Where communities thrive

  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
Repo info
    Chase Pierce
    So yes, you can still login to a container that has a secret set and echo that value out, that's the reality with any secret system when you can read it - But the value can be encrypted at rest when not in use, and is only available when you mount it - not after, and not retrievable through layers
    Think of it more of as a secure pipe to the secret rather than the secret itself being "secured" while mounted.
    Chase Pierce
    @dnordberg Read over https://www.alexandraulsh.com/2018/06/25/docker-npmrc-security/ for an example of why secrets are better. Read the update to the document last, but it should give you an idea of what Docker is actually securing
    Ayush Singh
    does anyone know if we can achieve canary deployment using docker-swarm ? one odd way is to increase update delay but is there anything already that I am missing ?
    Ayush Singh
    does anybody know if swarm provides the routing logs ?
    Hello everyone, I have recently done some courses on docker and kubernetes. Now I want to work on some real use cases which are being used in Production environments.
    Could anyone here please tell any POC which I can pick up as a beginner to get a hands-on on both of them.


    I'm trying to containerize IIS running on Windows 2008R2 running on vSphere 6.7. My steps are as follows:

    • convert .vmdk to .vhdx
    • run Image2Docker 1.8.5
    • ConvertTo-Dockerfile -ImagePath I:\cloneVMIIS_3.vhdx -OutputPath I:\container2\ -MountPath C:\Image\ -Artifact IIS -ArtifactParam 'Default Web Site/Asghar' -Force –Verbose
    • in container2 I get the followings:
            - config folder
            - wwwroot folder
            - IIS.json file
            - no DockerFile due to the following error:
      Generate_IIS : You cannot call a method on a null-valued expression.
      At C:\Program Files\WindowsPowerShell\Modules\Image2Docker\1.8.5\Functions\Private\GenerateDockerfile.ps1:37 char:23
    • ... ockerfile = & "Generate_$Artifact" -MountPath $MountPath -ManifestPat ...
    • ~~~~~~~~~~~~~
      • CategoryInfo : InvalidOperation: (:) [Generate_IIS], RuntimeException
      • FullyQualifiedErrorId : InvokeMethodOnNull,Generate_IIS
        I’d be grateful if you could help me resolve this problem.
        Many thanks,
    Hi guys, it's been a while since I posted this in StackOverflow, and it's related with Docker Swarm visualizer and nginx config. It should be quite easy, but I'm not expert enough, perhaps one of you could help? Thanks https://stackoverflow.com/questions/57856434/nginx-password-protect-docker-visualizer

    How to convert a java standlone app to web application or access via internet?

    I come across several beautiful java standalone application..example DocFetcher...However there is no web interface available.

    Is there a way to make it as web application using any tool or third party plugin or server?
    Is there a way to launch in the server and access as jnlp from anywhere?
    What would be the best and easiest way to convert a standalone jar or desktop java application to web server...

    Not going to be a request and response..Instead wanted to do the same thing which we can do in the standlone......

    Please kindly advise....
    i f nothing is possible, is it possible via docker
    looking for a solution via docker if possible

    Dean Galvin
    Would love some help if someone knows what my issue is, im getting the error: "no suitable node (unsupported platform on 1 node)"
    The image architecture is: "Architecture": "amd64"
    The node OS/architecture is:
    Operating System: Arch Linux
    Architecture: x86_64
    I was under the impression that those should normalize & be equal?
    @FreekingDean not encountered this myself, when do you get this? When you deploy something or just adding the node to the swarm?
    Good morning , I have a question :
    I´m deploy with docker service and have same as this $REGISTRY_DOMAIN:$REGISTRY_PORT/${IMAGE} \
    --path.procfs /host/proc \
    --path.sysfs /host/sys \
    --path.rootfs /host \
    --collector.filesystem.ignored-mount-points "^/(sys|proc|dev|etc)($|/)" \
    --collector.textfile.directory /etc/node-exporter/
    this are commands to prometheus service
    So, i want deploy with docker stack
    How apply this commands in a ymal file ?
    image: prom/prometheus:v2.0.0
      - prometheus_config_data:/etc/prometheus/
      - prometheus_data:/prometheus
      - '--config.file=/etc/prometheus/prometheus.yml'
      - '--storage.tsdb.path=/prometheus'
      - '--web.console.libraries=/usr/share/prometheus/console_libraries'
      - '--web.console.templates=/usr/share/prometheus/consoles'
    I haven't well search
    @CharcoGreen I take it those commands are arugments used when starting Prometheus i.e. prometheus --config1=my_config1 --config2=my_config2.
    If you could try using the > anchor in YAML. This will traspose the list of commands into a single line.
    command: >
    just this work

    Service prometheus

      image: registry.integracio.swarmme:5005/prometheus:2.11
        - '--config.file=/etc/prometheus/prometheus.yml'
        - '--storage.tsdb.retention=31d'
        - '--web.console.libraries=/etc/prometheus/console_libraries'
        - '--web.console.templates=/etc/prometheus/consoles'
    We can user var in yaml files to deploy¿
    Zhiyu(Drew) Li
    Hello All, we are using Swarm to deploy Jupyter single-user container. We have worker nodes with different spec. (big nodes VS small nodes). We found swarm tries to distribute notebook containers evenly on them. But once it hits the resource limit on one small node, the whole cluster stops deploying new containers (services created but no container starts) even though big node still have a lot of unused resources. Any help would be appreciated. Thanks
    @zhiyuli have you tried setting explicit resource constraints for your service e.g.
              cpus: '0.50'
              memory: 1024M
              cpus: '0.25'
              memory: 512M
    I haven't had the issue you have because my cluster is mostly all the same spec.
    but I have seen nodes skipped because they don't have that resource available at the time of the service scale
    @zhiyuli even spread is the only algorithm currently supported but you can limit with a few other things like labels and placement constraints
    Mike Hughes

    Hi all, having a bit of an odd issue. I have a swarm deployed in a private network, services with published ports are accessible from anywhere inside that private network without issue, however peered networks (in this instance, a VPN) time out.

    It works fine if I bring the services up with docker-compose on the same host, so not a network issue.

    Inspect looks like this;

     PublishedPort = 80
      Protocol = tcp
      TargetPort = 80
      PublishMode = ingress
    Mike Hughes
    Ah, looks like an addressing conflict between VPN network and ingress network
    Jeric Santos
    Hello Guys. I Am New With Docker Swarm. Do You Have Any Good Reference Material To Checkout For Beginners?
    Sebastjan Hribar
    @santosronjeric hi, I can recommend these tutorials. They helped me a lot. https://takacsmark.com/
    @santosronjeric I recommend https://labs.play-with-docker.com/
    hi guys, for swarm, what mode is prefer? replicated or global and why?
    Jeric Santos
    Thanks Guys.
    Jeric Santos

    Hi Guys. Need A Little Help. I Am Running Gitlab-CE On Docker On My Local Machine. I Want To Add A Virtual Host To My Compose File. How Could I Integrate NGINX or APACHE Within my docker-compose file So That I Can Have My Own URL Locally?

    This Is My Compose File.

    version: '3.7'
        image: gitlab/gitlab-ce:12.8.0-ce.0
        container_name: gitlab-web
        hostname: gitlab-web
          - './gitlab/gitlab-config:/etc/gitlab'
          - './gitlab/gitlab-logs:/var/log/gitlab'
          - './gitlab/gitlab-data:/var/opt/gitlab'
          - '2222:22'
          - '8080:80'
          - '443:443'
          - '4567:4567'
            gitlab_rails['gitlab_shell_ssh_port'] = 2222
            registry_external_url 'http://localhost:4567'
            registry['enable'] = true
            unicorn['socket'] = '/opt/gitlab/var/unicorn/gitlab.socket'
          - gitlab-network
        image: gitlab/gitlab-runner:alpine-v12.8.0
        container_name: gitlab-runner1
        hostname: gitlab-runner1
          - './gitlab/gitlab-runner1-config:/etc/gitlab-runner:Z'
          - '/var/run/docker.sock:/var/run/docker.sock'
          - gitlab-network
        name: gitlab-network
    Robert Main
    hi folks

    I'm trying to load balance a service with traefik.

    I have the following labels configured on my service:

    - traefik.http.routers.pihole.rule=Host(`pi.hole`)
    - traefik.http.services.pihole.loadbalancer.port=80

    If I connect to pi.hole I get "Connection Refused"


    Hi, I would like to ask you for your help with dockerizing cucumber java project.

    I need to add parameter classpath for maven library to dockerfile. Maven lib is stored in my project as external lib.

    but I have to add this maven jar into classpath in docker container. Because I need to run command java cp with class store in maven jar as I mentioned above.

    Can someone help me?

    Thank you in advance.


    I'm having a problem with network connectivity on the host after deploying a stack.

    $ ip addr show eth0
    2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
        link/ether <MAC> brd ff:ff:ff:ff:ff:ff
        inet brd scope global dynamic eth0
           valid_lft 5947sec preferred_lft 5947sec
        inet6 2601::<REDACTED>/64 scope global dynamic mngtmpaddr noprefixroute
           valid_lft 86400sec preferred_lft 14400sec
        inet6 2601::<REDACTED>/64 scope global dynamic mngtmpaddr noprefixroute
           valid_lft 86400sec preferred_lft 14400sec
        inet6 fe80:: 2601::<REDACTED>/64 scope link
           valid_lft forever preferred_lft forever
    $ ip route
    default via dev eth0 proto dhcp src metric 1024 dev eth0 proto dhcp scope link src metric 1024 dev docker0 proto kernel scope link src linkdown dev docker_gwbridge proto kernel scope link src linkdown
    $ docker swarm init --advertise-addr=
    $ ip route
    default dev vetha412226 scope link src metric 359
    default via dev eth0 proto dhcp src metric 1024 dev eth0 proto dhcp scope link src metric 1024 dev vetha412226 scope link src metric 359 dev docker0 proto kernel scope link src linkdown dev docker_gwbridge proto kernel scope link src
    $ ping
    PING ( 56(84) bytes of data.
    From icmp_seq=1 Destination Host Unreachable

    As you can see, initing the swarm has added a new default route to my routing table and no I can no longer access the network from the host. Is this expected? Should I use a different advertise address?

    vaibhavk1985 21:29
    I have developed my application in django-rest app for api. I want to handle 10k request concurrently or simultaneous request.
    What will be the aws configuration need
    Which application server will use uwsgi or gunicorn

    How to docker image of spring boot application?

    I'm facing several issues in creating docker application in windows environment.

    Can someone help me with a link or reference or steps on how to create docker image for spring boot application in windows environment?

    Basically the application runs perfectly fine in IntelliJ or Eclipse STS without any issues (Zero Issues)

    Please advise.


    How do I get swarm to join on a machine with two different IPs
    Figured it out, firewalld and iptable issues
    Ernesto Echeverria
    Is this room active anymore? Had issues in my swarm environments after latest docker update but haven't seen anyone commenting about it. Is this a place where such conversation happens? Thanks in advance.
    Yunus Üstün
    hi everyone
    The client and backend are using certificates to communicate. When communication is started, the backend registers the client to the database with a unique ID. Too many logs from clients and I want to make a load balancer for the backend but the certificate seems to be blocking me. Is there a structure or solution in Swarm that the client and backend can use as authentication?