Jenkins-X3 on EKS private subnets / Bastion / OpenVPN

[enkicoma]

Summary

Hi guys, James Strachan adviced me to create a ticket here.

I am trying to create a very secure prod ready solution. I need the EKS cluster to be on private subnets and to allow it to be accesible via a simple bastion HOST ec2 instance. And the bastion Host to be accesible via OpenVPN.

I will try to experiment with:

  cluster_endpoint_private_access = true
  cluster_in_private_subnet       = true

(somehow I need HA-Vault external one- no eks), will see how it goes.

In general it's a good Idea to have such think by default, lot's of banks has such requirements in our days. No extra cost at all, OpenVPN is free for 2-3 users I think.

I don't know if that's possible with Jenkins-X3 and I don't know if Jenkinsx3 it's compatible for such think at all(how it will behave in a closed env), may I ask for any advice, guidance?

[ankitm123]

@enkicoma I will work on this issue soon (starting next week): https://github.com/jenkins-x/terraform-aws-eks-jx/issues/158 Basically create a secure eks cluster by following the recommendations from aws.

[ankitm123]

/assign

[enkicoma]

@ankitm123 Appreciate! Happy to contribute as well, try things if requires testing or.. enjoy the weekend! Cheers!

[jenkins-x-bot]

Issues go stale after 90d of inactivity. Mark the issue as fresh with /remove-lifecycle stale. Stale issues rot after an additional 30d of inactivity and eventually close. If this issue is safe to close now please do so with /close. Provide feedback via https://jenkins-x.io/community. /lifecycle stale

[jenkins-x-bot]

Stale issues rot after 30d of inactivity. Mark the issue as fresh with /remove-lifecycle rotten. Rotten issues close after an additional 30d of inactivity. If this issue is safe to close now please do so with /close. Provide feedback via https://jenkins-x.io/community. /lifecycle rotten