Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: set up foundations for the VPC network #36

Merged
merged 1 commit into from
Nov 15, 2024
Merged

feat: set up foundations for the VPC network #36

merged 1 commit into from
Nov 15, 2024

Conversation

dduportal
Copy link
Contributor

@dduportal dduportal commented Nov 15, 2024
edited
Loading

Related to jenkins-infra/helpdesk#4315 and jenkins-infra/helpdesk#4320

  • Add report generation to export outputs to reports.jenkins.io
  • Add a custom Route53 Zone to manage records of AWS resources
  • Set up VPC CIDR by using automatic calculation to limit the risk of human mistakes
  • Move controller to a public subnet (instead of a private subnet) for easier connectivity
  • Bump shared tools sub module
  • Set up network security (ACL and subnets) for controller and VM-agents subnets
  • Increase VM agents subnet size to allow ~500 agents

@dduportal
feat: set up foundations for the VPC network
c5eeefe 
- Add report generation to export outputs to reports.jenkins.io
- Add a custom Route53 Zone to manage records of AWS resources
- Set up VPC CIDR by using automatic calculation to limit the risk of human mistakes
- Move controller to a public subnet (instead of a private subnet) for easier connectivity
- Bump shared tools sub module
- Set up network security (ACL and subnets) for controller and VM-agents subnets
- Increase VM agents subnet size to allow ~500 agents

Signed-off-by: Damien Duportal <[email protected]>
This was referenced Nov 15, 2024
Closed
Open
@dduportal
Copy link
Contributor Author

  • Plan: 37 to add, 4 to change, 16 to destroy. as per the checks
  • Tested manually along with a VM created in the controller subnet with success. Checked effective network restrictions with:
    • SSH from VPN VM, but forbidden from my personal network
    • Trying Internet outbound for HTTP/HTTPS and LDAPS:
      curl -I -4 https://www.google.com
  curl -I -6 https://www.google.com
  curl -4 ldaps://ldap.jenkins.io
    • Trying inbound requests by installing an Nginx server and checking with https://ip6.nl/:
Capture d’écran 2024-11-13 à 19 33 09

@dduportal dduportal merged commit 544051a into jenkins-infra:main Nov 15, 2024
3 checks passed
@dduportal dduportal deleted the feat/ci.jenkins.io/network-security branch November 15, 2024 15:04
This was referenced Nov 15, 2024
Merged
Merged
This was referenced Nov 27, 2024
Merged
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@dduportal