Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
    Chase Pierce
    @syntaqx
    What's a good way of allowing CircleCI to connect to a swarm you created with docker-machine? Trying to understand the "right" way, not just a way . Literally just trying to allow circle to do a rolling deploy on build :)
    Mike Holloway
    @mh720
    Not sure of a/the definitive ‘right’ way to accomplish this, but replied in gitter/swarmstack this morning that our team uses something like Portainer’s webhook API for builds to trigger CI/CD updates to containers and stacks.
    Chase Pierce
    @syntaqx
    Seems like the portainer stuff via swarmstack just auto-updates a given tag, no? (ie, my/service:latest)
    Isn't the more common convention in orchestration to use a specific tag (ie my/service:1.0.1) so you can have rollbacks?
    Mike Holloway
    @mh720
    Curious to hear what others here do. For dev CI/CD we use latest and fail forward, for production a tagged release. Not a fit for every environment, but is adequate for some.
    Chase Pierce
    @syntaqx
    For CI/CD do you guys redeploy stacks, update services, a mixture? I'm curious how people manage the individual services within stacks and how to update them individually
    Jose Marcelius Hipolito
    @joeyhipolito
    @all is there a way to share SSH_AUTH_SOCK from a windows host to my containers...?
    Chase Pierce
    @syntaqx
    Which ssh agent are you using?
    atarutin
    @atarutin
    do the network interfacs need to be initialized in --advertise-addr and --data-path-addr?
    Chandrasekar
    @chandru1989_gitlab
    Is there any document which shows about starting docker container swarm via swarm plugin from jenkins ..
    rps2ff
    @rps2ff
    has anyone deployed a kafka cluster using docker swarm?
    Jack Murphy
    @rightisleft
    Hi folks - i seem to be having a new issue with a custom defined attachable network. When attempting to connect a container to it, the docker daemon is unable to locate it. This was working correctly yesterday
    Mike Holloway
    @mh720
    UDP 4789 open between swarm hosts? Did you try restarting Docker daemon on each host to potentially let Docker fix up the INPUT chain firewall rules?
    Daniel Nordberg
    @dnordberg
    hey, are docker secrets really secure? more secure than just passing env? my issue is you can easily enter a container if you have access to the host and view secrets anyway
    is there any better way of managing secrets if this is the case?
    Chase Pierce
    @syntaqx
    @dnordberg The idea is that there isn't a trace of the value existing - It's a file handler, so it's literally up to the host system to provide a secret rather than the value being set on the container itself
    So yes, you can still login to a container that has a secret set and echo that value out, that's the reality with any secret system when you can read it - But the value can be encrypted at rest when not in use, and is only available when you mount it - not after, and not retrievable through layers
    Think of it more of as a secure pipe to the secret rather than the secret itself being "secured" while mounted.
    Chase Pierce
    @syntaqx
    @dnordberg Read over https://www.alexandraulsh.com/2018/06/25/docker-npmrc-security/ for an example of why secrets are better. Read the update to the document last, but it should give you an idea of what Docker is actually securing
    Ayush Singh
    @ayushgt_gitlab
    does anyone know if we can achieve canary deployment using docker-swarm ? one odd way is to increase update delay but is there anything already that I am missing ?
    Ayush Singh
    @ayushgt_gitlab
    does anybody know if swarm provides the routing logs ?
    mudit-naithani
    @mudit-naithani
    Hello everyone, I have recently done some courses on docker and kubernetes. Now I want to work on some real use cases which are being used in Production environments.
    Could anyone here please tell any POC which I can pick up as a beginner to get a hands-on on both of them.
    haroonhanif
    @haroonhanif

    Hi,

    I'm trying to containerize IIS running on Windows 2008R2 running on vSphere 6.7. My steps are as follows:

    • convert .vmdk to .vhdx
    • run Image2Docker 1.8.5
    • ConvertTo-Dockerfile -ImagePath I:\cloneVMIIS_3.vhdx -OutputPath I:\container2\ -MountPath C:\Image\ -Artifact IIS -ArtifactParam 'Default Web Site/Asghar' -Force –Verbose
    • in container2 I get the followings:
            - config folder
            - wwwroot folder
            - IIS.json file
            - no DockerFile due to the following error:
      Generate_IIS : You cannot call a method on a null-valued expression.
      At C:\Program Files\WindowsPowerShell\Modules\Image2Docker\1.8.5\Functions\Private\GenerateDockerfile.ps1:37 char:23
    • ... ockerfile = & "Generate_$Artifact" -MountPath $MountPath -ManifestPat ...
    • ~~~~~~~~~~~~~
      • CategoryInfo : InvalidOperation: (:) [Generate_IIS], RuntimeException
      • FullyQualifiedErrorId : InvokeMethodOnNull,Generate_IIS
        I’d be grateful if you could help me resolve this problem.
        Many thanks,
    w3jimmy
    @w3jimmy
    Hi guys, it's been a while since I posted this in StackOverflow, and it's related with Docker Swarm visualizer and nginx config. It should be quite easy, but I'm not expert enough, perhaps one of you could help? Thanks https://stackoverflow.com/questions/57856434/nginx-password-protect-docker-visualizer
    prog20901
    @prog20901

    How to convert a java standlone app to web application or access via internet?

    I come across several beautiful java standalone application..example DocFetcher...However there is no web interface available.

    Is there a way to make it as web application using any tool or third party plugin or server?
    Is there a way to launch in the server and access as jnlp from anywhere?
    What would be the best and easiest way to convert a standalone jar or desktop java application to web server...

    Not going to be a request and response..Instead wanted to do the same thing which we can do in the standlone......

    Please kindly advise....
    i f nothing is possible, is it possible via docker
    looking for a solution via docker if possible

    Dean Galvin
    @FreekingDean
    Would love some help if someone knows what my issue is, im getting the error: "no suitable node (unsupported platform on 1 node)"
    The image architecture is: "Architecture": "amd64"
    The node OS/architecture is:
    Operating System: Arch Linux
    Architecture: x86_64
    I was under the impression that those should normalize & be equal?
    Mike
    @mhsutton_gitlab
    @FreekingDean not encountered this myself, when do you get this? When you deploy something or just adding the node to the swarm?
    CharcoGreen
    @CharcoGreen
    Good morning , I have a question :
    I´m deploy with docker service and have same as this $REGISTRY_DOMAIN:$REGISTRY_PORT/${IMAGE} \
    --path.procfs /host/proc \
    --path.sysfs /host/sys \
    --path.rootfs /host \
    --collector.filesystem.ignored-mount-points "^/(sys|proc|dev|etc)($|/)" \
    --collector.textfile.directory /etc/node-exporter/
    this are commands to prometheus service
    So, i want deploy with docker stack
    How apply this commands in a ymal file ?
    CharcoGreen
    @CharcoGreen
    sorry
    prometheus:
    image: prom/prometheus:v2.0.0
    volumes:
      - prometheus_config_data:/etc/prometheus/
      - prometheus_data:/prometheus
    command:
      - '--config.file=/etc/prometheus/prometheus.yml'
      - '--storage.tsdb.path=/prometheus'
      - '--web.console.libraries=/usr/share/prometheus/console_libraries'
      - '--web.console.templates=/usr/share/prometheus/consoles'
    I haven't well search
    ecaepp
    @ecaepp
    @CharcoGreen I take it those commands are arugments used when starting Prometheus i.e. prometheus --config1=my_config1 --config2=my_config2.
    If you could try using the > anchor in YAML. This will traspose the list of commands into a single line.
    command: >
        --config.file=/etc/prometheus/prometheus.yml
        --storage.tsdb.path=/prometheus
        --web.console.libraries=/usr/share/prometheus/console_libraries
        --web.console.templates=/usr/share/prometheus/consoles
    CharcoGreen
    @CharcoGreen
    thanks!
    just this work

    Service prometheus

    prometheus:
      image: registry.integracio.swarmme:5005/prometheus:2.11
      command:
        - '--config.file=/etc/prometheus/prometheus.yml'
        - '--storage.tsdb.retention=31d'
        - '--web.console.libraries=/etc/prometheus/console_libraries'
        - '--web.console.templates=/etc/prometheus/consoles'
    CharcoGreen
    @CharcoGreen
    We can user var in yaml files to deploy¿
    Zhiyu(Drew) Li
    @zhiyuli
    Hello All, we are using Swarm to deploy Jupyter single-user container. We have worker nodes with different spec. (big nodes VS small nodes). We found swarm tries to distribute notebook containers evenly on them. But once it hits the resource limit on one small node, the whole cluster stops deploying new containers (services created but no container starts) even though big node still have a lot of unused resources. Any help would be appreciated. Thanks
    Mike
    @mhsutton_gitlab
    @zhiyuli have you tried setting explicit resource constraints for your service e.g.
          resources:
            limits:
              cpus: '0.50'
              memory: 1024M
            reservations:
              cpus: '0.25'
              memory: 512M
    I haven't had the issue you have because my cluster is mostly all the same spec.
    but I have seen nodes skipped because they don't have that resource available at the time of the service scale
    @zhiyuli even spread is the only algorithm currently supported but you can limit with a few other things like labels and placement constraints
    Mike Hughes
    @mikehhhhhhh

    Hi all, having a bit of an odd issue. I have a swarm deployed in a private network, services with published ports are accessible from anywhere inside that private network without issue, however peered networks (in this instance, a VPN) time out.

    It works fine if I bring the services up with docker-compose on the same host, so not a network issue.

    Inspect looks like this;

     PublishedPort = 80
      Protocol = tcp
      TargetPort = 80
      PublishMode = ingress