Welcome to the Inedo Forums! Check out the Forums Guide for help getting started.

If you are experiencing any issues with the forum software, please visit the Contact Form on our website and let us know!

Proget docker image should support docker secrets



  • Hi Guys,

    Please could you allow your ProGet docker image to support secrets. Secrets are mounted as files from the docker host to the container. You should then allow a docker environment variable to specify a file path to the secret.

    This could be used in a docker stack file in the following way:

    version: '3.4'
    services:
      Server:
        image: proget.inedo.com/productimages/inedo/proget:5.3.7
        networks:
          - traefik-public
          - clair
        environment:
          SQL_CONNECTION_STRING_FILE: "/run/secrets/proget_connection_string"
          TZ: "America/Denver"
        secrets:
         - source: proget_connection_string
           target: /run/secrets/proget_connection_string    
       volumes:
          - "/mnt/docker/proget/packages:/var/proget/packages"
          - "/mnt/docker/proget/extensions:/var/proget/extensions"
        deploy:
          mode: replicated
          replicas: 1
          placement:
            constraints:
              - node.platform.os == linux
      secrets:
      proget_connection_string:
        external: true
        name: proget_connection_string
    

    You can find out more about docker secrets here:
    https://docs.docker.com/engine/swarm/secrets/

    Thanks
    Simon


  • inedo-engineer

    hi Simon, thanks for the suggestion!

    I'll be honest, I'm really not that familiar with Docker Swarm or Secrets, but I wonder, from the "code inside ProGet perspective", does this seem as simple as like,

    // fake code, just an example
    if (EnvironmentVariables["proget_connection_string"] != null)
       return EnvironmentVariables["proget_connection_string"];
    
    else if (EnvironmentVariables["proget_connection_string_file"])
       return File.ReadAllText(EnvironmentVariables["proget_connection_string_file"]);
    
    else 
      return ReadFromNormalConfigFile();
    


  • Yes @atripp that looks easy enough. Hope to see it in a future version.

    Thanks

    Simon


  • inedo-engineer

    @scroak_6473 thanks Simon!

    I added PG-1790 to our system; one blocker I have... how should we document this?

    We'd love to even give an example of more advanced configuration, like how you have, of the Docker Compose file. Here's the current docs we have.

    https://github.com/Inedo/inedo-docs/blob/master/ProGet/installation/installation-guide/linux-docker.md

    If you can docs suggest or do a Pull Request that would help us get this done ASAP :)



  • Hi @atripp

    I've created a PR and added an expanded section on Environment variables.

    I would suggest creating a new page called running on Linux docker swarm and I can add some example stack files/notes to that page later.

    Thanks

    Simon


  • inedo-engineer

    Hi @scroak_6473,

    I created a branch and a blank page on GitHub for Docker Swarm. You should be able to add your notes and examples there. Please let me know if you have any issues!

    Thanks,
    Rich


Log in to reply
 

Inedo Website HomeSupport HomeCode of ConductForums GuideDocumentation