Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feature: Pull in host Docker configuration in Development mode #23419

Open
taiidani opened this issue Jun 21, 2024 · 2 comments
Open

Feature: Pull in host Docker configuration in Development mode #23419

taiidani opened this issue Jun 21, 2024 · 2 comments

Comments

@taiidani
Copy link

Proposal

When nomad agent -dev runs in development mode, it makes a number of choices to simplify the development experience for the person running it. This helps establish a baseline set of behaviors for developing & testing against.

In order to improve the developer experience, this issue proposes that an attempt is made to surface the docker driver registry configuration & auth with the configuration found in the running user's ~/.docker/config.json file so that no manual configuration is required.

Use-cases

For some developers, it can be a common occurrence to develop or test with the docker driver using Docker images that are from a private registry. This requires that the developer configure Nomad further than the -dev argument by providing their own configuration file -- potentially including plaintext secrets on their developer workstation in order to do so.

Were Nomad able to draw in the registry auth (including any registry helpers) from the user's Docker Engine configuration, the developer would be able to pull images from the private registry without performing additional manual action.

Attempted Solutions

I do not know of a way that this can be automated as proposed. When testing against my private registry I had to set it up manually:

  1. Read my existing ~/.docker/config.json file
  2. Migrate the configuration found into Nomad's configuration format

My ~/docker/config.json file, on a macOS machine:

{
        "auths": {
                "docker.artifactory.xxx.engineering": {}
        },
        "credsStore": "desktop",
        "currentContext": "desktop-linux",
        "plugins": {
                "-x-cli-hints": {
                        "enabled": "true"
                },
                "debug": {
                        "hooks": "exec"
                },
                "scout": {
                        "hooks": "pull,buildx build"
                }
        },
        "features": {
                "hooks": "true"
        }
}

As the file notes, I use Docker Desktop's credstore helper. After migrating it to Nomad's HCL I ended up with this snippet:

plugin "docker" {
  config {
    auth {
      helper = "desktop"
    }
  }
}
@tgross
Copy link
Member

tgross commented Jun 24, 2024

Hi @taiidani! I really like this idea! There's a few platform-specific design issues to figure out:

  • For Windows users, we'd need to figure out where the various files of interest are installed.
  • For Mac users, we have the tricky consideration that they might be running with sudo to pick up other features (like networking configuration) even though their Docker client will be talking to the Docker for Mac VM. So the user that Nomad is running as may not be the same as the user's terminal where they've got Docker cred helpers set up.
  • For Linux users, they're very likely to be running as root because that's the recommended deployment.

I'm going to mark this issue for further discussion and roadmapping.

@lancehaig
Copy link

Upvote from my side on this one @tgross :-)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
Status: Needs Roadmapping
Development

No branches or pull requests

3 participants