stackoom
  简体   繁体   中英

Mulicontainer Docker Environment on AWS Elasticbeanstalk environment variables

 原文  2021-02-24 11:12:18       amazon-web-services/ docker/ continuous-integration/ environment-variables/ dockerfile

Question

I have a multicontainer docker environment running on AWS Elastic Beanstalk (ECS under the hood). Each instance in the cluster is running all of the containers (proxy, auth, api, client, notifications). I am using Codepipeline and Codebuild as a CICD linked to Github push to master branch.

The flow to build the prod environment for any one of the services currently looks like:

PR into master -> push to Github -> triggers Codepipeline -> triggers Codebuild (here I build, tag, and push a docker image created from a Dockerfile in the source code to Elastic Container Registrary [ECR]).

Once the image is pushed to ECR I can update the Elastic Beanstalk environment to start using the new image for that service.

I do not understand how I can get environment variables into each of the services. I have used the environment section of elastic beanstalk before but how can this work when I have a multicontainer environment? For instance one service might have DB_CONNECTION_STRING=foo and another might have DB_CONNECTION_STRING=bar . So using the centralised environment properties section of elastic beanstalk will not work.

I also can't push the env file to source code as it contains passwords/secrets so I cannot add it as part of the build phase. Unless I can add all of the environment variables in Codepipeline? Or should I use a Secrets manager?

What is the best practices on this?

Also important to note that the build phase is the same for all of the services.

Thanks

1 answers

solution1
 1 ACCPTED  2021-02-24 11:31:24

I use Github workflow and not Codebuild but the idea is the same. I'm assuming that you can store your secrets in AWS and access them during build (as in github workflow)

What we do:

In Github workflow yml file:

jobs:
  deploy:
    name: some job name
    runs-on: ubuntu-latest
    env:
      NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
      ACCESS_TOKEN_SECRET: ${{ secrets.ACCESS_TOKEN_SECRET }}
      REFRESH_TOKEN_SECRET: ${{ secrets.REFRESH_TOKEN_SECRET }}

Then, later on job:

- name: Build dockers
        id: build-dockers
        run: |
          docker build --build-arg NPM_TOKEN=$NPM_TOKEN --build-arg dockerAccessTokenSecretDefault=$ACCESS_TOKEN_SECRET -t your_registry/name

Docker file: 

FROM node:latest

ARG NPM_TOKEN
ARG dockerAccessTokenSecretDefault
ARG dockerRefreshTokenSecretDefault
ENV ACCESS_TOKEN_SECRET=$dockerAccessTokenSecretDefault
ENV REFRESH_TOKEN_SECRET=$dockerRefreshTokenSecretDefault


COPY some_folder some_docker_folder

WORKDIR some_docker_folder

RUN npm install --production


EXPOSE 3000

ENTRYPOINT [ "npm", "start" ]

You can see in docker file that I have ARG and ENV, ARG is there only during build time, but ENV stay there for runtime.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to set environment variables in AWS::ElasticBeanstalk::Environment? AWS ElasticBeanstalk in a production environment How to get environment variables from AWS elasticbeanstalk to pom file How to assume AWS role in docker container run on Elasticbeanstalk environment? Configuring nginx in a single docker container environment (AWS ElasticBeanstalk) AWS ElasticBeanstalk - Auto scaled instance can't see environment variables Access AWS ElasticBeanstalk Custom Environment Variables with .NET Core WebApp AWS Elastic Beanstalk Docker environment variables How to read Environment Properties set in AWS ElasticBeanstalk AWS SQS and ElasticBeanStalk environment set up
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM