Shulou(Shulou.com)06/01 Report--

In this issue, the editor will bring you about how to learn Secret through cases. The article is rich in content and analyzes and narrates it from a professional point of view. I hope you can get something after reading this article.

In the following example, we will deploy a WordPress application, WordPress is a popular open source blogging system.

We will create a MySQL service and save the password to secret. We will also create a WordPress service that will connect to the MySQL using secret. This example shows how to use secret to avoid storing sensitive information in image or to pass sensitive data directly on the command line.

The experimental steps are as follows:

Create secret

Create an administrator password for secret to store MySQL.

Openssl rand-base64 20 | docker secret create mysql_root_password-

Passwords are random strings generated by openssl.

Note that ag7injh7juonwl09lq8st36o8 is the ID of the newly created service, not the content of service.

The above method is to read the contents of secret from standard input, or you can specify to read from a file, for example:

Openssl rand-base64 20 > password.txtdocker secret create my_password. / password.txt

In general, applications do not access MySQL directly with root passwords. We will create a separate user workpress and store the password in secret mysql_password.

Openssl rand-base64 20 | docker secret create mysql_password-

Create a custom overlay network

MySQL communicates with WordPress through the overlay network mysql_private, eliminating the need to expose MySQL service to external networks and other containers.

Docker network create-d overlay mysql_private

Create MySQL service

The command is as follows:

Docker service create\-name mysql\-network mysql_private\-secret source=mysql_root_password,target=mysql_root_password\-secret source=mysql_password Target=mysql_password\-e MYSQL_ROOT_PASSWORD_FILE= "/ run/secrets/mysql_root_password"\-e MYSQL_PASSWORD_FILE= "/ run/secrets/mysql_password"\-e MYSQL_USER= "wordpress"\-e MYSQL_DATABASE= "wordpress"\ mysql:latest

MYSQL_DATABASE indicates that the database wordpress is created.

MYSQL_USER and MYSQL_PASSWORD_FILE indicate that the database user workpress is created and the password is read from secret mysql_password.

For more details on the use of mysql mirror environment variables, please refer to https://hub.docker.com/_/mysql/

Create WordPress service

MySQL service is ready, now create a WordPress service. The command is as follows:

Docker service create\-- name wordpress\-- network mysql_private\-- publish 3000network mysql_private 80\-- secret source=mysql_password,target=wp_db_password\-e WORDPRESS_DB_HOST= "mysql:3306" > the above is the editor's share of how to learn Secret through cases. If you happen to have similar doubts, please refer to the above analysis to understand. If you want to know more about it, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.