Lock down faas-swarm

- This commit moves us to faas-swarm 0.4.2 which uses basic auth (when enabled) to prevent functions or other services from accessing the administrative API endpoints. Signed-off-by: Alex Ellis (VMware) <alexellis2@gmail.com>
2025-06-17 12:46:59 +00:00 · 2018-09-10 13:07:01 +01:00 · 2018-09-10 13:07:01 +01:00 · 326236763d
commit 326236763d
parent 0cc0201185
2 changed files with 7 additions and 6 deletions
--- a/docker-compose.armhf.yml
+++ b/docker-compose.armhf.yml
@ -35,11 +35,9 @@ services:

    # Docker Swarm provider
    faas-swarm:
-        image:  openfaas/faas-swarm:0.4.1-armhf
+        image:  openfaas/faas-swarm:0.4.2-armhf
        volumes:
            - "/var/run/docker.sock:/var/run/docker.sock"
-        # ports:
-            # - 8081:8080
        networks:
            - functions
        environment:
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -41,15 +41,15 @@ services:
    faas-swarm:
        volumes:
            - "/var/run/docker.sock:/var/run/docker.sock"
-        # ports:
-            # - 8081:8080
-        image:  openfaas/faas-swarm:0.4.1
+        image:  openfaas/faas-swarm:0.4.2
        networks:
            - functions
        environment:
            read_timeout:  "300s"   # set both here, and on your functions
            write_timeout: "300s"   # set both here, and on your functions
            DOCKER_API_VERSION: "1.30"
+            basic_auth: "${BASIC_AUTH:-true}"
+            secret_mount_path: "/run/secrets/"
        deploy:
            placement:
                constraints:
@ -65,6 +65,9 @@ services:
                delay: 5s
                max_attempts: 20
                window: 380s
+        secrets:
+            - basic-auth-user
+            - basic-auth-password

    nats:
        image: nats-streaming:0.6.0