Chapter 12. First-class configuration abstractions

# Chapter 12. First-class configuration abstractions ###### tags: `Docker`, `docker in action 2ed` ## 範圍 - 為什麼需要讀取設定檔 - 解決方案 - Docker Swarm - config, secrets ## 12.1. Configuration distribution and management - Program the application to **read configuration** data on startup and adjust its behavior accordingly at runtime. - `ini`, `properties`, `JSON`, `YAML`, `TOML`, or other format - Timeline of application changes - ![](https://i.imgur.com/7nE4Ubi.png) - Applications depend on configurations - Because configurations can change for reasons that are external to the application, and applications are generally not built to handle changes that break backward compatibility in the configuration model, we need to model, integrate, and sequence configuration changes to avoid breaking applications. - ![](https://i.imgur.com/qHTi7d8.png) ## 12.2. Separating application and configuration ![](https://i.imgur.com/olGVMlN.png) - https://github.com/dockerinaction/ch12_greetings ### 12.2.1. Working with the config resource - A Docker config resource is a Swarm cluster object that deployment authors can use to store runtime data needed by applications ### 12.2.2. Deploying the application ``` $ DEPLOY_ENV=dev docker stack deploy \ --compose-file docker-compose.yml greetings_dev ``` ### 12.2.3. Managing config resources directly ``` $ docker config inspect greetings_dev_env_specific_config ``` ## 12.3. Secrets—A special kind of configuration ### 12.3.1. Using Docker secrets - `Secrets` look a lot like configuration with one important difference. The value of a secret is important and often highly valuable because it authenticates an identity or protects data. - A secret may take the form of a password, API key, or private encryption key. If these secrets leak, someone may be able to perform actions or access data they are not authorized for. ![](https://i.imgur.com/pP9AvOd.png) ### [How Docker manages secrets](https://docs.docker.com/engine/swarm/secrets/#how-docker-manages-secrets) ![](https://i.imgur.com/s29BmHj.png) ## Summary * Applications often must adapt their behavior to the environment they are deployed into. * Docker config and secret resources can be used to model and adapt application behavior to various deployment needs. * Secrets are a special kind of configuration data that is challenging to handle safely. * Docker Swarm establishes a chain of trust and uses Docker service identities to ensure that secrets are delivered correctly and securely to applications. * Docker provides config and secrets to services as files on a container-specific tmpfs filesystem that applications can read at startup. * Deployment processes must use a naming scheme for config and secret resources that enables automation to update services.