and ideas for further writing
Goal: improve developer and operator happiness
- no. of Jenkins jobs
- dependencies (on various packages needed by job executors)
- a feeling (from dev & ops perspective) of overall complexity
- use Jenkins pipelines
- put CI/CD instructions & definitions in the codebase for each unit or application to be tested
- declaratively define test environments using Docker Compose
- minimal executors that have just Docker and Summon
- each pipeline stage is a single shell script
- use Conjur to store credentials
- use Summon to fetch creds
- assign authz for different creds using executor labels (eg. 'releaser')
- keep secrets off disk and out of source control
-
how to provision a minimal executor for Conjur-style Jenkins setups
ideally accompanied by ready-to-use AMI or Ansible playbook or similar
-
how to Conjurize a Jenkins executor and assign different privileges to different executor labels (via policy, layers, host hactory)
-
using Ansible + Conjur module to spin up Jenkins master and executors
declarative secuirty policy + declarative infrastructure
-
the above, but Puppet
-
using Summon + local OS keyring to run Jenkins jobs (build, tests, etc) locally as a developer
-
a day in the life of a Conjur Jenkins administrator (helping people add new jobs, updating entitlements, etc)