version: '3' services: vault-wrap: # $IMAGE_PATH и $RELEASE_VERSION определены в .gitlab-ci.yml image: $IMAGE_PATH/vault-wrap:$RELEASE_VERSION container_name: vault-wrap environment: - ACTION_ADDRESS=${ACTION_ADDRESS:-https://secret.example.ru} - VAULT_ADDRESS=${VAULT_ADDRESS} - LISTEN_PORT=8080 - TLS_KEY_FILE=${TLS_KEY_FILE} - TLS_CERT_FILE=${TLS_CERT_FILE} - TZ=Europe/Moscow restart: always # ports: # - 1234:8080 build: context: . volumes: - vault-wrap-log:/var/log/vault-wrap - vault-wrap-conf:/usr/local/share/vault-wrap logging: # driver: "syslog" options: max-size: "10m" max-file: "5" labels: - "tra.enable=true" - "tra.http.routers.secret.rule=Host(`secret.example.ru`)" - "tra.http.services.secret.loadbalancer.server.port=8080" - "tra.docker.network=reverse-proxy" - "tra.http.routers.secret.tls=true" - "tra.http.services.secret.loadbalancer.server.scheme=http" networks: - default - vault-wrap networks: default: name: reverse-proxy external: true vault-wrap: internal: true volumes: vault-wrap-log: vault-wrap-conf: