Docker Compose on Google's Container Optimized OS!

    6
    8



    In my last video, I showed how to use docker-compose for building containerized web applications with multiple services, and two videos I suggested running containers on Google’s Container Optimized OS to improve their security.

    However, anyone who has tried to use these two technologies together knows that is quite tricky to do!

    Based on a combination of the information in this Google Cloud community tutorial (https://cloud.google.com/community/tutorials/docker-compose-on-container-optimized-os) and this public docker image (https://hub.docker.com/r/cryptopants/docker-compose-gcr/dockerfile) I was able to successfully run an app using docker-compose on a Compute Engine VM, using a container image stored in a private gcr.io Container Registry.

    In order to enable the containerized docker-compose to manage docker resources on the host I had to mount the UNIX socket that Docker daemon is listening to (/var/run/docker.sock). In many circumstances, this would be considered a security risk, so make sure to do your research before applying this technique (https://stackoverflow.com/questions/35110146/can-anyone-explain-docker-sock, https://blog.secureideas.com/2018/05/escaping-the-whale-things-you-probably-shouldnt-do-with-docker-part-1.html, etc…)

    Cheers!


    Join the Community:
    💬 Discord: https://discord.gg/3XzWctZ
    💻 GitHub: https://github.com/sidpalas/devops-directive
    🐥 Twitter: https://twitter.com/sidpalas
    👨‍💼 LinkedIn: https://www.linkedin.com/in/sid-palas/
    🌐 Website: https://devopsdirective.com

    Timestamps:
    0:00 – Intro
    0:26 – Showing the example django guide
    0:52 – Compute Engine VM configuration
    1:22 – SSH to VM and follow first steps of django quickstart
    2:07 – Explaining how we need to run docker-compose inside a container
    3:11 – Setting up volume mounts to access our docker-compose.yml
    4:19 – Setting up Docker socket mount (+ ☠️🔥 disclaimer)
    6:55 – Creating DNS record to map the domain to the VM
    7:24 – Debugging port mapping issue
    8:31 – Setting up alias for docker-compose in ~/.bashrc
    9:47 – Using docker-credential-gcr
    10:22 – Creating custom docker-compose Docker image to enable authentication within container
    11:48 – Final demo run
    12:10 – Wrap up

    Community Size at Time of Posting:
    – Subscribers: 555
    – Channel Views: 8728

    Note: I have a running joke with my wife that I’m not going to shave my beard until I reach 1000 subscribers (the last time I did was at 100…) and it is starting to get out of control 🧔+🎅+😳+😬+😅

    source

    Previous articleAzure Networking For Beginners | Learn Azure Networking Basics | K21Academy
    Next articleDeploy Docker image to Azure Kubernetes Service AKS using YAML files & kubectl

    8 COMMENTS