Rancher secrets not working from docker-compose.yml

santachago · September 6, 2017, 4:38am

Hi guys, i am having an issue with secrets, i know its still experimental but based on the documentation what i am trying to do should work.
what i did:

Installed secrets from catalog, created a secret on the ui.

Now If i try to run from the rancher-cli the command below it created the stack but the container wp-data doesn’t have the secret mounted:
rancher --url xxxxx --access-key xxx --secret-key xxx --env web up -d --upgrade --batch-size 1 --pull --stack blog-test-master apache2 wp-data

with this docker-compose.yml:

version: '2'
services:
  php-fpm:
    image: xxxxxxx/docker/php-fpm:1.0
    tty: true
    volumes_from:
    - wp-data
    ports:
    - 9000/tcp
  apache2:
    image: httpd:2.4
    tty: true
    links:
    - php-fpm
    volumes_from:
    - wp-data
    ports:
    - 80:80/tcp
    labels:
      io.rancher.sidekicks: wp-data, php-fpm
  wp-data:
    image: xxxxx/wp-datavolume/wp-datavolume-master:latest
    network_mode: none
    volumes:
    - /usr/local/apache2/htdocs/
    - /usr/local/apache2/conf/
    secrets:
    - source: wp-config-test-v1
      target: wp-config
      mode: 444
      uid: '0'
      gid: '0'
    tty: true
    command:
    - cat
secrets:
  wp-config-test-v1:
    external: true

Thanks!!

shubbard343 · September 6, 2017, 3:57pm

I think the problem is the secrets: section. I added a Rancher secret to one of my containers from the UI, and the yaml looks different than yours.

version: '2'
services:
  ubuntu:
    image: ubuntu:16.04
    stdin_open: true
    entrypoint:
    - sleep
    - infinity
    tty: true
    secrets:
    - uid: '0'
      gid: '0'
      mode: '444'
      name: redis_host
      secretId: 1
    labels:
      io.rancher.container.pull_image: always

I think you need to find the secret ID, and specify that instead of using the external secret.
You might try adding it from the UI to see the yaml format that it creates.

santachago · September 6, 2017, 8:22pm

The yaml was exported from the UI. After manually adding the secret to the wp-data container.

Seem to have find the issue, the secret has to be attached to the primary service not to the sidekick. Once its attached to the primary its automatically available to all sidekick containers.

Weird that attaching the secret only to the sidekick on the UI works.

thanks!!

Topic		Replies	Views
Rancher Secret doens't work with my container Rancher 1.x	0	816	November 16, 2018
/run/secrets not mounted on 1.4.1 Rancher 1.x	2	1961	February 28, 2017
RHEL host - Unable to deploy container with Rancher Secrets Rancher 1.x	3	1582	November 2, 2017
Problem with Rancher Catalog / Docker-compose Rancher 1.x	6	1961	August 7, 2016
How to `docker build` with secret from 'envFrom' Rancher 2.x	5	2355	February 25, 2020

Rancher secrets not working from docker-compose.yml

Related Topics