Project ideas for Google Summer of Code 2022 ☀️

Categories:

• blog

We have put together some project ideas as part of our application to participate in the Google Summer of Code 2022 program.

1. Cloud events integration with Jenkins X

Description

The only way to trigger jobs/workflows in Jenkins X at the moment is by listening to events from Source Control Management (SCM) providers like github, gitlab, bitbucket, however it would be nice to listen to other event sources and trigger jobs/pipelines in Jenkins X. One interesting application would be to trigger some Jenkins X job in response to some alerting event (pagerduty, opsgenie). As a start we should focus on (emitting and listening to) cloudevents which define a common format for events produced from different sources. This will also help make Jenkins X compatible with other platforms.

Expected Outcomes

• Jenkins X should be able to emit cloud events
• Jenkins X should be able to listen to cloud events, and run pipelines
• Updated documentation

Recommended skills

Golang, kubernetes, cloudevents, familiarity with lighthouse would be great, but not required

Mentors

• Ankit D Mohapatra
• Christopher Vig
• Tom Hobson

Resources

• https://cloudevents.io/
• https://www.youtube.com/watch?v=yg7RuDWHwV8
• https://www.jenkins.io/projects/gsoc/2021/projects/cloudevents-plugin/
• https://cdevents.dev/
• https://github.com/jenkins-x/lighthouse

Expected Size of project

350 hours

Difficulty rating

Hard

2. Supply chain security: Improve integration with sigstore and look at tekton chains

Description

With all the software breach that has happened recently, it has become necessary to add tooling to solve the issue around supply chain security. There are some good open source tools which can help with that (sigstore tools). As a CI/CD platform, Jenkins X needs to be integrated with them so that the end users can get this feature out of the box. Jenkins X leverages tekton as it’s pipeline execution engine. However, we dont integrate with tekton chain yet. Also similar to tekton chains, we should have a jenkins X operator that can take a snapshot of the jx pipeline activities or lighthouse jobs, sign them and store them in a cloud store eventually. Catalog should be updated to include trivy tasks, so that users can start using them with no to minimal effort. As a start, we should start signing the various artifacts produced by Jenkins X (binaries, docker images, helm charts).

Expected Outcomes

• Jenkins X artifacts (helm charts, docker images, binaries) are all cryptographically signed.
• Integration with tekton chains
• An operator which can take snapshot of the jx pipeline activities, sign them and store them in the cloud storage.

Recommended skills

golang, kubernetes, (basic) understanding of security

Mentors

• Ankit D Mohapatra
• Christopher Vig
• Tom Hobson

Resources

• https://youtu.be/SqgkbCKp8kE
• https://github.com/sigstore
• https://itnext.io/sigstore-a-solution-to-software-supply-chain-security-35bc96bddad5
• https://tekton.dev/docs/chains/

Expected Size of project

350 hours

Difficulty rating

Medium

3. New Jenkins X UI

Description

Currently, the way to manage (CRUD) Jenkins X resources(pipelines) is by using the cli. While the CLI is very powerful and user friendly, it should be used by power users (release team who installs and manages jenkins x clusters). We should not expect developers who are concerned with only the pipelines to install the cli (This does not scale when you have 100+ developers in the company) We do have a UI/dashboard, but it is read only, so users cannot use it to trigger release pipelines or stop running pipelines. In addition, we do not have an audit trail of who did what. So, we propose a new UI/dashboard which has feature parity with the CLI (including SSO and RBAC) The UI should make the JX cli redundant, and add more value to the user with easily available status and logs of the entire cluster

Expected Outcomes

• Fully functional Jenkins X Dashboard running in the kubernetes cluster
• Drop in replacement for existing read only UI
• Audit trail of who took what action in the UI
• Updated documentation

Recommended skills

golang, basic understanding of sveltejs (or any js framework), css, kubernetes

Mentors

• Ankit D Mohapatra
• Christopher Vig
• Tom Hobson

Resources

• https://youtu.be/AdNJ3fydeao
• https://svelte.dev/
• https://kit.svelte.dev/
• https://tailwindcss.com/
• https://go.dev/tour/welcome/1

Expected Size of project

350 hours

Difficulty rating

Hard

4. Quickstart Improvements

Description

Create new quickstarts that showcase interesting features and kubernetes deployment best practices. This includes prometheus integrations, database integrations for preview demos, documentation and a better interface for creating quickstarts, rootless containers. The current quickstarts were created three years ago and are not up to date. It would be good to have them updated, and also add quick starts for newer languages and frameworks.

Expected Outcomes

• Updated quickstarts
• Quickstarts for new languages and frameworks
• Updated documentation

Recommended skills

Some knowledge on various programming languages and some deeper knowledge of Kubernetes deployment and operations.

Mentors

• Ankit D Mohapatra
• Christopher Vig
• Tom Hobson

Resources

• https://github.com/jenkins-x-quickstarts
• https://github.com/jenkins-x/jx3-pipeline-catalog

Expected Size of project

175 hours

Difficulty rating

Easy

5. Implement drift detection (gitops)

Description

Jenkins X only applies changes to cluster when contents of the gitops repository changes. This does not satisfy one of the requirements of the gitops model. It would be nice to detect drift between the current state (kubernetes) and the desired state (git) and apply only those changes. This has the side effect of making the boot job faster.

Expected Outcomes

• Drift detection in Jenkins X
• Configurable interval when Jenkins X will do a drift detection and apply the changes
• Updated documentation

Recommended skills

Kubernetes, golang, Jenkins X, basic understanding of gitops.

Mentors

• Ankit D Mohapatra
• Christopher Vig
• Tom Hobson

Resources

• https://opengitops.dev/

Expected Size of project

175 hours

Difficulty rating

Medium

6. Multi-tenancy in Jenkins X

Description

Installing multiple versions of Jenkins X in a single kubernetes cluster is not supported. There are both architectural and scalability issues around it. This would be beneficial for small teams within organizations who want to own their entire CI/CD platform instead of relying on a central release management team which can lead to more productive teams.

Expected outcomes

• A multi-tenant enabled Jenkins X install (jenkins X in different namespaces or a central jx install controlling pipelines running for different tenants)
• Better scaling and security model for Jenkins X
• Updated documentation

Recommended skills

Golang, kubernetes, event driven architecture

Mentors

• Ankit D Mohapatra
• Christopher Vig
• Tom Hobson

Expected Size of project

350 hours

Difficulty rating

Hard

Next Steps

If Jenkins X gets selected, we will create a followup blog with additional details.

• ←Previous
Next→