#docker (2019-03)

docker

All things docker

Archive: https://archive.sweetops.com/docker/

2019-03-05

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
Introducing Kraken, an Open Source Peer-to-Peer Docker Registryattachment image

Developed by Uber, Kraken is an open source peer-to-peer Docker registry capable of distributing terabytes of data in seconds.

2

2019-03-06

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

I had naively tried to implement this 4 years ago using btsync and the docker v1 registry

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

lets just say, it didn’t work (at all!)

2019-03-11

rohit avatar

Hi. I am new to docker, we do have java web applications(java+tomcat) running nginx as reverseproxy. I am not sure how to run both tomcat and nginx in a same container, can anyone Please help me out ?

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

@rohit are you using kubernetes?

rohit avatar

i am just at the beginning stage but eventually would like to use k8s maybe EKS as we run our infrastructure in AWS

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)
rohit avatar

This is very helpful, will go through these articles

rohit avatar

and how do you pass secrets to docker containers ?

rohit avatar

Let’s say if i have a properties file and the value needs to be populated at run time, how would i do that in containers world ?

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

we use https://github.com/segmentio/chamber to store secrets to SSM Parameter Store. Then, for example when deploying from a CI/CD pipeline, we use chamber to read the secrets from SSM and populate ENV vars with the secrets. Then we use helmfile to deploy a Kubernetes app that reads the ENV vars, e.g. https://github.com/cloudposse/helmfiles/blob/master/releases/datadog.yaml#L39

segmentio/chamber

CLI for managing secrets. Contribute to segmentio/chamber development by creating an account on GitHub.

cloudposse/helmfiles

Comprehensive Distribution of Helmfiles. Works with helmfile.d - cloudposse/helmfiles

rohit avatar

when you say use chamber to store secrets to SSM store, do you mean that you execute chamber commands to write to it ?

segmentio/chamber

CLI for managing secrets. Contribute to segmentio/chamber development by creating an account on GitHub.

cloudposse/helmfiles

Comprehensive Distribution of Helmfiles. Works with helmfile.d - cloudposse/helmfiles

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

yes

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

write it first

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

then read it when deploying

rohit avatar

because chamber would already know about the variables/values that it stored in SSM ?

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

you know the service (namespace) and the name, so you can read it

oscarsullivan_old avatar
oscarsullivan_old

The access key to access SSM.. how secure is this? Can you store it in VCS or is it generated at runtime and added to SSM allowed keys via aws-vault auth?

endofcake avatar
endofcake

Where is your service running? Storing secrets in VCS is a bad idea.

rohit avatar

@Andriy Knysh (Cloud Posse) thanks for pointing me to the right tools. To begin with, if i just want to pass secrets to my docker container, how do i achieve that ?

endofcake avatar
endofcake

Have the container retrieve it from a secrets management service at init time.

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)
Runtime secrets with docker containers

We, at YP are using docker containers for quite some time now. Onboarding onto docker wasn’t always that easy. There are lots of things to account for before running a docker container in productio…

rohit avatar

@Andriy Knysh (Cloud Posse) Is it possible to use Chamber as a runtime secrets manager ?

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

we use chamber from geodesic and from CI/CD pipelines (Codefresh)

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

chamber is a CLI tool

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

which works with AWS SSM Parameter Store

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

so if you are asking if your app could use chamber, then probably not a good idea since you will have to call chamber from the app

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

but AWS has SDKs for all languages, so you can just call SSM API from your app to get secrets if you need that

2019-03-12

2019-03-13

rohit avatar

@Andriy Knysh (Cloud Posse) thank you very much. I am still not able to connect all the dots

rohit avatar

maybe because i am new to this

2019-03-14

pecigonzalo avatar
pecigonzalo

@rohit can I help you?

pecigonzalo avatar
pecigonzalo

what part are you struggling with?

2019-03-22

tamsky avatar
GoogleContainerTools/kaniko

Build Container Images In Kubernetes. Contribute to GoogleContainerTools/kaniko development by creating an account on GitHub.

    keyboard_arrow_up