I have a docker image on docker hub with an app I’d like people to start on their own.
This app needs a config file, potentially > 2MB.
What’s the idiomatic way of allowing people to “mount” this file into the container without having them rebuild the whole container?
I could imagine base64 encode the content and set it as env variable / secret. But I assume there are some size limits?
Is there a more convenient way where you can specify a file in the fly.toml and mount it into the filesystem of the container, just like docker compose?
There are some low limits on the secret size now (4k last time I checked). Mounting files from the host is not possible currently.
Another way you could do this, though a bit cumbersome: use your Docker entrypoint script to fetch the config file from a URL. If you wanted to keep that config file within your Fly setup, it could be stored in:
the globally available Consul store, though that may also have size limits
We don’t have a great solution for that right now.
There is a limit of about 512KB IIRC, but that’s just the limit of our secrets store, there might be other limits at play.
I believe it’s subject to the same limit, yes.
It might be possible with a multi-stage deploy to avoid rebuilding too much. Or just putting the COPY in the dockerfile at the very end?
Even if we had a way to mount files at runtime, you’d probably need a deploy to update that.
You could mount a fuse s3fs from your entrypoint (if the file can live on S3-compatible storage). There are performances considerations here, and it might just be easier to periodically pull from S3 instead.
Another approach - avoiding dependencies on external stores for every change - is to add a volume to instances and store the fetched config there.
Would another option be feasible by exposing Nomad’s template stanza and artifacts combined with interpolated secrets from the environment? For example:
In theory, this approach could also extract the template config file from within the Docker container using whatever magic handles statics today instead of fetching it from a remote source.
One option is you can use a Volume for this. However, the minimum volume size is 1GB, which costs $0.15/mo, and you’d need one volume per running VM, so if you’re scaling horizontally to a lot of instances, that can get expensive or cumbersome.
Another option is you can use Redis, but the free plan is limited to 1MB request sizes, so if your config file is larger than that you’d need to split it up into <1MB chunks.
Per earlier comments, another option is to pull from S3.
