Feature Request (unless this exists, then help): TeamCity agent docker images - Specify network
After going though some tests with TeamCity agents as docker images, I decided to secure everything to better replicate our actual environment. However, our build server is only accessible from an internal network. When using docker agents, they are unable to access this network and (from what I can see) there is no where to specify a virtual network to connect to or do any sort of other configuration.
I'd rather not expose my build server publicly if it can be helped. If this doesn't exist, please add it. If it does, then please point me in the right direction
Please sign in to leave a comment.
Hello Daniel,
As I understand, you want TeamCity build agent running inside a docker container to connect some private network where your TeamCity server resides.
This task is not quite related to the TeamCity, but to docker container itself, i.e. it should be possible to start `docker run` with TeamCity build agent in a specific network environment, which allows connecting to your server. TeamCity agent just connects to the SERVER_URL you've provided, there is no other magic on TeamCity side.
One of the possible ways, as I see it, is to specify a http proxy which allows connecting to the internal resources. Some documentation on this is here: https://docs.docker.com/v17.09/engine/userguide/networking/#use-a-proxy-server-with-containers
Also, I've found this article, it may be quite relevant to what you're trying to do: https://blog.oddbit.com/post/2018-03-12-using-docker-macvlan-networks/
Hope, this helps,
Hi Kirill,
Thank you for your reply. I've currently used an Azure app registration as a semi-proxy to handle this and everything seems to be behaving a lot nicer, appreciate the reply :) Now onto my next challenge
To add to my reply, I have no control over 'docker run', as I'm trying to set up build agents using the container option which is currently in preview. I specify which image to get, which resource group to use and TeamCity handles the rest of the Azure side by itself. I'm not sure if it's the right way to go about it, though that's out of the scope of this request, so I won't go into detail :)