Expose ports from service containers

Is that possible to expose ports from a container to host machine? For example, I would use selenium/standalone-chrome-debug image and during the build, I would connect VNC exposed port for debugging purpose.

1 Like

Hello @bradrydzewski @brad .
Any suggestions?

Can anyone make any suggestions, how I can do that?

I have this issue as well, really need a syslog server as a service, but I need it to publish the ports so that other test infra can access it on the network during the build. Not a great solution, but I am planning on SSHing back into the worker from inside the container and dropping the service on the worker that way. But obviously if drone would read the ports directive in the compose yml, and publish the ports that would be far superior.

1 Like

The two challenges with opening up ports on the host machine are security and concurrency. Your agent may fail to process two builds that both try and open the same port.

The other issues (and this is more behavioral) is that many novice drone users think that they need to expose ports for service containers. We see a lot of examples where people do this:

    image: redis
      - redis-cli -h redis ping
      - redis-cli -h redis set FOO bar
      - redis-cli -h redis get FOO

    image: redis
+   ports: [ 6380 ]

A novice user assumes they need to open up port 6380 so that the build step can access the service container, which is not the case since they share the same bridge network. As a result, the user could be unwittingly exposing host machine ports – and then complain drone is broken when they cannot run two builds at a time because docker errors opening the port – lucky me :slight_smile:

These are things I’ve been considering when it comes to host machine ports …

yea, good points. I suppose a solution could be to not use the standard ports option and make some custom super obvious option name so that you get less naive complaints? :slight_smile:

image: blah
dangerous-public-mapped-port: [8080]

1 Like

For this use case wouldn’t you be able to setup selenium/standalone-chrome-debug outside the drone services context and just more like drone it self on the host?

1 Like

Thanks everyone for thoughts and suggestions. If I do a PR with a functionality of exposing ports, would it be accept @bradrydzewski?

+1 for this feature, my use case:

We run UI tests for our site on Drone. Debugging test failures would be significantly easier if we could point a browser at the site in the test run container.

@uponthesun exposing ports is not necessarily required for browser testing. You can, for example, use a selenium service container for firefox and chrome testing:

kind: pipeline
name: default

- name: build
  image: node
  - npm install
  - npm run bundle

- name: start
  detach: true
  - npm start

- name: test
  - npm test

- name: selenium
    image: selenium/standalone-chrome

We have some example projects that demonstrate the capability, albeit the examples were written using the 0.8 yaml format.

I’d like to perform LetsEncrypt challenges in the drone runner and for that I need a port exposed. Is this possible yet? I’m happy if it’s just a configuration environment variable.

There’s of course a concurrency issue with statically exposed port numbers, but I guess it may be possible to check if port binding fails in the running code, if those binds fail if the host port is in use.