Skip to content

Jenkins NetworkPolicy Security Configuration

In the context of the Jenkins Helm Chart, NetworkPolicy resources are used to control traffic flow to the Jenkins controller, specifically regarding which agents are permitted to connect.^[400-devops__06-Kubernetes__devops-helm__helm-jenkins__VALUES_SUMMARY.md]

By default, the creation of NetworkPolicy resources is disabled.^[400-devops__06-Kubernetes__devops-helm__helm-jenkins__VALUES_SUMMARY.md]

Configuration Parameters

The behavior of the NetworkPolicy is managed via the networkPolicy configuration values within the Helm chart.

General Settings

  • networkPolicy.enabled: Toggles the creation of NetworkPolicy resources.^[400-devops__06-Kubernetes__devops-helm__helm-jenkins__VALUES_SUMMARY.md]
  • networkPolicy.apiVersion: Defines the API version used for the NetworkPolicy (default: networking.k8s.io/v1).^[400-devops__06-Kubernetes__devops-helm__helm-jenkins__VALUES_SUMMARY.md]

Internal Agents

Internal agents refer to those running within the same cluster.

  • networkPolicy.internalAgents.allowed: Boolean indicating whether internal agents are allowed to connect to the controller^[400-devops__06-Kubernetes__devops-helm__helm-jenkins__VALUES_SUMMARY.md].
  • networkPolicy.internalAgents.podLabels: A map of labels (key-value pairs) used to filter which specific agent pods are allowed to connect^[400-devops__06-Kubernetes__devops-helm__helm-jenkins__VALUES_SUMMARY.md].
  • networkPolicy.internalAgents.namespaceLabels: A map of labels used to determine which namespaces contain agents allowed to connect^[400-devops__06-Kubernetes__devops-helm__helm-jenkins__VALUES_SUMMARY.md].

External Agents

External agents connect from outside the cluster.

  • networkPolicy.externalAgents.ipCIDR: The IP range (CIDR block) from which external connections are permitted^[400-devops__06-Kubernetes__devops-helm__helm-jenkins__VALUES_SUMMARY.md].
  • networkPolicy.externalAgents.except: A list of specific IP sub-ranges to exclude from the allowed ipCIDR range^[400-devops__06-Kubernetes__devops-helm__helm-jenkins__VALUES_SUMMARY.md].
  • [[RBAC]]
  • [[Pod Security Context]]

Sources

^[400-devops__06-Kubernetes__devops-helm__helm-jenkins__VALUES_SUMMARY.md]