recently i have a need to build/start/stop some sibling containers (vs docker within docker), the way to do it is to expose a pipelien from the host to the container:
for single container:
docker run -v /var/run/docker.sock:/var/run/docker.sock
for docker compose
View at Medium.com
actually the dameon could listen from other host (configuration):
have encountered some issue with the stale dockerfile. turns out, docker compose actually cache previous builds (this is not stated in the doc).
so to keep it updated, need to run build without cache then bring it up.
docker-compose build --no-cache && docker-compose up
Have been working on some serverless framework recently, which i have put onto EKS.
most of the stuff worked, except the cli, which leveraged on k8s client-go library to authen is not able to do so with EKS. (working well with Azure AKS and GCP).
turns out the issue was with k8s client-go library, which doesn’t deal with aws-iam-authenticator. as a work around, the patch is to apply the service account as a bearer token.
//command to get the token
kubectl describe secret account -n namespace | grep -E '^token' | cut -f2 -d':' | tr -d " "
then in the client-go, patch the token into the bearer header:
//retrieve the token either from secret file or env var
//token, err := ioutil.ReadFile("~/secrets/kubernetes.io/serviceaccount/" + v1.ServiceAccountTokenKey)
//token := os.Getenv("BEARER_TOKEN")
//add the header if its not yet there
r.headers.Set("Authorization", "Bearer xxx")
//before the real http call
resp, err := client.Do(req)