All things docker Archive: https://archive.sweetops.com/docker/
@rohit can I help you?
what part are you struggling with?
@Andriy Knysh (Cloud Posse) thank you very much. I am still not able to connect all the dots
maybe because i am new to this
Hi. I am new to docker, we do have java web applications(java+tomcat) running nginx as reverseproxy. I am not sure how to run both tomcat and nginx in a same container, can anyone Please help me out ?
@rohit are you using kubernetes?
i am just at the beginning stage but eventually would like to use k8s maybe
EKS as we run our infrastructure in AWS
nginx will be Kubernetes Ingress https://kubernetes.io/docs/concepts/services-networking/ingress/
Get started orchestrating containerized applications at scale.
This is very helpful, will go through these articles
and how do you pass secrets to docker containers ?
Let’s say if i have a properties file and the value needs to be populated at run time, how would i do that in containers world ?
we use https://github.com/segmentio/chamber to store secrets to SSM Parameter Store. Then, for example when deploying from a CI/CD pipeline, we use chamber to read the secrets from SSM and populate ENV vars with the secrets. Then we use
helmfile to deploy a Kubernetes app that reads the ENV vars, e.g. https://github.com/cloudposse/helmfiles/blob/master/releases/datadog.yaml#L39
CLI for managing secrets. Contribute to segmentio/chamber development by creating an account on GitHub.
Comprehensive Distribution of Helmfiles. Works with
helmfile.d - cloudposse/helmfiles
when you say use chamber to store secrets to SSM store, do you mean that you execute chamber commands to write to it ?
write it first
then read it when deploying
because chamber would already know about the variables/values that it stored in SSM ?
you know the service (namespace) and the name, so you can read it
The access key to access SSM.. how secure is this? Can you store it in VCS or is it generated at runtime and added to SSM allowed keys via aws-vault auth?
Where is your service running? Storing secrets in VCS is a bad idea.
@Andriy Knysh (Cloud Posse) thanks for pointing me to the right tools. To begin with, if i just want to pass secrets to my docker container, how do i achieve that ?
Have the container retrieve it from a secrets management service at init time.
We, at YP are using docker containers for quite some time now. Onboarding onto docker wasn’t always that easy. There are lots of things to account for before running a docker container in productio…
@Andriy Knysh (Cloud Posse) Is it possible to use Chamber as a runtime secrets manager ?
geodesic and from CI/CD pipelines (Codefresh)
chamber is a CLI tool
which works with AWS SSM Parameter Store
so if you are asking if your app could use chamber, then probably not a good idea since you will have to call
chamber from the app
but AWS has SDKs for all languages, so you can just call SSM API from your app to get secrets if you need that
I had naively tried to implement this 4 years ago using
btsync and the docker v1 registry
lets just say, it didn’t work (at all!)
Developed by Uber, Kraken is an open source peer-to-peer Docker registry capable of distributing terabytes of data in seconds.