I have two containers (backend and frontend) that I want to access on the same URL. Looking at the Cloud Run documentation, I can't see how I can configure the following two containers.
frontend => example.com/
backend => example.com/api
Is this possible?
According to the official documentation for Cloud Run link:
Base path mapping: not supported
The term base path refers to the URL
path name that is after the domain name. For example, users is the
base path of example.com/users. Cloud Run only allows you to map a
domain to /, not to a specific base path. So any path routing has to
be handled by using a router inside the service's container or by
using Firebase Hosting.
Related
I am very new to the realm of dockers. I want to make sure I have understood the safety part of it correctly.
Imagine the following case:
I create an app that consists of multiple scripts and models.
I dockerize my app.
I host the dockerized app by using a cloud platform on their servers.
The app has an UI that can be accessed by anyone online, for instance through a web link.
The question is:
Can a person from the outside world access to the contents of this app in any way - or may I sleep in peace and be sure no one can see the stuff inside it?
As part of dockerizing your application, you exposed ports that allow interaction with the container (typically in your Dockerfile). If everything is configured correctly, then external visitors can only access the contents of the container via that port or ports.
Running your container at a well-known provider is a great start, but not a guarantee of a secure configuration.
A few things to consider:
Whatever runs on the port or ports that you expose, can provide whatever info from the container. The service there should be secure itself, regardless of Docker.
You host your Docker image in a registry, where the platform starts it from. That registry should also be configured to not allow unauthorized access to the image.
You should have no secrets in Docker images anyway. If the image needs some kind of a secret, that should be provided at runtime (eg. via environment variables), or even better, downloaded from a secret vault.
I have my Tyk components (Tyk Pro Demo from GitHub) running using Docker compose. When I create a simple API using some public APIs, like Pet Store Io, it works fine.
Now I have word press application running using Docker compose, and the Docker compose file is available here (https://docs.docker.com/samples/wordpress/). This application is running on http://localhost:8000.
However, when I pass this 'localhost:8000' to the target URL in Tyk API definition, and call it through Tyk, it show 'There was a problem proxying the request'.
Is there any setting/ method which can solve this problem?
Actually when I referred to Docker documentation, I realized that I just need to put them in the same Docker network and it will be done.
Can I create a service or container from another container, on Google Cloud Run or Cloud Run on GKE ?
I basically want to manage my containers/services dynamically from another container and not sure how to go about this
Adding more details:
One of my microservices needs to create new isolated containers that will run some user-land code. I would like to have full life-cycle control of these containers, run the code, and then destroy as needed.
I also looked at Cloud Run APIs but not sure how to run something like 'kubectl create ...' through the APIs? Is that the right approach?
Yes, you should be able to deploy Cloud Run services from Cloud Run services.
on Cloud Run (hosted): services by default run with Editor permissions, so this should be possible without any extra configuration
note that if you deploy apps with --allow-unauthenticated which requires setting IAM permissions, the Editor role will not be enough, as you need Owner role on the GCP project for that.
on Cloud Run on GKE: services by default run with limited scopes (as they by default inherit GKE node's permissions/scopes). You should add a service account to the Kubernetes Pod and use it to authenticate.
From there, you have several options:
Use the REST API directly: Since run.googleapis.com behaves like a Kubernetes API server, you can directly apply JSON objects of Knative Services. (You can use gcloud ... --log-http to learn how deployments are made using REST API requests).
Use gcloud: you can ship your container image with gcloud and invoke it from your process.
Use Google Cloud Client Libraries: You can use the client libraries that are available for Cloud Run (for example this Go library) to construct in-memory Service objects and send them to the API using a higher level client library (recommended approach)
Any suggestions for an equivalent routing service for cloud-run, similar to dispatch.yaml for app engine?
We'd like the flexibility of (temporarily) sending traffic to a different service based on URL.
If you want to route certain paths to certain Cloud Run services, I recommend using Firebase Hosting, it integrates with Cloud Run.
Is there a way to add API endpoints in Kong without using curl? I have Kong up and running in a docker container using docker-compose and I would like to be able to pass in a configuration file (or what-have-you) on container spin up that outlines the endpoints I would like setup. Is this possible? This is the closest I have found to a solution : http://blog.toast38coza.me/kong-up-and-running-part-2-defining-our-api-gateway-with-ansible/
One option could be to use the YAML driven Kongfig tool to manage the config of the machine. You could run it external to the container e.g. via a CI process (Jenkins etc.) or in theory add a bootstrap action with Konfig running locally within the container.
You can use Kongfig as Mark said or throught the GUI Konga