Gateway and Zones
Motivation
To communicate with a resource, workspace, or artifact repository server in another zone, a gateway must be created. A gateway object contains two resource (or “agent”) machines. For example, GatewayResource1 and GatewayResource2, each configured to communicate with the other. One gateway resource resides in the source zone and the other in the target zone. A gateway is bidirectional and informs the CloudBees CD/RO server that each gateway machine is configured to communicate with its other gateway machine in another zone.
Existing CloudBees document does not show an example of how to setup CloudBees Zones and Gateways, especially in when it comes to Chain-of-Gateway topology.
This story will tell you how I setup CloudBees CDRO Zones and Gateways to meet Hub and Spoke network topology.
Deployment Architecture
This is the deployment architecture that I would like to achieve.
Network firewall (via EC2 security group and UFW) are implemented such that no zone crossing is allowed, except through the designated gateways.
EC2 Instances
For this to work, I prepared these EC2 instance.
- cdro-1 is the CDRO Server located in LOCAL zone
- cdro-agent-1 is the agent in TRANSIT1 zone
- cdro-agent-2 is the agent in HUB1 zone
- cdro-agent-3 is the agent in HUB2 zone
- cdro-agent4 is the agent in HUB3 zone
- cdro-agent5 is the agent in TRANSIT2 zone
CDRO Zones
This are the zones configured in the CDRO
CDRO Resources
This are the resources configured in the CDRO
CDRO Gateways
This are the gateway configured in the CDRO
When chaining gateways, it is important to have the same IP address as the gateway resource connecting zones in the zones-chain.
Test with Application Process
We have a sample application process.
which does this command
Let’s run it.
Voilà, it is able to run all.
Reference
https://docs.cloudbees.com/docs/cloudbees-cd/latest/configure/zones-and-gateways