How to edit the Caddyfile with ECR - amazon-ecs

I am working with two containers, one is for Caddy and one is for my application, both of them have been hosted on ECS Fargate, while my application is being pulled from ECR and the caddy image is being pulled from the official Docker repository. Both the containers are running fine but I am not sure how to access the Caddyfile for Caddy to serve SSL certificates to my application. I am able to get the standard Caddy webpage on container, but I need to somehow edit the Caddyfile for my use-case, could someone help me out?
enter image description here

According to the documentation for the Caddy image you are using, you should be mounting a /data folder and a /config folder. To do that with ECS on Fargate you need to create an Amazon Elastic File System, and then configure those mount points in your ECS task definition to use the EFS.
If you just want to specify the domain name, the documentation says you can simply pass a --domain parameter in the caddy command line. You would do that by editing the command in your ECS task definition.
I think you will have to configure more than that in order to get it to proxy requests to your other container though.
If you want to bundle your config file into the docker image that is being deployed, the documentation I linked also describes how you can create your own version of the image. You would do that locally, push the image to ECR, and then configure your ECS task definition to use that image instead of the standard Docker Hub image.

Related

How to use local docker images in kubernetes deployments (NOT minikube)

I have a VM with kubernetes installed using kubeadm (NOT minikube). The VM acts a the single node of the cluster, with taints removed to allow it to act as both Master and Worker node (as shown in the kubernetes documentation).
I have saved, transfered and loaded a my app:test image into it. I can easily run a container with it using docker run.
It shows up when I run sudo docker images.
When I create a deployment/pod that uses this image and specify Image-PullPolicy: IfNotPresent or Never, I still have the ImagePullBackoff error. The describe command shows me it tries to pull the image from dockerhub...
Note that when I try to use a local image that was pulled as the result of creating another pod, the ImagePullPolicies seem to work, no problem. Although the image doesn't appear when i run sudo docker images --all.
How can I use a local image for pods in kubernetes? Is there a way to do it without using a private repository?
image doesn't appear when i run sudo docker images --all
Based on your comment, you are using K8s v1.22, which means it is likely your cluster is using containerd container runtime instead of docker (you can check with kubectl get nodes -o wide, and see the last column).
Try listing your images with crictl images and pulling with crictl pull <image_name> to preload the images on the node.
One can do so with a combination of crictl and ctr, if using containerd.
TLDR: these steps, which are also described in the crictl github documentation:
1- Once you get the image on the node (in my case, a VM), make sure it is in an archive (.tar). You can do that with the docker save or ctr image export commands.
2- Use sudo ctr -n=k8s.io images import myimage.tar while in the same directory as thearchived image to add it to containerd in the namespace that kubernetes uses to track it's images. It should now appear when you run sudo crictl images.
As suggested, I tried listing images with crictl and my app:test did not appear. However, trying to import my local image through crictl didn't seem to work either. I used crictl pull app:test and it showed the following error message:
FATA[0000] pulling image failed: rpc error: code = Unknown desc = failed to pull and unpack image "docker.io/library/app:test": failed to resolve reference "docker.io/library/app:test": pull access denied, repository does not exist or may require authorization: server message: insufficient_scope: authorization failed.
However, when following these steps, my image is finally recognized as an existing local image in kubernetes. They are actually the same as suggested in the crictl github documentation
How does one explain this? How do images get "registered" in the kubernetes cluster? Why couldn't crictl import the image? I might post another issue to ask that...
Your cluster is bottled inside of your VM, so what you call local will always be remote for that cluster in that VM. And the reason that kubernetes is trying to pull those images, is because it can't find them in the VM.
Dockerhub is the default place to download containers from, but you can set kubernetes to pull from aws (ECR) from azure (ACR), from github packages (GCR) and from your own private server.
You've got about 100 ways to solve this, none of them are easy or will just work.
1 - easiest, push your images to Dockerhub and let your cluster pull from it.
2 - setup a local private container registry and set your kubernetes VM to pull from it (see this)
3 - setup a private container registry in your kubernetes cluster and setup scripts in your local env to push to it (see this)

How do I update a service in the cluster to use a new docker image

I have created a new docker image that I want to use to replace the current docker image. The application is on the kubernetes engine on google cloud platform.
I believe I am supposed to use the gcloud container clusters update command. Although, I struggle to see how it works and how I'm supposed to replace the old docker image with the new one.
You may want to use kubectl in order to interact with your GKE cluster. Method of image update depends on how the Pod / Container was created.
For some example commands, see https://kubernetes.io/docs/reference/kubectl/cheatsheet/#updating-resources
For example, kubectl set image deployment/frontend www=image:v2 will do a rolling update "www" containers of "frontend" deployment, updating the image.
Getting up and running on GKE: https://cloud.google.com/kubernetes-engine/docs/quickstart
You can use Container Registry[1] as a single place to manage Docker images.
Google Container Registry provides secure, private Docker repository storage on Google Cloud Platform. You can use gcloud to push[2] images to your registry, then you can pull images using an HTTP endpoint from any machine.
You can also use Docker Hub repositories[3] allow you share container images with your team, customers, or the Docker community at large.
[1]https://cloud.google.com/container-registry/
[2]https://cloud.google.com/container-registry/docs/pushing-and-pulling
[3]https://docs.docker.com/docker-hub/repos/

Is it possible to create a docker image of present running docker instances?

I am new to docker and I have instantiated a strapi container which needs a mongoDB container to be run first. I am currently running this in AWS ECS where I configured the task definition to have both the containers and linked.
I am now just wondering if I can make a docker image out of the existing container system. So in future, I could maybe just post this new image to dockerhub or ECR and run in ECS without any additional configuration like Environment variables or links or multiple containers in single task defintion.
Any ideas would be helpful.
you can create docker image by
docker commit (container-name)

Can a Service Fabric Container project pull from Docker Hub?

I have created a new Service Fabric Container project in Visual Studio that I am trying to test by publishing to the local cluster. I have created a Windows Container image that I have run locally in Docker. I pushed the image to a private registry in Docker Hub.
When I publish the project to the local cluster, it deploys, but then I get an error:
Error event: SourceId='System.Hosting', Property='Download:1.0:1.0'.
There was an error during download.Failed to download container image docker.io/(username)/(repository)
All the examples show pulling an image from Azure Container Registry. Does Service Fabric only work with ACR, or do I have to add additional configuration to my service manifest to use a private Docker Hub registry?
Edit: also, it seems unable to find the container locally. I tried using the tagged local name of the image from the local repository (I checked using "docker images" and it is there). Same result. Service Fabric should be able to find it:
Service Fabric will pull down the image (if it's not already in the local registry) and launch a container based on the arguments you provide.
from MSDN blog on Service Fabric
It looks like the problem is that Service Fabric does not support container deployment on Windows 10 (and my dev machine is Win10, so local development/testing is out). There are notes to this effect on the Azure Documentation but I guess I didn't notice them or glossed over them...

Jenkins plugin to deploy a docker image into a k8s cluster?

I have been looking for a jenkins plugin to deploy a docker image to a kubernetes cluster using k8s api. This will access the rest api with yaml file with credentials that already configured. If there is no similar plugin, you can let me know other simple examples. Thanks for reading.
I think you are looking for a plugin's which is similar to this
https://wiki.jenkins-ci.org/display/JENKINS/Kubernetes+CI+Plugin
https://wiki.jenkins.io/display/JENKINS/Kubernetes+Pipeline+Plugin
I'm using a simple Execute Shellstep in Jenkins with the fallowing command:
kubectl --server="https://kubeapi.example.com" --token=$ACCESS_TOKEN set image deployment/deployment_name container_name=repo/image:"$BUILD_NUMBER-$SHORT_GIT_COMMIT"
You can save your $ACCESS_TOKENas a Secret text and use it as a variable in Jenkins.
The job is making the build, tag and publish a docker image to docker repo, then set the image in the kubernetes cluster.