- Whole environment is running in public cloud and to internal network is not allowed from there
- Recommended solution master/agent setup, when master runs in public environment and agent is running on server located in private network performs needed tasks in internal/private networks. Jenkins Agent has active connection from internal network to internet accessible Jenkins Master via recommended JNLP port tcp/9000 and keeps listening to builds/jobs. NO direct or NAT network connection is required from internet to internal network. It is secure and simple solution.
Gliffy Diagram size 600 name Jenknsjenkins-public-Master-and-internal-Agent-diagramagent-master pagePin 41
- Jenkins master running in public and listening on JNLP port tcp/9000
- firewall opening for port tcp/9000 from source agent(s) IP(s) in internal network towards internet in general (destination 0.0.0.0)
- servers running in internal network(s) hosting Jenkins agent service(s) with agent service auto-start to assure automatic re-connect to Jenkins master at any time