CircleCI Server v3.x Prerequisites

It is assumed you have already read the Server 3.x overview.

In order to configure the CircleCI Server application, you will need to ensure the following general and infrastructure-specific requirements are met. You will need:

  • An existing Kubernetes cluster (see our guide if you need help creating one), for example:

    • Creating an Amazon EKS cluster - Amazon EKS

      • Using eksctl is our recommended option, as it creates a VPC and selects the proper security group for you.

    • Creating clusters - Google GKE

      • Do NOT use an Autopilot cluster. CircleCI requires functionality that is not supported by GKE Autopilot.

        Note that your Kubernetes cluster must meet the following minimum overall cluster requirements relative to the number of active CircleCI Server users:

        Number of daily active CircleCI users Minimum Nodes Total CPU Total RAM NIC speed

        < 500

        3

        8 cores

        32 GB

        1 Gbps

        500+

        3

        48 cores

        240 GB

        10 Gbps

      • Your cluster must have outbound access to pull Docker containers and verify your license. If you do not want to provide open outbound access, see our list of ports that will need access.

  • A CircleCI License file. Contact CircleCI support for a license.

  • The Required Tools tools installed

  • Port access requirements are listed here:

There are no requirements regarding VPC setup or disk size for your cluster. It is, however, recommended that you set up a new VPC rather than use an existing one.

Required Tools

Tool Version Used for

Terraform

0.13.0 or greater

Infrastructure Management

kubectl

1.19 or greater

Kubernetes CLI

Helm

3.4.0 or greater

Kubernetes Package Management

Kots

1.26 or greater

Replicated Kubernetes Application Management

External Ports

Port number Protocol Direction Source / Destination Use Notes

80

TCP

Inbound

End users

HTTP web app traffic

443

TCP

Inbound

End users

HTTP web app traffic

8800

TCP

Inbound

Administrators

Admin console

22

TCP

Inbound

Administrators

SSH

Only required for the bastion host

64535-65535

TCP

Inbound

SSH into builds

Only required for the nomad clients.