why Does the tunnel have to be 50000 ?? for kubernetes to jenkins

2/8/2021

why Does the Jenkins tunnel have to be 50000 ?? why can't I connect back using the same tunnel ?? (443, 80)

      # ....
      jenkinsUrl: http://cicd-jenkins:8080/
      jenkinsTunnel:  cicd-jenkins-agent:50000
      # ....

Because I have my Jenkins and Kubernetes hosted in two different zones and only ports 80 and 443 are opened b/w them rest of them are blocked.

1) Is there any way that i can use the pods as agents without opening port 50000?

2) Kubernetes is hosted on VM's on-prem. If I have a chance to open the Firewall, is it sufficient if I open it from Kubernetes VM's to Jenkins Servers (50000), or do I need something else? 3) Pod's will have different IP's(dynamic), so if I open the request from VM's to Jenkins, does it allow for those pods too ??

any suggestions

-- HarishReddyenv
google-kubernetes-engine
jenkins
kubectl
kubernetes
kubernetes-ingress

1 Answer

2/8/2021

As the official documentation states, Jenkins provides two services that the cluster needs access to. Deploy these services separately so they can be individually managed and named.

An externally-exposed NodePort service on port 8080 that allows pods and external users to access the Jenkins user interface. This type of service can be load balanced by an HTTP load balancer.

An internal, private ClusterIP service on port 50000 that the Jenkins executors use to communicate with the Jenkins controller from inside the cluster.

You can use the following tutorial on how to set up Jenkins for GKE.

-- Airus
Source: StackOverflow