Pulling environment variables at runtime? #200
Comments
|
On Fri, Aug 14, 2015 at 09:31:31AM -0700, Stuart P. Bentley wrote:
I'd recommend a pre-processing step that injects the current |
|
Well, to my point from #202, not all use cases work in a way where it makes sense to hit the filesystem before launching a container. It'd really be better if there were some CLI arguments to runc that could replace specifying fields in the JSON, so the parts of the container that vary on each run can be provided at runtime, and only the parts of the container that remain static (if any) are stored in the JSON manifest file. |
|
On Fri, Aug 14, 2015 at 03:15:40PM -0700, Stuart P. Bentley wrote:
Addressing #202 should handle the “I don't want to touch the
I think it would be simpler if the JSON-editing tool was completely export REDIS_PORT='tcp://172.17.0.8:6379'envsubst '${REDIS_PORT}' <config.json | runc /dev/stdinor the less-restricted: envsubst <config.json | runc /dev/stdinwould let you replace ‘${REDIS_PORT}’ in config.json with the |
Actually, envsubst is a really bad solution for this kind of thing, most importantly because it has no escape character (making it impossible to have variables handled by further levels, such as a Bash command, in your template). I wrote a Perl one-liner here that is better suited to this kind of operation. |
|
On Fri, Aug 14, 2015 at 04:06:56PM -0700, Stuart P. Bentley wrote:
You can use any tool you like to customize your config. A whitelisted |
|
I'm not talking about having a complete generalized robust JSON editing facility like jq vendored into While I appreciate the flexibility of taking a configuration in on STDIN, that's not a be-all end-all solution. It still requires a lot of tooling to construct the JSON, and to rewrite existing files' JSON - and it encourages leaky, slapdash solutions (like outputting literal strings without regard for escaping unsafe characters) instead of specifying the strings by the (relatively) safe and simple mechanism Unix has used for configuring run parameters for 40+ years. |
|
On Fri, Aug 14, 2015 at 04:18:43PM -0700, Stuart P. Bentley wrote:
But then you have to figure out which subset of fields need these
It allows you to setup leaky, slapdash solutions if you want, but also |
|
I can see the usecases for this but it is a very hard thing to solve. I would probably do what @wking suggested with a preprocess step to add these to the spec because we really cannot tell the correct env vars to pass down since the runc process will have things like HOME and PATH, do we overwrite those for the container? How do we know what env vars we should pass down and what ones that we should not? |
|
Since this issue hasn't had any activity in the past year, I'm closing it. Please feel free to re-open it. As for the actual issue, the |
|
the oci runtime tools is the cli friendly way |
Add Architecture field to Seccomp configuration in Linux runtime
I see the specification states that environment variables can be specified in
container.json. Is there a way to haveruncpass along inherited environment variables from the execution context (as is needed to associate services provided in the fashion of Heroku 12-Factor Apps)?The text was updated successfully, but these errors were encountered: