CircleCI Server v3.x Load Balancers

CircleCI server uses load balancers to manage network traffic coming into and out of the Kubernetes services cluster. The three load balancers managing traffic to the Nomad cluster are internal to the VPC and they manage the distribution of jobs to the various compute resources.

The frontend load balancer manages traffic coming from developers and your VCS, including, via the API, CLI and CircleCI app. The frontend load balancer is public by default, but can be made private.

Make the frontend load balancer private

Webhooks: If you choose to make the frontend load balancer private, the following conditions must be met, dependent on VCS, for webhooks to work:

  • GitHub Enterprise – your CircleCI server installation must be in the same internal network as GHE.

  • github.com – set up a proxy for incoming webhooks and set it as override for the webhook host URL. This setting can be found under Admin Settings > System Settings > Override webhook host URL from the CircleCI app.

The Private load balancers option only works with installations on CircleCI server on GKE or EKS.
  1. From the management console, select Config from the menu bar and locate the Private load balancers option under General Settings.

  2. Check the box next to Private load balancers.

    If you are using Let’s Encrypt TLS certificates, this box will not be visible as Let’s Encrypt doesn’t work with private installations. Uncheck the box for Let’s Encrypt to make the Private load balancer option appear.

If you are changing this setting after the initial deployment of CircleCI server, you may need to delete the old, public load balancer so that kubernetes will request a new load balancer with the new configuration.



Help make this document better

This guide, as well as the rest of our docs, are open-source and available on GitHub. We welcome your contributions.