Grouper Users - Open Discussion List

[Greg Haverkamp <>]

On Mon, Jul 30, 2018 at 10:46 AM Gettes, Michael <> wrote:

Looking for anyone with practical experience running Grouper in a Docker Swarm (or even Kubernetes - I am starting with swarm).

I'm a little hesitant to claim "practical experience".  I deployed our Swarm-based Grouper at the end of June, after a moderately lengthy dev and testing process.  It's also our initial Grouper deployment, so it's tiny, and it doesn't as yet have a lot of work to do.

 

Does it “just work”? 

The beauty of Swarm to me is that it feels like just a lightweight extension of Docker functionality.  We're using a (heavily?) layered version of the TIER images.  Most of my learning curve revolved around getting used to not having bind mounts, as that's how we've typically handled logs and credentials.  I was working on externalizing secrets across all of our applications at the same time, and so I integrated all of that work.  (We've moved almost all of our IdM applications to individual Docker containers since we launched IdPv3 in December 2015.  But we haven't really done any orchestration at any level.)

Getting to gsh is a little weird under Swarm, if you're using Docker Secrets, and I feel like I need to break it into its own standalone, non-Swarmed container.  (We only use Docker Secrets to bootstrap, and we fetch all of the other secrets from our external secrets store.)  But a non-Swarm container would either need to be tweaked to pull the bootstrapped secrets from somewhere other than Docker Secrets.

(Our installation is small enough that, if I need to run gsh, I go to the Swarm node hosting the container and exec... Which feels awfully dirty, and certainly won't scale to large Swarm clusters.)

And we still don't have a good answer for Swarm logging, and "docker service logs" has proven to be a mess, so I've had to do a lot of debugging using "docker logs" on the actual host/container.

 

Any sage advice?

Not so much advice as... Something else.

Greg

 

thanks

/mrg