Project Info:
Recently I have started working on a new project from scratch. We have containerized all our applications using docker. The project is just kicked off and we are almost done with our dev setup.
Tools:
Version Control : Tortoise SVN
CI : Jenkins
What I am going to achieve is. using jenkins job I will triggering builds and at the end it will generate shell scripts which build new images and launch the latest containers.
Problem statement:
My application has various property files which contains DB string, end point urls , IP address etc. In the traditional approach we have property files for each environment for example local, dev, QA and production. I cannot have this approach when I am using docker because I want to run docker images on any environment without hard-coding anything.
My approach would be:
Pass all the necessary environment variables into the container when we launch and enable java code to read it from environment variables
Have a script which will replace property values based on the environment. But this could be nasty when it comes to deployment of war files.
Can one suggest me what would be the best approach in such cases ?
There are a couple reasonable approaches, each with their pro’s and con’s:
Update your container to read environment variables at run time. Pass your sensitive data into docker after you build the image, when you run the container. This can be accomplished via the “-e” flag to docker run. If you are using Docker Compose, you can specify an env_file in your .yaml file (this will be easier if you have a large number of settings).
Mount settings files into the container as volumes. There are some drawbacks to storing all your sensitive data in the environment, so one option is to store run time settings in configuration files in the container. Since files and directories may both be mapped as volumes, you can map a set of run-time configuration settings by mapping a file on the docker host into the container via the “-v” flag to docker run. If you are using Docker Compose, you can specify the volume mappings in your .yaml file as well.
For CI, the sensitive data will need to be configured per-job. For deployment, you will have to consider what your deployment environment is like (for example: do you have access to the host in order to drop a file before volume-mapping it into the container?).