Banging away on how to build a fully automated #Jenkins, including credential injection on bringup.
Fully automated bringup, including secrets, is one of the fiddlier bits of #SRE work. If you're on AWS, AWS IAM and SecretsManager serve as the trust root....
... but not everything integrates with that! Such as Jenkins.
One of the things businesses like a lot today is outsourcing, which is what Cloud is, particularly AWS. So here we are.
(hashtags for search)
I think that it'd be much closer to technically well done to roll up all needed functionality into your k8s cluster (logs, monitoring, builds, etc) without relying on cloud facilities (i.e., build your own cloud in k8s). But this requires substantial technical investment, documentation, and hiring. Probably a good +5 on your SRE team. And, worse, is this something *interesting*? Can you retain people for this?
Jenkins is old tech, and very Java Enterprise coding. Not a good thing. I like it, because it is flexible. But it's not well adapted for cloud work with proper automated bringup.
I've spent days looking at automating installing credentials post-bring up. But the CSRF protection system is... not designed for automation. Nor is there a RPC system for within-process environment (within-pod) for injecting secure information.
So I'm pondering how to figure out a way to get credentials into jenkins via cooking the credentials.xml files prior to bringup.
this shouldn't be this hard.
Server run by the main developers of the project It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!