-
Notifications
You must be signed in to change notification settings - Fork 33
/
Copy pathdocker-compose.production.yml
87 lines (87 loc) · 2.57 KB
/
docker-compose.production.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
version: '3.2'
services:
etcd:
restart: always
volumes:
- /mnt/storage/kqueen/etcd/:/0.etcd/
api:
image: kqueen/api:v1.0
restart: always
environment:
KQUEEN_CONFIG_FILE: config/prod.py
KQUEEN_DEBUG: 'False'
KQUEEN_ETCD_HOST: etcd
KQUEEN_PROMETHEUS_WHITELIST: '172.16.238.0/24'
# TODO: set SECRET_KEY
KQUEEN_SECRET_KEY: ''
BOOTSTRAP_ADMIN: 'True'
BOOTSTRAP_ADMIN_USERNAME: admin
# TODO: set admin password
BOOTSTRAP_ADMIN_PASSWORD:
BOOTSTRAP_ADMIN_ORGANIZATION: DemoOrg
BOOTSTRAP_ADMIN_NAMESPACE: demoorg
volumes:
- ./kqueen/config/prod.py:/code/kqueen/config/prod.py
depends_on:
- etcd
proxy:
env_file:
- .env
build:
context: ./prod/nginx/
# TODO: check that NGINX_VHOSTNAME from .env file is equal with generated ssl-cert
args:
- DEBUG=${NGINX_DEBUG}
- VHOSTNAME=${NGINX_VHOSTNAME}
- SSL_CERTIFICATE_DIR=${NGINX_SSL_CERTIFICATE_DIR}/${NGINX_VHOSTNAME}
- SSL_CERTIFICATE_PATH=${NGINX_SSL_CERTIFICATE_DIR}/${NGINX_VHOSTNAME}/fullchain.cer
- SSL_CERTIFICATE_KEY_PATH=${NGINX_SSL_CERTIFICATE_DIR}/${NGINX_VHOSTNAME}/${NGINX_VHOSTNAME}.key
- SSL_TRUSTED_CERTIFICATE_PATH=${NGINX_SSL_CERTIFICATE_DIR}/${NGINX_VHOSTNAME}/ca.cer
restart: always
ports:
- 443:443
- 80:80
volumes:
- /mnt/storage/kqueen/certs/:${NGINX_SSL_CERTIFICATE_DIR}/${NGINX_VHOSTNAME}/:ro
volumes_from:
- ui:ro
depends_on:
- ui
ui:
image: kqueen/ui:v1.0
environment:
KQUEENUI_PREFERRED_URL_SCHEME: https
KQUEEN_UI_CONFIG_FILE: config/prod.py
KQUEENUI_DEBUG: 'False'
# TODO: set SECRET_KEY
KQUEENUI_SECRET_KEY: ''
KQUEENUI_KQUEEN_API_URL: http://api:5000/api/v1/
KQUEENUI_KQUEEN_AUTH_URL: http://api:5000/api/v1/auth
KQUEENUI_KQUEEN_SERVICE_USER_USERNAME: admin
# TODO: set same password as in api BOOTSTRAP_ADMIN_PASSWORD
KQUEENUI_KQUEEN_SERVICE_USER_PASSWORD:
KQUEENUI_MAIL_SERVER: mail
KQUEENUI_MAIL_PORT: 10025
KQUEENUI_ENABLE_PUBLIC_REGISTRATION: 'True'
STATIC_DIR: /mnt/static/
volumes:
- /mnt/static/
restart: always
depends_on:
- api
mail:
image: modularitycontainers/postfix
restart: always
environment:
MYHOSTNAME: 'mail'
prometheus:
image: prom/prometheus
restart: always
ports:
- 127.0.0.1:9090:9090
volumes:
- ./prod/prometheus/:/etc/prometheus/:Z
- /mnt/storage/kqueen/prometheus/:/prometheus/
links:
- api
- etcd