It depends on how do you want to manage the configuration files for your containers - dynamic or static.
- Dynamic - Fetch via URI - you probably do not need your application entrypoint to fetch. Instead Mesos and marathon supports fetching URIs to your container sandbox. http://mesos.apache.org/documentation/latest/fetcher/ - Pass into the container as a file based secret if it is sensitive. http://mesos.apache.org/documentation/latest/secrets/#file-based-secrets - Environment Variable. - Static - Host_path volume - mounting a host path or file into your container. http://mesos.apache.org/documentation/latest/container-volume/#host_path-volume-source - Build it in your container image if those configurations are not expected to be changed. > Furthermore this page[1] says the sandbox is considered read only, yet the stdout and stderr are located there??? I think the document <http://mesos.apache.org/documentation/latest/sandbox/#using-the-sandbox> means that sandbox is not expected to be touched by any 3rd party software or people *other than* Mesos, executor and task/application. -Gilbert On Sun, Jul 21, 2019 at 3:22 AM Marc Roos <m.r...@f1-outsourcing.eu> wrote: > > > What would be the adviced way to add a configuration file to a container > being used at startup. I am now fetching the files and then create an > entrypoint.sh that copies this from the sandbox. > > Creating these custom entrypoints.sh is cumbersome. I thought about > mounting the path's of the sandbox in the container but don't have good > example to get this working[0]. Furthermore this page[1] says the > sandbox is considered read only, yet the stdout and stderr are located > there??? > > Is there a (security) advantage copying files from the sandbox at > startup or just use a mount point? > > [0] > https://www.mail-archive.com/user@mesos.apache.org/msg10445.html > > [1] > http://mesos.apache.org/documentation/latest/sandbox/ >