
all
the
temporary
resources
has
been
deleted
to
gain
some
money,
so
we
can
get
back
to
businesses
and
these
services.
A
Thanks
thanks
mark
any
question
here.
A
Awesome
we
brought
two
additional
fixes
to
the
trusted
ci.
I
think
that
was
yesterday,
so
the
first
one
was
we
discovered
that
the
update
center
certificate
expired.
A
It
was
supposed
to
expire,
three
months
after
we
recreated
it
in
april.
I
think
something
like
that.
So
the
reason
why
we
took
a
very
short
live
certificate
at
that
moment
was
because
we
we
identify
potential
issues
with
the
new
root
certificates,
and
so
we
want
to
be
sure
that
it
wouldn't
have
any
effects
on
the
process
it
did
not,
and
so
this
time
we
generate
a
one
year
certificate.
A
So
we
have
more
time
in
front
of
us
and
we
also
also
have
had
an
issue
with
a
certificate
with
a
crawler
job
untrusted.ci,
because
we
changed
the
name
of
the
root
certificate,
so
that
was
an
easy
fix,
but
yeah
really
stupid.
The
last
topic
that
I
want
to
bring
here
is:
I
got.
I
got
a
notification
from
fastly
that
my
credit
card
is
expiring
and
that
I
have
to
change
the
credit
cards
I
haven't
been
charged
in
the
past
on
my
credit
card,
because
everything
is
covered
by
sponsoring
but
yeah.
A
I
have
to
identify
a
way
to
not
have
to
put
a
credit
card
in
the
service,
so
I'm
not
sure
yet,
if
fastly
offered
that
option
to
open
source
projects
or
if
I
have
to
look
around
the
linux
foundation
but
yeah,
if
you
have
any
suggestions,
that's
that's
something
that
I
would
like
to
solve
pretty
soon.
A
Usually
that's
pretty
difficult
when
you
have
infrastructure
open
infrastructure.
The
way
we
do
because
we
have
a
lot
of
sponsors,
we
have
a
lot
of
different
accounts
and
most
of
the
time
by
default,
they
assume
that
you
will
put
a
credit
card,
but
because
you
have
individual
contributors
behind
those.
A
B
B
We
should
create
a
google
agenda,
a
bit
like
the
sig
ones,
for
the
enthra
team,
that
public
or
not
public,
I'm
still
not
sure,
but
the
goal
of
that
agenda
will
be
to
mention
the
certificate
renewal
or
whenever
there
is
a
depreciation
of
a
component
or
whatever
task
that
are
time-bound,
like,
for
instance,
the
update
center
certificate
renewal.
Yesterday
there
are
a
lot
of
these
tasks
that
are
could
be
automated,
but
are
not
because
we
need
help-
or
maybe
it's
not
possible.
B
So
the
goal
is
to
have
that
calendar
that
could
act
with
alerts
for
everyone
to
share
that
knowledge.
So
it's
not
on
someone's
private
calendar.
It's
not
on
the
document
that
doesn't
trigger
any
reaction.
We
want
something
with
events,
so
I
propose
that
we
start
with
a
google
a
shared
agenda
like
we
do
for
the
community
that
could
we
can
subscribe
to
this
as
team
member,
and
so
then
we
can
have
this
kind
of
alert
one
two
weeks
before
something
goes
south.
A
I
I'm
I
mean
yeah,
I
asked
him
and
discuss.
This
is
something
as
many
demons
mentioned
it's.
It
is
something
that
we
discussed.
I
think
earlier
today,
or
maybe
yesterday,
that
wasn't
my
plan
since
a
very
long
time,
and
I
think
that
the
certificates
expiring
issues
really
highlight
that
we
need
an
agenda
because
not
everything
can
be
monitored,
I
mean
easily,
and
so
a
lot
of
things
could
be
catch
just
by
using
an
agenda.
I
don't
think
that
that
agenda
should
be
public,
because
we
want
to
pro
we
want.
A
To
put,
I
mean
important
information
there,
such
as
a
critical
certificate
which
expired
and
but
yeah.
We
should
have
at
least
enough
people
on
the
agenda,
so
people
several
people
can
catch
specific
dates,
but
yeah
I'm
open
to
suggestions.
It
sounds
like
the
google
ad
agenda
is
the
easiest
way
to
proceed.
A
A
So
I
do
have
one
last
topic
because
of
the
silicon
and
the
contributor
summits
next
week.
I
would
like
to
consult
next
week
infrastructure
meeting
any
objection.
A
Awesome
then
thank
you
for
your
time
and
see
you
on
rc.
B
I
might
have
two
points
since
we
are
not
out
of
time.
Sorry,
I've
added
them
at
the
end
of
the
note
on
the
action
points
after
the
team
agenda,
so
the
first
one
is
trusted
is
running
regularly.
A
job
named
github
reports
that
I
understand
to
be
some
task:
regular
tasks
that
retrieve
statistics
and
put
them
on
the
infrastructure
I
will
propose
to.
B
I
will
propose-
and
do
this
under
a
probable
review,
if
it's
okay,
to
migrate,
that
job
on
infra
ci,
because
that
job
is
creating
a
lot
of
locks
on
trusted
ci
and
combined
with
the
update
center.
Sometimes
the
bill
2
is
quite
high
when
something
goes
wrong
and
that
github
report
is
really
really
creating
a
lot
of
locks
and
issues,
and
so
given
the
sensitivity,
sensitivity
of
trusted
and
the
fact
that
infrastr
is
way
more
stable
because
we
can
interact
with
it
in
kubernetes
in
easier
ways.
My
proposal
is
to
move
it.
B
C
C
B
Okay,
I'm
gonna
ask
directly
danielle.
Maybe
the
answer
is
no,
it
can
move
to
release
or
or
not,
move
the
root
problem.
The
problem
I
want
to
solve,
in
fact
is:
I
will
want
to
avoid
having
so
much
builds
in
the
build
queue
I
saw.
There
were
already
some
usage
of
the
lock
of
the
lock
by
blank,
but
yeah
in
that
case,
maybe
forcing
it
to
only
run
one
build
at
the
time.
C
Yeah-
and
I
think
I
think
there,
the
a
conversation
with
daniel
is
really
good,
because
I
I
don't
I
apologize,
but
I
don't
recall
why
it's
structured
the
way
it
is
it's
just
a
surprising
structure,
right
the
fact
that
it's,
it
seems
like
it's
wasteful,
what
it's
doing,
and
I
I
I
remember,
seeing
and
thinking
it
was
wasteful,
but
not
having
come
to
a
conclusion
what
to
do
about
it.
So,
thanks
for
detecting
it
and
thinking
about
it
more.
A
Think
I
think
I
think
for
that
one
we,
you
should
create
a
jira
ticket
because
I'm
not
expecting
you
to
work
on
it
until
next
week
and
I
think
that
would
be
better
to
create
a
jira
ticket.
So
we
move
the
discussion
there
and
have
a
choice
of
that
yeah.
A
Priorities
regarding
the
next
one,
starting
using
cube
agent
aps
for
standards
with
radio
yeah
sooner,
is
better.
A
I
mean
last
month
we
were
at
10k
a
little
bit
slightly
over
10k,
so
we
definitely
have
to
go
below
10k
and
so
and
aci
represents
a
major
part
of
the
cost
of
azure
accounts.
B
So
we
still
need
one
a
week
to
see
the
effects
of
fixing
the
aci
configuration
update
on
ch
and
quincy.
However,
the
proposal
here
is
to
not
remove
aci
but
to
start
adding
a
limited
capacity
of
a
pods
of
kubernetes
spots
that
run
on
the
dedicated
case
cluster.
So
so
it's
monotonous.
It's
not
expected
to
be
multitonant.
Only
ci
is
expected
to
run
on
that
cluster
and
that
cluster
has
a
static
capability
in
term
of
resources.
B
So
the
goal
is
to
add
that
static
capabilities
and
see
the
impact
on
aci
cost.
As
always,
the
best
solution
will
be
a
mix
of
both,
but
since
aci
are
are
quite
expensive.
They
are
really
good,
really
performance,
that's
really
nice
service,
but
it's
expensive.
So
I
think
mix
is
two
container
like
we
do
for
the
virtual
machines
with
azure,
vm
and
ec2.
I
think
the
solution
will
be
with
that,
but
the
goal
is
to
start
checking
that
without
breaking
the
usages.
A
While
while
we
talk
about
amazon,
the
current
process
for
the
amazon
sponsoring
is
that
we
have
to
provide
some
cost
estimation,
oh
yeah,
to
continue
the
process.
That's
in
my
to-do
list.