Follow

Banging away on how to build a fully automated , including credential injection on bringup.

Fully automated bringup, including secrets, is one of the fiddlier bits of work. If you're on AWS, AWS IAM and SecretsManager serve as the trust root....

... but not everything integrates with that! Such as Jenkins.

One of the things businesses like a lot today is outsourcing, which is what Cloud is, particularly AWS. So here we are.

(hashtags for search)

· · Web · 2 · 0 · 1

Digressive note:

I think that it'd be much closer to technically well done to roll up all needed functionality into your k8s cluster (logs, monitoring, builds, etc) without relying on cloud facilities (i.e., build your own cloud in k8s). But this requires substantial technical investment, documentation, and hiring. Probably a good +5 on your SRE team. And, worse, is this something *interesting*? Can you retain people for this?

Show thread

Jenkins is old tech, and very Java Enterprise coding. Not a good thing. I like it, because it is flexible. But it's not well adapted for cloud work with proper automated bringup.

I've spent days looking at automating installing credentials post-bring up. But the CSRF protection system is... not designed for automation. Nor is there a RPC system for within-process environment (within-pod) for injecting secure information.

Show thread

So I'm pondering how to figure out a way to get credentials into jenkins via cooking the credentials.xml files prior to bringup.

this shouldn't be this hard.

and yes.

Show thread
Sign in to participate in the conversation
Mastodon

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!