Docker secrets integration
This commit is contained in:
parent
d1d32cdbe6
commit
48b91581b8
10 changed files with 21753 additions and 111 deletions
|
@ -4,7 +4,7 @@ WORKDIR /app
|
|||
|
||||
COPY package*.json ./
|
||||
|
||||
RUN apk --no-cache --virtual build-dependencies add python make g++ \
|
||||
RUN apk --no-cache --virtual build-dependencies add python python3 make g++ \
|
||||
&& npm install --production
|
||||
|
||||
COPY . .
|
||||
|
|
|
@ -1,19 +1,22 @@
|
|||
version: "3"
|
||||
|
||||
secrets:
|
||||
password:
|
||||
file: ./secrets/password
|
||||
version: '3.6'
|
||||
|
||||
services:
|
||||
flame:
|
||||
image: pawelmalak/flame
|
||||
container_name: flame
|
||||
volumes:
|
||||
- /path/to/data:/app/data
|
||||
- /path/to/host/data:/app/data
|
||||
# - /var/run/docker.sock:/var/run/docker.sock # optional but required for Docker integration
|
||||
ports:
|
||||
- 5005:5005
|
||||
secrets:
|
||||
- password
|
||||
# secrets:
|
||||
# - password # optional but required for (1)
|
||||
environment:
|
||||
- PASSWORD_FILE=/run/secrets/password
|
||||
- PASSWORD=flame_password
|
||||
# - PASSWORD_FILE=/run/secrets/password # optional but required for (1)
|
||||
restart: unless-stopped
|
||||
|
||||
# optional but required for Docker secrets (1)
|
||||
# secrets:
|
||||
# password:
|
||||
# file: /path/to/secrets/password
|
||||
|
|
|
@ -1 +0,0 @@
|
|||
flame_docker_secret_password
|
|
@ -1 +1,2 @@
|
|||
*.md
|
||||
*.md
|
||||
docker-compose.yml
|
29
README.md
29
README.md
|
@ -55,24 +55,43 @@ docker buildx build \
|
|||
#### Docker-Compose
|
||||
|
||||
```yaml
|
||||
version: '2.1'
|
||||
version: '3.6'
|
||||
|
||||
services:
|
||||
flame:
|
||||
image: pawelmalak/flame:latest
|
||||
image: pawelmalak/flame
|
||||
container_name: flame
|
||||
volumes:
|
||||
- <host_dir>:/app/data
|
||||
- /var/run/docker.sock:/var/run/docker.sock # optional but required for Docker integration feature
|
||||
- /path/to/host/data:/app/data
|
||||
- /var/run/docker.sock:/var/run/docker.sock # optional but required for Docker integration
|
||||
ports:
|
||||
- 5005:5005
|
||||
secrets:
|
||||
- password # optional but required for (1)
|
||||
environment:
|
||||
- PASSWORD=flame_password
|
||||
- PASSWORD_FILE=/run/secrets/password # optional but required for (1)
|
||||
restart: unless-stopped
|
||||
|
||||
# optional but required for Docker secrets (1)
|
||||
secrets:
|
||||
password:
|
||||
file: /path/to/secrets/password
|
||||
```
|
||||
|
||||
##### Docker Secrets
|
||||
|
||||
All environment variables set can be overwritten by appending `_FILE` to the variable value.For example, you can use `PASSWORD_FILE` to pass through a docker secret instead of `PASSWORD`. If both `PASSWORD` and `PASSWORD_FILE` are set, the docker secret will take precedent. An example using docker secrets is available in [here](.docker/docker-compose.yml).
|
||||
All environment variables can be overwritten by appending `_FILE` to the variable value. For example, you can use `PASSWORD_FILE` to pass through a docker secret instead of `PASSWORD`. If both `PASSWORD` and `PASSWORD_FILE` are set, the docker secret will take precedent.
|
||||
|
||||
```bash
|
||||
# ./secrets/flame_password
|
||||
my_custom_secret_password_123
|
||||
|
||||
# ./docker-compose.yml
|
||||
secrets:
|
||||
password:
|
||||
file: ./secrets/flame_password
|
||||
```
|
||||
|
||||
#### Skaffold
|
||||
|
||||
|
|
21793
client/package-lock.json
generated
21793
client/package-lock.json
generated
File diff suppressed because it is too large
Load diff
|
@ -11,7 +11,6 @@
|
|||
"@types/jest": "^27.0.2",
|
||||
"@types/node": "^16.11.6",
|
||||
"@types/react": "^17.0.34",
|
||||
"@types/react-autosuggest": "^10.1.5",
|
||||
"@types/react-beautiful-dnd": "^13.1.2",
|
||||
"@types/react-dom": "^17.0.11",
|
||||
"@types/react-redux": "^7.1.20",
|
||||
|
@ -21,7 +20,6 @@
|
|||
"http-proxy-middleware": "^2.0.1",
|
||||
"jwt-decode": "^3.1.2",
|
||||
"react": "^17.0.2",
|
||||
"react-autosuggest": "^10.1.0",
|
||||
"react-beautiful-dnd": "^13.1.0",
|
||||
"react-dom": "^17.0.2",
|
||||
"react-redux": "^7.2.6",
|
||||
|
|
|
@ -1,5 +1,4 @@
|
|||
const ErrorResponse = require('../utils/ErrorResponse');
|
||||
const colors = require('colors');
|
||||
const Logger = require('../utils/Logger');
|
||||
const logger = new Logger();
|
||||
|
||||
|
|
|
@ -1,9 +1,9 @@
|
|||
const initConfig = require('./initConfig');
|
||||
const initFiles = require('./initFiles');
|
||||
const initSecrets = require('./initSecrets');
|
||||
const initDockerSecrets = require('./initDockerSecrets');
|
||||
|
||||
const initApp = async () => {
|
||||
initSecrets();
|
||||
initDockerSecrets();
|
||||
await initFiles();
|
||||
await initConfig();
|
||||
};
|
||||
|
|
|
@ -2,14 +2,16 @@ const { getSecrets } = require('docker-secret');
|
|||
const Logger = require('../Logger');
|
||||
const logger = new Logger();
|
||||
|
||||
const initSecrets = () => {
|
||||
const initDockerSecrets = () => {
|
||||
const secrets = getSecrets();
|
||||
|
||||
for (const property in secrets) {
|
||||
const upperProperty = property.toUpperCase();
|
||||
|
||||
process.env[upperProperty] = secrets[property];
|
||||
logger.log(`${upperProperty} was overwritten with docker secret value`, 'WARN');
|
||||
|
||||
logger.log(`${upperProperty} was overwritten with docker secret value`);
|
||||
}
|
||||
};
|
||||
|
||||
module.exports = initSecrets;
|
||||
module.exports = initDockerSecrets;
|
Loading…
Reference in a new issue