Appendix: AWS Running in an internal-only VPC
CloudBees will no longer be supporting CloudBees Jenkins Enterprise 1.x after July 30, 2020. This end-of-life announcement allows CloudBees to focus on driving new technology and product innovation for CloudBees CI. For information on moving to CloudBees CI, please refer to CloudBees Jenkins Enterprise 1.x to CloudBees CI on modern cloud platforms migration guide which has been created to help you with the migration process. Existing customers can also contact their CSM to help ensure a smooth transition. |
CloudBees Jenkins Enterprise installs by default by setting up public resources, such as ELBs or public IPs.
But it can be installed in an internal-only VPC if required.
Prerequisites
-
You need to have an existing VPC (or to set one up) and a subnet with outbound connectivity.
-
The workstation used for CloudBees Jenkins Enterprise installation need to have access to the VPC private network.
Reference architecture
This is the reference architecture we have been using to test this feature. Instances of the CloudBees Jenkins Enterprise cluster
are created using vpc-1
and subnet-1
. The CloudBees Jenkins Enterprise workstation was connected using VPN to another VPC peered to
vpc-1
through a VPC peering (pcx-1
).
An alternative would have been to create the CloudBees Jenkins Enterprise workstation directly in the VPC, on the public subnet (subnet-2
).
Resource Type | Elements | Attributes |
---|---|---|
VPC |
vpc-1 |
CIDR: 172.18.128.0/17 |
Subnet |
subnet-1 (private) |
CIDR: 172.18.128.0/24 Auto-assign Public IP: no Route Table: rt-1 |
subnet-2 (public) |
CIDR: 172.18.130.0/24 Auto-assign Public IP: yes Route Table: rt-2 |
|
Route table |
rt-1 (private) |
172.18.128.0/17 → local 0.0.0.0/0 → nat-1 172.18.64.0/18 → pcx-1 |
rt-2 (public) |
172.18.128.0/17 → local 0.0.0.0/0 → igw-1 172.18.64.0/18 → pcx-1 |
|
VPC Peering |
pcx-1 |
Peered VPC CIDR: 172.18.64.0/18 |
NAT Gateway |
nat-1 |
Attached to public subnet |
Internet Gateway |
igw-1 |