在 swarm 中使用 secret

文档 https://docs.docker.com/engine/swarm/secrets/

创建secret

有两种方式

从标准的收入读取

  1. vagrant@swarm-manager:~$ echo abc123 | docker secret create mysql_pass -
  2. 4nkx3vpdd41tbvl9qs24j7m6w
  3. vagrant@swarm-manager:~$ docker secret ls
  4. ID NAME DRIVER CREATED UPDATED
  5. 4nkx3vpdd41tbvl9qs24j7m6w mysql_pass 8 seconds ago 8 seconds ago
  6. vagrant@swarm-manager:~$ docker secret inspect mysql_pass
  7. [
  8. {
  9. "ID": "4nkx3vpdd41tbvl9qs24j7m6w",
  10. "Version": {
  11. "Index": 4562
  12. },
  13. "CreatedAt": "2021-07-25T22:36:51.544523646Z",
  14. "UpdatedAt": "2021-07-25T22:36:51.544523646Z",
  15. "Spec": {
  16. "Name": "mysql_pass",
  17. "Labels": {}
  18. }
  19. }
  20. ]
  21. vagrant@swarm-manager:~$ docker secret rm mysql_pass
  22. mysql_pass
  23. vagrant@swarm-manager:~$

从文件读取

  1. vagrant@swarm-manager:~$ ls
  2. mysql_pass.txt
  3. vagrant@swarm-manager:~$ more mysql_pass.txt
  4. abc123
  5. vagrant@swarm-manager:~$ docker secret create mysql_pass mysql_pass.txt
  6. elsodoordd7zzpgsdlwgynq3f
  7. vagrant@swarm-manager:~$ docker secret inspect mysql_pass
  8. [
  9. {
  10. "ID": "elsodoordd7zzpgsdlwgynq3f",
  11. "Version": {
  12. "Index": 4564
  13. },
  14. "CreatedAt": "2021-07-25T22:38:14.143954043Z",
  15. "UpdatedAt": "2021-07-25T22:38:14.143954043Z",
  16. "Spec": {
  17. "Name": "mysql_pass",
  18. "Labels": {}
  19. }
  20. }
  21. ]
  22. vagrant@swarm-manager:~$

secret 的使用

参考 https://hub.docker.com/_/mysql

  1. vagrant@swarm-manager:~$ docker service create --name mysql-demo --secret mysql_pass --env MYSQL_ROOT_PASSWORD_FILE=/run/secrets/mysql_pass mysql:5.7
  2. wb4z2ximgqaefephu9f4109c7
  3. overall progress: 1 out of 1 tasks
  4. 1/1: running [==================================================>]
  5. verify: Service converged
  6. vagrant@swarm-manager:~$ docker service ls
  7. ID NAME MODE REPLICAS IMAGE PORTS
  8. wb4z2ximgqae mysql-demo replicated 1/1 mysql:5.7
  9. vagrant@swarm-manager:~$ docker service ps mysql-demo
  10. ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS
  11. 909429p4uovy mysql-demo.1 mysql:5.7 swarm-worker2 Running Running 32 seconds ago
  12. vagrant@swarm-manager:~$