通过遵循Docker docs并使用入口点脚本来解决此问题。
这是一种方法。
定义你的码头工人秘密Redis的密码
在您的本地dev的机器。
创建一个秘密文件,确保你添加一个.gitignore条目,不向你的repo提交秘密。
./secrets/redis-pass.txt
g7VacrULudmwcLnxy23JWyUNZRit7cazG2JekTCc6vccxX2LxLWoHFP8XYLbD4U9
在您的领导群节点。
echo "g7VacrULudmwcLnxy23JWyUNZRit7cazG2JekTCc6vccxX2LxLWoHFP8XYLbD4U9" | docker secret create redis-pass -
创建Redis的配置文件
./redis/redis.conf
定义requirepass财产。
requirepass XXXXXXXXXX
更新Redis的Dockerfile
复制配置成在构建时的容器。
./redis/Dockerfile
FROM alpine:3.6
# add our user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added
RUN addgroup -S redis && adduser -S -G redis redis
# grab su-exec for easy step-down from root
RUN apk add --no-cache 'su-exec>=0.2'
ENV REDIS_VERSION 3.2.9
ENV REDIS_DOWNLOAD_URL http://download.redis.io/releases/redis-3.2.9.tar.gz
ENV REDIS_DOWNLOAD_SHA 6eaacfa983b287e440d0839ead20c2231749d5d6b78bbe0e0ffa3a890c59ff26
# for redis-sentinel see: http://redis.io/topics/sentinel
RUN set -ex; \
\
apk add --no-cache --virtual .build-deps \
coreutils \
gcc \
linux-headers \
make \
musl-dev \
; \
\
wget -O redis.tar.gz "$REDIS_DOWNLOAD_URL"; \
echo "$REDIS_DOWNLOAD_SHA *redis.tar.gz" | sha256sum -c -; \
mkdir -p /usr/src/redis; \
tar -xzf redis.tar.gz -C /usr/src/redis --strip-components=1; \
rm redis.tar.gz; \
\
# Disable Redis protected mode [1] as it is unnecessary in context
# of Docker. Ports are not automatically exposed when running inside
# Docker, but rather explicitely by specifying -p/-P.
# [1] https://github.com/antirez/redis/commit/edd4d555df57dc84265fdfb4ef59a4678832f6da
grep -q '^#define CONFIG_DEFAULT_PROTECTED_MODE 1$' /usr/src/redis/src/server.h; \
sed -ri 's!^(#define CONFIG_DEFAULT_PROTECTED_MODE) 1$!\1 0!' /usr/src/redis/src/server.h; \
grep -q '^#define CONFIG_DEFAULT_PROTECTED_MODE 0$' /usr/src/redis/src/server.h; \
# for future reference, we modify this directly in the source instead of just supplying a default configuration flag because apparently "if you specify any argument to redis-server, [it assumes] you are going to specify everything"
# see also https://github.com/docker-library/redis/issues/4#issuecomment-50780840
# (more exactly, this makes sure the default behavior of "save on SIGTERM" stays functional by default)
\
make -C /usr/src/redis -j "$(nproc)"; \
make -C /usr/src/redis install; \
\
rm -r /usr/src/redis; \
\
apk del .build-deps
RUN mkdir /data && chown redis:redis /data
VOLUME /data
WORKDIR /data
COPY redis.conf /home/redis/
COPY docker-entrypoint.sh /usr/local/bin/
ENTRYPOINT ["docker-entrypoint.sh"]
# EXPOSE 6379
# CMD ["redis-server"]
更新docker-entrypoint.sh用sed命令。
./redis/docker-entrypoint.sh
sed命令将与来自/运行/秘密Redis的通秘密口令替换redis.conf文件requirepass属性的值/ redis-通过。
#!/bin/sh
set -e
# Updated password using sed
sed -i "s/requirepass XXXXXXXXXX/requirepass `cat /run/secrets/redis_password`/" /home/redis/redis.conf
# first arg is `-f` or `--some-option`
# or first arg is `something.conf`
if [ "${1#-}" != "$1" ] || [ "${1%.conf}" != "$1" ]; then
set -- redis-server "[email protected]"
fi
# allow the container to be started with `--user`
if [ "$1" = 'redis-server' -a "$(id -u)" = '0' ]; then
chown -R redis .
exec su-exec redis "$0" "[email protected]"
fi
exec "[email protected]"
更新您的码头工人,compose.yml文件
./docker-compose。阳明海运
定义的3.1
version: "3.1"
撰写版本定义秘密
secrets:
redis-pass:
# local dev machine
#file: ./secrets/redis-pass.txt
# production environment
external: true
定义redis的服务。
redis:
build: ./redis
image: redis:3.2.9
command: sh -c 'redis-server /home/redis/redis.conf'
expose:
- "6379"
# networks:
# - frontend
deploy:
replicas: 2
update_config:
parallelism: 2
delay: 10s
restart_policy:
condition: on-failure
secrets:
- redis-pass
tty: true
验证requirepass被更新
➜ blah git:(master) ✗ docker-compose exec redis sh
/data # ps -ef
PID USER TIME COMMAND
1 root 0:00 sh -c redis-server /home/redis/redis.conf
10 root 0:03 redis-server /home/redis/redis.conf
28 root 0:00 sh
34 root 0:00 ps -ef
/data # cat /home/redis/redis.conf
requirepass g7VacrULudmwcLnxy23JWyUNZRit7cazG2JekTCc6vccxX2LxLWoHFP8XYLbD4U9
/data #
享受!