Deploy CloudBees CI to Amazon Web Services (AWS) Elastic Kubernetes Service (EKS) clusters
The CloudBees CI AWS partner add-on streamlines the adoption and experimentation of CloudBees CI enterprise features by:
- Encapsulating the deployment of CloudBees CI on modern platforms in AWS EKS and additional Kubernetes resources into a Terraform module.
- Providing a series of opinionated blueprints that implement the CloudBees CI add-on module for use with Amazon EKS blueprints for Terraform, which are aligned with the EKS Best Practices Guides.
Implementation examples are included in the blueprints folder, however, this is the simplest example of usage:
module "eks_blueprints_addon_cbci" {
source = "cloudbees/cloudbees-ci-eks-addon/aws"
version = ">= 3.19313.0"
hosted_zone = "example.domain.com"
cert_arn = "arn:aws:acm:us-east-1:0000000:certificate/0000000-aaaa-bbb-ccc-thisIsAnExample"
trial_license = {
first_name = "Foo"
last_name = "Bar"
email = "foo.bar@acme.com"
company = "Acme Inc."
}
}
By default, it uses a minimum required configuration described in the Helm chart values.yaml file. If you need to override any default settings with the chart, you can do so by passing the helm_config
variable.
The blueprint deploy
and destroy
phases use the same requirements provided in the AWS EKS Blueprints for Terraform - Prerequisites. However, the blueprint validate
phase may require additional tooling, such as jq
and velero
.
Note
There is a companion Dockerfile to run the blueprints in a containerized development environment, ensuring all dependencies are met. It can be built locally using the Makefile target make bpAgent-dRun
.
Before getting started, you must export your required AWS environment variables to your CLI (for example, AWS_ACCESS_KEY_ID
, AWS_SECRET_ACCESS_KEY
, and AWS_PROFILE
).
These blueprints rely on an existing hosted zone in AWS Route 53. If you do not have a hosted zone, you can create one by following the AWS Route 53 documentation.
The two main components of CloudBees CI - the operations center and managed controllers - use a file system to persist data. By default, data is stored in the $JENKINS_HOME folder, but can be configured to be stored in Amazon Elastic Block Store (Amazon EBS) or Amazon Elastic File System (Amazon EFS):
- Amazon EBS volumes are scoped to a particular availability zone to offer high-speed, low-latency access to the Amazon Elastic Compute Cloud (Amazon EC2) instances they are connected to. If an availability zone fails, an Amazon EBS volume becomes inaccessible due to file corruption, or there is a service outage, the data on these volumes becomes inaccessible. The operations center and managed controller pods require this persistent data and have no mechanism to replicate the data, so CloudBees recommends frequent backups for Amazon EBS.
- Amazon EFS file systems are scoped to an AWS region and can be accessed from any availability zone in the region that the file system was created in. Using Amazon EFS as a storage class for the operations center and managed controllers allows pods to be rescheduled successfully onto healthy nodes in the event of an availability zone outage. Amazon EFS is more expensive than Amazon EBS, but provides greater fault tolerance.
Important
CloudBees CI High Availability (HA) (active-active) requires Amazon EFS. For more information, refer to CloudBees CI EKS storage requirements.
Note
- For more information on pricing and cost analysis, refer to Amazon EBS pricing, Amazon EFS pricing, and CloudBees CI with HA Mode Enabled: Sample cost analysis on AWS.
- For more information on performance, refer to Amazon EBS performance, Amazon EFS performance, and Analyzing CloudBees CI's High Availability: Performance, Bottlenecks, and Conclusions.
This module runs with a trial license for CloudBees CI. Once the trial has expired, refer to CloudBees CI license expiration FAQ to determine your next steps.
Note
This addon appends the string [EKS_TF_ADDON]
to the Trial License last name for telemetry purposes.
The CloudBees CI add-on uses helms release
for its resources definition, making it compatible with AWS EKS Blueprint v4 and AWS EKS Blueprint v5. For more information, refer to Amazon EKS Blueprints for Terraform: v4 to v5 migration.
Name | Description | Type | Default | Required |
---|---|---|---|---|
cert_arn | AWS Certificate Manager (ACM) certificate for Amazon Resource Names (ARN). | string |
n/a | yes |
hosted_zone | Amazon Route 53 hosted zone name. | string |
n/a | yes |
trial_license | CloudBees CI trial license details for evaluation. | map(string) |
n/a | yes |
casc_secrets_file | Secrets .yml file path containing the names: values secrets. It is required when create_casc_secrets is enabled. | string |
"secrets-values.yml" |
no |
create_casc_secrets | Create a Kubernetes basic secret for CloudBees CasC (cbci-sec-casc) and mount it into the operations center (/var/run/secrets/cbci). | bool |
false |
no |
create_reg_secret | Create a Kubernetes dockerconfigjson secret for container registry authentication (cbci-sec-reg) for CI builds agents. | bool |
false |
no |
helm_config | CloudBees CI Helm chart configuration. | any |
{ |
no |
prometheus_target | Creates a service monitor to discover the CloudBees CI Prometheus target dynamically. It is designed to be enabled with the AWS EKS Terraform Addon Kube Prometheus Stack. | bool |
false |
no |
prometheus_target_ns | Prometheus target namespace, designed to be enabled with the AWS EKS Terraform Addon Kube Prometheus Stack. It is required when prometheus_target is enabled. | string |
"observability" |
no |
reg_secret_auth | Registry server authentication details for cbci-sec-reg secret. It is required when create_reg_secret is enabled. | map(string) |
{ |
no |
reg_secret_ns | Agent namespace to allocate the cbci-sec-reg secret. It is required when create_reg_secret is enabled. | string |
"cbci" |
no |
Name | Description |
---|---|
cbci_domain_name | Amazon Route 53 domain name to host CloudBees CI services. |
cbci_liveness_probe_ext | Operations center service external liveness probe for the CloudBees CI add-on. |
cbci_liveness_probe_int | Operations center service internal liveness probe for the CloudBees CI add-on. |
cbci_namespace | Namespace for the CloudBees CI add-on. |
cbci_oc_ing | Operations center Ingress for the CloudBees CI add-on. |
cbci_oc_pod | Operations center pod for the CloudBees CI add-on. |
cbci_oc_url | Operations center URL for the CloudBees CI add-on using a subdomain and certificates. |
cbci_sec_casc | Optional. Kubernetes secrets name for CloudBees CI Casc. |
cbci_sec_registry | Optional. Kubernetes secrets name for CloudBees CI agents to authenticate the registry. |
merged_helm_config | (merged) Helm configuration for CloudBees CI. |