如何通过 Azure DevOps 在 Dockerfile 中设置环境变量
[英]How to set environment variables in Dockerfile via Azure DevOps
问题描述
In my projects Docker file I have some environment variables, like this:
在我的项目 Docker 文件中,我有一些环境变量,如下所示:
ENV ACCEPT_EULA=Y
ENV SA_PASSWORD=Password
ENV MSSQL_PID=Developer
ENV MSSQL_TCP_PORT=1433
And I would like to pass the password here as an environment variable set in my pipeline.我想在此处将密码作为在我的管道中设置的环境变量传递。
In Azure DevOps I have two pipelines.在 Azure DevOps 中,我有两个管道。 One for building the solution and one for building and pushing docker images to DockerHub.一种用于构建解决方案,一种用于构建 docker 镜像并将其推送到 DockerHub。 There are options to set variables in both these pipelines:在这两个管道中都有设置变量的选项:
I have set the password in both pipelines and edited my password in the Dockerfile to look like this:
我已经在两个管道中设置了密码,并在 Dockerfile 中编辑了我的密码,如下所示:
ENV SA_PASSWORD=$(SA_PASSWORD)
But that does not seem to be working.但这似乎不起作用。 What is the correct way of passing environment variables from Azure DevOps into a Docker image?将环境变量从 Azure DevOps 传递到 Docker 映像的正确方法是什么?
Also, is this a safe way of passing secrets?另外,这是传递秘密的安全方式吗? Is there any way someone could read secrets from a Docker image?有什么办法可以从 Docker 镜像中读取机密?
Thanks!谢谢!
4 个解决方案
解决方案1
8 2020-01-28 04:47:52
You can set an ARG var_name and reference ENV to the ARG variables.您可以设置ARG var_name并将 ENV 引用到 ARG 变量。 Then you can replace those variables when docker build the image $ docker build --build-arg var_name=$(VARIABLE_NAME)然后你可以在 docker 构建镜像时替换这些变量$ docker build --build-arg var_name=$(VARIABLE_NAME)
For example the add ARG in dockerfile, and have the ENV variable refer to it:例如在 dockerfile 中添加 ARG,并让 ENV 变量引用它:
ARG SECRET
ENV ACCEPT_EULA=Y
ENV SA_PASSWORD=$SECRET
ENV MSSQL_PID=Developer
ENV MSSQL_TCP_PORT=1433
You can use dock build task and dock push task separately, as buildandpush command cannot accept arguments.您可以单独使用停靠构建任务和停靠推送任务,因为 buildandpush 命令不能接受参数。 And set a variable SECRET in your pipeline.并在您的管道中设置一个变量SECRET 。
The set the Build Arguments SECRET= $(SECRET) to replace the ARG SECRET设置 Build Arguments SECRET= $(SECRET)来替换 ARG SECRET
解决方案2
1 2020-01-27 15:14:49
I am using the Replace Tokens extension for exactly tasks like this: https://marketplace.visualstudio.com/items?itemName=qetza.replacetokens我正在使用替换令牌扩展来完成这样的任务: https : //marketplace.visualstudio.com/items?itemName=qetza.replacetokens
However, putting secrets into your Dockerfile might not be the best idea.但是,将机密放入 Dockerfile 可能不是最好的主意。 Usually you would provide secrets or generally runtime configuration as environment variables when you actually execute the container.通常,当您实际执行容器时,您会提供机密或通常的运行时配置作为环境变量。
解决方案3
1 2020-10-07 03:18:11
I suggest to set the environment variables at runtime.我建议在运行时设置环境变量。 If you are deploying to an Azure App Service, app settings are injected into the process as environment variables automatically.如果要部署到 Azure 应用服务,应用设置将作为环境变量自动注入到进程中。
You can then use the same image for multiple environments.然后,您可以在多个环境中使用相同的图像。 With the Deploy Azure App Service task in a release pipeline, you can change the app settings for each environment.通过在发布管道中部署 Azure 应用服务任务,您可以更改每个环境的应用设置。
https://docs.microsoft.com/en-us/azure/app-service/configure-custom-container?pivots=container-linux#configure-environment-variables https://docs.microsoft.com/en-us/azure/app-service/configure-custom-container?pivots=container-linux#configure-environment-variables
解决方案4
-3 2020-06-29 09:39:57
In release, choose deploy azure app service task.在发布中,选择部署 azure 应用服务任务。 Provide required properties at App settings section under Application and Configuration Settings option.在应用程序和配置设置选项下的应用程序设置部分提供所需的属性。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.