dockerhealth-checkdocker-secrets

Safe ways to specify postgres parameters for healthchecks in docker compose


I'm using secrets to manage username, password, and dbname with a Docker stack using Postgres as a DB. I now want to use the healthcheck feature that Docker provides.

docker-compose.yml:

x-db-secrets: &db_secrets
    - psql_user
    - psql_pass
    - psql_dbname

services:
  db:
    image: postgres:13.1
    volumes:
      - postgres_data:/var/lib/postgresql/data/
    environment:
      - POSTGRES_USER_FILE=/run/secrets/psql_user
      - POSTGRES_DB_FILE=/run/secrets/psql_dbname
      - POSTGRES_PASSWORD_FILE=/run/secrets/psql_pass
    secrets: *db_secrets
    healthcheck:
      test: pg_isready -U myuser -d db_prod
      interval: 10s
      timeout: 3s
      retries: 3

(... other services...)

volumes:
  postgres_data:
  static_content:
  media_content:

secrets:
  psql_user:
    external: true
  psql_pass:
    external: true
  psql_dbname:
    external: true

As can be noted in the healthcheck: section, I'm exposing the db username & the dbname with the healthcheck. My question (with some follow-up based on the answer):

Thoughts? Workaround?

Additional details:


Solution

  • So this can be done by using a .env file and slightly modifiying your docker-compose.yml file.

    POSTGRES_HOST=db
    POSTGRES_USER=root
    POSTGRES_PASSWORD=password
    POSTGRES_DB=dev
    
    services:
      db:
        image: postgres:13.1
        volumes:
          - postgres_data:/var/lib/postgresql/data/
        env_file:
          - .env
        secrets: *db_secrets
        healthcheck:
          test: ["CMD-SHELL", "sh -c 'pg_isready -U ${POSTGRES_USER} -d ${POSTGRES_DB}'"]
          interval: 10s
          timeout: 3s
          retries: 3