CloudBees Scales Jenkins, Redefines DevSecOps
CloudBees, which offers a software delivery platform for enterprises, announced significant performance and scalability enhancements to Jenkins with new updates to its CloudBees Continuous Integration (CI) software. The company also delivered a new DevSecOps solution based on Tekton.
CloudBees made the announcements at the recent DevOps World 2023 conference. CloudBees CI is an enterprise version of Jenkins. Jenkins is the most widely used CI/CD software globally, with an estimated 11.2 million developers using it as part of their software delivery process, the company said.
HA, Scalability, Performance
The new updates bring high availability and horizontal scalability to Jenkins, eliminating the bottlenecks that plague administrators and developers as they massively scale CI/CD workloads on Jenkins, said Sacha Labourey, co-founder and chief strategy officer at CloudBees.
“The ability to roll out, protect, and scale Jenkins on top of Kubernetes is critical to Jenkins remaining the go-to platform for managing CI/CD pipelines,” said Torsten Volk, an analyst at Enterprise Management Associates. “The over 1000 existing integrations are still a massive argument for many DevOps teams to adopt or stay with Jenkins, but now these integrations no longer come at the expense of adding tech debt.”
In addition, CloudBees announced additional performance-enhancing capabilities such as workspace caching to speed up builds and a new AI-powered pipeline explorer for easier and faster debugging.
“I think these changes are significant to existing Jenkins users, and there are still a lot of Jenkins users,” said Jim Mercer, an analyst at IDC. Specifically, he noted:
- The caching will help to improve startup times and the speed of Jenkins pipelines.
- The HA and scaling create additional controller replicas to balance the load of multiple users doing builds concurrently, appearing to the developer as a single controller. Previously, organizations attempted to mitigate the Jenkins controller issue by adding more Jenkins instances, creating other overhead for administration, etc.
“These changes’ overall theme is improving the developer experience by addressing issues where time is lost and enhancing their lives,” Mercer said. “These are not sexy changes per se, but they benefit the Jenkins user base.”
Jenkins has long had scalability issues, said Jason Bloomberg, an analyst at Intellyx. “So the Cloudbees High Availability Mode is a welcome update. Now Jenkins will no longer have a single point of failure and will also offer automatic load balancing — capabilities expected in any cloud environment and long overdue for Jenkins.”
Moreover, high availability and horizontal scalability for Jenkins is a capability our enterprise customers have wanted for a long time, Labourey told The New Stack
“The ability to run Jenkins at massive scale with active-active high availability becomes especially critical when you’re dealing with thousands of developers, running multiple thousands or hundreds of thousands of jobs across a small set of monolithic, overloaded controllers,” said Shawn Ahmed, chief product officer, CloudBees, in a statement. “At this scale, you are dealing with a community of developers that want a high-resiliency developer experience with no disruption. We have removed significant barriers in scaling Jenkins, enabling enterprises to run greater workloads than ever before. The new capabilities in CloudBees CI are a game-changing experience for DevOps teams.”
Other Features
In addition to high availability and horizontal scalability, additional performance-enhancing features introduced include:
- Workspace Caching – Improves the performance of Jenkins by speeding up builds.
- Pipeline Explorer – Easier and faster AI-powered debugging. Find and fix pipeline issues in complex environments with massive Jenkins workloads.
- Build Storm Prevention – Baseline your repository without causing build storms (gridlock on startup).
“We had a full-fledged CI/CD offering but it was solely available as software,” Labourey said. “So our customers were deployed on-premises or in their own public cloud accounts. But we own and operate those environments. And obviously there is a desire for more SaaS consumption, but also the evolution towards more cloud native types of workloads. And so that’s what we are releasing and announcing now and releasing on November 1 to all customers. And we’ve been working on this for a long time.”
Tekton-Based DevSecOps
Meanwhile, the new CloudBees DevSecOps platform is built on Tekton, uses a GitHub Actions style domain-specific language (DSL), and adds feature flagging, security, compliance, pipeline orchestration, analytics and value stream management (VSM) into a fully managed single-tenant SaaS, multitenant SaaS or on-premises virtual private cloud instance.
“The new CloudBees platform turns Tekton into an easy-to-use pipeline automation solution and can directly benefit from Jenkins also running and scaling with Kubernetes,” Volk said. “This strategy makes sense as it builds on existing differentiation (1000 plugins) and aims to make Tekton, an incredibly scalable pipeline automation framework, accessible to the masses.”
CloudBees said its new extensible DevSecOps platform redefines DevSecOps by addressing the challenges associated with delivering better, more secure and compliant cloud native software at a faster pace than ever.
“DevSecOps has been harder to implement than people would like, so bringing the ‘Sec’ part of the equation into CloudBees’ expertise with DevOps can only be a step forward,” Bloomberg said.
What’s Old Is New?
But is it just old wine in new bottles?
“The adoption of Tekton by Cloudbees was originally announced back in the DevOps days in 2019 when they announced the JenkinsX project would delegate the execution layer to Tekton. So, I don’t see this as new,” Mercer told The New Stack. “Outside of this, the collection of capabilities, such as value stream management, compliance, and feature flags, provide compelling capabilities as an integrated stack. I am not a fan of the addition of a new DSL. I also feel like they would do well to promote their compliance capabilities more since our survey data shows this is a top challenge for teams.”
Moreover, CloudBees cites a new discipline called platform engineering, which has emerged as an evolution of DevOps practices. The discipline brings together multiple roles such as site reliability engineers (SREs), DevOps engineers, security teams, product managers, and operations teams. Their shared mission is to integrate all the siloed technology and tools used within the organization into a golden path for developers. The CloudBees platform is purpose-built for this mission, the company said in a statement.
In addition, CloudBees said its focus going forward is on the following imperatives:
- Developer-Centric Experience
Enhances the developer experience by minimizing cognitive load and making DevOps processes nearly invisible, using concepts of blocks, automation and golden paths.
- Open and Extensible
Embraces the DevOps ecosystem of tools, starting with Jenkins. This flexibility to orchestrate any other tool enables organizations to protect the investments they have already made in tooling. Teams can continue to use their preferred technologies simply by plugging them into the platform.
- Self-Service Model
Enables platform engineering to customize the platform, thus providing autonomy for development teams. For example, platform engineers can design automation and actions that are then consumed in a self-service mode by developers. Developers focus on what they do best: create innovation. No waiting for needed automation, actions, or resources.
- Security and Compliance
Centralizes security and compliance. The CloudBees platform comes with out-of-the-box workflow templates containing built-in security. Sensitive information, like passwords and tokens, are abstracted out of the pipeline, significantly enhancing security and compliance throughout the software development life cycle. Automated DevSecOps is baked in, with best-of-breed checks across source code, binaries, cloud environments, data and identity, all based on Open Policy Agent (OPA). Continuous compliance just happens, with out-of-the-box regulatory frameworks for standards such as FedRamp, SOC2 and automated evidence collection for the auditors.
“We have been using the CloudBees platform in beta. One significant value add for us was that it significantly reduced the time it took to pass our ISO 27001 compliance audit,” said Michel Lopez, founder and CEO at E2F, in a statement. “The auditor had scheduled 12 hours of interviews, but it ended after 60 minutes. This was because all of the controls were provided by the CloudBees platform.”
