Uploaded image for project: 'Infrastructure'
  1. Infrastructure
  2. INFRA-1955

Deploy a vpn network to hide sensitive services

    Details

    • Similar Issues:

      Description

      The Jenkins infrastructure project doesn't have a way to access a private network like defined here IEP-002.
      I suggest to deploy an openvpn container configured with ldap authentication to allow trusted users to access sensitive resources.
      This means:
      .1 Create jenkinsinfra/openvpn docker image
      .2 Provision an azure virtual machine allowed to access the internal network

        Attachments

          Activity

          Hide
          olblak Olivier Vernin added a comment -

          I created a github repository to hold the docker image definition jenkins-infra/openvpn

          Show
          olblak Olivier Vernin added a comment - I created a github repository to hold the docker image definition jenkins-infra/openvpn
          Hide
          olblak Olivier Vernin added a comment -

          I open a PR with the puppet code needed to deploy this service here

          Show
          olblak Olivier Vernin added a comment - I open a PR with the puppet code needed to deploy this service here
          Hide
          olblak Olivier Vernin added a comment -

          This service has been deployed with ldap authentication only and set to admin as defined here.
          I am still wondering "who" should have access to this vpn network based on ldap group, keeping in mind that services running inside that network can still use specific authorization rules.
          R. Tyler Croy Daniel Beck Jesse GlickOleg Nenashev

          I am also thinking to add a certificate authentication mechanism in addition of the ldap

          Show
          olblak Olivier Vernin added a comment - This service has been deployed with ldap authentication only and set to admin as defined here . I am still wondering "who" should have access to this vpn network based on ldap group, keeping in mind that services running inside that network can still use specific authorization rules. R. Tyler Croy Daniel Beck Jesse Glick Oleg Nenashev I am also thinking to add a certificate authentication mechanism in addition of the ldap
          Hide
          olblak Olivier Vernin added a comment -

          This vpn is deployed on vpn.jenkins.io, all information can be retrieve from jenkins-infra/openvpn

          Show
          olblak Olivier Vernin added a comment - This vpn is deployed on vpn.jenkins.io, all information can be retrieve from jenkins-infra/openvpn

            People

            • Assignee:
              olblak Olivier Vernin
              Reporter:
              olblak Olivier Vernin
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: