It depends on how do you want to manage the configuration files for your
containers - dynamic or static.
- Dynamic
- Fetch via URI - you probably do not need your application
entrypoint to fetch. Instead Mesos and marathon supports fetching URIs to
your container sandbox.
http://mesos.apache.org/documentation/latest/fetcher/
- Pass into the container as a file based secret if it is sensitive.
http://mesos.apache.org/documentation/latest/secrets/#file-based-secrets
- Environment Variable.
- Static
- Host_path volume - mounting a host path or file into your container.
http://mesos.apache.org/documentation/latest/container-volume/#host_path-volume-source
- Build it in your container image if those configurations are not
expected to be changed.
> Furthermore this page[1] says the sandbox is considered read only, yet
the stdout and stderr are located there???
I think the document
<http://mesos.apache.org/documentation/latest/sandbox/#using-the-sandbox> means
that sandbox is not expected to be touched by any 3rd party software or
people *other than* Mesos, executor and task/application.
-Gilbert
On Sun, Jul 21, 2019 at 3:22 AM Marc Roos <[email protected]> wrote:
>
>
> What would be the adviced way to add a configuration file to a container
> being used at startup. I am now fetching the files and then create an
> entrypoint.sh that copies this from the sandbox.
>
> Creating these custom entrypoints.sh is cumbersome. I thought about
> mounting the path's of the sandbox in the container but don't have good
> example to get this working[0]. Furthermore this page[1] says the
> sandbox is considered read only, yet the stdout and stderr are located
> there???
>
> Is there a (security) advantage copying files from the sandbox at
> startup or just use a mount point?
>
> [0]
> https://www.mail-archive.com/[email protected]/msg10445.html
>
> [1]
> http://mesos.apache.org/documentation/latest/sandbox/
>
