CircleCI Server v3.x Prerequisites

It is assumed you have already read the server 3.x overview.

In order to configure the CircleCI server application, you will need to ensure the following general and infrastructure-specific requirements are met. You will need:

  • An existing Kubernetes cluster (see our guide if you need help creating one), for example:

    • Creating an Amazon EKS cluster - Amazon EKS

      • Using eksctl is our recommended option, as it creates a VPC and selects the proper security group for you.

    • Creating clusters - Google GKE

      • Do NOT use an Autopilot cluster. CircleCI requires functionality that is not supported by GKE Autopilot.

  • Note your Kubernetes cluster must meet the following minimum overall cluster requirements relative to the number of active CircleCI server users:

    Number of daily active CircleCI users Minimum Nodes Total CPU Total RAM NIC speed

    < 500

    3

    12 cores

    32 GB

    1 Gbps

    500+

    3

    48 cores

    240 GB

    10 Gbps

  • Your cluster must have outbound access to pull Docker containers and verify your license. If you do not want to provide open outbound access, see our list of ports that will need access.

  • You must have appropriate permissions to list, create, edit and delete pods in your cluster. You can verify that you can list these resources by running: kubectl auth can-i <list|create|edit|delete> pods.

  • A CircleCI License file. Contact CircleCI support for a license.

  • The Required Tools tools installed

  • Port access requirements are listed here:

There are no requirements regarding VPC setup or disk size for your cluster. It is, however, recommended that you set up a new VPC rather than use an existing one.

Required Tools

Tool Version Used for

Terraform

0.15.4 or greater

Infrastructure Management

kubectl

1.19 or greater

Kubernetes CLI

Helm

3.4.0 or greater

Kubernetes Package Management

Kots

1.44.1 or greater

Replicated Kubernetes Application Management

External Ports

Port number Protocol Direction Source / Destination Use Notes

80

TCP

Inbound

End users

HTTP web app traffic

443

TCP

Inbound

End users

HTTP web app traffic

8800

TCP

Inbound

Administrators

Admin console

22

TCP

Inbound

Administrators

SSH

Only required for the bastion host

64535-65535

TCP

Inbound

SSH into builds

Only required for the nomad clients.



Help make this document better

This guide, as well as the rest of our docs, are open-source and available on GitHub. We welcome your contributions.