Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.

Intuit Build Platform Journey - Jenkins World 2018

199 vues

Publié le

Intuit is building out a large scale distributed Jenkins platform that supports upwards of 20,000 builds a day. This platform consists of Jenkins LTS along with a distributed control plane that provides key capabilities: Resiliency, Reliability, Scale, Seamless upgrades, Developer Self-Service, Authn/Authz and more. The platform is an enterprise grade distributed build platform while meeting stringent scalability, security and compliance requirements , while minimizing cost and administrative burden for the platform team. This platform is built from the ground up leveraging Docker and Kubernetes.

This presentation goes through details of Intuit’s journey, the multiple generations of build systems that the company evolved through, and a dive deep into the current distributed Jenkins platform.

This content was presented at the Jenkins World 2018 conference.

Publié dans : Ingénierie
  • Soyez le premier à commenter

Intuit Build Platform Journey - Jenkins World 2018

  1. 1. Transforming Builds at Intuit Srivathsan Canchi Narayanan Singaram
  2. 2. 2 Powering Prosperity Around the World
  3. 3. © 2018 All Rights Reserved. 3 Consumers Small Businesses Self-Employed
  4. 4. 4 Open source workflow engine In Open Source
  5. 5. © 2018 All Rights Reserved. 5 Intuit’s Build Platform All Intuit Applications Multi Platform
  6. 6. © 2018 All Rights Reserved. 6 Intuit Build Platform - First Generation (v1) ● Jenkins 1.x based ● Templatized builds ● VM based fleet ● On demand EC2 executors ● Optimized cloud resource management ● Comprehensive build metrics and reporting
  7. 7. © 2018 All Rights Reserved. 7 Scale of the platform All Intuit Applications 850,000Jobs per Month (Build + Test) 250,000Tests per Month Multi Platform
  8. 8. © 2018 All Rights Reserved. 8 However..
  9. 9. © 2018 All Rights Reserved. 9 Challenges at Scale Scaling on the fly is hard Efficiency Do not have a smooth code to production experience Developer Pain Customizations leads to operational complexity and developer pain Customizations
  10. 10. 10 Back to the Drawing Board
  11. 11. © 2018 All Rights Reserved. 11 Rethinking the Platform ● Simple ● Native ● Declarative ● Reproducible ● Fast ● Shareable Developer Delight ● Designed for delight ● Open source ● Self-service ● Customizable Decision Principles ● Convention based ● Wide integration ● Docker support ● Secure ● Debuggable ● Open contribution Rich Features
  12. 12. © 2018 All Rights Reserved. 12 Implementation Technologies
  13. 13. © 2018 All Rights Reserved. 13 Intuit Build Platform - Managed Jenkins @ Scale Platform provides: ● Jenkins instance for each team / project ● Self-service for Jenkins lifecycle management ○ Jenkins 2 ○ Blue Ocean ○ Few Key Plugins ● Managed upgrades of Jenkins + default plugins Customers get full control: ● Full admin access ● Install additional plugins ● Configure additional shared libraries
  14. 14. © 2018 All Rights Reserved. 14 Architecture ● Designed for scale ● Kubernetes-native ● CRD ● Fleet Manager ● Security ○ RBAC ○ Namespaces for individual Jenkins
  15. 15. © 2018 All Rights Reserved. 15 Control Plane Components ● CRD ○ Kubernetes-native / Declarative ○ Describes active state of every Jenkins ● Fleet Manager ○ Manages all Jenkins instances in the fleet ○ Fleet wide Visibility ○ Lifecycle Management
  16. 16. © 2018 All Rights Reserved. 16 Jenkins Configuration - Configuration via code - Very critical as k8s can reschedule the Jenkins pod - Jenkins init.d based configuration - SSO - SMTP - Tokens - Shared library - Plugin configurations - Default executor pod template - Pro Tip - Always use groovy scripts for configuration, do not modify XML files
  17. 17. © 2018 All Rights Reserved. 17 Ingress ● Single Endpoint for all Jenkins instances ○ Single LB VIP ● L7-based ingress ○ No need to create separate SSL certificate for each Jenkins instance ○ Stay away from wildcard SSL certificate
  18. 18. © 2018 All Rights Reserved. 18 Cross Account Access ● Pre-assign an AWS IAM role to each Jenkins instance ● Jenkins executors run with the assigned role ○ Kiam used as k8s IAM role assumption facilitator ● Enables accessing AWS resources in other accounts ○ S3 bucket access ○ K8s cluster access ○ EC2 resource creation
  19. 19. © 2018 All Rights Reserved. 19 Key Capabilities - Shared Pipeline Libraries - Hardened pipelines for paved paths - Java - Node.JS - Common Reusable Build Steps - Secrets Access - Trigger CD - Docker Builds - DIND daemonset to enable Docker builds - Socket: /var/run/dind/docker.sock - Mount DIND daemon Docker socket into container to build image
  20. 20. © 2018 All Rights Reserved. 20 FROM TO Developers could not install plugins Developers have full control Customizations are hard Developers self-customize via Jenkinsfiles High queue times for builds Negligible queue times Wasted resources and higher cost Optimized resource utilization
  21. 21. Q & A
  22. 22. 22 https://careers.intuit.com We are Hiring!

×