Hi
I have a problem that I don’t immediately find an answer for. Our client’s company has a private network in which they have a private gitlab instance running. The code for the project I wish to deploy is pushed on a repo in this gitlab. I want to setup Google Build so it can scan for and create builds for pushes on this repo but I’m struggling to find the right resource.
The private network is accessed via VPN using AltoAldo GlobalProtect. I have a private key I can use to connect to the network on my local machine and this is how I’ve pushed the code on the repo. The problem is that setting up the VPN requires a key which I get from an authenticator app, thus this key changes every few minutes. I don’t know if that key will hold up after a certain amount of time even if I were to use my private credentials.
How do I configure Google Build to have access to this private network and thus the repository?
You first need to create a VPC that has an established VPN connection to on-premises. There’s the HA VPN service that relies on IPSec. I’m not familiar with GlobalProtect, but you might ask your network admins if that’s possible to use as an IPSec endpoint. If not, you can still use an NVA, a virtual machine in the VPC that has the VPN endpoint installed. In this case, you still need a mechanism there that doesn’t require 2fa codes, so that needs to be coordinated with the network admins. And then also, that NVA is not just a simple workstation, it needs to route ip ranges back and forth, so this needs coordination with the network admins still.
If there’s a VPC with a VPN established to the on-premises, then Cloud Build can be configured to rely on this network to connect to the repository https://cloud.google.com/build/docs/automating-builds/gitlab/build-repos-from-gitlab-enterprise-edition-private-network