Missed Team ’24? Catch up on announcements here.

×
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

BitBucket Pipelines and OpenVPN

Stuart Hirst
Stuart Hirst March 22, 2018

Has anyone managed to get an OpenVPN client working within pipeline docker containers?

We have built our own image and tested locally and it works fine with docker command line option --cap-add=NET_ADMIN however it doesn't work within the BitBucket Cloud service as their docker containers don't seem to enable this option.

Any advice or alternate solutions much appreciated.

Answer
Watch
Like # people like this
6423 views

9 answers

2 votes
Ryan Mueller
Ryan Mueller May 26, 2018

Stuart,

Any success with this method? We're in the same boat.

Reply
2 votes
Philip Hodder
Philip Hodder
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
March 28, 2018

Hi Stuart,

Instead of using Service containers for OpenVPN clients, you can run your own docker containers manually in your build with the necessary CLI options.

pipelines:
  default:
    - step:
        services:
          - docker
        script:
          - docker run --cap-add=NET_ADMIN your-image:tag

Docker run docs: https://confluence.atlassian.com/bitbucket/run-docker-commands-in-bitbucket-pipelines-879254331.html

Please keep in mind that we have some security restrictions that will be applied, so you may be unable to attain all the necessary capabilities to still successfully run OpenVPN. If it's problematic, I'm unsure if there's any workarounds in Pipelines I can suggest. But see how you go. :)

Thanks,

Phil

View More Comments
Oleg Sigida
Oleg Sigida September 13, 2018

Hi Phillip,

thanks a lot for the answer.

However it does not work like that, I just get an error "docker: Error response from daemon: authorization denied by plugin pipelines: --cap-add is not allowed."

Is there any other ways to connect to secured network from BB Pipeline?

Like
Philip Hodder
Philip Hodder
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
September 13, 2018

Hi @Oleg Sigida 

Indeed. We don't allow any cap-add flags anymore for security reasons.

The only feedback I can offer is to follow this ticket: https://bitbucket.org/site/master/issues/12753/allow-customers-to-connect-the-pipelines

We'd like to explore this feature, but have received limited feedback at the moment. If you have time, can you fill out this survey? https://docs.google.com/forms/d/e/1FAIpQLSdzEBor1vVSxopOnLnTheJ_QoozXqn5i1JIL9KQW-h6g1wkaQ/viewform

Thanks,

Phil

Like Daniel Santos likes this
Oleg Sigida
Oleg Sigida September 14, 2018

thanks! will have a look what options are possible

And the form is done

Like
Michael J Love
Michael J Love January 26, 2019

Having the same issue here.  Did you ever figure out a way to get pipelines to connect to a server behind a VPN?

Like
Philip Hodder
Philip Hodder
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
January 28, 2019

Hi Michael,

We have an open feature request for VPN support here. I suggest you follow the ticket here for updates: https://bitbucket.org/site/master/issues/12753/allow-customers-to-connect-the-pipelines

Thanks,

Phil

Like
Michael J Love
Michael J Love January 28, 2019

Thanks @Philip Hodder
I'm now watching it.

I managed to find another solution for our needs using AWS CodeDeploy. Unfortunately they do not have an easy integration with bitbucket (only GitHub).

Like
Reply
0 votes
Seth Weinheimer
Seth Weinheimer May 24, 2021

 🥶

Reply
0 votes
Dan Timofte
Dan Timofte May 17, 2021

I tried to configure wireguard and hit this problem. It seems like you have to use your own runners to be able to do this.

Reply
0 votes
dolf
dolf March 24, 2021

Brrrr, need gloves and a scarf, so cold in here. Looking for this too. We have local embedded devices that we want to run integration tests with from the bitbucket pipelines, which are available through our own openvpn server.

Reply
0 votes
Gleb Khodurev
Gleb Khodurev November 22, 2020

eh...

Reply
0 votes
Antonino Bonumore
Antonino Bonumore October 28, 2020

it's cold here...

Reply
0 votes
Tom Haywood
Tom Haywood August 25, 2020

Another bump here, i'm looking to run lighthouse within a container where this flag is used. Is there any progress or has anyone found workarounds?

Reply
0 votes
Ajay Kumar
Ajay Kumar October 17, 2019

any success ?

Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
TAGS
AUG Leaders

Atlassian Community Events

    See all events