Jenkins X on a private subnet

Romil_Punetha · February 25, 2019, 1:18pm

Has anybody set up jenkins x on a k8s cluster thats using only private subnet? I wish to be able to access jenkins only from inside the vpc, however, the ingress controller deployment is failing due to absence of a public VPC.

Jason_Miller · February 27, 2019, 3:14pm

I think I did that a few months back, but I cannot remember the shape of the k8s stack I was using at the time.

You say that you’re in a VPC - is this EKS on aws? If so, it should be able to handle with a private NIB, but you might need to explicitly declare your LB to be NLB. are you just using the stock jenkins x helm charts found here? https://github.com/jenkins-x/jenkins-x-platform

Romil_Punetha · February 27, 2019, 3:41pm

I am using EKS. Also for simplicity, ive added 2 public subnets as well for exposing my services to the internet, using a NLB. However, when I check my ingress, there are no external end points to that. When i check logs for nginx-ingress-controller, it says that the service doesnt have an active endpoint.
And yes, Im using the stock helm charts found at https://github.com/jenkins-x/jenkins-x-platform

The standard jx install command fails with :
retrying after error:checking health of Jenkins server "http://jenkins.jx.test.eks": pinging Jenkins server "http://jenkins.jx.test.eks/login": executing ping request against URL "http://jenkins.jx.test.eks/login": Get http://jenkins.jx.test.eks.curefit/login: dial tcp: lookup jenkins.jx.test.eks on 192.168.101.105:53: no such host

My services are properly configured. My ingress has the paths, hosts and service ports properly mentioned. However, my nginx ingress controller fails to reroute the traffic according to ingress rules. I tried hitting the instanceIP:ports from within the pods and the services were running.

Jason_Miller · February 27, 2019, 5:24pm

I haven’t had a chance to test this, but I’m like 83.2% sure you need something like the diff below. but of course, this is just a guess on the issue from a random internet stranger.

Good luck!

git diff values.yaml
diff --git a/values.yaml b/values.yaml
index f2e629e6…02447b4f 100644
— a/values.yaml
+++ b/values.yaml
@@ -726,6 +726,8 @@ jenkins:
# Master Service annotations
ServiceAnnotations:
# service.beta.kubernetes.io/aws-load-balancer-backend-protocol: https

 service.beta.kubernetes.io/ws-load-balancer-internal: 0.0.0.0/0

 service.beta.kubernetes.io/ws-load-balancer-type: nlb
 fabric8.io/expose: "true"
 fabric8.io/ingress.annotations: "kubernetes.io/ingress.class: nginx\nnginx.ingress.kubernetes.io/proxy-body-size: 500m"

Used to create Ingress record (should used with ServiceType: ClusterIP)

Topic		Replies	Views
Selectively exposing a REST endpoint publicly in an AWS EKS cluster in a private VPC General Discussions deployment	0	705	January 11, 2022
Creating route53 entries for pod IPs directly instead of loadbalancer/service General Discussions	0	870	December 5, 2018
EKS Discussion General Discussions	1	768	May 19, 2018
Unable to connect to minikube cluster with Cloud VM public IP General Discussions minikube , network	0	219	March 11, 2024
External access to services in cluster on VPS nodes with public IPs General Discussions loadbalancer , metallb , network	0	360	June 1, 2024

Jenkins X on a private subnet

Used to create Ingress record (should used with ServiceType: ClusterIP)

Related topics