version: '3' services: vault-wrap: # $IMAGE_PATH и $RELEASE_VERSION определены в .gitlab-ci.yml image: $IMAGE_PATH/vault-wrap:$RELEASE_VERSION environment: - ACTION_ADDRESS=${ACTION_ADDRESS:-https://secret.corp.samsonopt.ru} - VAULT_ADDRESS=${VAULT_ADDRESS} - LISTEN_PORT=443 - TLS_KEY_FILE=${TLS_KEY_FILE} - TLS_CERT_FILE=${TLS_CERT_FILE} - TZ=Europe/Moscow restart: always build: context: . volumes: - vault-wrap-log:/var/log/vault-wrap - vault-wrap-conf:/usr/local/share/vault-wrap logging: # driver: "syslog" options: max-size: "10m" max-file: "5" labels: - "traefik.enable=true" - "traefik.http.routers.secret.rule=Host(`secret.corp.samsonopt.ru`)" - "traefik.http.services.secret.loadbalancer.server.port=443" - "traefik.docker.network=reverse-proxy" - "traefik.http.routers.secret.tls=true" networks: - default - vault-wrap traefik: image: traefik:v3.0 command: # - --entrypoints.web.address=:80 # - --entrypoints.web-secure.address=:443 # - --providers.docker=true - --providers.file.directory=/configuration/ - --providers.file.watch=true volumes: - traefik-dynamic-conf:/configuration/ - /usr/local/etc/traefik/traefik.yml:/traefik.yml:ro - /var/run/docker.sock:/var/run/docker.sock:ro - traefik-ssl:/ssl/:ro ports: - 80:80 - 8080:8080 - 888:888 - 443:443 restart: always networks: - default labels: - "traefik.enable=true" - "traefik.http.routers.traefik.entrypoints=https" - "traefik.http.routers.traefik.rule=Host(`runner1-prod.corp.samsonopt.ru`)" - "traefik.http.routers.traefik.tls=true" # - "traefik.http.routers.traefik.tls.certresolver=letsEncrypt" - "traefik.http.routers.traefik.service=api@internal" - "traefik.http.services.traefik-traefik.loadbalancer.server.port=888" networks: default: name: reverse-proxy external: true vault-wrap: internal: true volumes: vault-wrap-log: vault-wrap-conf: traefik-dynamic-conf: traefik-ssl: