Skip to content
/ containers Public

Supporting docker containers for the Nelson system

getnelson.io

License

Apache-2.0 license
1 star 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

getnelson/containers

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

25 Commits

common

common

 
 

linter-consul-template

linter-consul-template

 
 

linter-gomplate

linter-gomplate

 
 

.gitignore

.gitignore

 
 

LICENSE

LICENSE

 
 

Makefile

Makefile

 
 

NOTICE

NOTICE

 
 

README.md

README.md

 
 

Repository files navigation

Containers

Build Status

Various containers to support Nelson at runtime - template linting, sidecars etc.

Linters

At present Nelson supports two generic type of end-user templating linting engines:

Users are able to add arbitrary templating engines as they see fit, provided they meet the protocol with which Nelson will invoke them. Specifically, the ENTRYPOINT must accept the following arguments:

  • --file: The path to the input file on the filesystem (inside the container)
  • --vault-addr: The fully qualified URL to the Vault server (for example, https://vault.foo.com)
  • --vault-token: The token Nelson should use to interact with Vault (as needed)

By default common/entrypoint.sh handles this argument parsing, and delegates to a script of your choosing at /usr/local/bin/render, at which point you can delegate to any templating engine.

At runtime, Nelson will run a docker command that looks like this:

docker -H tcp://127.0.0.1:2375 \
  run --name $containerName \
  --rm -v ${path.getParent}:/templates \
  --memory=${templateConfig.memoryMegabytes}m \
  --memory-swap=-1 \
  --cpu-period=${templateConfig.cpuPeriod} \
  --cpu-quota=${templateConfig.cpuQuota} \
  --net=host \
  --env=NELSON_DATACENTER \
  --env=NELSON_DNS_ROOT=${dnsRoot} \
  --env=NELSON_ENV=${$ns.root.asString} \
  --env=NELSON_PLAN=default \
  --env=NELSON_STACKNAME=sn.toString \
  getnelson/linter-gomplate \
  --vault-addr=${vaultAddr} \
  --vault-token=${vaultToken} \
  --file=/templates/${path.getFileName}

Whislt verbose, this means that Nelson can invoke the container with constrained resources and provide a realistic linting scenario for end-application developers.

linter-consul-template

The consul-template container is used by Nelson to lint templates in a simulated environment with the same Vault token as the deployed unit will be granted. This can be used to test the validity of a configuration without exposing the credentials to the developer.

# to build, use the following:
IMAGE_SRC=linter-consul-template make build

linter-gomplate

The gomplate container is used by Nelson to lint templates in a simulated environment with the same Vault token as the deployed unit will be granted. This can be used to test the validity of a configuration without exposing the credentials to the developer.

# to build, use the following:
IMAGE_SRC=linter-gomplate make build

About

Supporting docker containers for the Nelson system

getnelson.io

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

1 star

Watchers

6 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages