Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to securely share private docker repo login credentials in Azure container service with Mesos & Marathon

Tags:

docker

azure

mesos

marathon

dcos

I have setup Azure Container Service using DC/OS + Marathon for deploying Docker containers. So far looks good, I can connect to master node using SSH tunnel and access Mesos and Marathon WebUI as well as hit REST API.

Next, I am trying to deploy a docker container from my private docker repository and I found following article on Marathon website.

https://mesosphere.github.io/marathon/docs/native-docker-private-registry.html

Please see the "Note" section from above URL -

Note: The URI must be accessible by all nodes that may start your application. Approaches may include distributing the file to the local filesystem of all nodes, for example via RSYNC/SCP, or storing it on a shared network drive, for example Amazon S3. It is worth considering the security implications of your chosen approach.

What options does Azure provides for sharing the docker.tar.gz file across all nodes?

Thanks

like image 515
Anurag Sharma Avatar asked May 03 '16 18:05

Anurag Sharma

3 Answers

Put your docker.tar.gz to Azure Storage and create a signed url. I have used Azure Storage Explorer to create one.

Output;

https://xyzds.file.core.windows.net/docker/docker.tar.gz?...url-params

You need to add file extension in order to marathon extract it.

x=.tar.gz

"uris": [ "https://xyzds.file.core.windows.net/docker/docker.tar.gz?...url-params&x=.tar.gz" ]

You are good to go.

like image 198
Ferhat Sobay Avatar answered Oct 13 '22 07:10

Ferhat Sobay

One method is to use a script to walk the agents in your cluster. Take a look at https://github.com/rgardler/acs-cli for some experiments in doing this.

like image 41
rgardler Avatar answered Oct 13 '22 07:10

rgardler

the way we did it is use parallel-scp to push the file to all our mesos agents, something like:

parallel-scp -h ~/pssh_all_ips ./docker.tar.gz /etc/docker.tar.gz

Where pssh_all_ips is a newline separated file of internal IP addresses (10.0.*.* or 10.32.*.* in our case).

You can find your agent IPs at localhost:2000/mesos/#/slaves if you're tunneled into your cluster).

This makes the file available at file:///etc/docker.tar.gz on all agents, from there you can use marathon's URI field to make it available to the docker pull system.

like image 1
viraj_os Avatar answered Oct 13 '22 07:10

viraj_os
Sign in to Comment

Related questions

cross domain cookies in azure development with ACS authentication
retrieve list of blobs on Azure Storage by regular expression or wild cards
How to query Azure DocumentDB with an equivalent of the SELECT DISTINCT statement
How to register devices to Azure Notification Hub from server side(with NodeJS sdk) ?
Custom Deployment to Azure Websites
Remotely execute a Spark job on an HDInsight cluster
Android Azure Notification hub unregister
Tasks that need to be performed on a certain date in Azure
DocumentDB TransientFaultHandling Best Practice
SQL Azure VIEW DATABASE STATE permission denied in database 'master'
Azure Service Bus, determine if OnMessage stops processing
How to Download a PDF file from Azure in ASP.NET MVC via Save Dialog
Azure Resource Manager: move VM to availability group
Web server received an invalid response while acting as a gateway or proxy server
How to keep AzureRMAccount between sessions
Continuous Deployment from GitHub failing in Azure (ASP.NET 5 & MVC 6)
How to serve a file in MVC without exposing the URL?
Can we recover a deleted server for Azure SQL Database?
Contains / in array in Azure Search (Preview)
Mapping Azure Service Fabric services to a certain node type

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!