search

docker-archive / compose-cli

Easily run your Compose application to the cloud with compose-cli
Apache License 2.0
958 stars 254 forks source link

docker compose up - ECS integration , fails with AWS Secrets #2144

Closed siourdas-vasilis closed 2 years ago

siourdas-vasilis commented 2 years ago

BUG REPORT INFORMATION

Description

I am using docker compose with ECS integration. I am trying to apply the feature of reading secrets from AWS SecretsManager to my containers. I tried running matomo:latest and metabase/metabase images unsuccessfully.

Steps to reproduce the issue:

  1. Specify AWS secrets block like: 
    
services:
myapp:
...
secrets:
  - my_aws_secret

secrets: my_aws_secret: name: ${AWS_SECRETS_ARN} x-aws-keys:

Results I received:

When I run docker compose up I got the following error:

WARNING services.restart: unsupported attribute      
WARNING services.scale: unsupported attribute        
read /mypath: is a directory

where mypath is my current working directory containing the docker-compose.yml file.

Also Github Actions fails silently on docker compose up, giving: Error: Process completed with exit code 14. and no more info.

Results I expected: Docker compose up , to run successfully and deploy the container in ECS, with the secrets specified.

Additional important information :

When I remove the all the secret related attributes, docker compose up works!

Output of docker compose version:

Docker Compose version dev

Output of docker info:

Client:
 Context:    default
 Debug Mode: false
 Plugins:
  app: Docker App (Docker Inc., v0.9.1-beta3)
  buildx: Docker Buildx (Docker Inc., v0.8.0-docker)
  compose: Docker Compose (Docker Inc., v2.2.3)
  scan: Docker Scan (Docker Inc., v0.17.0)

Server:
 Containers: 0
  Running: 0
  Paused: 0
  Stopped: 0
 Images: 0
 Server Version: 20.10.13
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Cgroup Version: 1
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 2a1d4dbdb2a1030dc5b01e96fb110a9d9f150ecc
 runc version: v1.0.3-0-gf46b6ba
 init version: de40ad0
 Security Options:
  seccomp
   Profile: default
 Kernel Version: 5.10.16.3-microsoft-standard-WSL2
 Operating System: Ubuntu 20.04 LTS
 OSType: linux
 Architecture: x86_64
 CPUs: 16
 Total Memory: 7.624GiB
 Name: xxxxx
 ID: 6P5H:6JUP:I4MU:GHNL:VDBT:AOUN:XIOC:QYQP:SW6L:75NY:4WK4:HSGS
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Registry: https://index.docker.io/v1/
 Labels:
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false

WARNING: No blkio throttle.read_bps_device support
WARNING: No blkio throttle.write_bps_device support
WARNING: No blkio throttle.read_iops_device support
WARNING: No blkio throttle.write_iops_device support

Additional environment details: Working on WSL v2

siourdas-vasilis commented 2 years ago

The issue was that I missed the external : true attribute in secrets group. Closing this.

Maybe the docs needs an update on the x-aws-keys part that they miss the external option. https://docs.docker.com/cloud/ecs-integration/#secrets