commit df2c9df1f57e0bcee733bf2a2697ebee3c542481
author Oleksii Molchanov <omolchanov@mirantis.com> Tue Jul 28 23:34:03 2020 +0300
committer Oleksii Molchanov <omolchanov@mirantis.com> Thu Aug 20 13:52:32 2020 +0300
tree ff2ea1fc2d3f22f80d67121d974e9a4586bc76ef
parent d12d9c8ecccdc3bd25cf93d3bd49da7811dc1bd6

Pass secrets to containers as files instead of env variables

Related-Prod: PROD-34268
Change-Id: I8269e2c3f0402980df13430de213764a7e2f8949

docker/swarm/stack/dashboard.yml

diff --git a/docker/swarm/stack/dashboard.yml b/docker/swarm/stack/dashboard.yml
index 7b0eac5..9dfc85f 100644
--- a/docker/swarm/stack/dashboard.yml
+++ b/docker/swarm/stack/dashboard.yml
@@ -10,6 +10,7 @@
     client:
       stack:
         dashboard:
+          version: '3.7'
           service:
             grafana:
               deploy:
@@ -23,6 +24,18 @@
                 GF_DATABASE_TYPE: ${_param:grafana_database_type}
                 GF_DATABASE_NAME: grafana
                 GF_DATABASE_USER: grafana
-                GF_DATABASE_PASSWORD: ${_param:grafana_database_password}
+                GF_DATABASE_PASSWORD__FILE: /run/secrets/grafana-database
                 GF_DATABASE_HOST: "${_param:grafana_database_host}:${_param:grafana_database_port}"
-                GF_SECURITY_ADMIN_PASSWORD: ${_param:grafana_admin_password}
+                GF_SECURITY_ADMIN_PASSWORD__FILE: /run/secrets/grafana-admin
+              secrets:
+                - grafana-database
+                - grafana-admin
+          secrets:
+            grafana-database:
+              external: true
+              value: ${_param:grafana_database_password}
+            grafana-admin:
+              external: true
+              value: ${_param:grafana_admin_password}
+
+