-
Notifications
You must be signed in to change notification settings - Fork 3
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Dockerize API Service #163
Comments
Both service and UI need to be dockerized, unless there is a AWS deployment strategy which does not need that |
@collinss-jpl made progress on this ticket. Question on how to manage secrets, @nutjob4life @al-niessner will have answers. |
Here's my approach to credentials etc. with a containerized application, but you can extend this to configuration in general: First, clearly, Docker Secrets are the correct way to go, but oh my goodness what a mental strain they are, and then as you've identified you've got the Docker Swarm complexity to deal with. Add to that a tight deadline and it's just too much—an example of the cost exceeding the reward ratio. On the other hand, you can
Okay, so what's the other means? First, for some more complex applications out there (like OpenLDAP server), the configuration is part of the persistence mechanism, so the app starts up with a reasonable set of defaults (and a mounted volume to store the configuration) and you use typical client tools (like
Alternatively, you might even just surf to Now, for the rest of us, environment variables to the rescue. If you've got a containerized app that needs something like a username and password to talk to talk to a database or to provide privileged access to its own state, environment variables are directly supported by Docker and Docker Composition and just need a little bit of caution to use well. You don't, of course, want to do this:
since that puts the password in the process list which anyone can view with But even better: use a Docker Composition: services:
db:
image: postgres:12.4
volumes: …
ports: …
networks: …
environment:
# Empty value here inherits from host's env:
POSTGRES_PASSWORD:
pds-demo-service:
image: pds-image:latest
ports: …
networks: …
environment:
# Empty value here inherits from host's env:
POSTGRES_PASSWORD:
networks: …
version: … Now you can set the password for both the database and the service without having to repeat yourself. You may need to make sure the There's one other alternative I've seen that looks pretty interesting: it's the meta container approach. The ESGF does this with their "Compute WPS" and other projects, and I've seen it someplace else (forget where right now). Essentially it looks like this (in this hypothetical example):
|
@jordanpadams Hi Jordan, where can I find the document for this task? |
@gxtchen https://github.com/NASA-PDS/pds-doi-service#running-with-docker . But @tloubrieu-jpl can correct me if I'm wrong |
@gxtchen I confirm you should use the section https://github.com/NASA-PDS/pds-doi-service#running-with-docker for the docker deployment. We would like to improve that but as it is for build 12.0, that is the resource to be used. Thanks |
No description provided.
The text was updated successfully, but these errors were encountered: