You signed in with another tab or window.Reload to refresh your session.You signed out in another tab or window.Reload to refresh your session.You switched accounts on another tab or window.Reload to refresh your session.Dismiss alert
* Update Runner article contentFirst stage of clean up: moved all CLI-content into a single section; added xrefs to artifacthub for install and configuration* Update Runner contentMoved arch to main architecture section; changed title of Runner behind firewall topic* Update runner install and runner architectureMoved Runner architecture to Architecture article and added prelim description* Update OIDC pipeline topicAdded sections for Claims and conditions, including custom CF claims* Delete oidc-pipelines.md* Update codefresh-runner.mdUpdates to content - added comments to sections that need to be moved to artifacthub* Update codefresh-runner.md* Update codefresh-runner.mdUpdated content for existing installations* Update codefresh-runner.mdMinor formatting edits* Update codefresh-runner.md* Update codefresh-runner.md
Copy file name to clipboardExpand all lines: _docs/installation/behind-the-firewall.md
+12-12Lines changed: 12 additions & 12 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,5 +1,5 @@
1
1
---
2
-
title:"Runnerinstallationbehind firewalls"
2
+
title:"Runner behind firewalls"
3
3
description:"Run Codefresh pipelines in your own secure infrastructure"
4
4
group:installation
5
5
redirect_from:
@@ -8,8 +8,8 @@ redirect_from:
8
8
toc:true
9
9
---
10
10
11
-
As described in[installation options]({{site.baseurl}}/docs/installation/installation-options/), Codefresh offersRunner and GitOps options forhybrid installations.
12
-
This articles focuses on the Runnerinstallation option and its advantages.
11
+
As described in[installation options]({{site.baseurl}}/docs/installation/installation-options/), Codefresh offersthe Hybrid Runner option forCodefresh pipelines.
12
+
This articles focuses onhowthe Runnerworks within infrastructure behind firewalls.
13
13
14
14
##Running Codefresh in secure environments
15
15
@@ -19,7 +19,7 @@ and improvements done in the platform must also be transferred to the customer p
19
19
20
20
Hybrid Runner installs the Runner within the customer premises, while the UI (and management platform) stays in Codefresh.
21
21
22
-
Here is theoverall architecture:
22
+
Here isa visual representation oftheCI/CD flow between the Runner in the customer environment and Codefresh client in the public internet:
23
23
24
24
{% include image.html
25
25
lightbox="true"
@@ -30,22 +30,22 @@ Here is the overall architecture:
30
30
max-width="100%"
31
31
%}
32
32
33
-
The advantages for this scenario are multi-fold.
33
+
The advantages for this scenario are multi-fold:
34
34
35
-
Regarding platform maintenance:
35
+
**Regarding platform maintenance**
36
36
37
37
1. Codefresh is responsible for the heavy lifting for platform maintenance, instead of the customer.
38
38
1. Updates to the UI, build engine, integrations etc., happen automatically, without any customer involvement.
39
39
1. Actual builds run in the customer premises under fully controlled conditions.
40
40
1. Codefresh Runner is fully automated. It handles volume claims and build scheduling on its own within the Kubernetes cluster it is placed.
41
41
42
-
Regarding security of services:
42
+
**Regarding security of services**
43
43
44
44
1. Pipelines can run in behind-the-firewall clusters with internal services.
45
45
1. Pipelines can use integrations (such as Docker registries) that are private and secure.
46
46
1. Source code does not ever leave the customer premises.
47
47
48
-
Regarding firewall security:
48
+
**Regarding firewall security**
49
49
50
50
1. Uni-directional, outgoing communication between the Runner and Codefresh. The Runner polls the platform for jobs.
51
51
1. Codefresh never connects to the customer network. No ports need to be open in the customer firewall for the runner to work.
@@ -67,16 +67,16 @@ You can easily create pipelines that:
67
67
* Create infrastructure such as machines, load balancers, auto-scaling groups etc.
68
68
69
69
Any of these pipelines will work out the box without extra configuration. In all cases,
70
-
all data stayswitin the private local network and does not exit the firewall.
70
+
all data stayswithin the private local network and does not exit the firewall.
71
71
72
-
>Notice that[long-running compositions]({{site.baseurl}}/docs/pipelines/steps/composition/) (preview test environments) are not yet available via the Codefresh Runner.
72
+
>**INFO**:
73
+
[Long-running compositions]({{site.baseurl}}/docs/pipelines/steps/composition/) (preview test environments) are not yet available via the Codefresh Runner.
73
74
74
75
75
76
76
77
###Checking out code from a private GIT repository
77
78
78
-
To check out code from your private Git repository, you need to connect first to Codefresh via[Git integrations]({{site.baseurl}}/docs/integrations/git-providers/). However, once you define your GIT provider as*on premise* you also
79
-
need to mark it as*behind the firewall* as well:
79
+
To check out code from your private Git repository, you need to connect first to Codefresh via[Git integrations]({{site.baseurl}}/docs/integrations/git-providers/). However, once you define your GIT provider as*on premise*, you also need to mark it as*behind the firewall* as well: