Docker image, & local development docker-compose.yml #2

3wordchant · 2021-07-19T21:38:20Z

3wordchant commented

2021-07-19 21:38:20 +00:00

Adds:

a Docker image, which can be used in both development and production
a docker-compose.yml file for local development (could probably be adapted for production deployments)

Testing:

git checkout docker
docker-compose up
pray 🙏
go to http://localhost:5000

App architecture

I added the ability to load secret config variables (HUB_TOKEN, STRIPE_SECRET_KEY etc) from files, to support Docker Secrets natively. The code should probably log an error if a specified HUB_TOKEN_FILE doesn't exist instead of failing silently..

Docker architecture

This uses a multi-stage build to reduce the size of the final image -- having pipenv install to a predefined virtualenv, and then copying that over.

The compose file doesn't include a definition for a cron runner service, and I haven't tested running one yet. Here be dragons!

You can rebuild the image locally using docker-compose build, but this isn't required for changes to the app code, only if you edit the Dockerfile, or want to publish your image for use on a swarm server (in which case you will need to edit the image name to put in your own Docker hub credentials).

Currently, the image is rebuild (should set up auto-tagging..) and publish with every push to this 3wordchant/capsul-flask fork.

Adds: - a Docker image, which can be used in both development and production - a `docker-compose.yml` file for local development (could probably be adapted for production deployments) Testing: - `git checkout docker` - `docker-compose up` - pray 🙏 - go to http://localhost:5000 ## App architecture I added the ability to load secret config variables (`HUB_TOKEN`, `STRIPE_SECRET_KEY` etc) from files, to support [Docker Secrets](https://docs.docker.com/engine/swarm/secrets/) natively. The code should probably log an error if a specified `HUB_TOKEN_FILE` doesn't exist instead of failing silently.. ## Docker architecture This uses a multi-stage build to reduce the size of the final image -- having pipenv install to a predefined virtualenv, and then copying that over. The compose file doesn't include a definition for a cron runner service, and I haven't tested running one yet. Here be dragons! You can rebuild the image locally using `docker-compose build`, but this isn't required for changes to the app code, only if you edit the `Dockerfile`, or want to publish your image for use on a swarm server (in which case you will need to edit the image name to put in your own Docker hub credentials). Currently, the image is rebuild (should set up auto-tagging..) and publish with every push to this 3wordchant/capsul-flask fork.

3wordchant added 3 commits 2021-07-19 21:38:21 +00:00

6b53c80a71 Initial attempt at Docker

6db163365c Multi-stage build oh my!

e9934a8a6b Use Flask server in development

3wordchant force-pushed docker from 6102e812a0 to be6c1b38b7

2021-07-19 23:51:56 +00:00

Compare

3wordchant added 1 commit 2021-07-19 23:52:36 +00:00

continuous-integration/drone/pr Build encountered an error Details

continuous-integration/drone/push Build is passing Details

2e6c6517f3 Add openssh-cient to Dockerfile for ssh-keyscan

decentral1se approved these changes 2021-07-20 20:57:17 +00:00

decentral1se left a comment

Fantastic work! All of my comments are mostly rambly commentary on not-necessary changes at all unless you feel like it. I had a glass of wine and I was enjoying typing. You'll have to forgive me.

.drone.yml Outdated

					
				@ -0,0 +10,4 @@

				      password:

				        from_secret: docker_reg_passwd_3wc

				      repo: 3wordchant/capsul-flask

				      tags: latest

decentral1se commented

2021-07-20 20:48:41 +00:00

Off-topic: does capsul do tagged releases? That'd be handy as the plugins/docker plugin has a auto_tag: true which generates the image tag based on the git tag. That is probably One For Later ™️

Off-topic: does capsul do tagged releases? That'd be handy as the [plugins/docker](http://plugins.drone.io/drone-plugins/drone-docker/) plugin has a `auto_tag: true` which generates the image tag based on the git tag. That is probably One For Later :tm:

3wordchant commented

2021-07-20 21:44:35 +00:00

The last one was a year ago, I think, probably worth asking Cyberia if they'd be down for that?

Even more off-topic: can auto_tag: true work off the branch name? I'd love a way to be able to publish different images from different branches without hardcoding the branch name.

The last one was a year ago, I think, probably worth asking Cyberia if they'd be down for that? Even more off-topic: can `auto_tag: true` work off the branch name? I'd love a way to be able to publish different images from different branches without hardcoding the branch name.

3wordchant commented

2021-07-21 22:55:19 +00:00

auto_tag doesn't, but I think it's possible with interpolating e.g. ${DRONE_COMMIT_BRANCH}, see 982556a

`auto_tag` doesn't, but I think it's possible with interpolating e.g. `${DRONE_COMMIT_BRANCH}`, see 982556a

3wordchant marked this conversation as resolved

Dockerfile Outdated

					
				@ -0,0 +1,33 @@

				FROM python:3.8-alpine as build

				RUN apk add gettext git gcc python3-dev musl-dev \

decentral1se commented

2021-07-20 20:51:21 +00:00

Feel free to ignore but I usually add --no-cache to save space and newline + sort things so it is easier to have a visual overview of dependencies and alphabetic ordering to know where to slot things in. Can be useful if you end up adding a lot of dependencies and then need to remove them over time as the software changes.

RUN apk add --no-cache \
    build-base \
    gcc \
    gettext \
    git \
    jpeg-dev \
    libffi-dev \
    libjpeg \
    musl-dev \
    postgresql-dev \
    python3-dev \
    zlib-dev \
    --virtual .build-dependencies

Feel free to ignore but I usually add `--no-cache` to save space and newline + sort things so it is easier to have a visual overview of dependencies and alphabetic ordering to know where to slot things in. Can be useful if you end up adding a lot of dependencies and then need to remove them over time as the software changes. ``` RUN apk add --no-cache \ build-base \ gcc \ gettext \ git \ jpeg-dev \ libffi-dev \ libjpeg \ musl-dev \ postgresql-dev \ python3-dev \ zlib-dev \ --virtual .build-dependencies ```

❤️ 1

3wordchant marked this conversation as resolved

Dockerfile Outdated

					
				@ -0,0 +17,4 @@

				FROM python:3.8-alpine

				RUN apk add --no-cache libpq libstdc++ libjpeg virt-install libvirt-client \

decentral1se commented

2021-07-20 20:52:37 +00:00

Same totally optional comment as https://git.autonomic.zone/3wordchant/capsul-flask/pulls/2/files#issuecomment-7607.

👍 1

3wordchant marked this conversation as resolved

capsulflask/__init__.py Outdated

					
				@ -31,0 +33,4 @@

				  "SPOKE_HOST_TOKEN", "HUB_TOKEN", "STRIPE_SECRET_KEY",

				  "BTCPAY_PRIVATE_KEY", "MAIL_PASSWORD"

				]:

				  var = os.environ.get(f"{var_name}_FILE", False)

decentral1se commented

2021-07-20 20:53:42 +00:00

Optional: var = os.environ.get(f"{var_name}_FILE") also works as it defaults to None if missing.

Optional: `var = os.environ.get(f"{var_name}_FILE")` also works as it defaults to `None` if missing.

👍 1

3wordchant marked this conversation as resolved

docker-compose.yml Outdated

					
				@ -0,0 +26,4 @@

				    devices:

				      - "/dev/kvm:/dev/kvm"

				  db:

				    image: "postgres:9.6.5"

decentral1se commented

2021-07-20 20:56:22 +00:00

Maybe postgres:9.6-alpine as it is smaller? https://hub.docker.com/_/postgres?tab=description&page=1&ordering=last_updated

Maybe `postgres:9.6-alpine` as it is smaller? https://hub.docker.com/_/postgres?tab=description&page=1&ordering=last_updated

3wordchant marked this conversation as resolved

3wordchant added 1 commit 2021-07-20 21:48:49 +00:00

continuous-integration/drone/pr Build is failing Details

continuous-integration/drone/push Build is passing Details

2e6894ad14 Changes from @decentral1se code review

3wordchant added 1 commit 2021-07-21 09:38:50 +00:00

continuous-integration/drone/pr Build was killed Details

continuous-integration/drone/push Build is passing Details

fc7e264178 Make docker-compose file less demanding

forest commented

2021-07-21 21:35:32 +00:00

This seems fine to me. One thing I would like to mention, I have been agitating about trying to set up a private docker image / open container image repository for cyberia for a while. Ideally in the future we could do that and use the cyberia concourse build system to build the images, but that doesnt need to block this PR.

👍 1

3wordchant commented

2021-07-21 21:42:00 +00:00

OK, wonderful. I'm very happy to help migrate to the Cyberia registry when it exists, and a Concourse build when I find time to wrap my head around secret management.

3wordchant force-pushed docker from 8e22948f82 to 13646e64da

2021-07-21 21:50:59 +00:00

Compare

3wordchant added 1 commit 2021-07-21 22:28:55 +00:00

continuous-integration/drone/pr Build was killed Details

continuous-integration/drone/push Build is passing Details

982556a2c5 Tag with current branch, instead of `latest`

3wordchant added 1 commit 2021-07-21 23:13:55 +00:00

continuous-integration/drone/pr Build is failing Details

continuous-integration/drone/push Build is passing Details

18294cec43 Merge branch 'master' into docker

3wordchant added 1 commit 2021-07-21 23:17:05 +00:00

continuous-integration/drone/push Build is passing Details

continuous-integration/drone/pr Build is failing Details

abe768a521 Merge branch 'master' into docker

3wordchant merged commit 72c04d8495 into master

2021-07-21 23:18:11 +00:00

3wordchant referenced this issue from a commit

2021-07-21 23:18:12 +00:00

Docker image, & local development docker-compose.yml (#2)

Sign in to join this conversation.

No reviewers

No Label

No Milestone

No Assignees

3 Participants

Notifications

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: 3wordchant/capsul-flask#2