Jenkins 2 addresses ease and security, not scalability
- 26 April, 2016 20:00
Jenkins 2, an upgrade to the popular continuous integration and delivery platform for software development projects, will formally debut Tuesday with improvements to usability and security. But scalability, which has been a thorn in the side of Jenkins, will have to wait for now.
Jenkins 2 emphasizes the use of coding pipelines and suggested configurations, and provides security by default. It will have a set of suggested plug-ins so that users don't need to become Jenkins experts before using the software, said R. Tyler Croy, Jenkins project member and CloudBees community evangelist. Additionally, a list of suggested plug-ins, such as Git, is provided to help up set up the platform.
Rival CI/CD vendors CircleCI and Atlassian see their own technologies as more scalable alternative to Jenkins. As application development teams start speeding up delivery to customers, this increases the load on infrastructure, and Jenkins wasn't really built for it, said Jim Rose, CEO of CircleCI. Instead, Jenkins is managed at the server level, with plug-ins added, so the only way to scale it is to load more versions. A development team then has to manage different deployment pipelines.
Asked about CircleCI's criticism, Croy acknowledged a scalabilty challenge for the Jenkins master. Scaling, however, will be addressed after the 2.0 release. We don't see it [as an issue] for the vast majority of Jenkins users," he said, as the feature affects only very large installations, such as Yahoo or Google, with more than 3,000 or 4,000 jobs running as many as hundreds of thousands of job executions per day. They have had to partition out Jenkins to achieve scalability, but users have the option of deploying SaaS-based versions of Jenkins to help with scalablity and managing multiple Jenkins instances.
For now, the Jenkins upgrade focuses on coding pipelines. This feature enables users to define the full CD pipeline in a piece of code that can be checked into a Git or Subversion repository. Croy considers pipeline-as-code a third interface for interacting with Jenkins, along with Web and command-line interfaces.
Security is critical in version 2.0 as well. "When Jenkins comes up, it comes up secure right out the box, so no one else can configure your Jenkins for you," Croy said. A built-in admin capability is enabled already so that only an administrator can administer the platform.
The challenge with security and build servers in general is users want to automate the build, test, and deploy pipelines, so a build server has to have a privileged level of access. Security by default is encouraged, and precautions need to be taken with continuous delivery to avoid shipping of bad or insecure code, Croy said.
Version 2.0 has more documentation and will be made more user-friendly. "When I go to conferences, [lack of user-friendliness] is probably the number thing that I hear about," said Croy.