I'm trying to get a Bitbucket Pipelines CD setup with a Docker Swarm cluster.
I messaged Geoff on Twitter and he suggested I post here - https://twitter.com/realfakegeoff/status/943729735703576577
You guys have deployment documentation for Kubernetes - https://confluence.atlassian.com/bitbucket/deploy-to-kubernetes-892623297.html
But there is no equivalent documentation for Docker Swarm. Please add documentation for deploys to docker swarm.
I'm not fully sure what Geoff had in mind as a workaround here. He's on leave until next week so I can't ask him until then. As far as I know this isn't possible as Swarm commands aren't available at the moment. But, I'll check with Geoff when he's back.
> Swarm commands aren't available at the moment.
well I guess that was the point for this ! Swarm is the second biggest deployment infra after kubernetes and morever is bundled inside Docker itself.
We would appreciate Bitbucket Pipelines team to tell us how to do this effectively. Swarm already comes with TLS security - https://docs.docker.com/engine/security/https/
but unfair to only support kubernetes :(
You can follow this guide to deploy to your Swarm cluster: https://docs.docker.com/swarm/swarm_at_scale/deploy-app/
You will also need to update the DOCKER_CERT_PATH to point at the API keys of your Swarm cluster, mentioned here: https://docs.docker.com/engine/reference/commandline/cli/#description
I don't have an ETA on when we may have a similar guide on Swarm in our own documentation. However, those links should suffice for you by translating the appropriate commands into commands in your deploy step script.
- mkdir -p ~/.docker
- echo "$TLSCACERT" > ~/.docker/ca.pem
- echo "$TLSCERT" > ~/.docker/cert.pem
- echo "$TLSKEY" > ~/.docker/key.pem
- docker login -u gitlab-ci-token -p "$CI_BUILD_TOKEN" "$CI_REGISTRY"
- docker service update --detach=false --with-registry-auth --image registry.gitlab.com/barfbarf/$CI_PROJECT_NAME:$CI_BUILD_REF barfbarf
Basically it works like this code snipped that I posted above (gitlab pipeline). I'm currently trying to "translate" it to bitbucket.
Why is SSH not an option? Is it acceptable if SSH is run on every commit/merge as part of the pipeline script?
We have some documentation on setting up SSH commands inside of you pipeline here: https://confluence.atlassian.com/bitbucket/use-ssh-keys-in-bitbucket-pipelines-847452940.html
Does that help at all?
Thanks for replying.
For the same reason why kubectl tries not to use it..and every platform provides a SSL/TLS API.
Being able to physically log in to a server is a different security envelope with different considerations. For example, once you are on the server - you can attempt Spectre/Meltdown. You cannot do that with remotely issued docker commands over TLS.
In general, we would strongly request for a transport level security over being able to SSH.
IMHO both k8s and swarm have it - it's just a question of how to set it up with your infrastructure.
Badges are a great way to show off community activity, whether you’re a newbie or a Champion.Learn more
After spinning my wheels trying to get organized enough to write a book for National Novel Writing Month (NaNoWriMo) I took my affinity for Atlassian products from my work life and decided to tr...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs