patterns for orchestrating docker containers

Hi all,

I m wondering what patterns people use to achieve some sort of 'orchestration' among containers.

Let say in situation like the following: there are couple of container that needs SSL certificates – some are web applications or sites served over NGINX, and some are service like LDAP and TURN that needs certificates to use secured protocols.

Now, certificates should be first obtained using NGINX, then other services depending on certificates shall be started. Also, there is a situation when some (or all) certificates has to be renewed. In that case, already running containers (depending on certificates) should be restarted/reloaded.

Personally, I would like somehow to split 'cron' from NGINX container and do obtaining/renewing certificates in it. When this job is done, based on list of certificates obtained/renewed some sort of 'signal' shall be sent to other, affected containers so they can reload (or restart) service in it.

Additionally, if LetsEncrypt is used, I guess somehow whole /etc/letsencrypt shall be copied into running container(s) and proper ownership flag shall be set before service reload. This is in case if I want to run container as unpriviledged user.

One of the things I considered is to use docker socket mounted in volume, but this leaves security gap I would like to avoid. Other thing I was thinking about was some publisher-subscriber (like MQTT), but in this case I m not sure how much work will be to develop a script that 'handles' process inside container; and I would like to avoid having additional 'management' process inside a container if possible.

Thank you kindly

submitted by /u/nikoladsp
[link] [comments]
Source: Reddit