How to securely share private docker repo login credentials in Azure container service with Mesos & Marathon
Put your docker.tar.gz
to Azure Storage and create a signed url. I have used Azure Storage Explorer to create one.
Output;
https://xyzds.file.core.windows.net/docker/docker.tar.gz?...url-params
You need to add file extension in order to marathon extract it.
x=.tar.gz
"uris": [ "https://xyzds.file.core.windows.net/docker/docker.tar.gz?...url-params&x=.tar.gz" ]
You are good to go.
the way we did it is use parallel-scp
to push the file to all our mesos agents, something like:
parallel-scp -h ~/pssh_all_ips ./docker.tar.gz /etc/docker.tar.gz
Where pssh_all_ips
is a newline separated file of internal IP addresses (10.0.*.*
or 10.32.*.*
in our case).
You can find your agent IPs at localhost:2000/mesos/#/slaves
if you're tunneled into your cluster).
This makes the file available at file:///etc/docker.tar.gz
on all agents, from there you can use marathon's URI field to make it available to the docker pull system.