Portainer Docker Swarm 导入秘密来撰写
Portainer Docker Swarm import secrets to compose
在 Portainer swarm 中添加 Secrets 并尝试导入为变量,任何人都可以举例说明我如何将其导入到 compose
version: '3.1'
services:
mongodb-sharded:
image: docker.io/bitnami/mongodb-sharded:4.4
environment:
- MONGODB_ADVERTISED_HOSTNAME=mongodb-sharded
- MONGODB_SHARDING_MODE=mongos
- MONGODB_CFG_PRIMARY_HOST=mongodb-cfg-primary
- MONGODB_CFG_REPLICA_SET_NAME=cfgreplicaset
- MONGODB_REPLICA_SET_KEY=${MONGODB_KEY}
- MONGODB_ROOT_PASSWORD=${MONGODB_PASSWORD}
ports:
- "27017:27017"
Docker 秘密将作为文件挂载在 /run/secrets/secret-name 下的容器中(如果未指定明确的挂载点)。要使用它,应用程序必须能够从这些文件中读取数据。这并不总是受支持。如果有的话,通常只有一小部分可用变量可以指定为文件。
官方Docker mongodb Image表示只支持
MONGO_INITDB_ROOT_USERNAME_FILE 和 MONGO_INITDB_ROOT_PASSWORD_FILE.
bitnami/mongodb-sharded 图像中的自述文件未提供任何信息,是否支持 docker 秘密。
带有官方图像预定义秘密的撰写文件看起来像这样:
version: '3.1'
services:
mongo:
image: mongo
restart: always
environment:
MONGO_INITDB_ROOT_USERNAME_FILE: /run/secrets/mongodb-root-username
MONGO_INITDB_ROOT_PASSWORD_FILE: /run/secrets/mongodb-root-password
secrets:
- mongodb-root-username
- mongodb-root-password
secrets:
mongodb-root-username:
external: true
mongodb-root-password:
external: true
使用 portariner Docker Swarm Secret 运行 mongodb 分片
version: '3.7'
secrets:
mongo-root-password:
external: true
mongo-key:
external: true
services:
mongodb-sharded:
image: docker.io/bitnami/mongodb-sharded:4.4
environment:
- MONGODB_ADVERTISED_HOSTNAME=mongodb-sharded
- MONGODB_SHARDING_MODE=mongos
- MONGODB_CFG_PRIMARY_HOST=mongodb-cfg-primary
- MONGODB_CFG_REPLICA_SET_NAME=cfgreplicaset
- MONGODB_REPLICA_SET_KEY_FILE=/run/secrets/mongo-key
- MONGODB_ROOT_PASSWORD_FILE=/run/secrets/mongo-root-password
ports:
- "27017:27017"
secrets:
- mongo-key
- mongo-root-password
mongodb-sharded-2:
image: docker.io/bitnami/mongodb-sharded:4.4
environment:
- MONGODB_ADVERTISED_HOSTNAME=mongodb-sharded-2
- MONGODB_SHARDING_MODE=mongos
- MONGODB_CFG_PRIMARY_HOST=mongodb-cfg-primary
- MONGODB_CFG_REPLICA_SET_NAME=cfgreplicaset
- MONGODB_REPLICA_SET_KEY_FILE=/run/secrets/mongo-key
- MONGODB_ROOT_PASSWORD_FILE=/run/secrets/mongo-root-password
secrets:
- mongo-key
- mongo-root-password
mongodb-shard0-primary:
image: docker.io/bitnami/mongodb-sharded:4.4
environment:
- MONGODB_ADVERTISED_HOSTNAME=mongodb-shard0-primary
- MONGODB_SHARDING_MODE=shardsvr
- MONGODB_MONGOS_HOST=mongodb-sharded
- MONGODB_ROOT_PASSWORD_FILE=/run/secrets/mongo-root-password
- MONGODB_REPLICA_SET_MODE=primary
- MONGODB_REPLICA_SET_KEY_FILE=/run/secrets/mongo-key
- MONGODB_REPLICA_SET_NAME=shard0
volumes:
- 'shard0_data:/bitnami'
secrets:
- mongo-key
- mongo-root-password
mongodb-shard0-secondary:
image: docker.io/bitnami/mongodb-sharded:4.4
depends_on:
- mongodb-shard0-primary
environment:
- MONGODB_ADVERTISED_HOSTNAME=mongodb-shard0-secondary
- MONGODB_REPLICA_SET_MODE=secondary
- MONGODB_PRIMARY_HOST=mongodb-shard0-primary
- MONGODB_PRIMARY_ROOT_PASSWORD_FILE=/run/secrets/mongo-root-password
- MONGODB_REPLICA_SET_KEY_FILE=/run/secrets/mongo-key
- MONGODB_SHARDING_MODE=shardsvr
- MONGODB_REPLICA_SET_NAME=shard0
volumes:
- 'shard0_sec_data:/bitnami'
secrets:
- mongo-key
- mongo-root-password
mongodb-shard1-primary:
image: docker.io/bitnami/mongodb-sharded:4.4
environment:
- MONGODB_ADVERTISED_HOSTNAME=mongodb-shard1-primary
- MONGODB_SHARDING_MODE=shardsvr
- MONGODB_MONGOS_HOST=mongodb-sharded
- MONGODB_ROOT_PASSWORD_FILE=/run/secrets/mongo-root-password
- MONGODB_REPLICA_SET_MODE=primary
- MONGODB_REPLICA_SET_KEY_FILE=/run/secrets/mongo-key
- MONGODB_REPLICA_SET_NAME=shard1
volumes:
- 'shard1_data:/bitnami'
secrets:
- mongo-key
- mongo-root-password
mongodb-shard1-secondary:
image: docker.io/bitnami/mongodb-sharded:4.4
depends_on:
- mongodb-shard1-primary
environment:
- MONGODB_ADVERTISED_HOSTNAME=mongodb-shard1-secondary
- MONGODB_REPLICA_SET_MODE=secondary
- MONGODB_PRIMARY_HOST=mongodb-shard1-primary
- MONGODB_PRIMARY_ROOT_PASSWORD_FILE=/run/secrets/mongo-root-password
- MONGODB_REPLICA_SET_KEY_FILE=/run/secrets/mongo-key
- MONGODB_SHARDING_MODE=shardsvr
- MONGODB_REPLICA_SET_NAME=shard1
volumes:
- 'shard1_sec_data:/bitnami'
secrets:
- mongo-key
- mongo-root-password
mongodb-shard2-primary:
image: docker.io/bitnami/mongodb-sharded:4.4
environment:
- MONGODB_ADVERTISED_HOSTNAME=mongodb-shard2-primary
- MONGODB_SHARDING_MODE=shardsvr
- MONGODB_MONGOS_HOST=mongodb-sharded
- MONGODB_ROOT_PASSWORD_FILE=/run/secrets/mongo-root-password
- MONGODB_REPLICA_SET_MODE=primary
- MONGODB_REPLICA_SET_KEY_FILE=/run/secrets/mongo-key
- MONGODB_REPLICA_SET_NAME=shard2
volumes:
- 'shard2_data:/bitnami'
secrets:
- mongo-key
- mongo-root-password
mongodb-shard2-secondary:
image: docker.io/bitnami/mongodb-sharded:4.4
depends_on:
- mongodb-shard2-primary
environment:
- MONGODB_ADVERTISED_HOSTNAME=mongodb-shard2-secondary
- MONGODB_REPLICA_SET_MODE=secondary
- MONGODB_PRIMARY_HOST=mongodb-shard2-primary
- MONGODB_PRIMARY_ROOT_PASSWORD_FILE=/run/secrets/mongo-root-password
- MONGODB_REPLICA_SET_KEY_FILE=/run/secrets/mongo-key
- MONGODB_SHARDING_MODE=shardsvr
- MONGODB_REPLICA_SET_NAME=shard2
volumes:
- 'shard2_sec_data:/bitnami'
secrets:
- mongo-key
- mongo-root-password
mongodb-cfg-primary:
image: docker.io/bitnami/mongodb-sharded:4.4
environment:
- MONGODB_ADVERTISED_HOSTNAME=mongodb-cfg-primary
- MONGODB_SHARDING_MODE=configsvr
- MONGODB_ROOT_PASSWORD_FILE=/run/secrets/mongo-root-password
- MONGODB_REPLICA_SET_MODE=primary
- MONGODB_REPLICA_SET_KEY_FILE=/run/secrets/mongo-key
- MONGODB_REPLICA_SET_NAME=cfgreplicaset
volumes:
- 'cfg_data:/bitnami'
secrets:
- mongo-key
- mongo-root-password
mongodb-cfg-secondary:
image: docker.io/bitnami/mongodb-sharded:4.4
depends_on:
- mongodb-cfg-primary
environment:
- MONGODB_ADVERTISED_HOSTNAME=mongodb-cfg-secondary
- MONGODB_REPLICA_SET_MODE=secondary
- MONGODB_PRIMARY_HOST=mongodb-cfg-primary
- MONGODB_PRIMARY_ROOT_PASSWORD_FILE=/run/secrets/mongo-root-password
- MONGODB_REPLICA_SET_KEY_FILE=/run/secrets/mongo-key
- MONGODB_REPLICA_SET_NAME=cfgreplicaset
- MONGODB_SHARDING_MODE=configsvr
volumes:
- 'cfg_sec_data:/bitnami'
secrets:
- mongo-key
- mongo-root-password
volumes:
shard0_data:
driver: local
shard0_sec_data:
driver: local
shard1_data:
driver: local
shard1_sec_data:
driver: local
shard2_data:
driver: local
shard2_sec_data:
driver: local
cfg_data:
driver: local
cfg_sec_data:
driver: local
在 Portainer swarm 中添加 Secrets 并尝试导入为变量,任何人都可以举例说明我如何将其导入到 compose
version: '3.1'
services:
mongodb-sharded:
image: docker.io/bitnami/mongodb-sharded:4.4
environment:
- MONGODB_ADVERTISED_HOSTNAME=mongodb-sharded
- MONGODB_SHARDING_MODE=mongos
- MONGODB_CFG_PRIMARY_HOST=mongodb-cfg-primary
- MONGODB_CFG_REPLICA_SET_NAME=cfgreplicaset
- MONGODB_REPLICA_SET_KEY=${MONGODB_KEY}
- MONGODB_ROOT_PASSWORD=${MONGODB_PASSWORD}
ports:
- "27017:27017"
Docker 秘密将作为文件挂载在 /run/secrets/secret-name 下的容器中(如果未指定明确的挂载点)。要使用它,应用程序必须能够从这些文件中读取数据。这并不总是受支持。如果有的话,通常只有一小部分可用变量可以指定为文件。
官方Docker mongodb Image表示只支持
MONGO_INITDB_ROOT_USERNAME_FILE 和 MONGO_INITDB_ROOT_PASSWORD_FILE.
bitnami/mongodb-sharded 图像中的自述文件未提供任何信息,是否支持 docker 秘密。
带有官方图像预定义秘密的撰写文件看起来像这样:
version: '3.1'
services:
mongo:
image: mongo
restart: always
environment:
MONGO_INITDB_ROOT_USERNAME_FILE: /run/secrets/mongodb-root-username
MONGO_INITDB_ROOT_PASSWORD_FILE: /run/secrets/mongodb-root-password
secrets:
- mongodb-root-username
- mongodb-root-password
secrets:
mongodb-root-username:
external: true
mongodb-root-password:
external: true
使用 portariner Docker Swarm Secret 运行 mongodb 分片
version: '3.7'
secrets:
mongo-root-password:
external: true
mongo-key:
external: true
services:
mongodb-sharded:
image: docker.io/bitnami/mongodb-sharded:4.4
environment:
- MONGODB_ADVERTISED_HOSTNAME=mongodb-sharded
- MONGODB_SHARDING_MODE=mongos
- MONGODB_CFG_PRIMARY_HOST=mongodb-cfg-primary
- MONGODB_CFG_REPLICA_SET_NAME=cfgreplicaset
- MONGODB_REPLICA_SET_KEY_FILE=/run/secrets/mongo-key
- MONGODB_ROOT_PASSWORD_FILE=/run/secrets/mongo-root-password
ports:
- "27017:27017"
secrets:
- mongo-key
- mongo-root-password
mongodb-sharded-2:
image: docker.io/bitnami/mongodb-sharded:4.4
environment:
- MONGODB_ADVERTISED_HOSTNAME=mongodb-sharded-2
- MONGODB_SHARDING_MODE=mongos
- MONGODB_CFG_PRIMARY_HOST=mongodb-cfg-primary
- MONGODB_CFG_REPLICA_SET_NAME=cfgreplicaset
- MONGODB_REPLICA_SET_KEY_FILE=/run/secrets/mongo-key
- MONGODB_ROOT_PASSWORD_FILE=/run/secrets/mongo-root-password
secrets:
- mongo-key
- mongo-root-password
mongodb-shard0-primary:
image: docker.io/bitnami/mongodb-sharded:4.4
environment:
- MONGODB_ADVERTISED_HOSTNAME=mongodb-shard0-primary
- MONGODB_SHARDING_MODE=shardsvr
- MONGODB_MONGOS_HOST=mongodb-sharded
- MONGODB_ROOT_PASSWORD_FILE=/run/secrets/mongo-root-password
- MONGODB_REPLICA_SET_MODE=primary
- MONGODB_REPLICA_SET_KEY_FILE=/run/secrets/mongo-key
- MONGODB_REPLICA_SET_NAME=shard0
volumes:
- 'shard0_data:/bitnami'
secrets:
- mongo-key
- mongo-root-password
mongodb-shard0-secondary:
image: docker.io/bitnami/mongodb-sharded:4.4
depends_on:
- mongodb-shard0-primary
environment:
- MONGODB_ADVERTISED_HOSTNAME=mongodb-shard0-secondary
- MONGODB_REPLICA_SET_MODE=secondary
- MONGODB_PRIMARY_HOST=mongodb-shard0-primary
- MONGODB_PRIMARY_ROOT_PASSWORD_FILE=/run/secrets/mongo-root-password
- MONGODB_REPLICA_SET_KEY_FILE=/run/secrets/mongo-key
- MONGODB_SHARDING_MODE=shardsvr
- MONGODB_REPLICA_SET_NAME=shard0
volumes:
- 'shard0_sec_data:/bitnami'
secrets:
- mongo-key
- mongo-root-password
mongodb-shard1-primary:
image: docker.io/bitnami/mongodb-sharded:4.4
environment:
- MONGODB_ADVERTISED_HOSTNAME=mongodb-shard1-primary
- MONGODB_SHARDING_MODE=shardsvr
- MONGODB_MONGOS_HOST=mongodb-sharded
- MONGODB_ROOT_PASSWORD_FILE=/run/secrets/mongo-root-password
- MONGODB_REPLICA_SET_MODE=primary
- MONGODB_REPLICA_SET_KEY_FILE=/run/secrets/mongo-key
- MONGODB_REPLICA_SET_NAME=shard1
volumes:
- 'shard1_data:/bitnami'
secrets:
- mongo-key
- mongo-root-password
mongodb-shard1-secondary:
image: docker.io/bitnami/mongodb-sharded:4.4
depends_on:
- mongodb-shard1-primary
environment:
- MONGODB_ADVERTISED_HOSTNAME=mongodb-shard1-secondary
- MONGODB_REPLICA_SET_MODE=secondary
- MONGODB_PRIMARY_HOST=mongodb-shard1-primary
- MONGODB_PRIMARY_ROOT_PASSWORD_FILE=/run/secrets/mongo-root-password
- MONGODB_REPLICA_SET_KEY_FILE=/run/secrets/mongo-key
- MONGODB_SHARDING_MODE=shardsvr
- MONGODB_REPLICA_SET_NAME=shard1
volumes:
- 'shard1_sec_data:/bitnami'
secrets:
- mongo-key
- mongo-root-password
mongodb-shard2-primary:
image: docker.io/bitnami/mongodb-sharded:4.4
environment:
- MONGODB_ADVERTISED_HOSTNAME=mongodb-shard2-primary
- MONGODB_SHARDING_MODE=shardsvr
- MONGODB_MONGOS_HOST=mongodb-sharded
- MONGODB_ROOT_PASSWORD_FILE=/run/secrets/mongo-root-password
- MONGODB_REPLICA_SET_MODE=primary
- MONGODB_REPLICA_SET_KEY_FILE=/run/secrets/mongo-key
- MONGODB_REPLICA_SET_NAME=shard2
volumes:
- 'shard2_data:/bitnami'
secrets:
- mongo-key
- mongo-root-password
mongodb-shard2-secondary:
image: docker.io/bitnami/mongodb-sharded:4.4
depends_on:
- mongodb-shard2-primary
environment:
- MONGODB_ADVERTISED_HOSTNAME=mongodb-shard2-secondary
- MONGODB_REPLICA_SET_MODE=secondary
- MONGODB_PRIMARY_HOST=mongodb-shard2-primary
- MONGODB_PRIMARY_ROOT_PASSWORD_FILE=/run/secrets/mongo-root-password
- MONGODB_REPLICA_SET_KEY_FILE=/run/secrets/mongo-key
- MONGODB_SHARDING_MODE=shardsvr
- MONGODB_REPLICA_SET_NAME=shard2
volumes:
- 'shard2_sec_data:/bitnami'
secrets:
- mongo-key
- mongo-root-password
mongodb-cfg-primary:
image: docker.io/bitnami/mongodb-sharded:4.4
environment:
- MONGODB_ADVERTISED_HOSTNAME=mongodb-cfg-primary
- MONGODB_SHARDING_MODE=configsvr
- MONGODB_ROOT_PASSWORD_FILE=/run/secrets/mongo-root-password
- MONGODB_REPLICA_SET_MODE=primary
- MONGODB_REPLICA_SET_KEY_FILE=/run/secrets/mongo-key
- MONGODB_REPLICA_SET_NAME=cfgreplicaset
volumes:
- 'cfg_data:/bitnami'
secrets:
- mongo-key
- mongo-root-password
mongodb-cfg-secondary:
image: docker.io/bitnami/mongodb-sharded:4.4
depends_on:
- mongodb-cfg-primary
environment:
- MONGODB_ADVERTISED_HOSTNAME=mongodb-cfg-secondary
- MONGODB_REPLICA_SET_MODE=secondary
- MONGODB_PRIMARY_HOST=mongodb-cfg-primary
- MONGODB_PRIMARY_ROOT_PASSWORD_FILE=/run/secrets/mongo-root-password
- MONGODB_REPLICA_SET_KEY_FILE=/run/secrets/mongo-key
- MONGODB_REPLICA_SET_NAME=cfgreplicaset
- MONGODB_SHARDING_MODE=configsvr
volumes:
- 'cfg_sec_data:/bitnami'
secrets:
- mongo-key
- mongo-root-password
volumes:
shard0_data:
driver: local
shard0_sec_data:
driver: local
shard1_data:
driver: local
shard1_sec_data:
driver: local
shard2_data:
driver: local
shard2_sec_data:
driver: local
cfg_data:
driver: local
cfg_sec_data:
driver: local