Gateway and Zones

Motivation

To communicate with a resource, workspace, or artifact repository server in another zone, a gateway must be created. A gateway object contains two resource (or “agent”) machines. For example, GatewayResource1 and GatewayResource2, each configured to communicate with the other. One gateway resource resides in the source zone and the other in the target zone. A gateway is bidirectional and informs the CloudBees CD/RO server that each gateway machine is configured to communicate with its other gateway machine in another zone.

Existing CloudBees document does not show an example of how to setup CloudBees Zones and Gateways, especially in when it comes to Chain-of-Gateway topology.

This story will tell you how I setup CloudBees CDRO Zones and Gateways to meet Hub and Spoke network topology.

Deployment Architecture

This is the deployment architecture that I would like to achieve.

Network firewall (via EC2 security group and UFW) are implemented such that no zone crossing is allowed, except through the designated gateways.

EC2 Instances

For this to work, I prepared these EC2 instance.

• cdro-1 is the CDRO Server located in LOCAL zone
• cdro-agent-1 is the agent in TRANSIT1 zone
• cdro-agent-2 is the agent in HUB1 zone
• cdro-agent-3 is the agent in HUB2 zone
• cdro-agent4 is the agent in HUB3 zone
• cdro-agent5 is the agent in TRANSIT2 zone

CDRO Zones

This are the zones configured in the CDRO

CDRO Resources

This are the resources configured in the CDRO

CDRO Gateways

This are the gateway configured in the CDRO

When chaining gateways, it is important to have the same IP address as the gateway resource connecting zones in the zones-chain.

Test with Application Process

We have a sample application process.

which does this command

Let’s run it.

Voilà, it is able to run all.

Reference

https://docs.cloudbees.com/docs/cloudbees-cd/latest/configure/zones-and-gateways