Docker image, & local development docker-compose.yml #2

Merged
3wordchant merged 12 commits from docker into master 2 months ago
Owner

Adds:

  • a Docker image, which can be used in both development and production
  • a docker-compose.yml file for local development (could probably be adapted for production deployments)

Testing:

App architecture

I added the ability to load secret config variables (HUB_TOKEN, STRIPE_SECRET_KEY etc) from files, to support Docker Secrets natively. The code should probably log an error if a specified HUB_TOKEN_FILE doesn't exist instead of failing silently..

Docker architecture

This uses a multi-stage build to reduce the size of the final image -- having pipenv install to a predefined virtualenv, and then copying that over.

The compose file doesn't include a definition for a cron runner service, and I haven't tested running one yet. Here be dragons!

You can rebuild the image locally using docker-compose build, but this isn't required for changes to the app code, only if you edit the Dockerfile, or want to publish your image for use on a swarm server (in which case you will need to edit the image name to put in your own Docker hub credentials).

Currently, the image is rebuild (should set up auto-tagging..) and publish with every push to this 3wordchant/capsul-flask fork.

Adds: - a Docker image, which can be used in both development and production - a `docker-compose.yml` file for local development (could probably be adapted for production deployments) Testing: - `git checkout docker` - `docker-compose up` - pray 🙏 - go to http://localhost:5000 ## App architecture I added the ability to load secret config variables (`HUB_TOKEN`, `STRIPE_SECRET_KEY` etc) from files, to support [Docker Secrets](https://docs.docker.com/engine/swarm/secrets/) natively. The code should probably log an error if a specified `HUB_TOKEN_FILE` doesn't exist instead of failing silently.. ## Docker architecture This uses a multi-stage build to reduce the size of the final image -- having pipenv install to a predefined virtualenv, and then copying that over. The compose file doesn't include a definition for a cron runner service, and I haven't tested running one yet. Here be dragons! You can rebuild the image locally using `docker-compose build`, but this isn't required for changes to the app code, only if you edit the `Dockerfile`, or want to publish your image for use on a swarm server (in which case you will need to edit the image name to put in your own Docker hub credentials). Currently, the image is rebuild (should set up auto-tagging..) and publish with every push to this 3wordchant/capsul-flask fork.
3wordchant added 4 commits 2 months ago
3wordchant force-pushed docker from 6102e812a0 to be6c1b38b7 2 months ago
3wordchant added 1 commit 2 months ago
2e6c6517f3 Add openssh-cient to Dockerfile for ssh-keyscan
decentral1se approved these changes 2 months ago
decentral1se left a comment

Fantastic work! All of my comments are mostly rambly commentary on not-necessary changes at all unless you feel like it. I had a glass of wine and I was enjoying typing. You'll have to forgive me.

.drone.yml Outdated
password:
from_secret: docker_reg_passwd_3wc
repo: 3wordchant/capsul-flask
tags: latest
Poster
Collaborator

Off-topic: does capsul do tagged releases? That'd be handy as the plugins/docker plugin has a auto_tag: true which generates the image tag based on the git tag. That is probably One For Later ™️

Off-topic: does capsul do tagged releases? That'd be handy as the [plugins/docker](http://plugins.drone.io/drone-plugins/drone-docker/) plugin has a `auto_tag: true` which generates the image tag based on the git tag. That is probably One For Later :tm:
Poster
Owner

The last one was a year ago, I think, probably worth asking Cyberia if they'd be down for that?

Even more off-topic: can auto_tag: true work off the branch name? I'd love a way to be able to publish different images from different branches without hardcoding the branch name.

The last one was a year ago, I think, probably worth asking Cyberia if they'd be down for that? Even more off-topic: can `auto_tag: true` work off the branch name? I'd love a way to be able to publish different images from different branches without hardcoding the branch name.
Poster
Owner

auto_tag doesn't, but I think it's possible with interpolating e.g. ${DRONE_COMMIT_BRANCH}, see 982556a

`auto_tag` doesn't, but I think it's possible with interpolating e.g. `${DRONE_COMMIT_BRANCH}`, see 982556a
3wordchant marked this conversation as resolved
Dockerfile Outdated
FROM python:3.8-alpine as build
RUN apk add gettext git gcc python3-dev musl-dev \
Poster
Collaborator

Feel free to ignore but I usually add --no-cache to save space and newline + sort things so it is easier to have a visual overview of dependencies and alphabetic ordering to know where to slot things in. Can be useful if you end up adding a lot of dependencies and then need to remove them over time as the software changes.

RUN apk add --no-cache \
    build-base \
    gcc \
    gettext \
    git \
    jpeg-dev \
    libffi-dev \
    libjpeg \
    musl-dev \
    postgresql-dev \
    python3-dev \
    zlib-dev \
    --virtual .build-dependencies
Feel free to ignore but I usually add `--no-cache` to save space and newline + sort things so it is easier to have a visual overview of dependencies and alphabetic ordering to know where to slot things in. Can be useful if you end up adding a lot of dependencies and then need to remove them over time as the software changes. ``` RUN apk add --no-cache \ build-base \ gcc \ gettext \ git \ jpeg-dev \ libffi-dev \ libjpeg \ musl-dev \ postgresql-dev \ python3-dev \ zlib-dev \ --virtual .build-dependencies ```
3wordchant marked this conversation as resolved
Dockerfile Outdated
FROM python:3.8-alpine
RUN apk add --no-cache libpq libstdc++ libjpeg virt-install libvirt-client \
Poster
Collaborator
Same totally optional comment as https://git.autonomic.zone/3wordchant/capsul-flask/pulls/2/files#issuecomment-7607.
3wordchant marked this conversation as resolved
"SPOKE_HOST_TOKEN", "HUB_TOKEN", "STRIPE_SECRET_KEY",
"BTCPAY_PRIVATE_KEY", "MAIL_PASSWORD"
]:
var = os.environ.get(f"{var_name}_FILE", False)
Poster
Collaborator

Optional: var = os.environ.get(f"{var_name}_FILE") also works as it defaults to None if missing.

Optional: `var = os.environ.get(f"{var_name}_FILE")` also works as it defaults to `None` if missing.
3wordchant marked this conversation as resolved
devices:
- "/dev/kvm:/dev/kvm"
db:
image: "postgres:9.6.5"
Poster
Collaborator
Maybe `postgres:9.6-alpine` as it is smaller? https://hub.docker.com/_/postgres?tab=description&page=1&ordering=last_updated
3wordchant marked this conversation as resolved
3wordchant added 1 commit 2 months ago
2e6894ad14 Changes from @decentral1se code review
3wordchant added 1 commit 2 months ago
fc7e264178 Make docker-compose file less demanding
3wordchant added 9 commits 2 months ago
Collaborator

This seems fine to me. One thing I would like to mention, I have been agitating about trying to set up a private docker image / open container image repository for cyberia for a while. Ideally in the future we could do that and use the cyberia concourse build system to build the images, but that doesnt need to block this PR.

This seems fine to me. One thing I would like to mention, I have been agitating about trying to set up a private docker image / open container image repository for cyberia for a while. Ideally in the future we could do that and use the cyberia concourse build system to build the images, but that doesnt need to block this PR.
Poster
Owner

OK, wonderful. I'm very happy to help migrate to the Cyberia registry when it exists, and a Concourse build when I find time to wrap my head around secret management.

OK, wonderful. I'm very happy to help migrate to the Cyberia registry when it exists, and a Concourse build when I find time to wrap my head around secret management.
3wordchant force-pushed docker from 8e22948f82 to 13646e64da 2 months ago
3wordchant added 1 commit 2 months ago
982556a2c5 Tag with current branch, instead of `latest`
3wordchant added 1 commit 2 months ago
18294cec43 Merge branch 'master' into docker
3wordchant added 1 commit 2 months ago
abe768a521 Merge branch 'master' into docker
3wordchant merged commit 72c04d8495 into master 2 months ago

Reviewers

decentral1se approved these changes 2 months ago
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is failing
The pull request has been merged as 72c04d8495.
Sign in to join this conversation.
No reviewers
No Label
No Milestone
No Assignees
3 Participants
Notifications
Due Date

No due date set.

Dependencies

This pull request currently doesn't have any dependencies.

Loading…
There is no content yet.