• Stars
    star
    100
  • Rank 340,703 (Top 7 %)
  • Language
    Shell
  • License
    BSD 3-Clause "New...
  • Created almost 6 years ago
  • Updated over 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Alpine-based s3fs client: mount from container, make available to other containers

Dockerised s3fs Client

This Docker image (and associated github project) facilitates mounting of remote S3 buckets resources into containers. Mounting is performed through the fuse s3fs implementation. The image basically implements a docker volume on the cheap: Used with the proper creation options (see below) , you should be able to bind-mount back the remote bucket onto a host directory. This directory will make the content of the bucket available to processes, but also all other containers on the host. The image automatically unmount the remote bucket on container termination.

The image tags follow the versions from the s3fs implementation, there will be no latest, only tags matching released versions of s3fs. New versions of s3fs will automatically be picked up when rebuilding. s3fs is compiled from the tagged git versions from the main repository. The image is automatically built using a github workflow and pushed to both the Docker Hub and to the GHCR. Detection of new releases happens once every day.

Example

Provided the existence of a directory called /mnt/tmp on the host, the following command would mount a remote S3 bucket and bind-mount the remote resource onto the host's /mnt/tmp in a way that makes the remote files accessible to processes and/or other containers running on the same host.

docker run -it --rm \
    --device /dev/fuse \
    --cap-add SYS_ADMIN \
    --security-opt "apparmor=unconfined" \
    --env "AWS_S3_BUCKET=<bucketName>" \
    --env "AWS_S3_ACCESS_KEY_ID=<accessKey>" \
    --env "AWS_S3_SECRET_ACCESS_KEY=<secretKey>" \
    --env UID=$(id -u) \
    --env GID=$(id -g) \
    -v /mnt/tmp:/opt/s3fs/bucket:rshared \
    efrecon/s3fs

The --device, --cap-add and --security-opt options and their values are to make sure that the container will be able to make available the S3 bucket using FUSE. rshared is what ensures that bind mounting makes the files and directories available back to the host and recursively to other containers.

Container Options

A series of environment variables, most led by AWS_S3_ can be used to parametrise the container:

  • AWS_S3_BUCKET should be the name of the bucket, this is mandatory.
  • AWS_S3_AUTHFILE is the path to an authorisation file compatible with the format specified by s3fs. This can be empty, in which case data will be taken from the other authorisation-related environment variables.
  • AWS_S3_ACCESS_KEY_ID is the access key to the S3 bucket, this is only used whenever AWS_S3_AUTHFILE is empty.
  • AWS_S3_SECRET_ACCESS_KEY is the secret access key to the S3 bucket, this is only used whenever AWS_S3_AUTHFILE is empty. Note however that the variable AWS_S3_SECRET_ACCESS_KEY_FILE has precedence over this one.
  • AWS_S3_SECRET_ACCESS_KEY_FILE points instead to a file that will contain the secret access key to the S3 bucket. When this is present, the password will be taken from the file instead of from the AWS_S3_SECRET_ACCESS_KEY variable. If that variable existed, it will be disregarded. This makes it easy to pass passwords using Docker secrets. This is only ever used whenever AWS_S3_AUTHFILE is empty.
  • AWS_S3_URL is the URL to the Amazon service. This can be used to mount external services that implement a compatible API.
  • AWS_S3_MOUNT is the location within the container where to mount the WebDAV resource. This defaults to /opt/s3fs/bucket and is not really meant to be changed.
  • AWS_S3_ENVFILE is the location of a .env file, within the container, from where to read the content of environment variables. Only lines starting with AWS_S3_ or S3FS_ will be recognised. Content will be expanded by shell. Usually, you will want to bind mount that file from the host in read-only mode.
  • UID is the user ID for the owner of the share inside the container.
  • GID is the group ID for the owner of the share inside the container.
  • S3FS_DEBUG can be set to 1 to get some debugging information from s3fs.
  • S3FS_ARGS can contain some additional options to be blindly passed to s3fs. options are supposed to be given comma-separated, e.g. use_path_request_style,allow_other,default_acl=public-read

Commands

By default, this container will be silent and running empty.sh as its command. If you wanted to check for liveness, you can pass the command ls.sh instead, which will keep listing the content of the mounted directory at regular intervals. Both these commands ensure that the remote bucket is unmounted from the mountpoint at termination, so you should really pick one or the other to allow for proper operation. If the mountpoint was not unmounted, your mount system will be unstable as it will contain an unknown entry.

Automatic unmounting is achieved through a combination of a trap in the command being executed and tini. tini is made available directly in this image to make it possible to run in Swarm or kubernetes environments.

Versions and Tags

The docker image has tags that automatically match the list of official versions of s3fs. This is achieved through using the github API to discover the list of tags starting with v and building a separate image for each of them. The image itself builds upon alpine and it will pick the latest Alpine with major version number 3 at the time of the build. There is no release for version 1.87 as it contains a regression that was fixed after the release.

More Repositories

1

machinery

Easily control entire docker-machine based clusters from the command-line.
Tcl
118
star
2

rsshd

Docker container for reverse sshd and keeping connections to remote NATed servers
Shell
45
star
3

docker-webdav-client

WebDAV client for Docker with easy access to all davfs2 options!
Shell
44
star
4

exodus

Build extremely minimal Docker images, but on top of the whole Debian catalog!
JSONiq
18
star
5

tockler

Implementation of the docker client API in Tcl
Tcl
15
star
6

sqlite-backup

Simple solution to perform regular SQLite3 backups and remove older ones
Shell
15
star
7

localtunnel

localtunnel client
12
star
8

dockron

Schedule commands on docker containers, images, networks, nodes, secrets, services, etc. at regular intervals
Tcl
11
star
9

docker-mosquitto

Easily configurable eclipse MQTT broker
Shell
9
star
10

primer

Primer, a flexible OS initialisation automator in pure POSIX shell for infrastructure as data
Shell
7
star
11

tsdb

Simple time-series database
Tcl
6
star
12

mini-tcl

A minimal Tcl for docker
Tcl
5
star
13

dew

Run everything in (Docker) containers
Shell
5
star
14

sshd-cloudflared

Access you work directory from anywhere using a Dockerised SSH daemon tunnelled through cloudflare.
Shell
4
star
15

docker-tcl

Ubuntu-based batteries-included Tcl for Docker
4
star
16

influx-backup

Periodical or one-shot raw and CSV backups of Influx databases
Tcl
2
star
17

til

The Tcl ICE Library
Tcl
2
star
18

reg-tags

Docker registry API operations in POSIX shell
Shell
2
star
19

docker-alpine-java

JDK7 on top of Alpine Linux
1
star
20

dinosaurs

Automatically fetch and compile ancient software
Shell
1
star
21

dynufw

ufw-based firewalling made easier for dynamic hosts
Shell
1
star
22

mqtt

MQTT client implementation in modern Tcl
Tcl
1
star
23

senML

Tcl implementation of a SenSML parser (for JSON) and a SenML wrapper
Tcl
1
star
24

davix-backup

davix-based backup automation
Shell
1
star
25

docker-etcd

etcd and etcdctl minimal components
1
star
26

pgbackup

Dockerized local and offline backing up of PostgresQL with rotation and compression.
Shell
1
star
27

docker-rebase

Rebase slim Docker Images on top of other ones
Shell
1
star
28

tcl-stomp

A STOMP server and client library in Tcl
Tcl
1
star
29

efr-lib

Collection of more-or-less unrelated Tcl packages
Tcl
1
star
30

nighthawk

command-line operation of Netgear's NightHawk routers
Shell
1
star
31

pseudofs

Tcl interface to procfs and sysfs
Tcl
1
star