passing docker swarm secret to sibling container - docker

I have a docker swarm which I start with this compose file:
version: "3.1"
services:
my_service:
image: my_image
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /run/secrets:/run/secrets
secrets:
- my-secret
secrets:
my-secret:
file: my_secret.txt
Now, within the container running my_service, I start a new sibling container (note I've mounted the docker socket), which I want to have access to my-secret, although it's not part of the swarm.
What's the best way to do this?
Simply mounting the secrets as a volume (docker run -v /run/secrets:/run/secrets sibling_image) doesn't work, the sibling container can see my-secret, but it's empty.
Passing an environment variable works, but it's a little too cumbersome if I have many secrets: docker run -it --env MY_SECRET=$(cat /run/secrets/my-secret) sibling_image

Related

is there is any way we can use bind mount in dockerfile or it neccessary to use compose-file.yml

how can we use below sample code in Docker-file
sample 1
docker container run -p 80:4000 -v $(pwd):/site/jekyll-serve
sample 2
docker container run -p 8080:80 --name web2 -v $(pwd):/usr/share/nginx/html nginx
i have recently started learning docker and swarm orchestration just need to know about this issue. is there any update in future release or any fixes to this....???
as of 9/9/21 you need to use docker compose
https://docs.docker.com/compose/networking/
services:
web:
build: .
ports:
- "80:4000"
https://docs.docker.com/storage/volumes/
services:
frontend:
volumes:
- $(pwd):/site/jekyll-serve
volumes:
myapp:
Named volumes: Docker-compose named mounted volume
my-named-volume:
driver_opts:
type: none
device: /home/full/path #NOTE needs full path (~ doesn't work)
o: bind

How to use docker command in container?

I want to use docker command in container on the centos 7.8
I already installed docker at the centos and want to use docker command in the docker container.
So, I added volume in the docker compose file like below.
services:
test_container:
container_name: test
image: app:${DOCKER_TAG}
privileged: true
ports:
- 80:3000
environment:
ENVIRONMENT: develop
volumes:
- /var/lib/docker:/var/lib/docker
- /lib/systemd/system/docker.service:/lib/systemd/system/docker.service
- /var/run/docker.sock:/var/run/docker.sock
- /usr/bin/docker:/usr/bin/docker
- /etc/sysconfig/docker:/etc/sysconfig/docker
But when I run docker compose and use docker command in the container, it shows like this.
You don't have either docker-client or docker-client-latest installed. Please install either one and retry.
How could I fix this? or How could I use the docker command in docker container?
Thank you for reading my questions.
In order to run docker in a docker container, you should use "DinD"( docker in docker ) with privileges. Something like this should work;
docker run --privileged -d docker:find
Another option - instead of starting “child” containers like DinD, it will start “sibling” containers.
docker run -v /var/run/docker.sock:/var/run/docker.sock \
-ti docker
For docker compose;
version: "2"
services:
docker-in-docker:
image: docker:dind
privileged: true
expose:
- 2375
- 2376
node1:
image: docker
links:
- docker-in-docker
environment:
DOCKER_HOST: tcp://docker-in-docker:2375
command: docker ps -a

how to use docker-compose start up host docker container with volumes

i am running docker on windows 10, and have a jenkins container
i can use container jenkins pipeline to build host image
docker -H host.docker.internal:2375 tag myproject:1.0 myproject:latest
i can start host container use docker-compose
docker-compose -H host.docker.internal:2375 -f /var/jenkins_home/myproject/docker-compose.yml up -d
the only issue is, if have 'volumes' in docker-compose.yml, it will display error below.
Named volume "C:\docker\myproject:/target/myproject" is used in service "myproject" but no declaration was found in the volumes section.
docker-compose.yml file
version: '3.9'
services:
myproject:
image: myproject:latest
user: root
container_name: myproject
volumes:
- C:\docker\myproject:/target/myproject
ports:
- 8080:8080
i understand it is because jenkins container cannot found 'C:\docker\myproject', but i want share this folder between host and myproject container.
i tried use below command in jenkins container but it is not working, -f only can read local container file
docker-compose -H host.docker.internal:2375 -f c:/myproject/docker-compose.yml up -d
any idea can run docker-compose with volumes in jenkins container to control host docker?
update problem solved by below
version: '3.9'
services:
myproject:
image: myproject:latest
user: root
container_name: myproject
volumes:
- type: bind
source: C:\docker\myproject
target: /target/myproject
ports:
- 8080:8080

Docker compose not mounting volume?

If I run this command the volume mounts and the container starts as expected with initialized state:
docker run --name gogs --net mk1net --ip 203.0.113.3 -v gogs-data:/data -d gogs/gogs
However if I run the corresponding docker-compose script the volume does not mount. The container still starts up, but without the state it reads on startup.
version: '3'
services:
gogs:
image: gogs/gogs
ports:
- "3000:3000"
volumes:
- gogs-data:/data
networks:
mk1net:
ipv4_address: 203.0.113.3
volumes:
gogs-data:
networks:
mk1net:
ipam:
config:
- subnet: 203.0.113.0/24
Any ideas?
Looking at your command, the gogs-data volume was defined outside the docker compose file, probably using something like:
docker volume create gogs-data
If so then you need to specify it as external inside your docker compose file like this:
volumes:
gogs-data:
external: true
You can also define a different name for your external volume and keep using current volume name inside your docker compose file to avoid naming conflicts, like for example, let's say your project is about selling cars so you want the external volume to be call selling-cars-gogs-data but want to keep it simple as gogs-data inside your docker compose file, then you can do this:
volumes:
gogs-data:
external:
name: selling-cars-gogs-data
Or even better using environment variable to set the volume name for a more dynamic docker compose design, like this:
volumes:
gogs-data:
external:
name: "${MY_GOGS_DATA_VOLUME}"
And then start your docker compose like this:
env MY_GOGS_DATA_VOLUME='selling-cars-gogs-data' docker-compose up
Hope this helps, here is also a link to the docker compose external volumes documentation in case you want to learn more: https://docs.docker.com/compose/compose-file/#external
You can make pretty much everything external, including container linking to connect to other docker compose containers.

How to get container ID from within the container itself

I'm trying to get the container ID of the running container at the startup time. This is to use that information in service health check apis.
I got a loadbalancer sitting in front of a fleet of containers, and runs periodic health checks via https://service-n.api.com/health. Idea is to return the container information with the api responses.
I'm using docker-compose to spinup docker containers, it'd be great if there's a way to pass the container id as environment variable to the container, like below.
version: '2'
services:
web:
image: my.registry.com/pq-api:1.0.0
container_name: my-container
ports:
- 80:80
- 443:443
network_mode: bridge
environment:
CONTAINER_ID: "{{.ID}}"
The container Id is already available by default to all containers inside the environment variable HOSTNAME
$ docker run alpine env
HOSTNAME=....
....

Resources