#docker (2019-03)
All things docker
Archive: https://archive.sweetops.com/docker/
2019-03-05
2019-03-06
I had naively tried to implement this 4 years ago using btsync and the docker v1 registry
lets just say, it didn’t work (at all!)
2019-03-11
Hi. I am new to docker, we do have java web applications(java+tomcat) running nginx as reverseproxy. I am not sure how to run both tomcat and nginx in a same container, can anyone Please help me out ?
@rohit are you using kubernetes?
i am just at the beginning stage but eventually would like to use k8s maybe EKS as we run our infrastructure in AWS
so nginx will be Kubernetes Ingress https://kubernetes.io/docs/concepts/services-networking/ingress/
This is very helpful, will go through these articles
and how do you pass secrets to docker containers ?
Let’s say if i have a properties file and the value needs to be populated at run time, how would i do that in containers world ?
we use https://github.com/segmentio/chamber to store secrets to SSM Parameter Store. Then, for example when deploying from a CI/CD pipeline, we use chamber to read the secrets from SSM and populate ENV vars with the secrets. Then we use helmfile to deploy a Kubernetes app that reads the ENV vars, e.g. https://github.com/cloudposse/helmfiles/blob/master/releases/datadog.yaml#L39
when you say use chamber to store secrets to SSM store, do you mean that you execute chamber commands to write to it ?
yes
write it first
then read it when deploying
because chamber would already know about the variables/values that it stored in SSM ?
you know the service (namespace) and the name, so you can read it
The access key to access SSM.. how secure is this? Can you store it in VCS or is it generated at runtime and added to SSM allowed keys via aws-vault auth?
Where is your service running? Storing secrets in VCS is a bad idea.
@Andriy Knysh (Cloud Posse) thanks for pointing me to the right tools. To begin with, if i just want to pass secrets to my docker container, how do i achieve that ?
Have the container retrieve it from a secrets management service at init time.
@Andriy Knysh (Cloud Posse) Is it possible to use Chamber as a runtime secrets manager ?
we use chamber from geodesic and from CI/CD pipelines (Codefresh)
chamber is a CLI tool
which works with AWS SSM Parameter Store
so if you are asking if your app could use chamber, then probably not a good idea since you will have to call chamber from the app
but AWS has SDKs for all languages, so you can just call SSM API from your app to get secrets if you need that
2019-03-12
2019-03-13
@Andriy Knysh (Cloud Posse) thank you very much. I am still not able to connect all the dots
maybe because i am new to this
2019-03-14
@rohit can I help you?
what part are you struggling with?
2019-03-22
Anyone using https://github.com/GoogleContainerTools/kaniko ?