堆栈内存溢出
  简体   繁体   English

如何在 docker 中使用主目录中的文件组成秘密?

[英]How to use file from home directory in docker compose secret?

 原文  2021-06-30 18:18:01       node.js/ docker/ docker-compose

问题描述

I am trying to build a docker container with private node packages in it.我正在尝试构建一个 docker 容器,其中包含私有节点包。 I have followed this guide to use secrets to reference npmrc file securely to install the dependencies.我已按照本指南使用机密来安全地引用 npmrc 文件来安装依赖项。 I can get this to work when building the image directly using a command like this: docker build --secret id=npm,src=$HOME/.npmrc.在直接使用如下命令构建映像时,我可以让它工作: docker build --secret id=npm,src=$HOME/.npmrc. but I cannot get this working with docker compose.但我无法与 docker 组合一起使用。 When running a docker compose build it acts like there is no npmrc file and gives me a 401 when trying to download dependencies.当运行docker compose build时,它的行为就像没有 npmrc 文件,并在尝试下载依赖项时给我一个 401。

I provided a stripped down version of Dockerfile and docker-compose.yml below.我在下面提供了 Dockerfile 和 docker-compose.yml 的精简版本。

Dockerfile Dockerfile

# syntax = docker/dockerfile:1.2
FROM node:14.17.1

COPY . .

RUN --mount=type=secret,id=npm,target=/root/.npmrc yarn --frozen-lockfile --production

EXPOSE 3000

CMD [ "npm", "start" ]

docker-compose.yml docker-compose.yml

version: '3.7'
services:
  example:
    build: packages/example
    ports:
      - "3000:3000"
    secrets:
      - npm
secrets:
  npm:
    file: ${HOME}/.npmrc

2 个解决方案

解决方案1
 0  2021-06-30 20:28:33

The problem appears to be that my docker-compose.yml is specifying secrets for runtime of a container vs build time.问题似乎是我的 docker-compose.yml 指定了容器运行时与构建时间的秘密。 Support for build secrets from docker compose has not been implemented yet.尚未实现对来自 docker compose 的构建机密的支持。 Here is the outstanding PR: https://github.com/docker/compose/pull/7046 .这是优秀的 PR: https : //github.com/docker/compose/pull/7046

For now, I have to build the image using docker build ... and reference the named image locally in docker-compose.yml instead of building through docker compose.现在,我必须使用docker build ...构建图像docker build ...并在 docker-compose.yml 中本地引用命名图像,而不是通过 docker compose 构建。

解决方案2
 0  2022-08-29 09:45:01

Since docker-compose v2.5.0 this is now possible.docker-compose v2.5.0以来,这现在是可能的。

Dockerfile: Dockerfile:

# syntax=docker/dockerfile:1.2

RUN --mount=type=secret,id=mysecret,target=/root/mysecret cat /root/mysecret

docker-compose.yml docker-compose.yml

services:
  my-app:
    build:
      context: .
      secrets:
        - mysecret

secrets:
  mysecret:
   file: ~/.npmrc

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Docker Compose: .env: no such file or directory / NodeJS - Docker Compose: .env: no such file or directory / NodeJS docker-compose 与卷 - package.json 的“没有这样的文件或目录” - docker-compose up with volumes - “no such file or directory” for package.json Docker 撰写配置文件未在 Mac 中正确同步目录 - Docker compose config file not syncing directory properly in Mac 无法解析 dockerfile - 没有这样的文件或目录 - docker-compose.yml - Failed to resolve dockerfile - no such file or directory - docker-compose.yml 如何在 ovh 托管上使用 docker-compose - How to use docker-compose on ovh hosting 从 docker 文件触发 docker 组合文件的最佳方法是什么? - What is the best way to trigger a docker compose file from docker file? 在此示例中,如何使用docker-compose允许2个容器正确共享.sock文件? - How do i use docker-compose to allow for 2 containers to share a .sock file correctly in this example? 如何使用当前目录中的文件 - How to use a file from current directory Docker compose is using the env which was built by Dockerfile, instead of using env_file located in docker-compose.yml directory because of webpack - Docker compose is using the env which was built by Dockerfile, instead of using env_file located in docker-compose.yml directory because of webpack 如何将docker-compose.yml中的环境变量设置为package.json? - How to use environment variable set from docker-compose.yml into package.json?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM