►
From YouTube: 2021 06 15 Jenkins Infra Meeting
Description
Jenkins infrastructure meeting Jun 15, 2021
A
B
Container,
that's
docker
shim
that
has
been
removed
and
container
d
is
specific
to
aks.
Container
d
is
used
as
docker
engine
instead
of
docker
as
container
engine.
Thank
you.
Thank
you.
There
are
also
some
changes
related
to
the
azure
storage
that
are
that
make
that
upgrade
almost
mandatory
for
us,
since
we
have
a
heavy
usage
of
that.
That
is
the
second
change
that
need
to
be
checked
before
the
upgrade,
but
everything
sounds
good.
A
A
A
Oh
yes,
so
you
so,
okay!
So
once
we
once
we
once
we
merge
this
part
windows,
the
maintenance
windows
will
be
announced
on
statue
searching
kinsale
and
my
point
was:
if
we
are
ready
to
do
the
upgrade
on
thursday,
that's
fine.
We
can
launch
upgrades.
Otherwise.
We
cannot
wait,
let's
say
tomorrow,
to
see
if
we
want
to
do
it
on
friday.
What's
our
what's
your
expectation.
B
B
C
B
C
A
Yeah,
the
editor
feel
free
to
make
comments
if
it's
okay
for
you
and
if
you,
if
you
want
us
to
start
later,
that's
fine
as
well.
You
usually
it's
I
mean
it's
pretty
straightforward,
because
we
just
have
to
go
to
the
azure
interface,
select
the
red
version
that
we
want
to
use
and
that's
it.
The
reason
why
they
take
some
time
is
because
when
you
upgrade
it
upgrade
one
node
at
a
time.
C
B
Exactly
don't
hesitate
to
contact
me
at
dtr
and
I
will
add
the
link
of
the
color
record
one
in
irc
and
in
the
akmd
associated
knot
for
the
iks
upgrade.
So
if
you're
interested
in
joining
and
are
available,
don't
hesitate
and
also
if
the
time
does
not
meet
your
schedule
and
you
want
to
do
it
one
or
two
hours
later.
There
is
no
problem
on
that.
Don't
decide
to
mention
on
the
irc
channel.
A
So
then
it
sounds
like
we
can
move
forward
so
first
regarding
the
lfx
security
topic.
So
several
weeks
ago,
david
came
into
this
meeting
to
present
what
we
could
have,
and
so
the
next
step
was
to
install
the
github
app
in
the
jenkins
c4
organization.
So
I
decided
to
to
install
that
github
app,
but
only
allow
access
to
five
git
repositories.
A
So
the
purpose
here
is
to
identify
how
we
can
use
that
tool
to
detect
security
issues,
and
so
I
enable
it
for
rc,
bots,
plugin
site
api
plug
inside
jenkins
version
and
docker
checking
cell
test.
So
the
goal
is
to
analyze
golang
java
and
react
codes
and
also
docker
images,
because
we
have
that
that's
what
we
wanted
to
identify.
A
To
to
have
access
to
specific
dashboards,
but
yeah
in
my
case
I
don't
have
access.
I
have
access
to
jknci,
but
not
yet
touching
it's
in
front,
so
I
have
to
double
check
that
if
people
are
interested
to
participate,
let's
say
damian
or
mark
yeah,
I
think
you
can
also
request
access
and
I
would
be
really
happy
to
support
alexis.
A
A
Thanks
for
enabling
it
next
topic
is
status
that
jenkins
lego,
so
that
was
a
small
project
and
that's
really
nothing
really
urgent,
but
I
made
several
changes
to
the
status
page,
so
the
first
one
was
to
remove
all
the
iframes.
So
that
means
that
now
the
website
loads
a
lot
faster
than
it
was
p4,
and
so,
for
instance,
in
this
case
you
see
the
announcements
that
we
generated
10
seconds
ago
to
to
announce
the
aks
upgrades.
A
C
A
Have
you
have
three
buttons,
and
so
you
can?
Let's
just
select,
get
that
jenkins
rio
and
in
the
case
of
get
the
jenkins
leo,
you
have
a
short
description
of
what
the
jenkins
layout
is
and
there
you
have
the
monitoring
on
iframe.
So
the
response
time.
So
the
idea
is
to
have
this
page
to
have
those
pages
for
every
services.
So
if
some
people
are
interested
to
help
with
this
project,
that's
really
easy
to
do.
You
just
have
to
go
to
status
to
get
jenkins
infrastructure
status.
A
So
that's
the
the
the
status
page
and
then
from
here
there
are
two
main
directories:
the
layout
content,
the
template
actually
html
template.
And
if
you
go
to
content
services,
you
have
you
see
three
three
fives,
and
so
you
can
have.
You
can
add
more.
Let's
say
for
www.js
that
I
go,
but
the
more
important
thing
is.
A
You
just
have
to
reuse
those
parameters.
So,
for
instance,
you
can
provide
a
service
url.
You
can
specify
a
service
description.
You
can
specify
monitoring
iframes
with
a
title
and
an
iframe.
You
can
provide
some
links,
and
so
what
I
would
like
to
do
is
to
do
that
for
every
schizo,
for
every
services
that
we
manage
and
usually
and
what
I'm
envisioning
is
inside
the
links.
A
The
last
element
that
I
changed
on
status
page
was,
you
can
go
to
monitoring
and
also
this
is
also
something
that
I
would
like
to
improve.
Do
you
have
a
section
monitoring?
Sorry
I've
been
a
bit
quick,
so
you
have
a
section
metering
here.
If
you
click
on
it,
you
have
a
simple
page.
You
also
have
some
link,
and
so
this
time,
if
you
click
on
the
link,
let's
say
service
actually
pay
response
time.
A
You
have
a
data
dog
dashboard
for
every
services,
so
you
can
have
a
clear
idea
of
how
the
different
services
behave.
If
you
think
that
we
should
add
more
data,
dashboards
yeah
feel
free
to
open
a
jira
ticket
to
with
your
request,
and
why
do
you
think
that
we
should
provide
that
information?
And
I
would
be
really
glad
to
bring
that
information,
the
two,
the
two
additional
dashboards
which
are
useful?
You
have
one
that
I
don't.
A
A
B
One
so
aci
issues
has
been
fixed.
There
have
been
a
few
bugs
corrected
by
tim,
so
thanks
tim
for
the
help,
because
it
was
absolutely
not
my
comfort
zone
so
that
helped
that
helped
me
to
be
sure
there
were
no
error
with
the
latest
azure
plugin,
so
we
were
able
to
upgrade
all
the
plugins
that
fixed
all
the
issues
that
were
caused
initially
by
the
initial
bug
and
then
the
whole
back.
B
B
B
So
while
we
were
at
the
task,
we
upgraded
everything
on
the
machine
jenkins
car
to
the
latest
lts
that
was
released
just
before
all
plugins
all
packages,
all
over
the
content
of
the
operating
system.
So
now
that
should
be
good.
And
finally,
we
took
the
opportunity
to
upgrade
all
the
agent
virtual
machines,
ec2
and
azure
to
the
latest
version
that
has
been
built
with
packer
during
the
path
months.
So
the
operating
system
are
up
to
date
that
allowed
us
to
quickly
deliver
maven
3.8.1,
as
requested
by
other
contributors.
B
B
I
can
quickly
say:
trusted
trusted
works
exactly
the
same.
We
did
almost
the
same
once
we
were
sure
that
ci
jenkins
worked
after
two
days,
so
everything
has
been
applied
in
the
same
way:
prepaid
certificate
upgrade
plugin,
etc
and
azure
virtual
machines
agents
configuration,
so
everything
should
be.
Okay
and
all
the
temporary
resources
has
been
deleted
to
gain
some
money,
so
we
can
get
back
to
businesses
and
these
services.
A
A
It
was
supposed
to
expire,
three
months
after
we
recreated
it
in
april.
I
think
something
like
that.
So
the
reason
why
we
took
a
very
short
live
certificate
at
that
moment
was
because
we
we
identify
potential
issues
with
the
new
root
certificates,
and
so
we
want
to
be
sure
that
it
wouldn't
have
any
effects
on
the
process
it
did
not,
and
so
this
time
we
generate
a
one
year
certificate.
A
So
we
have
more
time
in
front
of
us
and
we
also
also
have
had
an
issue
with
a
certificate
with
a
crawler
job
untrusted.ci,
because
we
changed
the
name
of
the
root
certificate,
so
that
was
an
easy
fix,
but
yeah
really
stupid.
The
last
topic
that
I
want
to
bring
here
is:
I
got.
I
got
a
notification
from
fastly
that
my
credit
card
is
expiring
and
that
I
have
to
change
the
credit
cards
I
haven't
been
charged
in
the
past
on
my
credit
card,
because
everything
is
covered
by
sponsoring
but
yeah.
A
Usually
that's
pretty
difficult
when
you
have
infrastructure
open
infrastructure.
The
way
we
do
because
we
have
a
lot
of
sponsors,
we
have
a
lot
of
different
accounts
and
most
of
the
time
by
default,
they
assume
that
you
will
put
a
credit
card,
but
because
you
have
individual
contributors
behind
those.
A
B
B
We
should
create
a
google
agenda,
a
bit
like
the
sig
ones,
for
the
enthra
team,
that
public
or
not
public,
I'm
still
not
sure,
but
the
goal
of
that
agenda
will
be
to
mention
the
certificate
renewal
or
whenever
there
is
a
depreciation
of
a
component
or
whatever
task
that
are
time-bound,
like,
for
instance,
the
update
center
certificate
renewal.
Yesterday
there
are
a
lot
of
these
tasks
that
are
could
be
automated,
but
are
not
because
we
need
help-
or
maybe
it's
not
possible.
B
So
the
goal
is
to
have
that
calendar
that
could
act
with
alerts
for
everyone
to
share
that
knowledge.
So
it's
not
on
someone's
private
calendar.
It's
not
on
the
document
that
doesn't
trigger
any
reaction.
We
want
something
with
events,
so
I
propose
that
we
start
with
a
google
a
shared
agenda
like
we
do
for
the
community
that
could
we
can
subscribe
to
this
as
team
member,
and
so
then
we
can
have
this
kind
of
alert
one
two
weeks
before
something
goes
south.
A
I
I'm
I
mean
yeah,
I
asked
him
and
discuss.
This
is
something
as
many
demons
mentioned
it's.
It
is
something
that
we
discussed.
I
think
earlier
today,
or
maybe
yesterday,
that
wasn't
my
plan
since
a
very
long
time,
and
I
think
that
the
certificates
expiring
issues
really
highlight
that
we
need
an
agenda
because
not
everything
can
be
monitored,
I
mean
easily,
and
so
a
lot
of
things
could
be
catch
just
by
using
an
agenda.
I
don't
think
that
that
agenda
should
be
public,
because
we
want
to
pro
we
want.
A
To
put,
I
mean
important
information
there,
such
as
a
critical
certificate
which
expired
and
but
yeah.
We
should
have
at
least
enough
people
on
the
agenda,
so
people
several
people
can
catch
specific
dates,
but
yeah
I'm
open
to
suggestions.
It
sounds
like
the
google
ad
agenda
is
the
easiest
way
to
proceed.
A
A
B
I
might
have
two
points
since
we
are
not
out
of
time.
Sorry,
I've
added
them
at
the
end
of
the
note
on
the
action
points
after
the
team
agenda,
so
the
first
one
is
trusted
is
running
regularly.
A
job
named
github
reports
that
I
understand
to
be
some
task:
regular
tasks
that
retrieve
statistics
and
put
them
on
the
infrastructure
I
will
propose
to.
B
I
will
propose-
and
do
this
under
a
probable
review,
if
it's
okay,
to
migrate,
that
job
on
infra
ci,
because
that
job
is
creating
a
lot
of
locks
on
trusted
ci
and
combined
with
the
update
center.
Sometimes
the
bill
2
is
quite
high
when
something
goes
wrong
and
that
github
report
is
really
really
creating
a
lot
of
locks
and
issues,
and
so
given
the
sensitivity,
sensitivity
of
trusted
and
the
fact
that
infrastr
is
way
more
stable
because
we
can
interact
with
it
in
kubernetes
in
easier
ways.
My
proposal
is
to
move
it.
B
C
C
B
Okay,
I'm
gonna
ask
directly
danielle.
Maybe
the
answer
is
no,
it
can
move
to
release
or
or
not,
move
the
root
problem.
The
problem
I
want
to
solve,
in
fact
is:
I
will
want
to
avoid
having
so
much
builds
in
the
build
queue
I
saw.
There
were
already
some
usage
of
the
lock
of
the
lock
by
blank,
but
yeah
in
that
case,
maybe
forcing
it
to
only
run
one
build
at
the
time.
C
Yeah-
and
I
think
I
think
there,
the
a
conversation
with
daniel
is
really
good,
because
I
I
don't
I
apologize,
but
I
don't
recall
why
it's
structured
the
way
it
is
it's
just
a
surprising
structure,
right
the
fact
that
it's,
it
seems
like
it's
wasteful,
what
it's
doing,
and
I
I
I
remember,
seeing
and
thinking
it
was
wasteful,
but
not
having
come
to
a
conclusion
what
to
do
about
it.
So,
thanks
for
detecting
it
and
thinking
about
it
more.
A
B
So
we
still
need
one
a
week
to
see
the
effects
of
fixing
the
aci
configuration
update
on
ch
and
quincy.
However,
the
proposal
here
is
to
not
remove
aci
but
to
start
adding
a
limited
capacity
of
a
pods
of
kubernetes
spots
that
run
on
the
dedicated
case
cluster.
So
so
it's
monotonous.
It's
not
expected
to
be
multitonant.
Only
ci
is
expected
to
run
on
that
cluster
and
that
cluster
has
a
static
capability
in
term
of
resources.
B
So
the
goal
is
to
add
that
static
capabilities
and
see
the
impact
on
aci
cost.
As
always,
the
best
solution
will
be
a
mix
of
both,
but
since
aci
are
are
quite
expensive.
They
are
really
good,
really
performance,
that's
really
nice
service,
but
it's
expensive.
So
I
think
mix
is
two
container
like
we
do
for
the
virtual
machines
with
azure,
vm
and
ec2.
I
think
the
solution
will
be
with
that,
but
the
goal
is
to
start
checking
that
without
breaking
the
usages.