4

I've read this, but they mention they will describe options in a follow-up article that looks like it never got written. What are my options?

I'm using OpenVPN if it matters, and I have access to both the server and client configs.

Ryan Shillington
  • 23,006
  • 14
  • 93
  • 108

1 Answers1

6

I believe there are the following possible solutions:

  1. Create an SSH tunnel to the resource you need
  2. Create an SSH proxy to access your internal network
  3. Change to using machine: instead of docker: and launch the docker container yourself
  4. Create a way to access your private resource (ex. create a web service to reach it and call that web service using a REST API)
  5. Make your private resource public (No! J/K! Don't do it!)

I'd love to see other options.

I got #3 to work. Here's the basic recipe.

In my .circleci/config.yml:

version: 2
jobs:
   build_test_deploy:
     machine: true
     steps:
       - checkout
       - run:
           name: Setup branch specific variables and get machine info
           command: |
             ./.circleci/createGradleProps.sh
       - run:
           name: Get the docker container and run the build
           command: |
             set -e
             echo Login to docker hub...
             docker login -u mylogin -p $DOCKER_PASSWORD
             echo Pull down the docker image...
             docker pull mycompany/myrepo:1.1 | egrep -v "^[[:space:]]*$|^#"
             echo Starting the new container...
             docker run --cap-add=NET_ADMIN --device=/dev/net/tun \
               -e "CI=$CI" \
               -e "CIRCLE_BRANCH=$CIRCLE_BRANCH" \
               -e "AWS_ACCESS_KEY=$AWS_ACCESS_KEY" \
               -e "AWS_SECRET_KEY=$AWS_SECRET_KEY" \
               -v "$(pwd)"/../project:/home/circleci/project \
               --name qbdvision-instance \
               mycompany/myrepo:1.1 \
               /home/circleci/build.sh
       - run:
           name: Package up the test results
           command: |
             pushd project/build/test/report
             zip -r ~/testResults.zip *
             popd
       - store_artifacts:
           path: ~/testResults.zip
           destination: testResults.zip

workflows:
  version: 2
  build_test_deploy:
    jobs:
      - build_test_deploy
Ryan Shillington
  • 23,006
  • 14
  • 93
  • 108
  • This worked for me for months, before we started using AWS Fargate. Now we just kick of docker instances which run in our own VPC and don't need VPN. – Ryan Shillington Apr 04 '18 at 04:07