From 326236763d9cb2efa98b69c160bb80bfd756c117 Mon Sep 17 00:00:00 2001 From: "Alex Ellis (VMware)" Date: Mon, 10 Sep 2018 13:07:01 +0100 Subject: [PATCH] Lock down faas-swarm - This commit moves us to faas-swarm 0.4.2 which uses basic auth (when enabled) to prevent functions or other services from accessing the administrative API endpoints. Signed-off-by: Alex Ellis (VMware) --- docker-compose.armhf.yml | 4 +--- docker-compose.yml | 9 ++++++--- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/docker-compose.armhf.yml b/docker-compose.armhf.yml index 32c55a0d..b4774605 100644 --- a/docker-compose.armhf.yml +++ b/docker-compose.armhf.yml @@ -35,11 +35,9 @@ services: # Docker Swarm provider faas-swarm: - image: openfaas/faas-swarm:0.4.1-armhf + image: openfaas/faas-swarm:0.4.2-armhf volumes: - "/var/run/docker.sock:/var/run/docker.sock" - # ports: - # - 8081:8080 networks: - functions environment: diff --git a/docker-compose.yml b/docker-compose.yml index b467e35a..b2349e9e 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -41,15 +41,15 @@ services: faas-swarm: volumes: - "/var/run/docker.sock:/var/run/docker.sock" - # ports: - # - 8081:8080 - image: openfaas/faas-swarm:0.4.1 + image: openfaas/faas-swarm:0.4.2 networks: - functions environment: read_timeout: "300s" # set both here, and on your functions write_timeout: "300s" # set both here, and on your functions DOCKER_API_VERSION: "1.30" + basic_auth: "${BASIC_AUTH:-true}" + secret_mount_path: "/run/secrets/" deploy: placement: constraints: @@ -65,6 +65,9 @@ services: delay: 5s max_attempts: 20 window: 380s + secrets: + - basic-auth-user + - basic-auth-password nats: image: nats-streaming:0.6.0