I'm new to Docker and want to deploy a flask+gunicorn project. So far, I've got the following Dockerfile.
# Get official base image
# Setting my working directory
RUN mkdir -p /usr/src/app
# Setting my environment variables
ENV REDIS_HOST [...omit here...]
ENV REDIS_PORT [...omit here...]
ENV REDIS_DB_WHITELIST [...omit here...]
ENV MYSQL_HOST [...omit here...]
ENV MYSQL_PORT [...omit here...]
ENV MYSQL_DB_DUMMY [...omit here...]
# Copy project for later
COPY . /usr/src/app/
# Install dependencies
RUN pip install --upgrade pip
RUN pip install -r requirements.txt
RUN pip install gunicorn
RUN chmod +x ./entrypoint.sh
ENTRYPOINT ["sh", "entrypoint.sh"]
My docker-compose.yml has the following:
After doing some research, it appears that using the docker stack deploy —compose-file=docker-compose.yml flask-app command is the only way to get docker secrets. Obviously, I have three sensitive data to store in Docker secrets: FLASK SECRET KEY, MYSQL USER, and MYSQL PASSWORD. It turns out that the programme is failing to execute, and I'm guessing that mysql user = os.environ['MYSQL USER'] etc. in the python script is failing to access the environment variable.
I'm not sure how to get sensitive info from Docker secrets via Dockerfile or docker-compose.yml, and I'd appreciate it if someone could correct me if I'm incorrect.