-
Notifications
You must be signed in to change notification settings - Fork 71
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Docker Secrets #32
Comments
Up! This would be awesome for Docker Swarm clusters. |
I'll have a look at this, i don't use swarm so will have to setup a test environment. There is more info available here & here. Seems it's only relevant to swarm;
|
Also relevant to k8s, I guess. |
If this is relevant to k8s then it should be next on my list. I can test that i just don't use swarm. |
Was this solved? |
@dominictayloruk
|
I've just tested the latest version 10.5.8 and run a fresh container with secrets injected and they have created the database with the values i entered to the secret. The bit needed for Kubernetes in the yaml:
It should also work in swarm and most other orchestration systems. BTW I'm using this on both Ubuntu & Alpine hosts running k3s 1.20.6 on amd64/armhf/arm64 |
Log from the test run (aarch64)
|
Looking to close this issue as secrets can be used in Kubernetes. Ideally if anyone can test in swarm that would be good. |
Fixed, issue now closed. |
This got closed but I have two remarks:
|
Yeah this got closed as the secrets are getting injected although i haven't confirmed on swarm as i don't use swarm but happy to reopen for testing if it's not working for you. In relation to your questions; 1, Yeah the readme doesn't contain any info on secrets, maybe i can add some more info with further testing to confirm.
I'll have to spin up a swarm cluster to test as i only use Kubernetes. I'll also re-open the issue as it requires more testing. |
Just done a quick check to test the secrets in swarm by creating some secrets and checking they are accessible inside the container
Check the secrets on the manager
Now lets create the service
Check container logs...
Secrets not used in container initialisation!!! |
Tested another way but still no secrets in the container;
|
This should be fixed in 10.11.8-8 The following is a docker swarm example, firstly create some secrets then create the service;
|
There is no support for 'Docker Secrets' in this image. The setup for Docker Secrets may be different between Docker Swarm and Docker Compose. However, the end result is the same. A plain text file will end up inside the container at '/run/secrets/' where each file will contain 1 secret (account name, password, etc.). The contents of this plain text file is then available to the entrypoint of the container.
The current build of this container uses these example environment variables:
The code that handles the environment variables appears to be in 'run.sh':
The normal construct for using Docker Secrets is to use the same environment variable name(s), but with '_FILE' appended, thereby allowing the use of both the original environment variable or the path that contains the 'secret' value. The filename used for the secret is made up entirely by the user, but is usually something meaningful. Example:
Would it be possible to change this code to use docker secrets (i.e. parse the specified file in /run/secrets) for the information for these variables?
Proposed Example 'docker-compose.yml':
Proposed Example 'run.sh' Code Change:
Assuming that each 'db_*.txt' file referenced above contained the original example values, then this would allow users to provide both of these with the same result:
and
Also, in the event that a user provides both secret and non-secret values for the same thing (i.e. MYSQL_USER and MYSQL_USER_FILE), the secret value will override the non-secret value in this proposed code change.
Thank you for your attention.
EDIT: Typos (x3).
The text was updated successfully, but these errors were encountered: