6.2. Deployment

The suSSHi Proxy component requires configuration with the right parameters. This configuration can be downloaded from the suSSHi Chef UI and used in different ways:

  1. A JSON configuration file mapped into the container (bind mount).

  2. A JSON configuration file stored in docker secrets.

  3. An environment variable storing the Base64 encoded JSON configuration.

This allows us to use different methods to run the container.

6.2.1. Bind Mount

Now we are ready to deploy the suSSHi Proxy container at the edge of our cloud environment by copying the downloaded configuration to a local filesystem, config store or container file system and mapping it in the proxy container to one of the following default paths within the container:

  • /opt/wasabi/susshi/config/susshi-proxyd.json

  • /susshi-proxyd.json

A Docker Compose file may look like this:

docker-compose.yaml
 version: '3.5'

 services:
   susshi-proxy:
     container_name: 'susshi-proxy'
     image: 'registry.susshi.io/susshi-proxy:21.05'
     restart: always
     ports:
       - "<external_ip>:22:22"
     volumes:
       - /opt/wasabi/susshi/config:/opt/wasabi/susshi/config

Of course, you can also map it to another location and start the container using the -f option.

6.2.2. Docker Secret

Another option is to add the JSON configuration file as a secret named susshi-proxyd.json to Docker and mount the secret into the container:

docker-compose.yaml
 version: '3.5'

 services:
   susshi-proxy:
     container_name: 'susshi-proxy'
     image: 'registry.susshi.io/susshi-proxy:21.05'
     restart: always
     ports:
       - "<external_ip>:22:22"
     secrets:
       - susshi-proxyd.json

 secrets:
   susshi-proxyd.json:
     file: /path/to/susshi-proxyd.json

Note

The secret is mapped in the container file system under /run/secrets/<secrets_name>. Since the suSSHi Proxy container expects a file named /run/secrets/susshi-proxyd.json, you must also name the secret susshi-proxyd.json.

6.2.3. Environment Variable

You can simply download the JSON configuration as a single-lined Base64-encoded (RFC 4648) string. This string can than be added as environment variable called PROXY_CONFIG to the container.

.proxy.env
 PROXY_CONFIG=ewogICJJ(...)IF0KfQ==
docker-compose.yaml
 version: '3.5'

 services:
   susshi-proxy:
     container_name: 'susshi-proxy'
     image: 'registry.susshi.io/susshi-proxy:19.01'
     restart: always
     ports:
       - "<external_ip>:22:22"
     env_file:
       - ./.proxy-env

Tip

You can also provide the Base64-encoded string as variable under the environment key of the service definition. This is especially useful in environments where you want to run the container without any configuration file at all.