有没有等价物docker service update --secret-add [SOME SECRET] [SERVICE]?
文档没有提到我可以做到这一点的任何地方: https ://docs.docker.com/engine/api/v1.25/#tag/Service
但我之前被告知该docker命令使用 API,所以我假设它在 API 的某个地方?
在相关的说明中,我注意到通过 API 检查秘密会返回一个“ UpdatedAt”字段。这是否表明将来会有一种方法来更新相同的秘密,而不必创建新的秘密?
您可以使用“服务”端点来更新服务。请求正文包含用于定义新机密的部分:TaskTemplate.ContainerSpec.Secrets。
像这样的东西应该工作:
{
"Name": "top",
"TaskTemplate": {
"ContainerSpec": {
"Image": "busybox",
"Args": [],
"Secrets: [
"SecretID": <id_of_your_secret>
]
},
"Resources": {},
"RestartPolicy": {},
"Placement": { },
"ForceUpdate": 0
},
"Mode": {
"Replicated": {}
},
"UpdateConfig": {
"Parallelism": 2,
"Delay": 1000000000,
"FailureAction": "pause",
"Monitor": 15000000000,
"MaxFailureRatio": 0.15
},
"RollbackConfig": {
"Parallelism": 1,
"Delay": 1000000000,
"FailureAction": "pause",
"Monitor": 15000000000,
"MaxFailureRatio": 0.15
},
"EndpointSpec": {
"Mode": "vip"
}
}
我知道这个问题很老,但我可以帮助别人。答案在此处的文档中。
端点
/services/create
示例请求:
{
"Name": "web",
"TaskTemplate": {
"ContainerSpec": {
"Image": "nginx:alpine",
"Mounts": [
{
"ReadOnly": true,
"Source": "web-data",
"Target": "/usr/share/nginx/html",
"Type": "volume",
"VolumeOptions": {
"DriverConfig": {},
"Labels": {
"com.example.something": "something-value"
}
}
}
],
"User": "33",
"DNSConfig": {
"Nameservers": [
"8.8.8.8"
],
"Search": [
"example.org"
],
"Options": [
"timeout:3"
]
}
},
"LogDriver": {
"Name": "json-file",
"Options": {
"max-file": "3",
"max-size": "10M"
}
},
"Placement": {},
"Resources": {
"Limits": {
"MemoryBytes": 104857600
},
"Reservations": {}
},
"RestartPolicy": {
"Condition": "on-failure",
"Delay": 10000000000,
"MaxAttempts": 10
}
},
"Mode": {
"Replicated": {
"Replicas": 4
}
},
"UpdateConfig": {
"Delay": 30000000000,
"Parallelism": 2,
"FailureAction": "pause"
},
"EndpointSpec": {
"Ports": [
{
"Protocol": "tcp",
"PublishedPort": 8080,
"TargetPort": 80
}
]
},
"Labels": {
"foo": "bar"
}
}
示例响应
{
"ID": "ak7w3gjqoa3kuz8xcpnyy0pvl",
"Warning": "unable to pin image doesnotexist:latest to digest: image library/doesnotexist:latest not found"
}