Overview

Most of the development cycle happens within private networks, which are usually inaccessible to Synthetic tests. With the help of datadog-ci, you can establish a Continuous Testing tunnel that allows Synthetics Workers to reach the environments that your application is deployed on during the development cycle, such as your development laptop, a CI job, or a private staging environment.

Datadog recommends using the testing tunnel if you need to launch Continuous Testing tests against local versions of your application without deploying a dedicated, long-lasting probing system such as a private location. You can also use the testing tunnel to trigger tests on short-lived cloud environments.

What is the testing tunnel?

The testing tunnel is a functionality that comes with the @datadog/datadog-ci NPM package, which is one of the methods Datadog provides to include your Synthetic tests as part of your CI/CD pipelines.

The testing tunnel creates short-lived secure connections between your internal environments and the Datadog infrastructure, allowing you to swiftly trigger Synthetic HTTP and Browser tests on your private applications. This allows Datadog to access and test your internal applications.

Continuous Testing tunnel allows the Synthetics Worker to reach your private applications

First, datadog-ci gets a pre-signed URL from Datadog for authentication. Then, it opens a WebSocket secure (WSS) connection to Datadog’s managed locations using the pre-signed URL. By using SSH connections through the WebSocket connection, tests are triggered by datadog-ci and executed through Datadog’s managed locations.

Because DNS resolution is performed through the testing tunnel, you can test applications with internal domains or even on the localhost of the machine running datadog-ci.

When using the testing tunnel, your tests’ locations are overridden by a location that depends on your Datadog account region.

How to use the testing tunnel

As mentioned above, the testing tunnel comes with the @datadog/datadog-ci NPM package and is available in versions >=v0.11.0 of the package. To get started, see Continuous Testing and CI/CD.

Once you’ve set up your client on your local machine or your CI server, you can launch your HTTP and browser tests with the testing tunnel by appending the command used to launch tests with --tunnel.

For example, if you are using a global configuration file, you can use the following:

datadog-ci synthetics run-tests --config <GLOBAL_CONFIG_FILE>.json --tunnel

Firewall requirements

Allow Outbound connections for the following Datadog endpoints:

PortEndpointDescription
443tunnel-us1.synthetics.datadoghq.comRequired to open the WSS connection from the datadog-ci client to the tunnel service.
443intake.synthetics.datadoghq.comRequired to get the presigned URL and to trigger the Synthetic tests.
443api.datadoghq.comRequired to search for Synthetic tests, get them, and poll their results.

PortEndpointDescription
443tunnel-eu1.synthetics.datadoghq.comRequired to open the WSS connection from the datadog-ci client to the tunnel service.
443api.datadoghq.euRequired to get the presigned URL, search for Synthetic tests, get them, trigger them, and poll their results.

Note: Although the tunnel service top level domain is .com (and not .eu), the endpoint is located in EU (Frankfurt AWS).

PortEndpointDescription
443tunnel-us3.synthetics.datadoghq.comRequired to open the WSS connection from the datadog-ci client to the tunnel service.
443api.us3.datadoghq.comRequired to get the presigned URL, search for Synthetic tests, get them, trigger them, and poll their results.

PortEndpointDescription
443tunnel-us5.synthetics.datadoghq.comRequired to open the WSS connection from the datadog-ci client to the tunnel service.
443api.us5.datadoghq.comRequired to get the presigned URL, search for Synthetic tests, get them, trigger them, and poll their results.

PortEndpointDescription
443tunnel-ap1.synthetics.datadoghq.comRequired to open the WSS connection from the datadog-ci client to the tunnel service.
443api.ap1.datadoghq.comRequired to get the presigned URL, search for Synthetic tests, get them, trigger them, and poll their results.

Further reading