Created
March 7, 2017 08:55
-
-
Save ajeetraina/491c88d234019da416a4b511a8d5c91c to your computer and use it in GitHub Desktop.
Docker Compose v3.1 file for Secret Management under Docker 1.13
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
version: "3.1" | |
services: | |
db: | |
image: "mysql:latest" | |
networks: | |
collabnet: | |
aliases: ["db"] | |
volumes: | |
- "db_data:/var/lib/mysql" | |
secrets: | |
- source: "mysqlpassword" | |
target: "mysqlpassword" | |
uid: "0" | |
gid: "0" | |
mode: 0400 | |
secrets: | |
- source: "mysqlrootpassword" | |
target: "mysqlrootpassword" | |
uid: "0" | |
gid: "0" | |
mode: 0400 | |
environment: | |
MYSQL_ROOT_PASSWORD_FILE: "/run/secrets/mysqlrootpassword" | |
MYSQL_PASSWORD_FILE: "/run/secrets/mysqlpassword" | |
MYSQL_USER: "wordpress" | |
MYSQL_DATABASE: "wordpress" | |
deploy: | |
replicas: 1 | |
placement: | |
constraints: | |
- "node.role == worker" | |
web: | |
image: "wordpress:latest" | |
ports: | |
- "80:80" | |
volumes: | |
- "wp-data:/var/www/html" | |
networks: | |
collabnet: | |
aliases: ["web"] | |
depends_on: | |
- db | |
secrets: | |
- source: "mysqlpassword" | |
target: "mysqlpassword" | |
uid: "0" | |
gid: "0" | |
mode: 0400 | |
environment: | |
WORDPRESS_DB_USER: "wordpress" | |
WORDPRESS_DB_PASSWORD_FILE: "/run/secrets/wordpressdbpasswd" | |
WORDPRESS_DB_HOST: "mysql:3306" | |
WORDPRESS_DB_NAME: "wordpress" | |
deploy: | |
replicas: 1 | |
placement: | |
constraints: | |
- "node.role == worker" | |
networks: | |
collabnet: | |
driver: "overlay" | |
internal: true | |
volumes: | |
db_data: | |
wp-data: | |
secrets: | |
mysqlpasswd: | |
external: | |
name: "mysqlpasswd" | |
secrets: | |
mysqlrootpaswd: | |
external: | |
name: "mysqlrootpasswd" |
Your top level key mysqlrootpaswd
has a typo, a missing s
.
very useful, thanks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi Ajeet, very handy read. It worked for me. I however tried something slightly different and that also works. The documentation on this is not very good, can you share your opinion on below what I tried:
I have a question on the documentation and the way above example is listed. While I understand everywhere we say that create a separate "secret" block and then under the service, create the secret block and proceed. I did not create a separate secret block and simply added the following under my service
(the below - is converted to a bullet due to autoformat)
secrets:
target: "nginx.key"
target: "nginx.crt"
(the secrets: thing is under the service indented inside the service block in my yaml file and there is no separate secret block)
After I did this, since I already had created external secrets with names "nginx_key_ext" and "nginx_crt_ext", the secrets got mounted with the target names. So why should I go for creating a separate secret block? What am I losing by doing above? Secondly, if I do above but remove the quotes, things don't work. Can a good document be shared on this?