我正在尝试通过秘密提供凭据。我定义了它们:
$ docker secret ls
ID NAME DRIVER CREATED UPDATED
klsvqjji6bqymndpt3gp1n5na mysql-password 35 minutes ago 35 minutes ago
qpxtfsd2qcah35untcma5qb41 mysql-root-password 34 minutes ago 34 minutes ago
mee647yty7uzlxnur1cmf7xg4 mysql-user 35 minutes ago 35 minutes ago
...,我在docker-compose.yml文件中使用了它们:
version: "3.3"
secrets:
mysql-user:
external: true
mysql-password:
external: true
mysql-root-password:
external: true
services:
db:
image: mariadb:10.4.5
secrets:
- mysql-user
- mysql-password
- mysql-root-password
environment:
MYSQL_USER: /run/secrets/mysql-user
MYSQL_PASSWORD: /run/secrets/mysql-password
MYSQL_ROOT_PASSWORD: /run/secrets/mysql-root-password
MYSQL_DATABASE: db
command: ls -l /run
docker-compose up命令返回:
db_1 | total 16
db_1 | drwxrwxrwt 2 root root 4096 May 15 14:06 lock
db_1 | drwxr-xr-x 2 root root 4096 May 15 14:06 mount
db_1 | drwxrwxrwx 2 mysql mysql 4096 Jun 4 21:20 mysqld
db_1 | drwxr-xr-x 2 root root 4096 May 15 21:20 systemd
db_1 | -rw-rw-r-- 1 root utmp 0 May 15 14:06 utmp
db-security-test_db_1 exited with code 0
如您所见,没有秘密directory。为什么?我想念什么?
Docker版本为19.03.3。
Docker Compose版本是1.14.1。
答案 0 :(得分:0)
您需要将_FILE附加到env变量中,以使初始化脚本从容器中存在的文件中加载这些变量的值。特别是,它可用于从存储在/ run / secrets /文件中的Docker机密加载密码。例如:
$ docker run --name some-mysql -e MYSQL_ROOT_PASSWORD_FILE=/run/secrets/mysql-root -d mariadb:tag
当前,仅
支持此功能
- MYSQL_ROOT_PASSWORD
- MYSQL_ROOT_HOST
- MYSQL_DATABASE
- MYSQL_USER
- MYSQL_PASSWORD