文档 https://docs.docker.com/engine/swarm/secrets/ ### 创建secret 有两种方式

从标准的收入读取

  1. vagrant@swarm-manager:~$ echo abc123 | docker secret create mysql_pass -
  2. 4nkx3vpdd41tbvl9qs24j7m6w
  3. vagrant@swarm-manager:~$ docker secret ls
  4. ID                          NAME         DRIVER    CREATED         UPDATED
  5. 4nkx3vpdd41tbvl9qs24j7m6w   mysql_pass             8 seconds ago   8 seconds ago
  6. vagrant@swarm-manager:~$ docker secret inspect mysql_pass
  7. [
  8.     {
  9.         "ID": "4nkx3vpdd41tbvl9qs24j7m6w",
  10.         "Version": {
  11.             "Index": 4562
  12.         },
  13.         "CreatedAt": "2021-07-25T22:36:51.544523646Z",
  14.         "UpdatedAt": "2021-07-25T22:36:51.544523646Z",
  15.         "Spec": {
  16.             "Name": "mysql_pass",
  17.             "Labels": {}
  18.         }
  19.     }
  20. ]
  21. vagrant@swarm-manager:~$ docker secret rm mysql_pass
  22. mysql_pass
  23. vagrant@swarm-manager:~$

从文件读取

  1. vagrant@swarm-manager:~$ ls
  2. mysql_pass.txt
  3. vagrant@swarm-manager:~$ more mysql_pass.txt
  4. abc123
  5. vagrant@swarm-manager:~$ docker secret create mysql_pass mysql_pass.txt
  6. elsodoordd7zzpgsdlwgynq3f
  7. vagrant@swarm-manager:~$ docker secret inspect mysql_pass
  8. [
  9.     {
  10.         "ID": "elsodoordd7zzpgsdlwgynq3f",
  11.         "Version": {
  12.             "Index": 4564
  13.         },
  14.         "CreatedAt": "2021-07-25T22:38:14.143954043Z",
  15.         "UpdatedAt": "2021-07-25T22:38:14.143954043Z",
  16.         "Spec": {
  17.             "Name": "mysql_pass",
  18.             "Labels": {}
  19.         }
  20.     }
  21. ]
  22. vagrant@swarm-manager:~$

secret 的使用

参考 https://hub.docker.com/_/mysql

  1. vagrant@swarm-manager:~$ docker service create --name mysql-demo --secret mysql_pass --env MYSQL_ROOT_PASSWORD_FILE=/run/secrets/mysql_pass mysql:5.7
  2. wb4z2ximgqaefephu9f4109c7
  3. overall progress: 1 out of 1 tasks
  4. 1/1: running   [==================================================>]
  5. verify: Service converged
  6. vagrant@swarm-manager:~$ docker service ls
  7. ID             NAME         MODE         REPLICAS   IMAGE       PORTS
  8. wb4z2ximgqae   mysql-demo   replicated   1/1        mysql:5.7
  9. vagrant@swarm-manager:~$ docker service ps mysql-demo
  10. ID             NAME           IMAGE       NODE            DESIRED STATE   CURRENT STATE            ERROR     PORTS
  11. 909429p4uovy   mysql-demo.1   mysql:5.7   swarm-worker2   Running         Running 32 seconds ago
  12. vagrant@swarm-manager:~$

在 Compose 中使用 Secret

  1. version: "3.9"
  3. services:
  4.    db:
  5.      image: mysql:latest
  6.      volumes:
  7.        - db_data:/var/lib/mysql
  8.      environment:
  9.        MYSQL_ROOT_PASSWORD_FILE: /run/secrets/db_root_password
  10.        MYSQL_DATABASE: wordpress
  11.        MYSQL_USER: wordpress
  12.        MYSQL_PASSWORD_FILE: /run/secrets/db_password
  13.      secrets:
  14.        - db_root_password
  15.        - db_password
  17.    wordpress:
  18.      depends_on:
  19.        - db
  20.      image: wordpress:latest
  21.      ports:
  22.        - "8000:80"
  23.      environment:
  24.        WORDPRESS_DB_HOST: db:3306
  25.        WORDPRESS_DB_USER: wordpress
  26.        WORDPRESS_DB_PASSWORD_FILE: /run/secrets/db_password
  27.      secrets:
  28.        - db_password
  31. secrets:
  32.    db_password:
  33.      file: db_password.txt
  34.    db_root_password:
  35.      file: db_root_password.txt
  37. volumes:
  38.     db_data: