Comments (2)
woudsma
commented on May 11, 2024
So currently for non-secret project variables we're using .env files, to specify the domain for example. This works fine atm, but when using secrets we should avoid this and make it clear in the documentation that storing and committing secrets defined in a .env file is bad practice and dangerous.
Usually I store my project secrets in my VCS (Github/Gitlab/Bitbucket) repository settings, and use pipelines/actions to deploy an application to a server running Dokku for example.
Using Dokku you would store secrets (or other env vars) on the server using the Dokku CLI in most cases. I kind of want to avoid that - needing to manually log in and set env vars on the server over SSH.
I'd prefer storing project secrets in their repository settings, but that would mean using a VCS-specific CI system such as Github Actions / Gitlab CI or Bitbucket Pipelines, which would build the application Docker images, store them in a registry, and letting the server know that it needs to deploy app containers from those images. In that case, it would be nice to be able to skip the build step within Swarmlet, and be able to just pull the latest image from a (private) registry after it has been built and pushed using Actions / Gitlab CI / etc..
This begs for improvement of the current internal registry configuration. It would be nice to be able to use a registry hosted on your swarm to be accessible externally by default, at registry.mydomain.com for example.
A user prompt / CLI wizard during installation is something I'm looking into, that would help setting initial environment variables such as the FQDN ("Fully Qualified Domain Name" such as manager-1.mydomain.com, dev.mydomain.com or just mydomain.com) Swarmlet will use to host it's included services.
If the user doesn't use external CI tools to build and push their applications to the swarm, but just wants to deploy apps to their own swarm and store the code locally and on Github for example, it might be nice to store the secrets on the swarm itself using a web UI hosted on the swarm. I haven't really looked into that, but I know it's possible to manually add secrets in Swarmpit, possibly in Portainer as well, and definitely in a self-hosted Gitlab CE setup. We're using Consul right now to store the certificates in a distributed way, it would be nice to be able to use that for other secrets as well if that's possible. I've also read something about Hashicorp Vault, but haven't looked into that.
from swarmlet.
woudsma
commented on May 11, 2024
Closing this because of #26
from swarmlet.
Related Issues (20)
- Python-pip does not exist in Ubuntu 20.04 HOT 2
- Use a different docker-compose.yml HOT 1
- Swarmlet not working with Git LFS HOT 6
- Traefik domain is wrong
- Update Traefik
- Swarm installer can only run as root HOT 2
- Packages / docker not being installed HOT 4
- Unable to push to base domain HOT 4
- swarmlet join manager failed
- Install failure at registry connect: Client.Timeout exceeded while awaiting headers
- Hardcoded debian backport mirror can slow or break apt
- INSTALLLATION TYPE with 3 L typo
- Github CI recommandations errors
- Homepage is not loading HOT 1
- Installation on debian issues - deps and swarm init HOT 5
- Traefik cannot complete Letsencrypt validation if host has AAAA (IPv6) DNS records
- Install script fails as it depends on whiptail package
- Install - ansible task fails when running "Add the git user"
- Broken install on Ubuntu 18.04, docker-compose install through Ansible HOT 3
- Installation fails on raspberry PI HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from swarmlet.