Docker Compose on Google's Container Optimized OS!



In my last video, I showed how to use docker-compose for building containerized web applications with multiple services, and two videos I suggested running containers on Google’s Container Optimized OS to improve their security.

However, anyone who has tried to use these two technologies together knows that is quite tricky to do!

Based on a combination of the information in this Google Cloud community tutorial (https://cloud.google.com/community/tutorials/docker-compose-on-container-optimized-os) and this public docker image (https://hub.docker.com/r/cryptopants/docker-compose-gcr/dockerfile) I was able to successfully run an app using docker-compose on a Compute Engine VM, using a container image stored in a private gcr.io Container Registry.

In order to enable the containerized docker-compose to manage docker resources on the host I had to mount the UNIX socket that Docker daemon is listening to (/var/run/docker.sock). In many circumstances, this would be considered a security risk, so make sure to do your research before applying this technique (https://stackoverflow.com/questions/35110146/can-anyone-explain-docker-sock, https://blog.secureideas.com/2018/05/escaping-the-whale-things-you-probably-shouldnt-do-with-docker-part-1.html, etc…)

Cheers!


Join the Community:
💬 Discord: https://discord.gg/3XzWctZ
💻 GitHub: https://github.com/sidpalas/devops-directive
🐥 Twitter: https://twitter.com/sidpalas
👨‍💼 LinkedIn: https://www.linkedin.com/in/sid-palas/
🌐 Website: https://devopsdirective.com

Timestamps:
0:00 – Intro
0:26 – Showing the example django guide
0:52 – Compute Engine VM configuration
1:22 – SSH to VM and follow first steps of django quickstart
2:07 – Explaining how we need to run docker-compose inside a container
3:11 – Setting up volume mounts to access our docker-compose.yml
4:19 – Setting up Docker socket mount (+ ☠️🔥 disclaimer)
6:55 – Creating DNS record to map the domain to the VM
7:24 – Debugging port mapping issue
8:31 – Setting up alias for docker-compose in ~/.bashrc
9:47 – Using docker-credential-gcr
10:22 – Creating custom docker-compose Docker image to enable authentication within container
11:48 – Final demo run
12:10 – Wrap up

Community Size at Time of Posting:
– Subscribers: 555
– Channel Views: 8728

Note: I have a running joke with my wife that I’m not going to shave my beard until I reach 1000 subscribers (the last time I did was at 100…) and it is starting to get out of control 🧔+🎅+😳+😬+😅

source

8 thoughts on “Docker Compose on Google's Container Optimized OS!”
  1. I was testing out a new recording software (https://www.mmhmm.app/) — let me know what you think of this screen configuration for tutorials!

    I'm also considering getting a green screen so that the background detection will be much cleaner for future videos.

  2. I don't know how to do the configuration your are talking about in 0:52 . Can you give us a tutorial. thanks for your time

  3. excellent video. love that you show debugging when things don’t work first time. full marks

Leave a Reply

Your email address will not be published.

Captcha loading...