Add auto network creation & podman secret environment variables
This commit is contained in:
Maurice
@@ -58,6 +58,11 @@ read_only = true # Whether to use ro mode, optional
|
|||||||
key = "<SECRET KEY>" # Secret key used in `podman secret`
|
key = "<SECRET KEY>" # Secret key used in `podman secret`
|
||||||
target = "<TARGET SECRET FILE>" # Target secret filename in /var/run/secrets. Optional, defaults to the key
|
target = "<TARGET SECRET FILE>" # Target secret filename in /var/run/secrets. Optional, defaults to the key
|
||||||
|
|
||||||
|
# Between environment and secrets: get secret from Podman and set it as environment variable
|
||||||
|
[[environment_secrets]]
|
||||||
|
name = "<ENV VARIABLE>" # Target environment variable name
|
||||||
|
secret = "<SECRET NAME>" # Secret key in `podman secret`
|
||||||
|
|
||||||
# Optionally, you can configure a healthcheck
|
# Optionally, you can configure a healthcheck
|
||||||
[service.healthcheck]
|
[service.healthcheck]
|
||||||
cmd = "<HEALTHCHECK COMMAND>" # The command or route to run/check
|
cmd = "<HEALTHCHECK COMMAND>" # The command or route to run/check
|
||||||
|
|||||||
11
src/main.rs
11
src/main.rs
@@ -26,7 +26,12 @@ pub fn generate_openrc(config: &ServiceConfig) -> String {
|
|||||||
|
|
||||||
// start_pre()
|
// start_pre()
|
||||||
script.push_str("start_pre() {\n");
|
script.push_str("start_pre() {\n");
|
||||||
script.push_str(&wrap(&format!("podman rm {} --ignore", config.service.name)));
|
let mut start_pre_commands = Vec::new();
|
||||||
|
if let Some(network) = &config.service.network {
|
||||||
|
start_pre_commands.push(format!("podman network create {} --ignore;", network));
|
||||||
|
}
|
||||||
|
start_pre_commands.push(format!("podman rm {} --ignore;", config.service.name));
|
||||||
|
script.push_str(&wrap(&start_pre_commands.join("\n")));
|
||||||
script.push_str("\n}\n\n");
|
script.push_str("\n}\n\n");
|
||||||
// }
|
// }
|
||||||
|
|
||||||
@@ -66,6 +71,10 @@ pub fn generate_openrc(config: &ServiceConfig) -> String {
|
|||||||
arguments.push(format!("--env {}='{}'", key, value));
|
arguments.push(format!("--env {}='{}'", key, value));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
for secret in &config.environment_secrets {
|
||||||
|
arguments.push(format!("--env {}='$(podman secret inspect --showsecret --format {{.SecretData}} {})'", secret.name, secret.secret));
|
||||||
|
}
|
||||||
|
|
||||||
for volume in &config.volumes {
|
for volume in &config.volumes {
|
||||||
arguments.push(format!("--volume {}:{}", &volume.volume, &volume.path));
|
arguments.push(format!("--volume {}:{}", &volume.volume, &volume.path));
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -12,6 +12,9 @@ pub struct ServiceConfig {
|
|||||||
#[serde(default)]
|
#[serde(default)]
|
||||||
pub environment: HashMap<String, String>,
|
pub environment: HashMap<String, String>,
|
||||||
|
|
||||||
|
#[serde(default)]
|
||||||
|
pub environment_secrets: Vec<EnvironmentSecret>,
|
||||||
|
|
||||||
#[serde(default)]
|
#[serde(default)]
|
||||||
pub ports: Vec<PortMapping>,
|
pub ports: Vec<PortMapping>,
|
||||||
|
|
||||||
@@ -48,6 +51,12 @@ pub struct Secret {
|
|||||||
pub target: Option<String>
|
pub target: Option<String>
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#[derive(Debug, Deserialize)]
|
||||||
|
pub struct EnvironmentSecret {
|
||||||
|
pub name: String,
|
||||||
|
pub secret: String
|
||||||
|
}
|
||||||
|
|
||||||
#[derive(Debug, Deserialize)]
|
#[derive(Debug, Deserialize)]
|
||||||
pub struct PortMapping {
|
pub struct PortMapping {
|
||||||
pub host: u16,
|
pub host: u16,
|
||||||
|
|||||||
Reference in New Issue
Block a user