Enchancement: Support for Docker Secrets
anandslab opened this issue · comments
I moved my CF token to docker secrets from .env. But cf-companion does not appear to work with secrets.
I have functionality baked into my base images to support docker secrets, just not in this image. It is coming in a future release. Still a few weeks off unfortunately.
I have a beta version of upcoming release available
docker pull tiredofit/traefik-cloudflare-companion:develop
It supports Docker Secrets. There are also two modes for API access.
With Scoped Mode - you need to set the following environment variable.
API_MODE=SCOPED
The Docker Secret or environment variable for this mode is
CF_API_TOKEN=(yourscopedtoken)
With the current functioning mode GLOBAL API you will need to:
API_MODE=GLOBAL
and the original environment variables/secrets of:
CF_EMAIL=yourcloudflareemail@example.com
CF_TOKEN=yourglobalapi
If I could have this tested that would be wonderful and I'll clean this up further and focus on the other remaining enhancements:
- Support global or scoped API mode (API_MODE=GLOBAL/SCOPED) (inital credit: blinkiz@github)
- Support Refreshing Entries (inital credit: dchidell@github)
- Support Docker Swarm Mode
- Support Docker Secrets
The following above is useful for tiredofit/traefik-cloudflare-companion:5.0
which I pushed today which I am finding the secrets support questionable.
Instead I just rewrote the whole thing in pure python tagging as tiredofit/traefik-cloudflare-companion:6.0
For this version, You just need to set CF_EMAIL=None
and don't worry about the API_MODE
env var, it's been removed. See README.
I tried using a scoped token that can edit all dns zones. getting auth errors. Secret was loaded into container at /run/secrets/mysecret
Have same issues..
Whenever i try to use secrets, they just dont work for whatever reason.
Below works:
environment:
- TIMEZONE=$TZ
- TRAEFIK_VERSION=2
- CF_EMAIL=
- CF_TOKEN=Alkjasdflkj243k76j1#&JLKJa0-24
- TARGET_DOMAIN=dockers.$DOMAINNAME
- DOMAIN1=$DOMAINNAME
- DOMAIN1_ZONE_ID=10654065403241036406504
- DOMAIN1_PROXIED=TRUE
- DOCKER_HOST=tcp://socket-proxy:2375
This doesnt work:
secrets:
cloudflare_email:
file: $SECRETSDIR/cloudflare_email
cloudflare_api_token:
file: $SECRETSDIR/cloudflare_api_token
cloudflare_zoneid:
file: $SECRETSDIR/cloudflare_zoneid
-----
environment:
- TIMEZONE=$TZ
- TRAEFIK_VERSION=2
- CF_API_TOKEN=/run/secrets/cloudflare_api_token # Scoped api token
- CF_EMAIL=
- TARGET_DOMAIN=dockers.$DOMAINNAME
- DOMAIN1=$DOMAINNAME
- DOMAIN1_ZONE_ID=/run/secrets/cloudflare_zoneid # Copy from Cloudflare Overview page
- DOMAIN1_PROXIED=TRUE
- DOCKER_HOST=tcp://socket-proxy:2375
secrets:
- cloudflare_email
- cloudflare_api_token
- cloudflare_zoneid
@tiredofit please reopen or give a prober explenation on the secrets usage?