I have an OpenVPN server running exposing some private IP addresses, I would like my docker swarm services to access those addresses.
Ideally, there wouldn't be an OpenVPN client "inside" the containers as the images are expected to be deployed in an environment where a VPN will not be necessary.
What I tried so far
I successfully connected a container to my VPN with the dperson/openvpn-client image.
I successfully launched another container using that container as its network using the --net=container:my-vpn-client
flag.
Now i'm trying to set up a docker service that will access my private IP addresses and what i found is:
- I can't run the openVPN client in a service as it cannot be given
cap-add: NET_ADMIN
. There are open issues with Docker discussing this matter but they are still open. - I figured i could have the openVPN client container run "beside" the swarm cluster, but I can't use
network_mode: "container:my-vpn-client"
as it is not supported and does make sense since i couldn't possibly force an arbitrary container to be present on every node of the swarm without it being a service itself. - I tried creating an attachable network (bridge/overlay) and just stick my OpenVPN client container in it and expect magically other members of that network to go through that pipe... and i was disappointed.
So here i am, any idea?
P.S. If it can help, this is mainly to setup some automated tests that will run the services on single docker machine in swarm mode, as in swarm init > stack deploy > run tests > swarm leave. So if there's a "hack" for that... i may be interested ;)