search

pantsel / konga

More than just another GUI to Kong Admin API
MIT License
4.31k stars 826 forks source link

Support for postgres database with password and docker secrets #323

Open nylocx opened 5 years ago

nylocx commented 5 years ago

Hi, I'm currently planning a setup of kong and konga in a docker swarm environment and I got pretty far for now. The related part of my compose file:

  # kong:
  kong-migrations:
    image: "kong:1.0.0"
    command: kong migrations bootstrap
    depends_on:
      - postgres
    environment:
      KONG_DATABASE: postgres
      KONG_PG_DATABASE: kong
      KONG_PG_HOST: postgres
      KONG_PG_USER: kong
    configs:
      - source: kong_entrypoint_overwrite
        target: /kong_entrypoint_overwrite.sh
        mode: 0770
    secrets:
      - postgres_user_passwd
    entrypoint:
      /kong_entrypoint_overwrite.sh
    deploy:
      restart_policy:
        condition: on-failure

  kong:
    image: "kong:1.0.0"
    depends_on:
      - postgres
      - kong-migrations
    environment:
      KONG_ADMIN_ACCESS_LOG: /dev/stdout
      KONG_ADMIN_ERROR_LOG: /dev/stderr
      KONG_ADMIN_LISTEN: '0.0.0.0:8001'
      KONG_CASSANDRA_CONTACT_POINTS: postgres
      KONG_DATABASE: postgres
      KONG_PG_DATABASE: kong
      KONG_PG_HOST: postgres
      KONG_PG_USER: kong
      KONG_PROXY_ACCESS_LOG: /dev/stdout
      KONG_PROXY_ERROR_LOG: /dev/stderr
    ports:
      - "9005:8000/tcp"
      - "9006:8001/tcp"
      - "9007:8443/tcp"
      - "9008:8444/tcp"
    configs:
      - source: kong_entrypoint_overwrite
        target: /kong_entrypoint_overwrite.sh
        mode: 0770
    secrets:
      - postgres_user_passwd
    entrypoint:
      /kong_entrypoint_overwrite.sh
    command:
      - kong
      - docker-start

  konga-prepare:
    image: pantsel/konga:next
    depends_on:
      - postgres
    # This is ugly and I really would like to get rid of having the password in plain text in the command
    command: "-c prepare -a postgres -u postgresql://konga:<secret_password>@postgres:5432/konga"
    deploy:
      restart_policy:
        condition: on-failure
    secrets:
      - postgres_user_passwd

  konga:
    image: pantsel/konga:next
    depends_on:
      - kong
    ports:
      - 9009:1337
    environment:
      - DB_ADAPTER=postgres
      - DB_HOST=postgres
      - DB_DATABASE=konga
      - DB_USER=konga
      - NODE_ENV=production
    configs:
    - source: konga_entrypoint_overwrite
      target: /konga_entrypoint_overwrite.sh
      mode: 0770
    secrets:
      - postgres_user_passwd
      - konga_jwt_token
    entrypoint:
      /konga_entrypoint_overwrite.sh

Currently I had to overwrite the entry point scripts of kong and konga to use docker secrets. The scripts are pretty simple and follows the schema:

export KONG_PG_PASSWORD=$(cat /run/secrets/postgres_user_passwd)
source /docker-entrypoint.sh "$@"

But I would really like to have support for something like:

environment:
      POSTGRES_PASSWORD_FILE: /run/secrets/postgres_passwd

As supported in the postgres docker image. This would remove a lot of clutter from my compose file and I hope will benefit others that are trying to make their docker world a little bit safer. I'm pretty new to docker, but if you like I could try to create a PR for this feature.

pantsel commented 5 years ago

@nylocx , PRs are always welcome!

nylocx commented 5 years ago

I'm not very good a JS, so my first try would be adding a statement like this to the start.sh script:

if [[ -v DB_PASSWORD_FILE ]] && [[ -e ${DB_PASSWORD_FILE} ]]; then
    export DB_PASSWORD=$(cat ${DB_PASSWORD_FILE})
fi

But this will not work with the prepare command (node ./bin/konga.js $COMMAND --adapter $ADAPTER --uri $URI) as I would have to do some magic with the $URI variable like: URI=$(echo ${URI} | sed "s/<password>/${DB_PASSWORD}/")

And this again would require me to add something like <password> to the uri in my docker compose file which is not very obvious unless documented. Any better ideas?

--- edit --- I got an idea, we could do an URI=$(eval echo ${URI}) with that we can write our docker compose command as: command: "-c prepare -a postgres -u postgresql://konga:$$DB_PASSWORD@postgres:5432/konga"

But I'm not 100% sure if this will work.

mloskot commented 3 years ago

@pantsel

@nylocx , PRs are always welcome!

Well, some useful PRs have arrived and remaining unmerged for long time, e.g. https://github.com/pantsel/konga/pull/586#issuecomment-654431890