Jenkins X on a private subnet


Has anybody set up jenkins x on a k8s cluster thats using only private subnet? I wish to be able to access jenkins only from inside the vpc, however, the ingress controller deployment is failing due to absence of a public VPC.


I think I did that a few months back, but I cannot remember the shape of the k8s stack I was using at the time.

You say that you’re in a VPC - is this EKS on aws? If so, it should be able to handle with a private NIB, but you might need to explicitly declare your LB to be NLB. are you just using the stock jenkins x helm charts found here?


I am using EKS. Also for simplicity, ive added 2 public subnets as well for exposing my services to the internet, using a NLB. However, when I check my ingress, there are no external end points to that. When i check logs for nginx-ingress-controller, it says that the service doesnt have an active endpoint.
And yes, Im using the stock helm charts found at

The standard jx install command fails with :
retrying after error:checking health of Jenkins server "http://jenkins.jx.test.eks": pinging Jenkins server "http://jenkins.jx.test.eks/login": executing ping request against URL "http://jenkins.jx.test.eks/login": Get http://jenkins.jx.test.eks.curefit/login: dial tcp: lookup jenkins.jx.test.eks on no such host

My services are properly configured. My ingress has the paths, hosts and service ports properly mentioned. However, my nginx ingress controller fails to reroute the traffic according to ingress rules. I tried hitting the instanceIP:ports from within the pods and the services were running.


I haven’t had a chance to test this, but I’m like 83.2% sure you need something like the diff below. but of course, this is just a guess on the issue from a random internet stranger.

Good luck!

git diff values.yaml
diff --git a/values.yaml b/values.yaml
index f2e629e6…02447b4f 100644
— a/values.yaml
+++ b/values.yaml
@@ -726,6 +726,8 @@ jenkins:
# Master Service annotations
# https

  • nlb "true" " nginx\ 500m"

    Used to create Ingress record (should used with ServiceType: ClusterIP)