eyakubovich
commented
9 months ago It's not possible to mount a host volume. However Enclaver streams the stdout & stderr from the enclave to the host (on stdout). It currently joins (multiplexes) both the stdout and stderr, which is not ideal but should work well enough for logs. You can then redirect it to a file or send it to syslog, journald, etc.
mderriey
Hi 👋
I'm currently spiking Enclaver to run a production Vault cluster on AWS EC2 instances. I went through the guide at https://edgebit.io/enclaver/docs/0.x/guide-vault/.
I'm still getting my head around the main concepts, so apologies if I'm not using the right terminology, or if my question doesn't make the most sense.
In our case, we'd be interested to map volumes on the source Vault container/image so we can access logs on the EC2 host and send them to CloudWatch, for example.
Since the source app Docker image is wrapped by Enclaver when we run
enclaver build, runningdocker run -v /host/logs:/vault/logs vault:enclavedoesn't map the volume on the Vault container, which I now understand. Is this possible?