-
-
Notifications
You must be signed in to change notification settings - Fork 107
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[0.18] Issues running inside Alpine Linux #19
Comments
Hi @skyzyx, I can't think of any specific reason why iamlive wouldn't work within Docker. I assume you're not using the new proxy mode and instead relying on the CSM? If so, the traffic runs over UDP, so do make sure that both sessions are privileged enough to send/receive that traffic. iamlive also requires a TTY to be available, so perhaps using Let me know if you find anything interesting. |
Correct. Relying on CSM. Let me keep poking at it. Thanks. |
Does this tool support the AWS SDK/CLI environment variables? My |
The tool doesn't require any access to credentials themselves, but using the
is a valid alternative, but you should set these immediately before running Terraform. |
I couldn't get CSM mode to work on my Mac either. Switching to proxy mode appears to have worked. Thanks! |
@skyzyx did it work? |
Hi @iann0036 , I've tried running it in Docker, tried a lot of stuff but nothing worked. Here's how I did it- I'm on Windows 20H2 + WSL2, so Docker and Linux work properly. git clone https://github.com/iann0036/iamlive.git Dockerfile Expand/CollapseARG GO_VERSION=1.16.3
ARG REPO_NAME=""
ARG APP_NAME="iamlive"
ARG APP_PATH="/go/src/iamlive"
# Dev
FROM golang:${GO_VERSION}-alpine AS dev
RUN apk add --update git
ARG APP_NAME
ARG APP_PATH
ENV APP_NAME="${APP_NAME}" \
APP_PATH="${APP_PATH}" \
GOOS="linux"
WORKDIR "${APP_PATH}"
COPY . "${APP_PATH}"
ENTRYPOINT ["sh"]
# Build
FROM dev as build
RUN go install
ENTRYPOINT [ "sh" ]
# App
FROM alpine:3.12 AS app
RUN apk --update upgrade && \
apk add --update ca-certificates && \
update-ca-certificates
WORKDIR "/app/"
COPY --from=build "/go/bin/iamlive" ./iamlive
RUN addgroup -S "appgroup" && adduser -S "appuser" -G "appgroup" && \
chown "appuser:appgroup" "./iamlive"
USER "appuser"
EXPOSE 10080
ENTRYPOINT ["./iamlive"]
CMD "" Build the image docker build -t iamlive-test . Run container docker run -p 10080:10080 --name iamlive-test --rm -it iamlive-test --mode proxy --bind-addr 0.0.0.0:10080
# Runs in the background ... New terminal
Some notes
Any thoughts on how to resolve this? |
For this line:
Could you try to change it to:
? If that doesn't help, there's a thread that mentions the NO_PROXY env, so check that there are no proxy settings on your machine that may redirect traffic also. |
Thank you, I'll check it out and report back. Let me know if you want me to create a new issue, if not, I'll keep posting in here. |
@iann0036 IT WORKS! 🎉 Tested with Here's the updated (working) process git clone https://github.com/iann0036/iamlive.git
cd iamlive Dockerfile Expand/CollapseARG GO_VERSION=1.16.3
ARG REPO_NAME=""
ARG APP_NAME="iamlive"
ARG APP_PATH="/go/src/iamlive"
# Dev
FROM golang:${GO_VERSION}-alpine AS dev
RUN apk add --update git
ARG APP_NAME
ARG APP_PATH
ENV APP_NAME="${APP_NAME}" \
APP_PATH="${APP_PATH}" \
GOOS="linux"
WORKDIR "${APP_PATH}"
COPY . "${APP_PATH}"
ENTRYPOINT ["sh"]
# Build
FROM dev as build
RUN go install
ENTRYPOINT [ "sh" ]
# App
FROM alpine:3.12 AS app
RUN apk --update upgrade && \
apk add --update ca-certificates && \
update-ca-certificates
WORKDIR "/app/"
COPY --from=build "/go/bin/iamlive" ./iamlive
RUN addgroup -S "appgroup" && adduser -S "appuser" -G "appgroup" && \
chown "appuser:appgroup" "./iamlive"
USER "appuser"
EXPOSE 10080
ENTRYPOINT ["./iamlive"]
CMD "" Build the image docker build -t iamlive-test .
# Uncompressed Docker Image Size: 61.7MB Run a container docker run -p 443:10080 -p 80:10080 --name iamlive-test --rm -it iamlive-test --mode proxy --bind-addr 0.0.0.0:10080
# Runs in the background ...
# Average Memory Usage: 88MB New WSL2 terminal
Valid output of iamlive container Expand/Collapse{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListAllMyBuckets"
],
"Resource": "*"
}
]
} NOTE: With unset HTTP_PROXY HTTPS_PROXY AWS_CA_BUNDLE
terraform init
# Assuming iamlive Docker container is running in the background ...
export HTTP_PROXY=http://127.0.0.1:80 HTTPS_PROXY=http://127.0.0.1:443 AWS_CA_BUNDLE="${HOME}/.iamlive/ca.pem"
terraform apply |
Neato! Thanks for sharing your update. |
@iann0036 I got excited and wrote a blog-post about it - Determining AWS IAM Policies According To Terraform And AWS CLI. Thank you for creating and sharing this amazing tool. |
We use Docker containers for pop-up development environments (e.g., as opposed to a VM). Trying to run it inside a Docker container, but since I can't open a second tab in my terminal (since the container session is tied to the terminal session), I can't follow the README instructions.
I've tried running it in the background, however, I keep ending up with the basic
Action: null
policy after running Terraform to standup my infrastructure, thenkill $PID
.Since Terraform calls out to the AWS APIs, I would think that this tool could read the same things going over the wire as the AWS CLI.
Is there something about Docker or Alpine Linux which would prevent it from working?
The text was updated successfully, but these errors were encountered: