diff --git a/sandbox/docker-compose.yml b/sandbox/docker-compose.yml new file mode 100644 index 0000000..09f68e2 --- /dev/null +++ b/sandbox/docker-compose.yml @@ -0,0 +1,429 @@ +x-all-secrets-perm: + &all-secrets-perm + uid: "1000" + gid: "1000" + mode: 0400 + +x-secrets: + &all-secrets + secrets: + - source: card_iv.txt + target: card_iv.txt + <<: *all-secrets-perm + - source: card_qwe.txt + target: card_qwe.txt + <<: *all-secrets-perm + - source: card_asd.txt + target: card_asd.txt + <<: *all-secrets-perm + - source: db_access + target: db_access + <<: *all-secrets-perm + - source: salts + target: salts + <<: *all-secrets-perm + - source: connectors.json + target: connectors.json + <<: *all-secrets-perm + - source: msmtp.conf + target: msmtp.conf + <<: *all-secrets-perm + - source: smtp_ca.cert + target: smtp_ca.cert + <<: *all-secrets-perm + +x-nginx-secrets-perm: + &nginx-secrets-perm + uid: "101" + gid: "101" + mode: 0400 + +x-nginx-secrets: + &nginx-secrets + secrets: + - source: server.admin.crt + target: server.admin.crt + <<: *nginx-secrets-perm + - source: server.admin.key + target: server.admin.key + <<: *nginx-secrets-perm + - source: server.api.admin-control.crt + target: server.api.admin-control.crt + <<: *nginx-secrets-perm + - source: server.api.admin-control.key + target: server.api.admin-control.key + <<: *nginx-secrets-perm + - source: server.api-client.crt + target: server.api-client.crt + <<: *nginx-secrets-perm + - source: server.api-client.key + target: server.api-client.key + <<: *nginx-secrets-perm + - source: server.api-test.crt + target: server.api-test.crt + <<: *nginx-secrets-perm + - source: server.api-test.key + target: server.api-test.key + <<: *nginx-secrets-perm + - source: server.api.admin.crt + target: server.api.admin.crt + <<: *nginx-secrets-perm + - source: server.api.admin.key + target: server.api.admin.key + <<: *nginx-secrets-perm + - source: server.api.partner.crt + target: server.api.partner.crt + <<: *nginx-secrets-perm + - source: server.api.partner.key + target: server.api.partner.key + <<: *nginx-secrets-perm + - source: server.rtps.crt + target: server.rtps.crt + <<: *nginx-secrets-perm + - source: server.rtps.key + target: server.rtps.key + <<: *nginx-secrets-perm + - source: server.webhook.crt + target: server.webhook.crt + <<: *nginx-secrets-perm + - source: server.webhook.key + target: server.webhook.key + <<: *nginx-secrets-perm + - source: server.webapi-i-client.crt + target: server.webapi-i-client.crt + <<: *nginx-secrets-perm + - source: server.webapi-i-client.key + target: server.webapi-i-client.key + <<: *nginx-secrets-perm + - source: server.bonus-client.crt + target: server.bonus-client.crt + <<: *nginx-secrets-perm + - source: server.bonus-client.key + target: server.bonus-client.key + <<: *nginx-secrets-perm + - source: server.i_client.crt + target: server.i_client.crt + <<: *nginx-secrets-perm + - source: server.i_client.key + target: server.i_client.key + <<: *nginx-secrets-perm + - source: monitoring_allowed_hosts.txt + target: monitoring_allowed_hosts.txt + <<: *nginx-secrets-perm + +x-webhook-secrets-perm: + &webhook-secrets-perm + uid: "1000" + gid: "1000" + mode: 0400 + +x-webhook-secrets: + &webhook-secrets + secrets: + - source: db_access + target: db_access + <<: *all-secrets-perm + - source: salts + target: salts + <<: *all-secrets-perm + - source: connectors.json + target: connectors.json + <<: *all-secrets-perm + - source: webhook.auth + target: webhook.auth + <<: *webhook-secrets-perm + +x-pdf-renderer-secrets-perm: + &pdf-renderer-secrets-perm + uid: "1000" + gid: "1000" + mode: 0400 + +x-pdf-renderer-secrets: + &pdf-renderer-secrets + secrets: + - source: pdf_renderer.auth + target: pdf_renderer.auth + <<: *pdf-renderer-secrets-perm + +x-settings: + &env-settings + env_file: + - $PROJECT_SETTINGS + +x-report-generator-env: + &report_generator_env + REPORT_GENERATOR_BASE_URL: "http://pdf-renderer:5000" + REPORT_GENERATOR_USERNAME: "renderer" + REPORT_GENERATOR_PASSWORD: "renderer" + +x-nginx-settings: + &nginx-settings + environment: + FRONTEND_URL: http://admin_web:3000 + FRONTEND_I_CLIENT_URL: http://i_client_web:3000 + FRONTEND_I_CLIENT_V2_URL: http://i_client_v2_web:3000 + BACKEND_URL: http://admin_api:10000 + BONUS_CLIENT_URL: http://bonus_client_api:10001 + RTPS_URL: http://rtps_api:10002 + PARTNER_URL: http://partner_api:10003 + APITEST_URL: http://apitest_api:10004 + CLIENT_URL: http://client_api:10005 + INDIVIDUAL_CLIENT_URL: http://client_individual_webapi:10006 + WEBHOOK_URL: http://webhook_api:10007 + BACKEND_ADMIN_CONTROL_URL: http://admin_control_api:10008 + PARTNER_ONBOARDING_API_URL: http://partner_onboarding_api:10009 + CLIENT_ONBOARDING_URL: http://client_onboarding:10010 + +x-deploy: + &deploy-settings + deploy: + replicas: $REPLICAS + update_config: + order: stop-first + restart_policy: + condition: on-failure + +x-network: + &network-simple + networks: + - issuing + +x-health-core: + &health-core + healthcheck: + test: "exit 0" + +x-health-external: + &health-external + healthcheck: + test: "exit 0" + +x-graceful-timeout: + &graceful-timeout + stop_grace_period: "${GRACEFUL_TIMEOUT:-2m}" + +services: + migrate: + image: $DOCKER_REGISTRY/core:$TAG_MIGRATE + <<: [*env-settings,*network-simple,*deploy-settings,*all-secrets,*health-core] + command: /job.sh migrate + + task_template: + image: $DOCKER_REGISTRY/core:$TAG_TASK_TEMPLATE + command: "/wait_forever.sh" + <<: [*env-settings,*network-simple,*deploy-settings,*all-secrets,*health-core,*graceful-timeout] + environment: + <<: *report_generator_env + + admin_api: + image: $DOCKER_REGISTRY/core:$TAG_ADMIN_API + command: /entrypoint-admin.sh + <<: [*env-settings,*network-simple,*deploy-settings,*all-secrets,*health-core,*graceful-timeout] + environment: + <<: *report_generator_env + NAMELESS_CONFIG: "/opt/project/configs/admin.conf" + + admin_control_api: + image: $DOCKER_REGISTRY/core:$TAG_ADMIN_CONTROL_API + command: /entrypoint-admin-control.sh + <<: [*env-settings,*network-simple,*deploy-settings,*all-secrets,*health-core,*graceful-timeout] + environment: + <<: *report_generator_env + NAMELESS_CONFIG: "/opt/project/configs/admin_control.conf" + + client_individual_webapi: + image: $DOCKER_REGISTRY/core:$TAG_CLIENT_INDIVIDUALAPI + command: /entrypoint-individual-webclient.sh + <<: [*env-settings,*network-simple,*deploy-settings,*all-secrets,*health-core,*graceful-timeout] + environment: + <<: *report_generator_env + NAMELESS_CONFIG: "/opt/project/configs/individual_webclient.conf" + + bonus_client_api: + image: $DOCKER_REGISTRY/core:$TAG_BONUS_CLIENT_API + command: /entrypoint-bonus-client.sh + <<: [*env-settings,*network-simple,*deploy-settings,*all-secrets,*health-core,*graceful-timeout] + environment: + - "NAMELESS_CONFIG=/opt/project/configs/bonus_client.conf" + + client_api: + image: $DOCKER_REGISTRY/core:$TAG_CLIENT_API + command: /entrypoint-apiclient.sh + <<: [*env-settings,*network-simple,*deploy-settings,*all-secrets,*health-core,*graceful-timeout] + environment: + - "NAMELESS_CONFIG=/opt/project/configs/apiclient.conf" + + rtps_api: + image: $DOCKER_REGISTRY/core:$TAG_RTPS_API + command: /entrypoint-rtps.sh + <<: [*env-settings,*network-simple,*deploy-settings,*all-secrets,*health-core,*graceful-timeout] + environment: + - "NAMELESS_CONFIG=/opt/project/configs/rtps.conf" + + webhook_api: + image: $DOCKER_REGISTRY/core:$TAG_WEBHOOK_API + command: /entrypoint-webhook.sh + <<: [*env-settings,*network-simple,*deploy-settings,*webhook-secrets,*health-core,*graceful-timeout] + environment: + - "NAMELESS_CONFIG=/opt/project/configs/webhook.conf" + + partner_api: + image: $DOCKER_REGISTRY/core:$TAG_PARTNER_API + command: /entrypoint-partner.sh + <<: [*env-settings,*network-simple,*deploy-settings,*all-secrets,*health-core,*graceful-timeout] + environment: + - "NAMELESS_CONFIG=/opt/project/configs/partner.conf" + + front_nginx: + image: $DOCKER_REGISTRY/front-web-nginx:$TAG_FRONT_NGINX + ports: + - "$PUBLIC_NODE_IP:5443:4443" + - "$PUBLIC_NODE_IP:5444:4444" + <<: [*env-settings,*network-simple,*deploy-settings,*nginx-secrets,*nginx-settings,*health-external,*graceful-timeout] + + admin_web: + image: $DOCKER_REGISTRY/internet-banking-admin:$TAG_ADMIN_WEB + <<: [*env-settings,*network-simple,*deploy-settings,*health-external,*graceful-timeout] + env_file: + - ".project.admin.tmp.env" + + i_client_web: + image: $DOCKER_REGISTRY/internet-banking-client:$TAG_I_CLIENT_WEB + <<: [*env-settings,*network-simple,*deploy-settings,*health-external,*graceful-timeout] + env_file: + - ".project.i_client.tmp.env" + + cron_service: + image: $DOCKER_REGISTRY/scheduler:$TAG_CRON_SERVICE + volumes: + - /var/run/docker.sock:/var/run/docker.sock + deploy: + replicas: 1 + update_config: + order: stop-first + restart_policy: + condition: any + placement: + constraints: + - node.role == manager + <<: [*env-settings,*network-simple,*health-external,*graceful-timeout] + environment: + - "SCHEDULER_EXEC_MODE=1" + + pdf-renderer: + image: $DOCKER_REGISTRY/coin-pdf-renderer:$TAG_PDF_RENDERER_SERVICE + command: /entrypoint.sh + <<: [*env-settings,*network-simple,*deploy-settings,*health-external,*graceful-timeout,*pdf-renderer-secrets] + environment: + - "AUTH_FILE=/run/secrets/pdf_renderer.auth" + env_file: + - ".project.renderer.tmp.env" + +secrets: + card_iv.txt: + file: ./secrets/card_iv.txt + name: card_iv.$SV_card_iv + card_asd.txt: + file: ./secrets/card_asd.txt + name: card_asd.$SV_card_asd + card_qwe.txt: + file: ./secrets/card_qwe.txt + name: card_qwe.$SV_card_qwe + db_access: + file: ./secrets/db_access + name: db_access.$SV_db_access + salts: + file: ./secrets/salts + name: salts.$SV_salts + connectors.json: + file: ./secrets/connectors.json + name: connectors.$SV_connectors + server.admin.crt: + file: ./secrets/server.admin.crt + name: server_admin_crt.$SV_server_admin_crt + server.admin.key: + file: ./secrets/server.admin.key + name: server_admin_key.$SV_server_admin_key + server.webhook.crt: + file: ./secrets/server.webhook.crt + name: server_webhook_crt.$SV_server_webhook_crt + server.webhook.key: + file: ./secrets/server.webhook.key + name: server_webhook_key.$SV_server_webhook_key + server.api-client.crt: + file: ./secrets/server.api-client.crt + name: server_api_client_crt.$SV_server_api_client_crt + server.api-client.key: + file: ./secrets/server.api-client.key + name: server_api_client_key.$SV_server_api_client_key + server.api-test.crt: + file: ./secrets/server.api-test.crt + name: server_api_test_crt.$SV_server_api_test_crt + server.api-test.key: + file: ./secrets/server.api-test.key + name: server_api_test_key.$SV_server_api_test_key + server.api.admin.crt: + file: ./secrets/server.api.admin.crt + name: server_api_admin_crt.$SV_server_api_admin_crt + server.api.admin.key: + file: ./secrets/server.api.admin.key + name: server_api_admin_key.$SV_server_api_admin_key + server.api.admin-control.crt: + file: ./secrets/server.api.admin-control.crt + name: server_api_admin_control_crt.$SV_server_admin_control_crt + server.api.admin-control.key: + file: ./secrets/server.api.admin-control.key + name: server_api_admin_control_key.$SV_server_admin_control_key + server.api.partner.crt: + file: ./secrets/server.api.partner.crt + name: server_api_partner_crt.$SV_server_api_partner_crt + server.api.partner.key: + file: ./secrets/server.api.partner.key + name: server_api_partner_key.$SV_server_api_partner_key + server.rtps.crt: + file: ./secrets/server.rtps.crt + name: server_rtps_crt.$SV_server_rtps_crt + server.rtps.key: + file: ./secrets/server.rtps.key + name: server_rtps_key.$SV_server_rtps_key + server.webapi-i-client.crt: + file: ./secrets/server.webapi-i-client.crt + name: server_webapi_i_client_crt.$SV_server_webapi_i_client_crt + server.webapi-i-client.key: + file: ./secrets/server.webapi-i-client.key + name: server_webapi_i_client_key.$SV_server_webapi_i_client_key + server.bonus-client.crt: + file: ./secrets/server.bonus-client.crt + name: server_bonus_client_crt.$SV_server_bonus_client_crt + server.bonus-client.key: + file: ./secrets/server.bonus-client.key + name: server_bonus_client_key.$SV_server_bonus_client_key + server.i_client.crt: + file: ./secrets/server.i_client.crt + name: server_i_client_crt.$SV_server_i_client_crt + server.i_client.key: + file: ./secrets/server.i_client.key + name: server_i_client_key.$SV_server_i_client_key + webhook.auth: + file: ./secrets/webhook.auth + name: webhook.auth.$SV_webhook_auth + monitoring_allowed_hosts.txt: + file: ./secrets/monitoring_allowed_hosts.txt + name: monitoring_allowed_hosts.txt.$SV_monitoring_allowed_hosts_txt + pdf_renderer.auth: + file: ./secrets/pdf_renderer.auth + name: pdf_renderer.auth.$SV_pdf_renderer_auth + msmtp.conf: + file: ./secrets/msmtp.conf + name: msmtp.conf.$SV_msmtp_conf + smtp_ca.cert: + file: ./secrets/smtp_ca.cert + name: smtp_ca.cert.$SV_smtp_ca_cert + +networks: + issuing: + driver: overlay + driver_opts: + scope: swarm + attachable: true