Configuring a Kubernetes installation with internal and external agents

2 minute readReference

CloudBees CD/RO installation on Kubernetes uses internal services within the cluster to communicate between components, which ensures that communication within the cluster is efficient and secure. A common method for deploying CloudBees CD/RO on Kubernetes is to install CloudBees CD/RO components inside the Kubernetes cluster while installing worker agents such as deployment targets outside the cluster, such as on VMs and traditional platforms.

k8s topology external agents

In a mixed inside and outside deployment use case, communications with the CloudBees CD/RO components happen with internal services installed on Kubernetes, while communication with CD agents happen outside the cluster. These external agents can communicate with the internal components using a pair of gateway agents.

Gateway agent pairs can be installed using one of these methods:

  • Using the CloudBees CD/RO Helm chart

  • Using the CloudBees CD/RO agent Helm chart

Installation of the gateway agent pair using the CloudBees CD/RO Helm chart

  1. Enable both internalGatewayAgent and externalGatewayAgent to enable the CloudBees CD/RO chart to install the agent sub-chart as gateway agents. Make sure you set and externalGatewayAgent.service.publicHostName both as the same value:

      enabled: true
      enabled: true
  2. Ensure your default values file has nginx-ingress (Kubernetes versions 1.21 and earlier) or ingress-nginx (Kubernetes versions 1.22 and later) tcp config map settings uncommented, to expose the 7800 gateway agents service:

    nginx-ingress or ingress-nginx:
        8200: "{{ .Release.Namespace }}/flow-repository:8200"
        8443: "{{ .Release.Namespace }}/flow-server:8443"
        7800: "{{ .Release.Namespace }}/gateway-external-agent-flow-agents:7800"
  3. If you are not creating an ingress controller as part of the CloudBees CD/RO chart because you already have an existing ingress controller make sure you have tcpconfig map added to expose above ports and services (for more details, refer to the the official documentation):

helm repo add cloudbees
helm repo update
helm install releaseName cloudbees/cloudbees-flow \
          -f valuesFile --namespace nameSpace --timeout 10000s

Installation of the gateway agent using the CloudBees CD/RO agent Helm chart

To create the gateway agent using the agent chart:

  1. Create the server secret:

    # Flow server credentials to use in order to register
    # with agent as a resource on the Flow server.
    kubectl create secret generic flow-agent-secret \
     --from-literal=CBF_SERVER_USER='admin' \
     --from-literal=CBF_SERVER_PASSWORD=<flow-server-password> \
     -n <namespace>
  2. Create a values file for the internal agent called gateway-default-agent.yaml:

    resourceName: gateway-default-agent
    replicas: 1
      existingSecret: flow-agent-secret
      publicHostName: gateway-default-agent-flow-agents
  3. Install the gateway internal agent using gateway-default-agent.yaml:

    helm install gateway-default-agent cloudbees/cloudbees-flow-agent \
    -f gateway-default-agent.yaml -n <namespace>
  4. Create a values file for the external agent called gateway-external-agent.yaml that adds zoneName, publicHostName and gateway configuration:

    resourceName: gateway-external-agent
    zoneName: external
      # External DNS hostname that the external agents would use to communicate
      # with the external gateway agent
    # configure gateway using external gateway agent
      # configure gateway using this agent
      enabled: true
      # Name of the gateway to create
      name: external
      # Name of gateway agent to pair with as gateway resource 2
      pairedResourceName: gateway-default-agent
      existingSecret: flow-agent-secret
  5. Install the gateway external agent using gateway-external-agent.yaml:

    helm install gateway-external-agent cloudbees/cloudbees-flow-agent \
    -f gateway-external-agent.yaml -n <namespace>