Set SELinux labels for bind mounts, replace secrets with bind mounts

2025-07-12 13:00:21 +02:00 · 2025-07-03 14:09:01 +00:00
parent 98e0512a61
commit 078c16e8dd
22 changed files with 62 additions and 86 deletions
--- a/kr/docker-compose.yml
+++ b/kr/docker-compose.yml
@ -56,12 +56,10 @@ services:
      - "forward_proxy"
    volumes:
      - /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro
-      - /srv/docker/bridgehead/kr/root.crt.pem:/conf/root.crt.pem:ro
+      - /srv/docker/bridgehead/kr/root.crt.pem:/conf/root.crt.pem:ro,Z
+      # secrets don't seem to allow us to specify Z
+      - /etc/bridgehead/pki/${SITE_ID}.priv.pem:/run/secrets/proxy.pem:ro


 volumes:
  blaze-data:
-
-secrets:
-  proxy.pem:
-    file: /etc/bridgehead/pki/${SITE_ID}.priv.pem