ECS with Docker 编写环境变量
[英]ECS with Docker Compose environment variables
问题描述
I'm deploying to ECS with the Docker Compose API, however, I'm sort of confused about environment variables.
我正在使用 Docker Compose API 部署到 ECS,但是,我对环境变量有点困惑。
Right now my docker-compose.yml looks like this:现在我的docker-compose.yml看起来像这样:
version: "3.8"
services:
simple-http:
image: "${IMAGE}"
secrets:
- message
secrets:
message:
name: "arn:aws:ssm:<AWS_REGION>:<AWS_ACCOUNT_ID>:parameter/test-env"
external: true
Now in my Container Definitions, I get a Simplehttp_Secrets_InitContainer that references this environment variable as message and with the correct ARN, but there is no variable named message inside my running container.现在,在我的容器定义中,我得到了一个Simplehttp_Secrets_InitContainer ,它将此环境变量引用为message并具有正确的 ARN,但我正在运行的容器中没有名为message的变量。
I'm a little confused, as I thought this was the correct way of passing env's such as DB-passwords, AWS credentials, and so forth.我有点困惑,因为我认为这是传递 env 的正确方法,例如 DB 密码、AWS 凭证等。
In the docs we see:在我们看到的文档中:
services:
test:
image: "image"
environment:
- "FOO=BAR"
But is this the right and secure way of doing this?但这是正确且安全的方法吗? Am I missing something?我错过了什么吗?
1 个解决方案
解决方案1
0 2021-12-06 16:09:39
I haven't played much with secrets in this ECS/Docker integration but there are a couple of things that don't add up between your understanding and the docs .在这个 ECS/Docker 集成中,我没有过多地研究秘密,但是在您的理解和文档之间有一些事情没有加起来。 First the integration seems to be working with Secrets Manager and not SSM .首先,集成似乎与Secrets Manager而不是SSM一起使用。 Second, according to the doc the content won't be available as a variable but rather as a flat file at runtime at /run/secrets/message (in your example).其次,根据文档,内容不会作为变量提供,而是作为运行时/run/secrets/message的平面文件(在您的示例中)。
Check out this page for the fine details: https://docs.docker.com/cloud/ecs-integration/#secrets查看此页面了解详细信息: https://docs.docker.com/cloud/ecs-integration/#secrets
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.