Deploy CloudBees CI to Amazon Web Services (AWS) Elastic Kubernetes Service (EKS) clusters
The CloudBees CI AWS partner add-on streamlines the adoption and experimentation of CloudBees CI enterprise features by:
- Encapsulating the deployment of CloudBees CI on modern platforms in AWS EKS into a Terraform module.
- Providing a series of blueprints that implement the CloudBees CI add-on module for use with Amazon EKS blueprints for Terraform, which are aligned with the EKS Best Practices Guides.
Implementation examples are included in the blueprints folder, however this is the simplest example of usage:
module "eks_blueprints_addon_cbci" {
source = "cloudbees/cloudbees-ci-eks-addon/aws"
version = ">= 3.17108.0"
hosted_zone = "example.domain.com"
cert_arn = "arn:aws:acm:us-east-1:0000000:certificate/0000000-aaaa-bbb-ccc-thisIsAnExample"
trial_license = {
first_name = "Foo"
last_name = "Bar"
email = "foo.bar@acme.com"
company = "Acme Inc."
}
}By default, it uses a minimum required configuration described in the Helm chart values.yaml file. If you need to override any default settings with the chart, you can do so by passing the helm_config variable.
The blueprint deploy and destroy phases use the same requirements provided in the AWS EKS Blueprints for Terraform - Prerequisites. However, the blueprint validate phase may require additional tooling, such as jq and velero.
Note
There is a companion Dockerfile to run the blueprints in a containerized development environment, ensuring all dependencies are met. It can be built locally using the Makefile target make bpAgent-dRun.
Before getting started, you must export your required AWS environment variables to your CLI (for example, AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, and AWS_PROFILE).
These blueprints rely on an existing hosted zone in AWS Route 53. If you do not have a hosted zone, you can create one by following the AWS Route 53 documentation.
The two main components of CloudBees CI - the operations center and managed controllers - use a file system to persist data. By default, data is stored in the $JENKINS_HOME folder, but can be configured to be stored in Amazon Elastic Block Store (Amazon EBS) or Amazon Elastic File System (Amazon EFS):
- Amazon EBS volumes are scoped to a particular availability zone to offer high-speed, low-latency access to the Amazon Elastic Compute Cloud (Amazon EC2) instances they are connected to. If an availability zone fails, an Amazon EBS volume becomes inaccessible due to file corruption, or there is a service outage, the data on these volumes becomes inaccessible. The operations center and managed controller pods require this persistent data and have no mechanism to replicate the data, so CloudBees recommends frequent backups for Amazon EBS.
- Amazon EFS file systems are scoped to an AWS region and can be accessed from any availability zone in the region that the file system was created in. Using Amazon EFS as a storage class for the operations center and managed controllers allows pods to be rescheduled successfully onto healthy nodes in the event of an availability zone outage. Amazon EFS is more expensive than Amazon EBS, but provides greater fault tolerance.
Important
- CloudBees CI High Availability (HA) (active-active) requires Amazon EFS. For more information, refer to CloudBees CI EKS storage requirements.
- For more information on pricing, refer to Amazon EBS pricing and Amazon EFS pricing.
This module runs with a trial license for CloudBees CI. Once the trial has expired, refer to CloudBees CI license expiration FAQ to determine your next steps.
The CloudBees CI add-on uses helms release for its resources definition, making it compatible with AWS EKS Blueprint v4 and AWS EKS Blueprint v5. For more information, refer to Amazon EKS Blueprints for Terraform: v4 to v5 migration.
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| cert_arn | AWS Certificate Manager (ACM) certificate for Amazon Resource Names (ARN). | string |
n/a | yes |
| hosted_zone | Amazon Route 53 hosted zone name. | string |
n/a | yes |
| trial_license | CloudBees CI trial license details for evaluation. | map(string) |
n/a | yes |
| create_k8s_secrets | Create the Kubernetes secret cbci-secrets. It can be consumed by CasC. | bool |
false |
no |
| helm_config | CloudBees CI Helm chart configuration. | any |
{ |
no |
| k8s_secrets_file | Secrets file .yml path containing the secrets names:values for cbci-secrets. | string |
"secrets-values.yml" |
no |
| prometheus_target | Create Service Monitor to discover CloudBees CI Apps Prometheus Target dinamically. It is designed to be enabled with AWS EKS Terraform Addon Kube Prometheus Stack. | bool |
false |
no |
| Name | Description |
|---|---|
| cbci_domain_name | Amazon Route 53 domain name to host CloudBees CI services. |
| cbci_liveness_probe_ext | Operations center service external liveness probe for the CloudBees CI add-on. |
| cbci_liveness_probe_int | Operations center service internal liveness probe for the CloudBees CI add-on. |
| cbci_namespace | Namespace for the CloudBees CI add-on. |
| cbci_oc_ing | Operations center Ingress for the CloudBees CI add-on. |
| cbci_oc_pod | Operations center pod for the CloudBees CI add-on. |
| cbci_oc_url | Operations center URL for the CloudBees CI add-on using a subdomain and certificates. |
| cbci_secrets | Kubernetes secrets name for CloudBees CI. Optional. |
| merged_helm_config | (merged) Helm configuration for CloudBees CI. |