为什么 docker swarm 使用 secrets 路径而不是 secrets 值?
Why docker swarm use the secrets path and not the secrets value?
我想在 docker 群秘密中使用。
我初始化 docker 群。
我用以下方法创建秘密:
echo "password1" | docker secret create my_mysql_wordpress_password -
echo "password2" | docker secret create my_mysql_root_password -
然后我部署堆栈:
docker stack deploy -c mysql.yml mysql
mysql.yml 文件:
version: "3.7"
services:
mysql:
image: mariadb:latest
ports:
- "0.0.0.0:3306:3306"
deploy:
replicas: 1
labels:
- "traefik.enable=false"
environment:
- MYSQL_USER=wordpress_admin
- MYSQL_PASSWORD=/run/secrets/my_mysql_wordpress_password
- MYSQL_ROOT_PASSWORD=/run/secrets/my_mysql_root_password
secrets:
- my_mysql_wordpress_password
- my_mysql_root_password
volumes:
- mysql_data:/var/lib/mysql
networks:
- traefik-backend
secrets:
my_mysql_wordpress_password:
external: true
my_mysql_root_password:
external: true
volumes:
mysql_data:
driver: local
driver_opts:
o: bind
type: none
device: /data/mysql_data
networks:
traefik-backend:
external: true
现在数据库服务器启动。
当我现在尝试连接到服务器时,来自 root 的密码不是“password2”(来自秘密的值),密码是“/run/secrets/my_mysql_root_password”
怎么了?为什么密码是 运行-String 而不是秘密中的值?
在查看了不同的文档之后,似乎解决方案并不明确。我不明白 how/why 它也有效,但这是对我有用的:
version: "3.7"
services:
mysql:
image: mariadb:latest
ports:
- "0.0.0.0:3306:3306"
deploy:
replicas: 1
labels:
- "traefik.enable=false"
environment:
- MYSQL_USER=wordpress_admin
- MYSQL_PASSWORD_FILE=/run/secrets/my_mysql_wordpress_password
- MYSQL_ROOT_PASSWORD_FILE=/run/secrets/my_mysql_root_password
secrets:
- my_mysql_wordpress_password
- my_mysql_root_password
volumes:
- mysql_data:/var/lib/mysql
networks:
- traefik-backend
secrets:
my_mysql_wordpress_password:
external: true
my_mysql_root_password:
external: true
...
将“_FILE”添加到环境变量就可以了。
我想在 docker 群秘密中使用。 我初始化 docker 群。
我用以下方法创建秘密:
echo "password1" | docker secret create my_mysql_wordpress_password -
echo "password2" | docker secret create my_mysql_root_password -
然后我部署堆栈:
docker stack deploy -c mysql.yml mysql
mysql.yml 文件:
version: "3.7"
services:
mysql:
image: mariadb:latest
ports:
- "0.0.0.0:3306:3306"
deploy:
replicas: 1
labels:
- "traefik.enable=false"
environment:
- MYSQL_USER=wordpress_admin
- MYSQL_PASSWORD=/run/secrets/my_mysql_wordpress_password
- MYSQL_ROOT_PASSWORD=/run/secrets/my_mysql_root_password
secrets:
- my_mysql_wordpress_password
- my_mysql_root_password
volumes:
- mysql_data:/var/lib/mysql
networks:
- traefik-backend
secrets:
my_mysql_wordpress_password:
external: true
my_mysql_root_password:
external: true
volumes:
mysql_data:
driver: local
driver_opts:
o: bind
type: none
device: /data/mysql_data
networks:
traefik-backend:
external: true
现在数据库服务器启动。 当我现在尝试连接到服务器时,来自 root 的密码不是“password2”(来自秘密的值),密码是“/run/secrets/my_mysql_root_password”
怎么了?为什么密码是 运行-String 而不是秘密中的值?
在查看了不同的文档之后,似乎解决方案并不明确。我不明白 how/why 它也有效,但这是对我有用的:
version: "3.7"
services:
mysql:
image: mariadb:latest
ports:
- "0.0.0.0:3306:3306"
deploy:
replicas: 1
labels:
- "traefik.enable=false"
environment:
- MYSQL_USER=wordpress_admin
- MYSQL_PASSWORD_FILE=/run/secrets/my_mysql_wordpress_password
- MYSQL_ROOT_PASSWORD_FILE=/run/secrets/my_mysql_root_password
secrets:
- my_mysql_wordpress_password
- my_mysql_root_password
volumes:
- mysql_data:/var/lib/mysql
networks:
- traefik-backend
secrets:
my_mysql_wordpress_password:
external: true
my_mysql_root_password:
external: true
...
将“_FILE”添加到环境变量就可以了。