You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A common best practice is a separate application configurations from the application itself. Currently the Docker image assumes the index.json will be in the /opt/arena/ directory along side the application itself.
This can present some issues when deploying the container to kubernetes since some types of Volume mappings will overwrite the target directory and not just the file itself.
Work-Arounds
In kubernetes you can mount a Secret or ConfigMap key as a file and overwrite the file itself.
This may work in many cases, but because the index.json will likely contain secrets we are using Vault to inject secrets into a templated index.json, then mount that. This is most easily done when the file can be manipulated elsewhere (with side-car containers) and then referenced by Arena. Another possible work-around is to make the /opt/arena and default index.json file writable within the container -- though this is not optimal for container security.
Preferred Solution
Have the Arena container load the index.json from any specified path.
This is a trivial change and can be backwards compatible.
I have a fork of the repo with the fix (load the file path from an environment variable): jkirkham-ratehub@3e56be2
Let me know if you want a PR for this change.
The text was updated successfully, but these errors were encountered:
Summary
A common best practice is a separate application configurations from the application itself. Currently the Docker image assumes the index.json will be in the
/opt/arena/directory along side the application itself.This can present some issues when deploying the container to kubernetes since some types of Volume mappings will overwrite the target directory and not just the file itself.
Work-Arounds
In kubernetes you can mount a Secret or ConfigMap key as a file and overwrite the file itself.
This may work in many cases, but because the index.json will likely contain secrets we are using Vault to inject secrets into a templated index.json, then mount that. This is most easily done when the file can be manipulated elsewhere (with side-car containers) and then referenced by Arena. Another possible work-around is to make the /opt/arena and default index.json file writable within the container -- though this is not optimal for container security.
Preferred Solution
Have the Arena container load the index.json from any specified path.
This is a trivial change and can be backwards compatible.
I have a fork of the repo with the fix (load the file path from an environment variable): jkirkham-ratehub@3e56be2
Let me know if you want a PR for this change.
The text was updated successfully, but these errors were encountered: