Overview
This article provides a solution for integrating a sidecar container to handle nREPL connections in a CircleCI environment to override some code, especially when external dependencies are restricted. This support article is used when Utilizing REPL in an air-gapped environment does not work. The approach involves using Alpine Linux with Netcat to send raw bencode messages directly to the nREPL server, bypassing the need for external downloads.
Prerequisites
- Access to a Kubernetes cluster where your CircleCI server is deployed.
- Basic understanding of Docker and Kubernetes.
- Ability to modify Kubernetes deployment configurations.
Instructions
-
Create a Sidecar Container:
- Use an Alpine Linux image with Netcat to send raw bencode messages to the nREPL server.
- Add the following configuration to your Kubernetes deployment:
- name: repl-patcher image: alpine:3.19 command: - /bin/sh - -c - | echo "Waiting for nREPL to be ready on 127.0.0.1:6005..." timeout=300 elapsed=0 # BusyBox nc has issues with 'localhost', use 127.0.0.1 explicitly while ! echo "" | nc -w 1 127.0.0.1 6005 >/dev/null 2>&1; do if [ $elapsed -ge $timeout ]; then echo "ERROR: nREPL did not become ready within ${timeout} seconds" exit 1 fi echo "nREPL not ready yet, waiting... (${elapsed}s elapsed)" sleep 2 elapsed=$((elapsed + 2)) done echo "nREPL port is open, waiting 5 seconds for service to stabilize..." sleep 5 echo "Applying patch via raw bencode protocol..." # The Clojure code to send PATCH_CODE='(do (in-ns (quote namespace-class )) =============================================== HERE THERE WOULD BE A CODE TO SHARE FROM SUPPOR =============================================== (println "PATCH_APPLIED_SUCCESS"))' # nREPL uses bencode: d<key-value-pairs>e # Format: d2:op4:eval4:code<length>:<code>e CODE_LEN=${#PATCH_CODE} BENCODE_MSG="d2:op4:eval4:code${CODE_LEN}:${PATCH_CODE}e" echo "Sending ${CODE_LEN} bytes of Clojure code via bencode..." # Send to nREPL - keep connection open with sleep so we get response RESPONSE=$( (echo "$BENCODE_MSG"; sleep 5) | nc 127.0.0.1 6005 ) echo "=== Response ===" echo "$RESPONSE" echo "================" if echo "$RESPONSE" | grep -q "PATCH_APPLIED_SUCCESS"; then echo "" echo "✅ PATCH APPLIED SUCCESSFULLY!" else echo "" echo "⚠️ Could not confirm patch in response (may still have applied)" fi echo "Sidecar will now sleep indefinitely." while true; do sleep 86400; done resources: limits: cpu: 10m memory: 32Mi requests: cpu: 5m memory: 16Mi securityContext: runAsNonRoot: false runAsUser: 0 -
Deploy the Configuration:
- Apply the updated deployment configuration to your Kubernetes cluster.
Solution
By using an Alpine Linux image with Netcat, you can bypass the need for external downloads and directly communicate with the nREPL server using raw TCP. This method is effective in environments with strict network policies.
Comments
Article is closed for comments.