Separate traefik config on CI system and this traefik config #6
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Since we need traefik to see apps on the CI box, our CI here can have errors and breakages when we change configs and don't bump the versions because the app never gets destroyed on the CI box. I think we said we'd figure this out later but didn't see a ticket for it. Maybe we need a separate traefik for the CI box to stand on its own and then to make this CI separate and more repeatable.
Indeed, thanks for opening this!
Any thoughts on where we run the Traefik CI that's not the testing box? Do we just need another one?
Question: what was your thought on auto-versioning secrets, and did it extend to configs? Seems the main issue we run into with CI is incrementing
TRAEFIK_YML_VERSION
which seems generally like a pointless step we might want to remove.Hey, good question. A lot of what I know about the name/secret versions comes from this post which also suggests the auto-versioning. You don't need to read all of it but they are basically suggesting something like this.
For secrets:
For configs:
Where the version is generated from the content which means that it will most likely also be unique. Not sure about reliability of
md5sum
here but it generates something small which is good because docker secret/config have limits on the character length of the name.Read the post, is amazing (the author's other stuff is cool too – interesting Python-based system for deploying app updates after image updates)
md5sum
looks cool and easy for configs -- wondering about secrets; would it meanabra
needs access to the plaintext tomd5sum
it during each run?Good point. I guess we can't store plaintext because that would be $bad. Maybe we just ask for the passwords on deploy input flow and then sum them and save them into the swarm. Leaving the user to take care of managing their passwords? Not sure.
If people are using
pass
then it's feasible to md5sum secrets too. Maybe we offer a fully-automatic mode like that forpass
-wielders like ourselves, and a manual way as you suggest for the others?