Continuous Delivery for PE architecture

Sections

Continuous Delivery for Puppet Enterprise (PE) communicates with your PE installation, your source control system, and the servers you've designated as job hardware, as well as with the browser you use to connect to the web UI and the platform admin console.

The following diagram shows the architecture and port requirements of a Continuous Delivery for PE 4.x installation.

Important: Continuous Delivery for PE uses TCP (Transmission Control Protocol) connections.

TLS configuration

There are several TLS configurations options to choose from when installing Continuous Delivery for PE. Select the installation architecture that best meets your security needs and limitations.

Basic installation - Default configuration

This installation architecture works for both single-node clusters and multi-node clusters that utilize automatic load balancing or are set up for Ingress load balancing, such as with Google Kubernetes Engine (GKE). The webhook callback listens on port 8000. In this architecture, it's common to use TLS configured at the Ingress, whether in manual entry, self-signed, or certificate manager form.

Installation with a proxy or load balancer using enhanced TLS

This installation architecture uses public certificates for external proxy TLS termination, plus internal certificates for machine-to-machine communication. The Ingress is used for routing rules to the various services within Continuous Delivery for PE. Note that the backend and web UI endpoints must be configured separately from Ingress hostnames.

How helpful was this page?

If you leave us your email, we may contact you regarding your feedback. For more information on how Puppet uses your personal information, see our privacy policy.

Puppet sites use proprietary and third-party cookies. By using our sites, you agree to our cookie policy.