question

Sabs-0969 avatar image
0 Votes"
Sabs-0969 asked Sabs-0969 commented

Making Gitlab URL accessible to all subscriptions in azure

Dear Community,

I would like to set up gitlab and other cicd tooling in one spoke-subscription and make the URLs accessible across all spoke-subscriptions via private IP address or FQDN. I do not wish to setup CICD tools (opensource) in the Hub but in the Spoke however, wish to make it accessible via private network and should be reachable from on-prem as well.

Please let me know the best possible solution to overcome this challenge.

EDIT: The hub subscription is used as expressroute endpoint and for management (bastion hosts), and other network-related setup by grouping them as "resource groups"

Thanks
SB.

azure-virtual-network
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

msrini-MSFT avatar image
0 Votes"
msrini-MSFT answered Sabs-0969 commented

@Sabs-0969,

I would suggest to go with Hub and spoke architecture. Place your Gitlab in HUB VNET and peer HUB with all spoke VNET and connect HUB to On-Premises. By doing this the Gitlab can be accessed by On-Prem as well as spoke VNETs.

· 5
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thanks for your reply @msrini-MSFT .
I am sorry, this is not a feasible option for us. :)
Like I said, we have to host it as spoke and make it available across all subscriptions e.g. think of exposing the URL as an API.

0 Votes 0 ·

In Azure, when you do VNET peering transit doesn't work. Which means, when you connect A -> B then B -> C, A to C will not be connected directly. If you want to host it in a spoke VNET, then you need to create mesh kind of topology to establish connectivity between VNETs

0 Votes 0 ·

Hi,
I do get your point and I am also aware of the limitation hence the question was very specific to use spoke to spoke.
What is your view about using API management and exposing the cicd tooling URL as Api's. to all spoke?

0 Votes 0 ·
Show more comments