在 swarm 中使用 secret

文档 https://docs.docker.com/engine/swarm/secrets/

创建secret

有两种方式

从标准的收入读取

  1. vagrant@swarm-manager:~$ echo abc123 | docker secret create mysql_pass -
  2. 4nkx3vpdd41tbvl9qs24j7m6w
  3. vagrant@swarm-manager:~$ docker secret ls
  4. ID                          NAME         DRIVER    CREATED         UPDATED
  5. 4nkx3vpdd41tbvl9qs24j7m6w   mysql_pass             8 seconds ago   8 seconds ago
  6. vagrant@swarm-manager:~$ docker secret inspect mysql_pass
  7. [
  8.     {
  9.         "ID": "4nkx3vpdd41tbvl9qs24j7m6w",
  10.         "Version": {
  11.             "Index": 4562
  12.         },
  13.         "CreatedAt": "2021-07-25T22:36:51.544523646Z",
  14.         "UpdatedAt": "2021-07-25T22:36:51.544523646Z",
  15.         "Spec": {
  16.             "Name": "mysql_pass",
  17.             "Labels": {}
  18.         }
  19.     }
  20. ]
  21. vagrant@swarm-manager:~$ docker secret rm mysql_pass
  22. mysql_pass
  23. vagrant@swarm-manager:~$

从文件读取

  1. vagrant@swarm-manager:~$ ls
  2. mysql_pass.txt
  3. vagrant@swarm-manager:~$ more mysql_pass.txt
  4. abc123
  5. vagrant@swarm-manager:~$ docker secret create mysql_pass mysql_pass.txt
  6. elsodoordd7zzpgsdlwgynq3f
  7. vagrant@swarm-manager:~$ docker secret inspect mysql_pass
  8. [
  9.     {
  10.         "ID": "elsodoordd7zzpgsdlwgynq3f",
  11.         "Version": {
  12.             "Index": 4564
  13.         },
  14.         "CreatedAt": "2021-07-25T22:38:14.143954043Z",
  15.         "UpdatedAt": "2021-07-25T22:38:14.143954043Z",
  16.         "Spec": {
  17.             "Name": "mysql_pass",
  18.             "Labels": {}
  19.         }
  20.     }
  21. ]
  22. vagrant@swarm-manager:~$

secret 的使用

参考 https://hub.docker.com/_/mysql

  1. vagrant@swarm-manager:~$ docker service create --name mysql-demo --secret mysql_pass --env MYSQL_ROOT_PASSWORD_FILE=/run/secrets/mysql_pass mysql:5.7
  2. wb4z2ximgqaefephu9f4109c7
  3. overall progress: 1 out of 1 tasks
  4. 1/1: running   [==================================================>]
  5. verify: Service converged
  6. vagrant@swarm-manager:~$ docker service ls
  7. ID             NAME         MODE         REPLICAS   IMAGE       PORTS
  8. wb4z2ximgqae   mysql-demo   replicated   1/1        mysql:5.7
  9. vagrant@swarm-manager:~$ docker service ps mysql-demo
  10. ID             NAME           IMAGE       NODE            DESIRED STATE   CURRENT STATE            ERROR     PORTS
  11. 909429p4uovy   mysql-demo.1   mysql:5.7   swarm-worker2   Running         Running 32 seconds ago
  12. vagrant@swarm-manager:~$