finallycoffee/matrix-docker-ansible-deploy
5
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Harden Traefik security by accessing the Docker API through docker-socket-proxy

Browse Source 
With these changes, we:

- install https://github.com/Tecnativa/docker-socket-proxy via the
  https://github.com/devture/com.devture.ansible.role.container_socket_proxy Ansible role

- make Traefik access the Docker API via TCP by connecting to this
  socket proxy

- .. which allows us to run the Traefik container with less privileges
  (non-`root`, dropped capabilities)
This commit is contained in:
Slavi Pantaleev
2023-03-06 09:08:04 +02:00
parent 449b51588e
commit bf2b540807
3 changed files with 48 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
requirements.yml
View File

@@ -51,8 +51,11 @@
- src: git+https://gitlab.com/etke.cc/roles/etherpad.git
version: v1.8.18-2
- src: git+https://github.com/devture/com.devture.ansible.role.container_socket_proxy.git
version: v0.1.1-0
- src: git+https://github.com/devture/com.devture.ansible.role.traefik.git
version: v2.9.8-0
version: v2.9.8-1
- src: git+https://github.com/devture/com.devture.ansible.role.traefik_certs_dumper.git
version: v2.8.1-0