Docker / run / secrets没有挂载

时间:2019-10-16 03:55:32

标签: docker docker-secrets

我正在尝试通过秘密提供凭据。我定义了它们:

$ docker secret ls
ID                          NAME                  DRIVER              CREATED             UPDATED
klsvqjji6bqymndpt3gp1n5na   mysql-password                            35 minutes ago      35 minutes ago
qpxtfsd2qcah35untcma5qb41   mysql-root-password                       34 minutes ago      34 minutes ago
mee647yty7uzlxnur1cmf7xg4   mysql-user                                35 minutes ago      35 minutes ago

...,我在docker-compose.yml文件中使用了它们:

version: "3.3"

secrets:
  mysql-user:
    external: true
  mysql-password:
    external: true
  mysql-root-password:
    external: true

services:
   db:
    image: mariadb:10.4.5
    secrets:
      - mysql-user
      - mysql-password
      - mysql-root-password
    environment:
      MYSQL_USER: /run/secrets/mysql-user
      MYSQL_PASSWORD: /run/secrets/mysql-password
      MYSQL_ROOT_PASSWORD: /run/secrets/mysql-root-password

      MYSQL_DATABASE: db
    command: ls -l /run

docker-compose up命令返回:

db_1  | total 16
db_1  | drwxrwxrwt 2 root  root  4096 May 15 14:06 lock
db_1  | drwxr-xr-x 2 root  root  4096 May 15 14:06 mount
db_1  | drwxrwxrwx 2 mysql mysql 4096 Jun  4 21:20 mysqld
db_1  | drwxr-xr-x 2 root  root  4096 May 15 21:20 systemd
db_1  | -rw-rw-r-- 1 root  utmp     0 May 15 14:06 utmp
db-security-test_db_1 exited with code 0

如您所见,没有秘密directory。为什么?我想念什么?

Docker版本为19.03.3。

Docker Compose版本是1.14.1。

1 个答案:

答案 0 :(得分:0)

您需要将_FILE附加到env变量中,以使初始化脚本从容器中存在的文件中加载这些变量的值。特别是,它可用于从存储在/ run / secrets /文件中的Docker机密加载密码。例如:

$ docker run --name some-mysql -e MYSQL_ROOT_PASSWORD_FILE=/run/secrets/mysql-root -d mariadb:tag
  

当前,仅

支持此功能      
      
  • MYSQL_ROOT_PASSWORD
    •   
  • MYSQL_ROOT_HOST
    •   
  • MYSQL_DATABASE
    •   
  • MYSQL_USER
    •   
  • MYSQL_PASSWORD
    •   
相关问题
最新问题