-
-
Notifications
You must be signed in to change notification settings - Fork 445
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: Added support for Docker secrets
This adds the ability to use [Docker secrets](https://docs.docker.com/compose/use-secrets/) in configuration files. In Docker this is done by creating a secret resource, adding that secret to the container when you're starting it, and specifying an environment variable that has the `_FILE` suffix. The environment variable should point to the file which contains the secret (`/run/secrets/<secret-name>`). Typically Docker images are setup so that they will try and find any environment variables that end in `_FILE` and set new environment variables with the same name minus the `_FILE` suffix in the running process. This is beneficial since environment variables that are set by the user when creating the container are visible to anyone who is able to run `docker container inspect <container>` on the host. For secrets this could be really damaging and leak sensitive information. Instead it is recommended to use Docker secrets. Because Gatus uses the `scratch` base image I wasn't able to just use a Bash script to convert the secret file path into a normal environment variable like many other images do. Instead I opted to just modify the configuration logic so that it checks the environment variable name and changes its behavior based on that. This seems to work well enough. As far as error handling, I opted _not_ to crash the service when it's unable to read the secret file and instead just pretend its a normal environment variable and return an empty string. This follows the conventions of the rest of the configuration handling and leaves the error reporting to the configuration validation. I've also updated the readme to mention this feature with a link to an example.
- Loading branch information
Showing
6 changed files
with
255 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
storage: | ||
type: postgres | ||
path: "postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@postgres:5432/${POSTGRES_DB}?sslmode=disable" | ||
|
||
endpoints: | ||
- name: back-end | ||
group: core | ||
url: "https://example.org/" | ||
interval: 5m | ||
conditions: | ||
- "[STATUS] == 200" | ||
- "[CERTIFICATE_EXPIRATION] > 48h" | ||
|
||
- name: monitoring | ||
group: internal | ||
url: "https://example.org/" | ||
interval: 5m | ||
conditions: | ||
- "[STATUS] == 200" | ||
|
||
- name: nas | ||
group: internal | ||
url: "https://example.org/" | ||
interval: 5m | ||
conditions: | ||
- "[STATUS] == 200" | ||
|
||
- name: example-dns-query | ||
url: "8.8.8.8" # Address of the DNS server to use | ||
interval: 5m | ||
dns: | ||
query-name: "example.com" | ||
query-type: "A" | ||
conditions: | ||
- "[BODY] == 93.184.216.34" | ||
- "[DNS_RCODE] == NOERROR" | ||
|
||
- name: icmp-ping | ||
url: "icmp://example.org" | ||
interval: 1m | ||
conditions: | ||
- "[CONNECTED] == true" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,41 @@ | ||
version: "3.9" | ||
services: | ||
postgres: | ||
image: postgres | ||
volumes: | ||
- ./data/db:/var/lib/postgresql/data | ||
ports: | ||
- "5432:5432" | ||
secrets: | ||
- postgres_password | ||
environment: | ||
- POSTGRES_DB=gatus | ||
- POSTGRES_USER=username | ||
- POSTGRES_PASSWORD_FILE=/run/secrets/postgres_password | ||
networks: | ||
- web | ||
|
||
gatus: | ||
image: twinproduction/gatus:latest | ||
restart: always | ||
ports: | ||
- "8080:8080" | ||
secrets: | ||
- postgres_password | ||
environment: | ||
- POSTGRES_USER=username | ||
- POSTGRES_PASSWORD_FILE=/run/secrets/postgres_password | ||
- POSTGRES_DB=gatus | ||
volumes: | ||
- ./config:/config | ||
networks: | ||
- web | ||
depends_on: | ||
- postgres | ||
|
||
secrets: | ||
postgres_password: | ||
file: ./postgres_password.txt | ||
|
||
networks: | ||
web: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
supersecret |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters