CloudBees CI add-on for Amazon EKS blueprints

CloudBees CI add-on for Amazon EKS blueprints

Deploy CloudBees CI to Amazon Web Services (AWS) Elastic Kubernetes Service (EKS) clusters


GitHub Latest Release) GitHub Issues Code Quality: Terraform Code Quality: Super-Linter Documentation: MD Links Checker Documentation: terraform-docs gitleaks badge gitsecrets

Motivation

The CloudBees CI AWS partner add-on streamlines the adoption and experimentation of CloudBees CI enterprise features by:

Usage

Implementation examples are included in the blueprints folder, however, this is the simplest example of usage:

module "eks_blueprints_addon_cbci" {
  source  = "cloudbees/cloudbees-ci-eks-addon/aws"
  version = ">= 3.19313.0"

  hosted_zone    = "example.domain.com"
  cert_arn     = "arn:aws:acm:us-east-1:0000000:certificate/0000000-aaaa-bbb-ccc-thisIsAnExample"
  trial_license = {
    first_name  = "Foo"
    last_name  = "Bar"
    email = "foo.bar@acme.com"
    company = "Acme Inc."
  }

}

By default, it uses a minimum required configuration described in the Helm chart values.yaml file. If you need to override any default settings with the chart, you can do so by passing the helm_config variable.

Prerequisites

Tools

The blueprint deploy and destroy phases use the same requirements provided in the AWS EKS Blueprints for Terraform - Prerequisites. However, the blueprint validate phase may require additional tooling, such as jq and velero.

Note

There is a companion Dockerfile to run the blueprints in a containerized development environment, ensuring all dependencies are met. It can be built locally using the Makefile target make bpAgent-dRun.

AWS authentication

Before getting started, you must export your required AWS environment variables to your CLI (for example, AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, and AWS_PROFILE).

Existing AWS hosted zone

These blueprints rely on an existing hosted zone in AWS Route 53. If you do not have a hosted zone, you can create one by following the AWS Route 53 documentation.

Data Storage Options

The two main components of CloudBees CI - the operations center and managed controllers - use a file system to persist data. By default, data is stored in the $JENKINS_HOME folder, but can be configured to be stored in Amazon Elastic Block Store (Amazon EBS) or Amazon Elastic File System (Amazon EFS):

  • Amazon EBS volumes are scoped to a particular availability zone to offer high-speed, low-latency access to the Amazon Elastic Compute Cloud (Amazon EC2) instances they are connected to. If an availability zone fails, an Amazon EBS volume becomes inaccessible due to file corruption, or there is a service outage, the data on these volumes becomes inaccessible. The operations center and managed controller pods require this persistent data and have no mechanism to replicate the data, so CloudBees recommends frequent backups for Amazon EBS.
  • Amazon EFS file systems are scoped to an AWS region and can be accessed from any availability zone in the region that the file system was created in. Using Amazon EFS as a storage class for the operations center and managed controllers allows pods to be rescheduled successfully onto healthy nodes in the event of an availability zone outage. Amazon EFS is more expensive than Amazon EBS, but provides greater fault tolerance.

Important

CloudBees CI High Availability (HA) (active-active) requires Amazon EFS. For more information, refer to CloudBees CI EKS storage requirements.

CloudBees CI trial license

This module runs with a trial license for CloudBees CI. Once the trial has expired, refer to CloudBees CI license expiration FAQ to determine your next steps.

Note

This addon appends the string [EKS_TF_ADDON] to the Trial License last name for telemetry purposes.

Compatibility

The CloudBees CI add-on uses helms release for its resources definition, making it compatible with AWS EKS Blueprint v4 and AWS EKS Blueprint v5. For more information, refer to Amazon EKS Blueprints for Terraform: v4 to v5 migration.

Terraform documentation

Inputs

Name Description Type Default Required
cert_arn AWS Certificate Manager (ACM) certificate for Amazon Resource Names (ARN). string n/a yes
hosted_zone Amazon Route 53 hosted zone name. string n/a yes
trial_license CloudBees CI trial license details for evaluation. map(string) n/a yes
casc_secrets_file Secrets .yml file path containing the names: values secrets. It is required when create_casc_secrets is enabled. string "secrets-values.yml" no
create_casc_secrets Create a Kubernetes basic secret for CloudBees CasC (cbci-sec-casc) and mount it into the operations center (/var/run/secrets/cbci). bool false no
create_reg_secret Create a Kubernetes dockerconfigjson secret for container registry authentication (cbci-sec-reg) for CI builds agents. bool false no
helm_config CloudBees CI Helm chart configuration. any
{
"values": [
""
]
}
no
prometheus_target Creates a service monitor to discover the CloudBees CI Prometheus target dynamically. It is designed to be enabled with the AWS EKS Terraform Addon Kube Prometheus Stack. bool false no
prometheus_target_ns Prometheus target namespace, designed to be enabled with the AWS EKS Terraform Addon Kube Prometheus Stack. It is required when prometheus_target is enabled. string "observability" no
reg_secret_auth Registry server authentication details for cbci-sec-reg secret. It is required when create_reg_secret is enabled. map(string)
{
"email": "foo.bar@acme.com",
"password": "changeme1234",
"server": "my-registry.acme:5000",
"username": "foo"
}
no
reg_secret_ns Agent namespace to allocate the cbci-sec-reg secret. It is required when create_reg_secret is enabled. string "cbci" no

Outputs

Name Description
cbci_domain_name Amazon Route 53 domain name to host CloudBees CI services.
cbci_liveness_probe_ext Operations center service external liveness probe for the CloudBees CI add-on.
cbci_liveness_probe_int Operations center service internal liveness probe for the CloudBees CI add-on.
cbci_namespace Namespace for the CloudBees CI add-on.
cbci_oc_ing Operations center Ingress for the CloudBees CI add-on.
cbci_oc_pod Operations center pod for the CloudBees CI add-on.
cbci_oc_url Operations center URL for the CloudBees CI add-on using a subdomain and certificates.
cbci_sec_casc Optional. Kubernetes secrets name for CloudBees CI Casc.
cbci_sec_registry Optional. Kubernetes secrets name for CloudBees CI agents to authenticate the registry.
merged_helm_config (merged) Helm configuration for CloudBees CI.

Additional resources