[Jenkins-infra] Jenkins.io migration on Azure

Olblak me at olblak.com
Thu Jul 6 11:48:52 UTC 2017

Hi Ben,

Thanks a lot for your comments, they are very interesting.


Indeed, it's better to redirect jenkins.io to www.jenkins.io and use
www.jenkins.io as the main URL.


You raised a very good point here.
First keep in mind that DNS is not (yet?) managed by Azure.

As Kubernetes service provide a public IP, we just have to configure a
'A' record on this public IP.
Right now we loose this IP when the Kubernetes cluster is deleted.
But with Kubernetes 1.7 (we are running an older version), we can assign
a reserved public IP to a service so it will be a good improvement.


I am already aware of performance limitations for AFS, but there isn't
any easy alternative.
I already discussed with people who use a glusterfs cluster but this
require more work.

Right now, we only use Azure File Volume, because it's the only Azure
persistent volume on Kubernetes that supports READ/WRITE many.
Azure Disk Volume only support READ/WRITE once.
-> https://kubernetes.io/docs/concepts/storage/persistent-volumes/

Remark: Instead of 'mounting' AFS inside containers, we can also query
blob storage content through HTTP but I really doubt that performance
will be better and it's more expensive.


I agree with you but I don't think that it was plan to use a CDN with
the main website.
Mainly for budget reasons.

Success Criteria:

Good point, I'll add some success criteria

Good point, I'll check what need to be done for HSTS

Load Balancer

I still have to document that.
To make it short:

| External endpoint  >  K8s Service (Public IP)   > K8s Ingress  
                   >   K8s Service (Private IP)      > Kubernetes Pods     |
| Client                     >  Azure Load Balancer     > Nginx
containers on k8s  >   Internal Loadbalancer        > Docker container    |
|plugins.jenkins.io   >  XXX.XXX.XXX.XXX         > Redirect to
application    >   LoadBalance to container  > pluginsite container|

Load Testing
Indeed it's something to do


It's a concerned that already raised my mind but it's not an 'easy' one
to solve.
The good point is that Minikube works quiet well (I already deployed the
infrastructure on it) but it requires specific adaptation to work
without Azure's specificities like persistent volumes.

So if we can have an Azure account, it's easier to deploy everything.

1. All the provisioning is done with github.com/jenkins-infra/azure
2. All the configuration is done with github.com/jenkins-infra/jenkins-infra

On 07/06/2017 01:38 AM, Ben Walding wrote:
> It's unclear from IEP-004 / IEP-006 how a request is routed in from
> the internet (or CDN) to a particular container.

More information about the Jenkins-infra mailing list