Skip to content
Cloudkrunch
Linkedin

EKS cluster with internet-facing Jenkins

Kubernetes, Terraform, EKS, Jenkins, AWS, Infrastructure2 min read

Kubernetes

I recently worked on a project that had me creating a Kubernetes cluster in AWS and a Jenkins deployment to the cluster. The project consisted of me automating the deployment of the cluster, I choose to do this with Terraform and Terragrunt. Ever since, I started using Terragrunt, I've noticed how much easier it is to setup my projects and hit the ground running. If you haven't given it a try, I highly recommend it (this is not an advertisement, just an endorsement). The Jenkins deployment I made uses a custom setup with Jenkins Configuration as Code (JCasC). The image for the deployment is published to ECR.

Overview of components

Project location: eks-jenkins-cluster

EKS Terraform deployment

I decided to utilize EKS as well as its AWS load balancer add-on. It was the first time I've worked with the add-on and I found it really convenient to have my EKS cluster manage the load balancer provisioning. I deployed the add-on using the Helm Terraform provider which aided in the ease of configuration.

Custom Jenkins

First, I put together a list of plug-ins that I wanted added to the Jenkins deployment. You can find it in plugins.txt. The plugins get downloaded in the docker build, which speeds up how quickly the pod becomes available in my kubernetes deployment. Also, I used the JCasC file to put guardrails into my image. The JCasC file achieves these things:

  1. Creates an Admin user with the desired username and password provided to the setup script
  2. It only allows authenticated users (the one admin user) access to the Jenkins deployment
  3. Allow agents to Controller Access Control

The benefit of allowing agents to the Controller Access Control is that they will be able to serve the WebUI if the controller that normally serves them goes down. However, with the remotingSecurity option enabled, the agents are restricted from executing any actions on the controller. This greatly improves the security of Jenkins and it a suggestion that Jenkins itself recommends.

Wrapping up

This was a really cool project, if you want to know more about the details check out the publicly accessible Github repo. Thank you for reading the article, please share it if you thought it was helpful.