1. Administering Visual Builder Studio
  2. Set Up VB Studio for CI/CD
  3. Step 3: Set up VB Studio to run VM build executors
  4. Run VM Build Executors in Virtual Cloud Network
  5. Use VB Studio's Default VCN

Use VB Studio's Default VCN

VB Studio compartment's VCN, also called the default VCN, is automatically created for you when the first VM build executor that uses it starts.

VB Studio's default VCN is called vbs-executor-vcn and resides in the VB Studio's compartment. When a VM executor that uses the default VCN starts, VB Studio checks the OCI compartment for the default VCN. If it doesn't exist, VB Studio creates a VCN called vbs-executor-vcn with CIDR block 10.0.0.0/16 and public subnets in all availability domains. If the VCN exists, VB Studio uses it to run your VM executors.

When VB Studio creates the default VCN, it also creates these components and adds them to the VCN:

  • An Internet Gateway
  • A Route Table that uses the Internet Gateway as the routing rule
  • Security Rule Ingress rules that allow TCP traffic on:
    • Destination port 22 (SSH), 9003 (Executor agent debug), 9005 (VM agent debug), 9082 (Executor agent), and 9085 (VM agent), and 8095 (Docker Agent), and 9001-9010 from source 0.0.0.0/0 and any source port.
    • Destination port 443 from sources in the 10.0.0.0/16 IP range.
  • A Security Rule that allows Egress to any destination from any protocol.
  • Three public subnets, one for each availability domain. Their CIDR is set to 10.0.0.0/24, 10.0.1.0/24, and 10.0.2.0/24.

Here's an example of the default VCN:


Description of vbs-default-vcn.bmp follows
Description of the illustration vbs-default-vcn.bmp

As soon as the default VCN is available, you have full control over it and can modify it. You can add private subnets for your private services, add more public subnets or delete the existing subnets, modify security lists, and add or remove other components.

Note:

  • When a VM executor runs on the default VCN, it runs on any of its available public subnets. You can't specify which subnet it should run on.
  • If you plan to remove some public subnets of the default VCN, make sure that at least one public subnet is available in the VCN. If there are no public subnets, VM executors in the default VCN won't run and your builds will fail.
  • The default VCN is created once and continues to stay until it is deleted manually.
  • If your organization's members configure jobs that access Oracle Cloud services in the private or public subnets of the VCN, ask them to configure their jobs to access the services using private IPs or Fully Qualified Domain Name (FQDN).