Skip to content

Commit

Permalink
Merge pull request #29 from m-adawi/main
Browse files Browse the repository at this point in the history
merge main
  • Loading branch information
m-adawi authored Aug 16, 2024
2 parents e0c037a + 9c66c65 commit 98be9e9
Show file tree
Hide file tree
Showing 2 changed files with 72 additions and 21 deletions.
84 changes: 68 additions & 16 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,12 +1,12 @@
# SwarmCD

A declarative GitOps and Continuous Deployment tool for Docker Swarm.
A declarative GitOps and Continuous Deployment tool for Docker Swarm.

Inspired by [ArgoCD](https://argo-cd.readthedocs.io/en/stable/).
Inspired by [ArgoCD](https://argo-cd.readthedocs.io/en/stable/).

## Usage

# Usage
In this example, we use SwarmCD to deploy the stack in the repo
In this example, we use SwarmCD to deploy the stack in the repo
[swarm-cd-example](https://github.com/m-adawi/swarm-cd-example) to a docker swarm cluster.

First we add the repo to the file `repos.yaml`
Expand All @@ -27,8 +27,8 @@ nginx:
compose_file: nginx/compose.yaml
```

And finally, we deploy SwarmCD to the cluster
using the following docker-compose file:
And finally, we deploy SwarmCD to the cluster
using the following docker-compose file:

```yaml
# docker-compose.yaml
Expand All @@ -47,6 +47,7 @@ services:
```

Run this on a swarm manager node:

```bash
docker stack deploy --compose-file docker-compose.yaml swarm-cd
```
Expand All @@ -55,14 +56,15 @@ This will start SwarmCD, it will periodically check the stack repo
for new changes, pulling them and updating the stack.


# Manage Encrypted Secrets Using SOPS
You can use [sops](https://github.com/getsops/sops) to encrypt secrets in git repos and
## Manage Encrypted Secrets Using SOPS

You can use [sops](https://github.com/getsops/sops) to encrypt secrets in git repos and
have SwarmCD decrypt them before deploying or updating your stacks.

The stack `nginx-ssl` in the
[example repo](https://github.com/m-adawi/swarm-cd-example)
The stack `nginx-ssl` in the
[example repo](https://github.com/m-adawi/swarm-cd-example)
has two secret files under `nginx-ssl/secrets/` directory.
You can configure SwarmCD files to decrypt them by
You can configure SwarmCD files to decrypt them by
setting the property`sops_files` in a stack defenition.

```yaml
Expand All @@ -75,10 +77,11 @@ nginx-ssl:
- nginx-ssl/secrets/www.example.com.crt
- nginx-ssl/secrets/www.example.com.key
```

Then you need to set the SOPS environment variables that are required
to decrypt the files.
For example, if you used [age](https://github.com/FiloSottile/age)
to encrypt them, you have to mount the age key file to SwarmCD
to decrypt the files.
For example, if you used [age](https://github.com/FiloSottile/age)
to encrypt them, you have to mount the age key file to SwarmCD
and set the environment variable SOPS `SOPS_AGE_KEY_FILE`
to the path of the key file. See the following docker-compose example

Expand Down Expand Up @@ -108,7 +111,56 @@ secrets:
This way, SwarmCD will decrypt the files each time before it updates
the stack.

## Connect SwarmCD to a remote docker socket

# Documentation
See [docs](https://github.com/m-adawi/swarm-cd/blob/main/docs).
You can use the `DOCKER_HOST` environment variable to point SwarmCD to a remote docker socket,
be it in the same swarm or a different host.

In the following example `docker-socket-proxy` talks directly to the host socket proxy,
and SwarmCD connects to it:

```yaml
version: '3.7'
services:
socket_proxy:
image: tecnativa/docker-socket-proxy:0.2.0
deploy:
placement:
constraints:
- node.role == manager
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
TZ: Europe/Rome
INFO: 1
SERVICES: 1
NETWORKS: 1
SECRETS: 1
CONFIGS: 1
POST: 1
swarm-cd:
image: ghcr.io/m-adawi/swarm-cd:1.1.0
depends_on:
- socket_proxy
environment:
DOCKER_HOST: tcp://socket_proxy:2375
configs:
- source: stacks
target: /app/stacks.yaml
mode: 0400
- source: repos
target: /app/repos.yaml
mode: 0400
configs:
stacks:
file: ./stacks.yaml
repos:
file: ./repos.yaml
```

## Documentation

See [docs](https://github.com/m-adawi/swarm-cd/blob/main/docs).
9 changes: 4 additions & 5 deletions util/sops.go
Original file line number Diff line number Diff line change
Expand Up @@ -26,16 +26,15 @@ func DecryptFile(filepath string) (err error) {
return
}


func getFileFormat(filename string) string {
extension := filepath.Ext(filename)
if extension == "yaml" || extension == "yml"{
if extension == ".yaml" || extension == ".yml" {
return "yaml"
} else if extension == "json" {
} else if extension == ".json" {
return "json"
} else if extension == "ini" {
} else if extension == ".ini" {
return "ini"
} else {
return "binary"
}
}
}

0 comments on commit 98be9e9

Please sign in to comment.