【问题标题】:Docker Update Secrets via API通过 API 更新 Docker 机密
【发布时间】:2017-08-13 06:16:10
【问题描述】:

有没有等价于docker service update --secret-add [SOME SECRET] [SERVICE]

文档没有提到我可以做到这一点的任何地方: https://docs.docker.com/engine/api/v1.25/#tag/Service

但我之前被告知 docker 命令使用 API,所以我假设它在 API 中某处

在相关说明中,我注意到通过 API 检查机密会返回一个“UpdatedAt”字段。这是否表明将来会有一种方法来更新相同的秘密,而不必创建新的秘密?

【问题讨论】:

    标签: docker docker-api


    【解决方案1】:

    我知道这个问题很老,但我可以帮助别人。答案在文档here

    端点

    /services/create

    示例请求:

    {
      "Name": "web",
      "TaskTemplate": {
        "ContainerSpec": {
          "Image": "nginx:alpine",
          "Mounts": [
            {
              "ReadOnly": true,
              "Source": "web-data",
              "Target": "/usr/share/nginx/html",
              "Type": "volume",
              "VolumeOptions": {
                "DriverConfig": {},
                "Labels": {
                  "com.example.something": "something-value"
                }
              }
            }
          ],
          "User": "33",
          "DNSConfig": {
            "Nameservers": [
              "8.8.8.8"
            ],
            "Search": [
              "example.org"
            ],
            "Options": [
              "timeout:3"
            ]
          }
        },
        "LogDriver": {
          "Name": "json-file",
          "Options": {
            "max-file": "3",
            "max-size": "10M"
          }
        },
        "Placement": {},
        "Resources": {
          "Limits": {
            "MemoryBytes": 104857600
          },
          "Reservations": {}
        },
        "RestartPolicy": {
          "Condition": "on-failure",
          "Delay": 10000000000,
          "MaxAttempts": 10
        }
      },
      "Mode": {
        "Replicated": {
          "Replicas": 4
        }
      },
      "UpdateConfig": {
        "Delay": 30000000000,
        "Parallelism": 2,
        "FailureAction": "pause"
      },
      "EndpointSpec": {
        "Ports": [
          {
            "Protocol": "tcp",
            "PublishedPort": 8080,
            "TargetPort": 80
          }
        ]
      },
      "Labels": {
        "foo": "bar"
      }
    }
    

    示例响应

    {
      "ID": "ak7w3gjqoa3kuz8xcpnyy0pvl",
      "Warning": "unable to pin image doesnotexist:latest to digest: image library/doesnotexist:latest not found"
    }
    

    【讨论】:

      【解决方案2】:

      您可以使用“服务”端点来更新服务。请求正文包含用于定义新机密的部分:TaskTemplate.ContainerSpec.Secrets。

      这样的事情应该可以工作:

      {
        "Name": "top",
        "TaskTemplate": {
          "ContainerSpec": {
            "Image": "busybox",
            "Args": [],
            "Secrets: [
              "SecretID": <id_of_your_secret>
            ]
          },
          "Resources": {},
          "RestartPolicy": {},
          "Placement": { },
          "ForceUpdate": 0
        },
        "Mode": {
          "Replicated": {}
        },
        "UpdateConfig": {
          "Parallelism": 2,
          "Delay": 1000000000,
          "FailureAction": "pause",
          "Monitor": 15000000000,
          "MaxFailureRatio": 0.15
        },
        "RollbackConfig": {
          "Parallelism": 1,
          "Delay": 1000000000,
          "FailureAction": "pause",
          "Monitor": 15000000000,
          "MaxFailureRatio": 0.15
        },
        "EndpointSpec": {
          "Mode": "vip"
        }
      }
      

      【讨论】:

        猜你喜欢
        • 2016-08-04
        • 2021-02-06
        • 2022-01-27
        • 1970-01-01
        • 2020-06-01
        • 1970-01-01
        • 1970-01-01
        • 1970-01-01
        • 1970-01-01
        相关资源
        最近更新 更多