I’m trying out deploying Gravitational Teleport on Fly.io, and the app expects a customised YAML config file which needs to be edited / configured before starting the app, and baking the config file into the container image doesn’t sit right with me because the config file contains things like tokens and pins which don’t feel right being baked into the docker image.
When I run regular docker containers on a VM, I would normally mount these config files in at relevant locations into the container with :ro, so they only appear in the container when run, and are not baked into the image.
What’s the recommended approach for running these kinds of apps that need config files on the local disk that have to be edited / customised ideally before first boot on Fly.io?
P.s. sorry if there’s already an earlier topic on this. I tried searching but all my keywords brought up unrelated topics, hence why creating a new one.
I’v not used to teleport config but is there any chance you can put environment variables? That would solve it all as you could put those on secrets and set something like $MY_CONFIG_SECRET on the yml.
Other than that, I’d say it’s possible for you to create a template YML that simulates the behavior above by substituting values using secrets before boot. Would require some Dockerfile modifications
Hopefully, someone else has a better answer though!
Thanks for your answer and suggestions. Yeah, I was trying to look into whether Teleport supports env vars as a config method, and it seems like from previous comments on issues (here and this currently open issue since 2019) that the developers initially were preferring to not support env vars in favour of a static config file.
On this,
it sounds like an interesting idea, albeit a bit of a hacky one, as I guess I’ll have to run something that injects the env vars into the template yaml file on boot. Will explore a bit more on this.