- 创建docekr secret
从文件password中创建my-pw的docker secret
docker secret create my-pw password
从键盘输入创建
echo "admin" | docker secret create my-pw2 -
- 查看创建的docker secret
docker secret ls
- 删除docker secret
docker secret rm my-pw2
- docker secret使用 --secret
docker service create --name client --secret my-pw busybox sh -c "while true; do sleep 3600; done"
- 默认会把secret复制到容器的/run/secrets/文件中
cat my-pw
mysql服务中的使用
docker service create --name db --secret my-pw -e MYSQL_ROOT_PASSWORD_FILE=/run/secrets/my-pw mysql
docker-compose.yml中使用
version: '3'
services:
web:
image: wordpress
ports:
- 8080:80
#配置secret
secrets:
- my-pw
environment:
WORDPRESS_DB_HOST: mysql
#定义password获取来源
WORDPRESS_DB_PASSWORD_FILE: /run/secrets/my-pw
networks:
- my-network
depends_on:
- mysql
deploy:
mode: replicated
replicas: 3
restart_policy:
condition: on-failure
delay: 5s
max_attempts: 3
update_config:
parallelism: 1
delay: 10s
mysql:
image: mysql
#配置secret
secrets:
- my-pw
environment:
#定义password获取来源
MYSQL_ROOT_PASSWORD_FILE: /run/secrets/my-pw
MYSQL_DATABASE: wordpress
volumes:
- mysql-data:/var/lib/mysql
networks:
- my-network
deploy:
mode: global
placement:
constraints:
- node.role == manager
volumes:
mysql-data:
networks:
my-network:
driver: overlay
# 从文件中读取secret,不建议这样做,建议先自己创建secret,这边比较安全
# secrets:
# my-pw:
# file: ./password