pezkuwichain/pezkuwi-telemetry
1
0
Fork 0
mirror of https://github.com/pezkuwichain/pezkuwi-telemetry.git synced 2026-04-22 05:38:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

Hardening of the Backend docker image (#379)

Browse Source 
* Add script to build the backend
* harden the backend docker image
* fix docker-compose
* fix doc
This commit is contained in:
Chevdor
2021-08-26 14:32:11 +02:00
committed by GitHub
parent 238d529eae
commit 19db1a48ef
5 changed files with 48 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README.md
+7 -3
View File
@@ -107,6 +107,7 @@ If you'd like to get things runing manually using Docker, you can do the followi
docker run --rm -it --network=telemetry \
--name backend-core \
-p 8000:8000 \
--read-only \
substrate-telemetry-backend \
telemetry_core -l 0.0.0.0:8000
```
@@ -117,6 +118,7 @@ If you'd like to get things runing manually using Docker, you can do the followi
docker run --rm -it --network=telemetry \
--name backend-shard \
-p 8001:8001 \
--read-only \
substrate-telemetry-backend \
telemetry_shard -l 0.0.0.0:8001 -c http://backend-core:8000/shard_submit
```
@@ -127,6 +129,7 @@ If you'd like to get things runing manually using Docker, you can do the followi
docker run --rm -it --network=telemetry \
--name frontend \
-p 3000:8000 \
--read-only \
-e SUBSTRATE_TELEMETRY_URL=ws://localhost:8000/feed \
substrate-telemetry-frontend
```
@@ -160,10 +163,11 @@ You should now see your node showing up in your local [telemetry frontend](http:
![image](doc/screenshot01.png)
### Build & Publish the Frontend docker image
### Build & Publish the Frontend & Backend docker images
The building process is standard. You just need to notice that the Dockerfile is in ./packages/frontend/ and tell docker about it. The context must remain the repository's root though.
The building process is standard. You just need to notice that the `Dockerfile`s are in `./frontend/` and `./backend` and tell docker about it. The context must remain the repository's root though. This is all done for you in the following scripts:
```sh
DOCKER_USER=chevdor ./scripts/build-docker-frontend.sh
DOCKER_USER=$USER ./scripts/build-docker-frontend.sh
DOCKER_USER=$USER ./scripts/build-docker-backend.sh
```
backend/Dockerfile
+9 -3
View File
@@ -10,7 +10,7 @@ RUN cargo build --${PROFILE} --bins
# MAIN IMAGE FOR PEOPLE TO PULL --- small one#
FROM docker.io/debian:buster-slim
LABEL maintainer="Parity Technologies"
LABEL description="Polkadot Telemetry backend shard/core binaries, static build"
LABEL description="Substrate Telemetry Backend shard/core binaries, static build"
ARG PROFILE=release
WORKDIR /usr/local/bin
@@ -18,7 +18,13 @@ WORKDIR /usr/local/bin
COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
COPY --from=builder /app/target/$PROFILE/telemetry_shard /usr/local/bin
COPY --from=builder /app/target/$PROFILE/telemetry_core /usr/local/bin
RUN apt-get -y update && apt-get -y install openssl && apt-get autoremove -y && apt-get clean && rm -rf /var/lib/apt/lists/
RUN useradd -m -u 1000 -U telemetry && \
apt-get -y update && \
apt-get -y install openssl && \
apt-get autoremove -y && \
apt-get clean && \
rm -rf /var/lib/apt/lists/
USER telemetry
EXPOSE 8000
docker-compose.yml
+2
View File
@@ -25,6 +25,7 @@ services:
build:
dockerfile: Dockerfile
context: ./backend/
read_only: true
command: [
'telemetry_shard',
'--listen', '0.0.0.0:8001',
@@ -38,6 +39,7 @@ services:
build:
dockerfile: Dockerfile
context: ./backend/
read_only: true
command: [
'telemetry_core',
'--listen', '0.0.0.0:8000'
scripts/build-docker-backend.sh
Executable
+28
View File
@@ -0,0 +1,28 @@
#!/usr/bin/env bash
pushd "$(git rev-parse --show-toplevel)/backend" > /dev/null
while getopts ":Nsgapv:" arg; do
case "${arg}" in
p)
PUBLISH="true"
;;
esac
done
IMAGE=substrate-telemetry-backend
DOCKER_USER=${DOCKER_USER:-paritytech}
echo "Building $IMAGE as $DOCKER_USER"
docker build -t $IMAGE -f ./Dockerfile .
docker tag $IMAGE $DOCKER_USER/$IMAGE
if [[ "$PUBLISH" = 'true' ]]; then
docker push $DOCKER_USER/$IMAGE
else
echo 'No -p passed, skipping publishing to docker hub'
fi
popd > /dev/null
docker images | grep $IMAGE
scripts/build-docker-frontend.sh
+2 -1
View File
@@ -15,7 +15,8 @@ IMAGE=substrate-telemetry-frontend
DOCKER_USER=${DOCKER_USER:-paritytech}
echo "Publishing $IMAGE as $DOCKER_USER"
docker build -t $DOCKER_USER/$IMAGE -f ./Dockerfile .
docker build -t $IMAGE -f packages/frontend/Dockerfile .
docker tag $IMAGE $DOCKER_USER/$IMAGE
if [[ "$PUBLISH" = 'true' ]]; then
docker push $DOCKER_USER/$IMAGE