2024-07-09 16:28:45 +03:00
|
|
|
version: '3'
|
|
|
|
|
|
|
|
services:
|
|
|
|
vault-wrap:
|
|
|
|
# $IMAGE_PATH и $RELEASE_VERSION определены в .gitlab-ci.yml
|
|
|
|
image: $IMAGE_PATH/vault-wrap:$RELEASE_VERSION
|
|
|
|
environment:
|
2024-07-10 15:12:03 +03:00
|
|
|
- ACTION_ADDRESS=${ACTION_ADDRESS:-https://secret.corp.samsonopt.ru}
|
2024-07-09 16:28:45 +03:00
|
|
|
- VAULT_ADDRESS=${VAULT_ADDRESS}
|
2024-07-10 12:55:19 +03:00
|
|
|
- LISTEN_PORT=443
|
2024-07-09 16:28:45 +03:00
|
|
|
- TLS_KEY_FILE=${TLS_KEY_FILE}
|
|
|
|
- TLS_CERT_FILE=${TLS_CERT_FILE}
|
|
|
|
- TZ=Europe/Moscow
|
|
|
|
restart: always
|
|
|
|
build:
|
|
|
|
context: .
|
|
|
|
volumes:
|
|
|
|
- vault-wrap-log:/var/log/vault-wrap
|
|
|
|
- vault-wrap-conf:/usr/local/share/vault-wrap
|
|
|
|
logging:
|
|
|
|
# driver: "syslog"
|
|
|
|
options:
|
|
|
|
max-size: "10m"
|
|
|
|
max-file: "5"
|
2024-07-10 14:59:08 +03:00
|
|
|
labels:
|
|
|
|
- "traefik.enable=true"
|
|
|
|
- "traefik.http.routers.secret.rule=Host(`secret.corp.samsonopt.ru`)"
|
|
|
|
- "traefik.http.services.secret.loadbalancer.server.port=443"
|
|
|
|
- "traefik.docker.network=reverse-proxy"
|
|
|
|
- "traefik.http.routers.secret.tls=true"
|
|
|
|
networks:
|
|
|
|
- default
|
|
|
|
- vault-wrap
|
2024-07-09 16:46:58 +03:00
|
|
|
|
2024-07-10 12:55:19 +03:00
|
|
|
traefik:
|
|
|
|
image: traefik:v3.0
|
|
|
|
command:
|
|
|
|
# - --entrypoints.web.address=:80
|
|
|
|
# - --entrypoints.web-secure.address=:443
|
|
|
|
# - --providers.docker=true
|
|
|
|
- --providers.file.directory=/configuration/
|
|
|
|
- --providers.file.watch=true
|
|
|
|
volumes:
|
2024-07-10 15:12:03 +03:00
|
|
|
- traefik-dynamic-conf:/configuration/
|
|
|
|
- /usr/local/etc/traefik/traefik.yml:/traefik.yml:ro
|
2024-07-10 12:55:19 +03:00
|
|
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
2024-07-10 15:12:03 +03:00
|
|
|
- traefik-ssl:/ssl/:ro
|
2024-07-10 12:55:19 +03:00
|
|
|
ports:
|
|
|
|
- 80:80
|
|
|
|
- 8080:8080
|
|
|
|
- 888:888
|
|
|
|
- 443:443
|
|
|
|
restart: always
|
|
|
|
networks:
|
|
|
|
- default
|
|
|
|
labels:
|
|
|
|
- "traefik.enable=true"
|
|
|
|
- "traefik.http.routers.traefik.entrypoints=https"
|
|
|
|
- "traefik.http.routers.traefik.rule=Host(`runner1-prod.corp.samsonopt.ru`)"
|
|
|
|
- "traefik.http.routers.traefik.tls=true"
|
|
|
|
# - "traefik.http.routers.traefik.tls.certresolver=letsEncrypt"
|
|
|
|
- "traefik.http.routers.traefik.service=api@internal"
|
|
|
|
- "traefik.http.services.traefik-traefik.loadbalancer.server.port=888"
|
|
|
|
|
|
|
|
networks:
|
|
|
|
default:
|
|
|
|
name: reverse-proxy
|
|
|
|
external: true
|
2024-07-10 14:59:08 +03:00
|
|
|
vault-wrap:
|
|
|
|
internal: true
|
2024-07-10 12:55:19 +03:00
|
|
|
|
2024-07-09 16:46:58 +03:00
|
|
|
volumes:
|
|
|
|
vault-wrap-log:
|
|
|
|
vault-wrap-conf:
|
2024-07-10 15:13:02 +03:00
|
|
|
traefik-dynamic-conf:
|
2024-07-10 15:12:03 +03:00
|
|
|
traefik-ssl:
|