Details
Major Description
The Jenkins infrastructure project doesn't have a way to access a private network like defined here IEP-002.
I suggest to deploy an openvpn container configured with ldap authentication to allow trusted users to access sensitive resources.
This means:
.1 Create jenkinsinfra/openvpn docker image
.2 Provision an azure virtual machine allowed to access the internal network
Attachments
Activity
| Field | Original Value | New Value |
|---|---|---|
| Epic Link | INFRA-910 [ 173994 ] |
| Status | Open [ 1 ] | In Progress [ 3 ] |
I open a PR with the puppet code needed to deploy this service here
This service has been deployed with ldap authentication only and set to admin as defined here.
I am still wondering "who" should have access to this vpn network based on ldap group, keeping in mind that services running inside that network can still use specific authorization rules.
R. Tyler Croy Daniel Beck Jesse GlickOleg Nenashev
I am also thinking to add a certificate authentication mechanism in addition of the ldap
This vpn is deployed on vpn.jenkins.io, all information can be retrieve from jenkins-infra/openvpn
| Resolution | Fixed [ 1 ] | |
| Status | In Progress [ 3 ] | Resolved [ 5 ] |
| Status | Resolved [ 5 ] | Closed [ 6 ] |
I created a github repository to hold the docker image definition jenkins-infra/openvpn