-
Notifications
You must be signed in to change notification settings - Fork 6.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Secrets and configs updates 1706 #3494
Secrets and configs updates 1706 #3494
Conversation
PTAL @aaronlehmann @johnstep at the secrets and configs changes |
PTAL @shin- at composefile reference. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
One typo + one possible addition, otherwise LGTM
compose/compose-file/index.md
Outdated
config. | ||
|
||
```none | ||
version: "3.1" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
3.3
my_first_config: | ||
file: ./config_data | ||
my_second_config: | ||
external: true |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It might be missing from the secrets
doc as well (or intentionally omitted), but another valid syntax is
my_third_config:
external:
name: name_of_config_on_engine
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks! Addressed these (and added the info about secrets too).
You can attach to the same contained process multiple times simultaneously, | ||
screen sharing style, or quickly view the progress of your detached process. | ||
even as a different user with the appropriate permissions. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Does this mean as a different user on the host? Might want to clarify that part.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not for here, this change needs to happen in docker/cli
repo.
engine/swarm/secrets.md
Outdated
decrypted secret is mounted into the container in an in-memory filesystem. The | ||
location of the mount point within the container defaults to | ||
`/run/secrets/<secret_name>`, but you can specify a custom location in Docker | ||
17.06 and higher. You can update a service to grant it access to additional |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's mention that giving an absolute target path is the way to specify a custom location; otherwise users may be confused about how to override the mount point.
engine/swarm/secrets.md
Outdated
|
||
This uses the short syntax for the `--secret` flag, which creates files in | ||
- **Docker 17.05 and earlier**: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we have a policy about how far back the docs cover old versions, and when we would remove something like this?
engine/swarm/configs.md
Outdated
management data. | ||
|
||
When you grant a newly-created or running service access to a config, the | ||
config is mounted as a file in the container, in an in-memory filesystem. The |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We don't use an in-memory filesystem for configs... just secrets
engine/swarm/configs.md
Outdated
you can customize the file name on the container using the `target` option. | ||
|
||
```bash | ||
$ docker service create --name="redis" --config="my-config" redis:alpine |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
These flags don't need double quotes. They aren't harmful, but stylistically it's out of the ordinary.
engine/swarm/secrets.md
Outdated
### Simple example: Use secrets in a Windows service | ||
|
||
This is a very simple example which shows how to use secrets with a Windows | ||
container running on Docker 17.06 EE on Microsoft Windows Server 2013 or Docker |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
container running on Docker 17.06 EE on Microsoft Windows Server 2016 or Docker
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
one suggestion, but LGTM otherwise, great work!
engine/swarm/configs.md
Outdated
This is a config | ||
``` | ||
|
||
5. Verify that the config is **not** available if you commit the container. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I wonder if this is important information (in general, committing a container is not best practice, as the container should be regarded immutable). I would personally skip this.
PS> docker config rm homepage | ||
``` | ||
|
||
### Advanced example: Use configs with a Nginx service |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Love this example - combining secrets and configurations 👍
Addressed the last bit of feedback, squashed the commits down to a few logical ones. Going to merge. |
Proposed changes
Fixes #3430
Fixes #3483
Fixes #3482
Fixes #3290
I'm not too happy with the Windows secrets example. cc/ @friism @johnstep
Unreleased project version (optional)
17.06