I have three commands that I am using to "update","re-run", and then "clean up" my current docker image via our CI tool of choice (Jenkins). I'm not including my "container stop and remove" commands for simplicity's sake.
docker pull my.private.registry:443/my-awesome-app
docker run -d --env-file ./env.list -i -p 8080:8080 -p 9990:9990 my.private.registry:443/my-awesome-app
docker rmi $(docker images -f "dangling=true" -q)
I'm new to docker-compose and I understand that most of these pull/run steps could probably be done within a docker-compose.yml file. I'm hoping someone with experience in this can show me an example, because the ones I've found seem to diverge a bit from my needs.
Also, will docker-compose give me a better way to pass in my environment variables than the method listed?
env.list is a list of environment variables I pass to the container. This seems to work, but I notice that doing a docker inspect ${CONTAINER_ID} reveals the variable value I passed in. I feel like this kind of defeats the purpose of extracting the values from the config files in the first place.
First if you simple convert the run command into a docker-compose.yml file, you would get the following. For the sake of example I have called the service my-awesome-app but you can name it what you want. (NOTE: this docker-compose file and the one further below is in the new version 2 format and requires docker-engine 1.10 and docker-compose 1.6 to run).
version: '2'
services:
my-awesome-app:
image: my.private.registry:443/my-awesome-app
ports:
- "8080:8080"
- "9990:9990"
env_file:
- ./env.list
To achieve your commands including stopping and removing the old contains but with docker-compose you would run (with the docker-compose.yml file in your working directory):
docker-compose pull
docker-compose up -d
docker rmi $(docker images -f "dangling=true" -q)
docker-compose pull - does what it says on the tin, pulls all the images in docker-compose.yml.
docker-compose up -d - equivalent to docker run. The -d is to run in detached mode (same as docker run -d). This command will ALSO stop and remove the previous version of the container before starting the new one.
docker rmi $(docker images -f "dangling=true" -q) - same as before. Docker-compose does not have any features for cleaning images.
Environment variables
The above docker-compose.yml implements the same method for adding environment variables as running docker run --env-file ./env.list. If you have a non-small number of environment variables (say above 3 for example), this is the best method.
The alternate method involves placing the environment variables inside the docker-compose.yml file and is equivalent to running docker run -e KEY1=value -e KEY2=value.
version: '2'
services:
my-awesome-app:
image: my.private.registry:443/my-awesome-app
ports:
- "8080:8080"
- "9990:9990"
environment:
- KEY1=value
- KEY2=value
Finally the problem the env file solves is having a large number of environment variables and not having to list them all out in your docker-compose file or as -e flags in docker run. It can also be used by multiple containers. Whether the environment variables come from an env file or are listed directly, the are still part of the containers configuration so it should be expected that they appear in docker inspect.
Furthermore, if you are worried that other applications could see this information, the application would first have to have access to the docker daemon (so it can call inspect). If an application has access to the docker daemon then it can also run docker exec echo $YOUR_ENV_VAR and retrieve it any way so hiding environment variables in docker inspect adds no security.
Hope that helps.
来源:https://stackoverflow.com/questions/35509099/need-to-convert-this-relatively-simple-docker-pull-and-run-commands-into-a-docke