Secrets and configs updates 1706 #3494
Conversation
|
PTAL @aaronlehmann @johnstep at the secrets and configs changes |
|
PTAL @shin- at composefile reference. |
compose/compose-file/index.md
Outdated
| config. | ||
|
|
||
| ```none | ||
| version: "3.1" |
| my_first_config: | ||
| file: ./config_data | ||
| my_second_config: | ||
| external: true |
There was a problem hiding this comment.
It might be missing from the secrets doc as well (or intentionally omitted), but another valid syntax is
my_third_config:
external:
name: name_of_config_on_engine
There was a problem hiding this comment.
Thanks! Addressed these (and added the info about secrets too).
| You can attach to the same contained process multiple times simultaneously, | ||
| screen sharing style, or quickly view the progress of your detached process. | ||
| even as a different user with the appropriate permissions. |
There was a problem hiding this comment.
Does this mean as a different user on the host? Might want to clarify that part.
There was a problem hiding this comment.
Not for here, this change needs to happen in docker/cli repo.
engine/swarm/secrets.md
Outdated
| decrypted secret is mounted into the container in an in-memory filesystem. The | ||
| location of the mount point within the container defaults to | ||
| `/run/secrets/<secret_name>`, but you can specify a custom location in Docker | ||
| 17.06 and higher. You can update a service to grant it access to additional |
There was a problem hiding this comment.
Let's mention that giving an absolute target path is the way to specify a custom location; otherwise users may be confused about how to override the mount point.
engine/swarm/secrets.md
Outdated
|
|
||
| This uses the short syntax for the `--secret` flag, which creates files in | ||
| - **Docker 17.05 and earlier**: |
There was a problem hiding this comment.
Do we have a policy about how far back the docs cover old versions, and when we would remove something like this?
engine/swarm/configs.md
Outdated
| management data. | ||
|
|
||
| When you grant a newly-created or running service access to a config, the | ||
| config is mounted as a file in the container, in an in-memory filesystem. The |
There was a problem hiding this comment.
We don't use an in-memory filesystem for configs... just secrets
engine/swarm/configs.md
Outdated
| you can customize the file name on the container using the `target` option. | ||
|
|
||
| ```bash | ||
| $ docker service create --name="redis" --config="my-config" redis:alpine |
There was a problem hiding this comment.
These flags don't need double quotes. They aren't harmful, but stylistically it's out of the ordinary.
engine/swarm/secrets.md
Outdated
| ### Simple example: Use secrets in a Windows service | ||
|
|
||
| This is a very simple example which shows how to use secrets with a Windows | ||
| container running on Docker 17.06 EE on Microsoft Windows Server 2013 or Docker |
There was a problem hiding this comment.
container running on Docker 17.06 EE on Microsoft Windows Server 2016 or Docker
engine/swarm/configs.md
Outdated
| This is a config | ||
| ``` | ||
|
|
||
| 5. Verify that the config is **not** available if you commit the container. |
There was a problem hiding this comment.
I wonder if this is important information (in general, committing a container is not best practice, as the container should be regarded immutable). I would personally skip this.
| PS> docker config rm homepage | ||
| ``` | ||
|
|
||
| ### Advanced example: Use configs with a Nginx service |
There was a problem hiding this comment.
Love this example - combining secrets and configurations 👍
|
Addressed the last bit of feedback, squashed the commits down to a few logical ones. Going to merge. |
Proposed changes
Fixes #3430
Fixes #3483
Fixes #3482
Fixes #3290
I'm not too happy with the Windows secrets example. cc/ @friism @johnstep
Unreleased project version (optional)
17.06