#release-engineering (2020-09)

jenkins_ci All things CI/CD. Specific emphasis on Codefresh and CodeBuild with CodePipeline.

CI/CD Discussions

Archive: https://archive.sweetops.com/release-engineering/

2020-09-23

Laurynas avatar
Laurynas

What precommit hooks you have enabled for terraform? I enabled chechov but I feel that it detects too many issues that are not actually issues for us

academ1c avatar
academ1c
antonbabenko/pre-commit-terraform

pre-commit git hooks to take care of Terraform configurations - antonbabenko/pre-commit-terraform

2
Yoni Leitersdorf avatar
Yoni Leitersdorf

Checkov has an exception mechanism - you can add them as comments in the TF files. Is that no good?

:--1:1
antonbabenko avatar
antonbabenko

Shameless plug - https://www.youtube.com/watch?v=KdH-7_vpFag . I see rather little value in checkov myself, because I need to disable more than I want. Plus some key features are not supported yet (eg, tfvars files, tf.json, modules).

2

2020-09-18

2020-09-16

2020-09-15

Joe Presley avatar
Joe Presley

What are the benefits of using a licensed version of Jenkins? I’ve looked at the Cloud Bees website and googled, but I haven’t found a clear idea of what the licensed version does.

PePe avatar

you get support

PePe avatar

and the additional cloudbees plugins that they are pretty good

PePe avatar

if you are using any of their plugins and you go opensource

PePe avatar

then you can’t use them anymore

PePe avatar

and the opensource ones do not have the same features

PePe avatar

like advance permission plugin they have

Joe Presley avatar
Joe Presley

Ah got it. Thank you!

PePe avatar

np

Joe Presley avatar
Joe Presley

Is licensed Jenkins the same as CloudBees CI?

PePe avatar

mmm I do not know…

PePe avatar

I thought the only company that offered jenkins support was cloudbees

Joe Presley avatar
Joe Presley

It’s all right. I just haven’t found mention specifically of Jenkins license or Enterprrise Jenkins on CloudBee’s website. I only see things like CloudBees CI and CloudBees CD for their products.

roth.andy avatar
roth.andy

They have a product called cloudbees core which I believe is what usually gets talked about when saying licensed Jenkins. In my opinion the biggest advantage to cloudbees core is user management and governance of lots of distributed Jenkins Masters that different teams use. If you have 10 different development teams all running Jenkins themselves however they feel like doing it you can bring all that under one umbrella with cloudbees core.

Joe Presley avatar
Joe Presley

Ok. got it.

Joe Presley avatar
Joe Presley

Thanks a lot everyone for your insight.

jason einon avatar
jason einon

it would be interesting to see the cost, as I haven’t come across anything that cant be achieved with the open source version of Jenkins. with matrix access and folder based access i have achieved multi tenancy jenkins deployments for 3rd parties, running within a k8 environment means scalability is not an issue, the downside to multiple masters i see is more overhead from a management perspective.. I understand there are probably advantages… just curios to know if this outweighs the cost.

Joe Presley avatar
Joe Presley

I’m asking because I have a client who has Jenkins license. I want to determine whether we should shift to the open source version.

2020-09-11

2020-09-08

2020-09-03

Darren Cunningham avatar
Darren Cunningham

Our release process for CloudFormation (CDK) has failed us a few times recently. Meaning that when we go to deploy to PROD the deploy fails due to an expected diff.

It’s due to the fact that we’re only using two accounts, TEST & PROD. So all of the iterations of the CloudFormation template while they’re being worked on are deployed to TEST,. So TEST gets iterations of the CloudFormation and we skip those iterations when go to PROD.

Without adding another account to the mix, my thought is that we could update our pipeline so that at the point of PR merge we reset the deployed CloudFormation template in TEST to what is running in PROD then apply the changeset from the PR to TEST. This should recreate what will actually get deployed to PROD and catch those cases where skipping iterations creates unexpected conflicts.

Is this inline with what others are doing or am I starting from the wrong place altogether?

Darren Cunningham avatar
Darren Cunningham

TL;DR - how are you successfully CICD CloudFormation with multi-account?

loren avatar
loren

sounds about right… approach depends on the app i suppose, and whether the resources utilized can be configured more than once in an account. i.e. you could deploy a complete new instance of the app using the PROD version in the TEST account, then apply the updates from the PR to that stack

Darren Cunningham avatar
Darren Cunningham

probably can’t deploy them more than once in the same account/region. but I could deploy them to a region we’re not using and then destroy

Darren Cunningham avatar
Darren Cunningham

but then I’d get into the whole game of what regions that we’re not using, support everything we’re deploying within that stack

loren avatar
loren

it may also be worth separating portions of the app that can only be deployed once in the account into a different template/stack

loren avatar
loren

for example, enabling config, or setting the iam account alias

Darren Cunningham avatar
Darren Cunningham

yeah, I like that

loren avatar
loren

anything else could be refactored to support this kind of multi-deployment model perhaps

Darren Cunningham avatar
Darren Cunningham

yeah and I could move resources like S3 Buckets, etc to a sibling Stack

loren avatar
loren

stateful stuff with data can certainly be tricky, needs it’s own lifecycle for sure. it’s nice to at least have a mode for an s3 bucket that creates a unique name, or appends a unique id, so it is easy to create loads of wholly new instances on the fly

Darren Cunningham avatar
Darren Cunningham

CDK essentially does that for us

loren avatar
loren

by unique, i don’t necessarily mean “random”. but could be the branch name, for example. or a pr number. or a feature tracking number.

Darren Cunningham avatar
Darren Cunningham

oh, i see what you mean. yeah those resources (to date) haven’t been the issue. but noted.

loren avatar
loren

if you haven’t played with the aws amplify cli and console at all, it can be worth a spin. has modes to create wholly unique instances and backends per branch that are built and deployed as you push. while i’m not using amplify actively right now, working with it helped me reframe some of my ideas and misconceptions and approaches to managing deployments (particularly around cloudformation)

1

2020-09-02

jason einon avatar
jason einon

hey all, anyone using the JTE plugin… looking at it, but dont want to go too far down if there are known limitations, setup running jenkins in a gke cluster with kubernetes agents

Zach avatar

anyone using harness.io ? I’m curious about pricing (ballpark to see if its even worth looking further at)

roth.andy avatar
roth.andy

my company is doing a small PoC with them. Their pricing is per pod deployed

Zach avatar

Ah yah that matches up with what I saw on a rando blog post … which means the annual cost is $

roth.andy avatar
roth.andy

yes. we currently have a license for 100 pods. I don’t know exactly how much it is but it is on the order of several thousand dollars per year

Zach avatar

“several” thousand would be ok, the pricing I saw suggested it would be more like $60k for 150-200 EC2 instances

Zach avatar

which would get me laughed out of the room by my VP

Jonathan Marcus avatar
Jonathan Marcus

Is that 200 permanent EC2 instances for $60K/year? Or do they scale up to 200 as needed? Because a single c5.large is $438/year if you pay upfront, so $60K/year sounds reasonable? Or does their $60K only include their pricing and not the compute cost itself?

Zach avatar

they don’t provide the infra

Jonathan Marcus avatar
Jonathan Marcus

Oh wow. Yeah that’s a different story then.

Zach avatar

I dunno if its accurate, but just some googling the other day I found a suggestion that it was priced at $25/node/month

Zach avatar

so for 200 nodes that would be 60k annual. Seems a bit absurd to price that way though if they aren’t actually running or managing anything on the node itself

Zach avatar

which is why I was hoping someone might have actual real world info (before I reach out and have to sit through a 2 hour sale pitch)

roth.andy avatar
roth.andy

the reason to go with something like harness is needing an enterprise-level centralized deployment strategy, with governance and auditability. If you just want cool deployments something like ArgoCD is probably better to go with

Zach avatar

yah thats fine, I’m more looking for “small tier centralized deployment”

roth.andy avatar
roth.andy

have you looked at Codefresh’s CD capabilities?

Zach avatar

briefly, but since they lock SSO and > 10 users on enterprise….

roth.andy avatar
roth.andy

Lol. I guess the size of my company has rewired my brain. something that costs ~$10,000 is a rounding error in the contracts we do

roth.andy avatar
roth.andy

If I yank myself back to before when I was at a company with 10 employees I see exactly what you are talking about

Zach avatar

yah…. our monthly aws spend is like 16-17k

Zach avatar

Might bite the bullet and see how bad spinnaker is to set up

roth.andy avatar
roth.andy

Never done it myself, but I’ve heard its a 900 lb gorilla

Zach avatar

Thats what I’ve heard too … sooooo maybe too much for what i need.

btai avatar

@ fwiw i think codefresh can bundle SSO into a non-enterprise plan. at least that was the case this time last year

Zach avatar

hm ok, I’m just going off their pricing/feature page

btai avatar

its not free still, you just don’t need to be enterprise

Zach avatar

Yah I understood. I just mean on their site that SSO is labeled as an enterprise feature.

btai avatar

pricing model per pod sounds atrocious though. its not like harness is doing anything differently deploying a helm chart with 1 pod or 100 pods

roth.andy avatar
roth.andy

I’d rather have that than per user pricing

roth.andy avatar
roth.andy

At least this way it is correlated to usage

roth.andy avatar
roth.andy

One of the reasons we are considering codefresh over cloudbees is cloudbees is per user, and we have like 4000 users

roth.andy avatar
roth.andy

Codefresh is per concurrent pipeline

btai avatar

we have like 4000 pods

btai avatar

but yeah same, one of the pros to chosing codefresh was because they didnt charge us per user. i think that has changed though?

roth.andy avatar
roth.andy

Enterprise is still unlimited users

roth.andy avatar
roth.andy

Looks like pro is 10 users max now

kskewes avatar
kskewes

We run Spinnaker with 2 sre for 2 years and it is heavyweight but dunno what else would use. K8s is straight forward but I haven’t been able to use EC2 how I’d want after couple attempts so…

Zach avatar


K8s is straight forward but I haven’t been able to use EC2 how I’d want after couple attempts so
Do you mean running spinnaker on ec2 vs K8, or using spinnaker to manage ec2 deploys?

kskewes avatar
kskewes

We run Spinnaker on k8s and deploy k8s is good but bake deploy ec2 still not done yet.

    keyboard_arrow_up