#StackBounty: #docker #docker-volume #windows-container Windows Container with Sidecar for data

Bounty: 100

I am trying to setup a windows nanoserver container as a sidecar container holding the certs that I use for SSL. Because the SSL cert that I need changes in each environment, I need to be able to change the sidecar container (i.e. dev-cert container, prod-cert container, etc) at startup time. I have worked out the configuration problems, but am having trouble using the same pattern that I use for Linux containers.

On linux containers, I simply copy my files into a container and use the VOLUMES step to export my volume. Then, on my main application container, I can use volumes_from to import the volume from the sidecar.

I have tried to follow that same pattern with nanoserver and cannot get working. Here is my dockerfile:

# Building stage
FROM microsoft/nanoserver

RUN mkdir c:\certs
COPY . .

VOLUME c:/certs

The container builds just fine, but I get the following error when I try and run it. The dockerfile documentation says the following:

Volumes on Windows-based containers: When using Windows-based
containers, the destination of a volume inside the container must be
one of:

a non-existing or empty directory
a drive other than C:

so I thought, easy, I will just switch to the D drive (because I don’t want to export an empty directory like #1 requires). I made the following changes:

# Building stage
FROM microsoft/windowservercore as build
VOLUME ["d:"]

WORKDIR c:/certs
COPY . .

RUN copy c:certs d:

and this container actually started properly. However, I missed in the docs where is says:

Changing the volume from within the Dockerfile: If any build steps
change the data within the volume after it has been declared, those
changes will be discarded.

so, when I checked, I didn’t have any files in the d:certs directory.

So how can you mount a drive for external use in a windows container if, #1 the directory must be empty to make a VOLUME on the c drive in the container, and use must use VOLUME to create a d drive, which is pointless because anything put in there will not be in the final container?

Get this bounty!!!

Leave a Reply