I'm new to Docker and want to deploy a flask+gunicorn project. So far, I've got the following Dockerfile.
# Get official base image
FROM python:3.7-slim-buster
# Setting my working directory
RUN mkdir -p /usr/src/app
WORKDIR /usr/src/app
# Setting my environment variables
ENV REDIS_HOST [...omit here...]
ENV REDIS_PORT [...omit here...]
ENV REDIS_DB_WHITELIST [...omit here...]
ENV MYSQL_HOST [...omit here...]
ENV MYSQL_PORT [...omit here...]
ENV MYSQL_DB_DUMMY [...omit here...]
# Copy project for later
COPY . /usr/src/app/
# Install dependencies
RUN pip install --upgrade pip
RUN pip install -r requirements.txt
RUN pip install gunicorn
EXPOSE 5000
RUN chmod +x ./entrypoint.sh
ENTRYPOINT ["sh", "entrypoint.sh"]
My docker-compose.yml has the following:
version: "3.9"
secrets:
FLASK_SECRET_KEY:
external: true
MYSQL_USER:
external: true
MYSQL_PASSWORD:
external: true
services:
web:
image: flask-app:v0.1.0
environment:
FLASK_SECRET_KEY_FILE: /run/secrets/FLASK_SECRET_KEY
MYSQL_USER_FILE: /run/secrets/MYSQL_USER
MYSQL_PASSWORD_FILE: /run/secrets/MYSQL_PASSWORD
ports:
- "5000:5000"
secrets:
- FLASK_SECRET_KEY
- MYSQL_USER
- MYSQL_PASSWORD
After doing some research, it appears that using the docker stack deploy —compose-file=docker-compose.yml flask-app command is the only way to get docker secrets. Obviously, I have three sensitive data to store in Docker secrets: FLASK SECRET KEY, MYSQL USER, and MYSQL PASSWORD. It turns out that the programme is failing to execute, and I'm guessing that mysql user = os.environ['MYSQL USER'] etc. in the python script is failing to access the environment variable.
I'm not sure how to get sensitive info from Docker secrets via Dockerfile or docker-compose.yml, and I'd appreciate it if someone could correct me if I'm incorrect.