spacebar/kamal
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'main' into kumulus/docker-in-docker

Browse Source
This commit is contained in:
Robert Starmer
2023-03-14 14:14:07 -07:00
parent 5b506a2daa c282461265
commit 886914c82e
22 changed files with 303 additions and 59 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
README.md
View File

@@ -4,6 +4,8 @@ MRSK deploys web apps anywhere from bare metal to cloud VMs using Docker with ze
Watch the screencast: https://www.youtube.com/watch?v=LL1cV2FXZ5I
Join us on Discord: https://discord.gg/DQETs3Pm
## Installation
Install MRSK globally with `gem install mrsk` or build a dockerized version:
@@ -35,7 +37,7 @@ env:
- RAILS_MASTER_KEY
```
Then edit your `.env` file to add your registry password as `MRSK_REGISTRY_PASSWORD` (and your `RAILS_MASTER_KEY` for production with a Rails app).
Then edit your `.env` file to add your registry password as `MRSK_REGISTRY_PASSWORD` (and your `RAILS_MASTER_KEY` for production with a Rails app).
Now you're ready to deploy to the servers:
@@ -79,6 +81,16 @@ Docker Swarm is much simpler than Kubernetes, but it's still built on the same d
Ultimately, there are a myriad of ways to deploy web apps, but this is the toolkit we're using at [37signals](https://37signals.com) to bring [HEY](https://www.hey.com) [home from the cloud](https://world.hey.com/dhh/why-we-re-leaving-the-cloud-654b47e0) without losing the advantages of modern containerization tooling.
## Running MRSK from Docker
MRSK is packaged up in a Docker container similarly to [rails/docked](https://github.com/rails/docked). This will allow you to run MRSK (from your application directory) without having to install any dependencies other than Docker. Add the following alias to your profile configuration to make working with the container more convenient:
```bash
alias mrsk="docker run -it --rm -v '${PWD}:/workdir' -v '${SSH_AUTH_SOCK}:/ssh-agent' -v /var/run/docker.sock:/var/run/docker.sock -e 'SSH_AUTH_SOCK=/ssh-agent' ghcr.io/mrsked/mrsk:latest"
```
Since MRSK uses SSH to establish a remote connection, it will need access to your SSH agent. The above command uses a volume mount to make it available inside the container and configures the SSH agent inside the container to make use of it.
## Configuration
### Using .env file to load required environment variables
@@ -111,9 +123,9 @@ If you need separate env variables for different destinations, you can set them
#### Bitwarden as a secret store
If you are using open source secret store like bitwarden, you can create `.env.erb` as a template which looks up the secrets.
If you are using open source secret store like bitwarden, you can create `.env.erb` as a template which looks up the secrets.
You can store `SOME_SECRET` in a secure note in bitwarden vault.
You can store `SOME_SECRET` in a secure note in bitwarden vault.
```
$ bw list items --search SOME_SECRET | jq
@@ -152,7 +164,7 @@ SOME_SECRET=<%= `bw get notes 123123123-1232-4224-222f-234234234234 --session #{
<% else raise ArgumentError, "session_token token missing" end %>
```
Then everyone deploying the app can run `mrsk envify` and mrsk will generate `.env`
Then everyone deploying the app can run `mrsk envify` and mrsk will generate `.env`
### Using another registry than Docker Hub
@@ -162,9 +174,9 @@ The default registry is Docker Hub, but you can change it using `registry/server
```yaml
registry:
server: registry.digitalocean.com
username:
username:
- DOCKER_REGISTRY_TOKEN
password:
password:
- DOCKER_REGISTRY_TOKEN
```
@@ -234,6 +246,12 @@ volumes:
- "/local/path:/container/path"
```
### MRSK env variables
The following env variables are set when your container runs:
`MRSK_CONTAINER_NAME` : this contains the current container name and version
### Using different roles for servers
If your application uses separate hosts for running jobs or other roles beyond the default web running, you can specify these hosts in a dedicated role with a new entrypoint command like so:
@@ -268,12 +286,12 @@ servers:
You can specialize the default Traefik rules by setting labels on the containers that are being started:
```
```yaml
labels:
traefik.http.routers.hey.rule: Host(\`app.hey.com\`)
traefik.http.routers.hey.rule: Host(`app.hey.com`)
```
Note: The escaped backticks are needed to ensure the rule is passed in correctly and not treated as command substitution by Bash!
Note: The backticks are needed to ensure the rule is passed in correctly and not treated as command substitution by Bash!
This allows you to run multiple applications on the same server sharing the same Traefik instance and port.
See https://doc.traefik.io/traefik/routing/routers/#rule for a full list of available routing rules.