diff --git a/docs/aci-compose-features.md b/docs/aci-compose-features.md index 16ec9fc6f..50d7afb6e 100644 --- a/docs/aci-compose-features.md +++ b/docs/aci-compose-features.md @@ -2,7 +2,7 @@ This document outlines the conversion of an application defined in a Compose file to ACI objects. At a high-level, each Compose deployment is mapped to a single ACI container group. -Each service is mapped to a container in the container group. The Docker ACI integration provides does not allow scaling of services. +Each service is mapped to a container in the container group. The Docker ACI integration does not allow scaling of services. ## Compose fields mapping @@ -58,7 +58,7 @@ __Legend:__ | service.networks | x | Communication between services is implemented by defining mapping for each service in the shared `/etc/hosts` file of the container group. Each service can resolve names for other services and the resulting network calls will be redirected to `localhost`. | service.pid | x | | service.ports | ✓ | Only symetrical por mapping is supported in ACI. See #exposing-ports. -| service.secrets | ✓ | +| service.secrets | ✓ | See #secrets. | service.security_opt | x | | service.stop_grace_period | x | | service.stop_signal | x | @@ -118,6 +118,33 @@ A Compose file can define several volumes, with different Azure file shares or s Credentials for storage accounts will be automatically fetched at deployment time using the Azure login to retrieve the storage account key for each storage account used. +## Secrets + +Secrets can be defined in compose files, and will need secret files available at deploy time next to the compose file. +The content of the secret file will be made available inside selected containers, under `/run/secrets// +External secrets are not supported with the ACI integration. +Due to ACI secret volume mounting, each secret file is mounted in its own folder named after the secret. + +```yaml +services: + nginx: + image: nginx + secrets: + - mysecret1 + db: + image: mysql + secrets: + - mysecret2 + +secrets: + mysecret1: + file: ./my_secret1.txt + mysecret2: + file: ./my_secret2.txt +``` + +The nginx container will have secret1 mounted as `/run/secrets/mysecret1/mysecret1`, the db container will have secret2 mounted as `/run/secrets/mysecret1/mysecret2` + ## Container Resources CPU and memory reservations and limits can be set in compose.