泊坞窗堆栈：根据机密设置环境变量 [英] docker stack: setting environment variable from secrets

问题描述

我试图根据机密设置密码，但未取回密码。
Docker Server版本为17.06.2-ce。我使用以下命令设置了密码：

I was trying to set the password from secrets but it wasn't picking it up. Docker Server verions is 17.06.2-ce. I used the below command to set the secret:

echo "abcd" | docker secret create password -

我的docker compose yml文件如下所示

My docker compose yml file looks like this

version: '3.1'
...
 build:
  context: ./test
  dockerfile: Dockerfile
environment:
  user_name: admin
  eureka_password: /run/secrets/password
secrets:
  - password

我也有root secrets标签：

I also have root secrets tag:

secrets:
  password:
     external: true

当我在环境中对密码进行硬编码时，它可以工作但是当我尝试这些秘密时，它不会被发现。我试图将撰写版本更改为3.2，但是没有运气。

When I hardcode the password in environment it works but when I try via the secrets it doesn't pick up. I tried to change the compose version to 3.2 but with no luck. Any pointers are highly appreciated!

推荐答案

如果需要从/ run / secrets中读取秘密的env文件，则需要修改docker compose才能读取。您想通过bash方式设置环境变量，以覆盖docker-compose.yaml文件使用：

You need modify your docker compose for read the secret env file from /run/secrets, if you want to set the environment variables via bash way you can overwrite your docker-compose.yaml file use:

您可以保存下一个代码entrypoint_overwrited.sh

You can save the next code entrypoint_overwrited.sh

#get your envs files and export envars
export $(egrep  -v '^#'  /run/secrets/* | xargs) 
#if you need some specific file, where password is the secret name 
#export $(egrep  -v '^#'  /run/secrets/password| xargs) 
#call the dockerfile's entrypoint
source /docker-entrypoint.sh

在docker-compose中覆盖dockerfile入口点

In your docker-compose overwrite the dockerfile entrypoint,

version: '3.1'
...
build:
  context: ./test
  dockerfile: Dockerfile
entrypoint: source /data/entrypoint_overwrited.sh
tmpfs:
  - /run/secrets
volumes:
  - /path/your/data/where/is/the/script/:/data/
environment:  
  user_name: admin
  eureka_password: /run/secrets/password
secrets:
 - password

如果这样做，环境变量user_name或eureka_password将被覆盖。如果您的秘密环境文件定义了相同的环境变量，则在服务中定义一些环境文件时也会发生同样的情况。

If you make this, the environment variables user_name or eureka_password will be overwritten. If your secret env file defines the same env vars, the same will happen if you define in your service some env_file

这篇关于泊坞窗堆栈：根据机密设置环境变量的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！