Volume mounting with docker stack

Question

Following is my docker-stack file.

version: "3"
services:
  my-app:    
    image: my-image:latest    
    volumes:
      - ./certs:/certs   
    ports:
      - 6401:6401
    networks:
      my-net:        
         ipv4_address: 192.168.0.4
networks:
  my-net:
    external: true

It works fine on my machine, binding certs folder to certs inside the container. However doesn't work in my CI pipeline where i am deploying this service inside a docker-stack-node image. The error i get is

invalid mount config for type "bind": bind mount source path does not exist.

I read that If you bind mount a host path into your service’s containers, the path must exist on every swarm node. So, I think i need to create a named volume. However, with the named volume i can't specify source path of certs. It's confusing. Can someone help with this?

I don't think this has anything to do with a named volume. I think this specifically just has to do with the CI host machine not having a certs directory where ever its running from. I'm not sure why certs are supposed to be on a mounted volume. How are the certs generated? Are they generated every single time CI runs or is it more like a secret or an artifact stored somewhere? If they're generated, you can add another image + container that generates or you can add it in from grabbing from a secrets management platform or artifact. — Will C, Oct 19 '18 at 03:58
It's an artifact stored in repository(not a good practice but these are just for testing). So when CI runs the repo is cloned on the runner and then the service is deployed on the runner machine. When i run ls in the gitlab ci file, i can see the directory named certs there. May be the docker execution directory is different? my is using another container to copy those files? — Niraj, Oct 19 '18 at 11:46

D. Vinson · Answer 1 · 2019-09-30T23:30:41.337

1

To bind to a directory the directory has to exist on the host machine so ./certs doesn't exist on the host running the container so...

If you want to bind the volume you will need to run:

mkdir -p ./certs

on the machine running the container and it will work.

It works on your machine because the directory exists locally.

Copy directory to host

scp -r /local/directory/ username@to_host:/remote/directory/

edited Sep 30 '19 at 23:30

answered Oct 19 '18 at 08:59

D. Vinson

1,090
6
8

1

But how do i copy contents of certs to this new dir? It seems it's not there on the host directory. – Niraj Oct 19 '18 at 12:11
Can anyone answer Niraj follow up question? – Dr. House Sep 29 '19 at 23:01
ssh or scp to the host – D. Vinson Sep 30 '19 at 23:28

score 1 · Answer 2 · answered Mar 22 '20 at 23:51

@Niraj I have ran into this issue as well and have figured out that each node needs the files to run. In your case I would do this:

In your Dockerfile create the certs folder
- RUN mkdir /certs
Change compose-file to use absolute path
- - $PWD/certs:/certs
Copy certs into container
- docker cp <file_name> <container_id>:/certs

Hope this helps!

Volume mounting with docker stack

2 Answers2