-
Notifications
You must be signed in to change notification settings - Fork 0
W. Docker
Nicolas Dao edited this page Apr 13, 2022
·
2 revisions
Please refer to the Google Cloud Run example.
The previous link shows how to pass environment variables to the container, which is the best practice when it comes to create flexible and reusable Docker images. It's also better from a security standpoint as you adding secrets in an image could lead to secrets leaking. However, there are scenarios where the image might have to be configured based on specific environment variables. The following code snippet demonstrates how to leverage the native --build-arg option in the docker build command to achieve that:
const pulumi = require('@pulumi/pulumi')
const gcp = require('@pulumi/gcp')
const docker = require('@pulumi/docker')
const config = new pulumi.Config()
const gcpAccessToken = pulumi.output(gcp.organizations.getClientConfig({}).then(c => c.accessToken))
// Uploads new Docker image with your app to Google Cloud Container Registry (doc: https://www.pulumi.com/docs/reference/pkg/docker/image/)
const dockerImage = new docker.Image('your-image', {
imageName: pulumi.interpolate`gcr.io/${gcp.config.project}/your-app:v1`,
build: {
context: './app',
extraOptions: [
'--build-arg',
`DB_USER='${process.env.DB_USER}'`,
'--build-arg',
`DB_PASSWORD='${process.env.DB_PASSWORD}'`
]
},
registry: {
server: 'gcr.io',
username: 'oauth2accesstoken',
password: pulumi.interpolate`${gcpAccessToken}`
}
})This method means that the Dockerfile must also define those variables:
FROM node:12-slim
ARG DB_USER
ARG DB_PASSWORD
# ...