Add sandbox/docker-compose.yml
This commit is contained in:
429
sandbox/docker-compose.yml
Normal file
429
sandbox/docker-compose.yml
Normal file
@@ -0,0 +1,429 @@
|
||||
x-all-secrets-perm:
|
||||
&all-secrets-perm
|
||||
uid: "1000"
|
||||
gid: "1000"
|
||||
mode: 0400
|
||||
|
||||
x-secrets:
|
||||
&all-secrets
|
||||
secrets:
|
||||
- source: card_iv.txt
|
||||
target: card_iv.txt
|
||||
<<: *all-secrets-perm
|
||||
- source: card_qwe.txt
|
||||
target: card_qwe.txt
|
||||
<<: *all-secrets-perm
|
||||
- source: card_asd.txt
|
||||
target: card_asd.txt
|
||||
<<: *all-secrets-perm
|
||||
- source: db_access
|
||||
target: db_access
|
||||
<<: *all-secrets-perm
|
||||
- source: salts
|
||||
target: salts
|
||||
<<: *all-secrets-perm
|
||||
- source: connectors.json
|
||||
target: connectors.json
|
||||
<<: *all-secrets-perm
|
||||
- source: msmtp.conf
|
||||
target: msmtp.conf
|
||||
<<: *all-secrets-perm
|
||||
- source: smtp_ca.cert
|
||||
target: smtp_ca.cert
|
||||
<<: *all-secrets-perm
|
||||
|
||||
x-nginx-secrets-perm:
|
||||
&nginx-secrets-perm
|
||||
uid: "101"
|
||||
gid: "101"
|
||||
mode: 0400
|
||||
|
||||
x-nginx-secrets:
|
||||
&nginx-secrets
|
||||
secrets:
|
||||
- source: server.admin.crt
|
||||
target: server.admin.crt
|
||||
<<: *nginx-secrets-perm
|
||||
- source: server.admin.key
|
||||
target: server.admin.key
|
||||
<<: *nginx-secrets-perm
|
||||
- source: server.api.admin-control.crt
|
||||
target: server.api.admin-control.crt
|
||||
<<: *nginx-secrets-perm
|
||||
- source: server.api.admin-control.key
|
||||
target: server.api.admin-control.key
|
||||
<<: *nginx-secrets-perm
|
||||
- source: server.api-client.crt
|
||||
target: server.api-client.crt
|
||||
<<: *nginx-secrets-perm
|
||||
- source: server.api-client.key
|
||||
target: server.api-client.key
|
||||
<<: *nginx-secrets-perm
|
||||
- source: server.api-test.crt
|
||||
target: server.api-test.crt
|
||||
<<: *nginx-secrets-perm
|
||||
- source: server.api-test.key
|
||||
target: server.api-test.key
|
||||
<<: *nginx-secrets-perm
|
||||
- source: server.api.admin.crt
|
||||
target: server.api.admin.crt
|
||||
<<: *nginx-secrets-perm
|
||||
- source: server.api.admin.key
|
||||
target: server.api.admin.key
|
||||
<<: *nginx-secrets-perm
|
||||
- source: server.api.partner.crt
|
||||
target: server.api.partner.crt
|
||||
<<: *nginx-secrets-perm
|
||||
- source: server.api.partner.key
|
||||
target: server.api.partner.key
|
||||
<<: *nginx-secrets-perm
|
||||
- source: server.rtps.crt
|
||||
target: server.rtps.crt
|
||||
<<: *nginx-secrets-perm
|
||||
- source: server.rtps.key
|
||||
target: server.rtps.key
|
||||
<<: *nginx-secrets-perm
|
||||
- source: server.webhook.crt
|
||||
target: server.webhook.crt
|
||||
<<: *nginx-secrets-perm
|
||||
- source: server.webhook.key
|
||||
target: server.webhook.key
|
||||
<<: *nginx-secrets-perm
|
||||
- source: server.webapi-i-client.crt
|
||||
target: server.webapi-i-client.crt
|
||||
<<: *nginx-secrets-perm
|
||||
- source: server.webapi-i-client.key
|
||||
target: server.webapi-i-client.key
|
||||
<<: *nginx-secrets-perm
|
||||
- source: server.bonus-client.crt
|
||||
target: server.bonus-client.crt
|
||||
<<: *nginx-secrets-perm
|
||||
- source: server.bonus-client.key
|
||||
target: server.bonus-client.key
|
||||
<<: *nginx-secrets-perm
|
||||
- source: server.i_client.crt
|
||||
target: server.i_client.crt
|
||||
<<: *nginx-secrets-perm
|
||||
- source: server.i_client.key
|
||||
target: server.i_client.key
|
||||
<<: *nginx-secrets-perm
|
||||
- source: monitoring_allowed_hosts.txt
|
||||
target: monitoring_allowed_hosts.txt
|
||||
<<: *nginx-secrets-perm
|
||||
|
||||
x-webhook-secrets-perm:
|
||||
&webhook-secrets-perm
|
||||
uid: "1000"
|
||||
gid: "1000"
|
||||
mode: 0400
|
||||
|
||||
x-webhook-secrets:
|
||||
&webhook-secrets
|
||||
secrets:
|
||||
- source: db_access
|
||||
target: db_access
|
||||
<<: *all-secrets-perm
|
||||
- source: salts
|
||||
target: salts
|
||||
<<: *all-secrets-perm
|
||||
- source: connectors.json
|
||||
target: connectors.json
|
||||
<<: *all-secrets-perm
|
||||
- source: webhook.auth
|
||||
target: webhook.auth
|
||||
<<: *webhook-secrets-perm
|
||||
|
||||
x-pdf-renderer-secrets-perm:
|
||||
&pdf-renderer-secrets-perm
|
||||
uid: "1000"
|
||||
gid: "1000"
|
||||
mode: 0400
|
||||
|
||||
x-pdf-renderer-secrets:
|
||||
&pdf-renderer-secrets
|
||||
secrets:
|
||||
- source: pdf_renderer.auth
|
||||
target: pdf_renderer.auth
|
||||
<<: *pdf-renderer-secrets-perm
|
||||
|
||||
x-settings:
|
||||
&env-settings
|
||||
env_file:
|
||||
- $PROJECT_SETTINGS
|
||||
|
||||
x-report-generator-env:
|
||||
&report_generator_env
|
||||
REPORT_GENERATOR_BASE_URL: "http://pdf-renderer:5000"
|
||||
REPORT_GENERATOR_USERNAME: "renderer"
|
||||
REPORT_GENERATOR_PASSWORD: "renderer"
|
||||
|
||||
x-nginx-settings:
|
||||
&nginx-settings
|
||||
environment:
|
||||
FRONTEND_URL: http://admin_web:3000
|
||||
FRONTEND_I_CLIENT_URL: http://i_client_web:3000
|
||||
FRONTEND_I_CLIENT_V2_URL: http://i_client_v2_web:3000
|
||||
BACKEND_URL: http://admin_api:10000
|
||||
BONUS_CLIENT_URL: http://bonus_client_api:10001
|
||||
RTPS_URL: http://rtps_api:10002
|
||||
PARTNER_URL: http://partner_api:10003
|
||||
APITEST_URL: http://apitest_api:10004
|
||||
CLIENT_URL: http://client_api:10005
|
||||
INDIVIDUAL_CLIENT_URL: http://client_individual_webapi:10006
|
||||
WEBHOOK_URL: http://webhook_api:10007
|
||||
BACKEND_ADMIN_CONTROL_URL: http://admin_control_api:10008
|
||||
PARTNER_ONBOARDING_API_URL: http://partner_onboarding_api:10009
|
||||
CLIENT_ONBOARDING_URL: http://client_onboarding:10010
|
||||
|
||||
x-deploy:
|
||||
&deploy-settings
|
||||
deploy:
|
||||
replicas: $REPLICAS
|
||||
update_config:
|
||||
order: stop-first
|
||||
restart_policy:
|
||||
condition: on-failure
|
||||
|
||||
x-network:
|
||||
&network-simple
|
||||
networks:
|
||||
- issuing
|
||||
|
||||
x-health-core:
|
||||
&health-core
|
||||
healthcheck:
|
||||
test: "exit 0"
|
||||
|
||||
x-health-external:
|
||||
&health-external
|
||||
healthcheck:
|
||||
test: "exit 0"
|
||||
|
||||
x-graceful-timeout:
|
||||
&graceful-timeout
|
||||
stop_grace_period: "${GRACEFUL_TIMEOUT:-2m}"
|
||||
|
||||
services:
|
||||
migrate:
|
||||
image: $DOCKER_REGISTRY/core:$TAG_MIGRATE
|
||||
<<: [*env-settings,*network-simple,*deploy-settings,*all-secrets,*health-core]
|
||||
command: /job.sh migrate
|
||||
|
||||
task_template:
|
||||
image: $DOCKER_REGISTRY/core:$TAG_TASK_TEMPLATE
|
||||
command: "/wait_forever.sh"
|
||||
<<: [*env-settings,*network-simple,*deploy-settings,*all-secrets,*health-core,*graceful-timeout]
|
||||
environment:
|
||||
<<: *report_generator_env
|
||||
|
||||
admin_api:
|
||||
image: $DOCKER_REGISTRY/core:$TAG_ADMIN_API
|
||||
command: /entrypoint-admin.sh
|
||||
<<: [*env-settings,*network-simple,*deploy-settings,*all-secrets,*health-core,*graceful-timeout]
|
||||
environment:
|
||||
<<: *report_generator_env
|
||||
NAMELESS_CONFIG: "/opt/project/configs/admin.conf"
|
||||
|
||||
admin_control_api:
|
||||
image: $DOCKER_REGISTRY/core:$TAG_ADMIN_CONTROL_API
|
||||
command: /entrypoint-admin-control.sh
|
||||
<<: [*env-settings,*network-simple,*deploy-settings,*all-secrets,*health-core,*graceful-timeout]
|
||||
environment:
|
||||
<<: *report_generator_env
|
||||
NAMELESS_CONFIG: "/opt/project/configs/admin_control.conf"
|
||||
|
||||
client_individual_webapi:
|
||||
image: $DOCKER_REGISTRY/core:$TAG_CLIENT_INDIVIDUALAPI
|
||||
command: /entrypoint-individual-webclient.sh
|
||||
<<: [*env-settings,*network-simple,*deploy-settings,*all-secrets,*health-core,*graceful-timeout]
|
||||
environment:
|
||||
<<: *report_generator_env
|
||||
NAMELESS_CONFIG: "/opt/project/configs/individual_webclient.conf"
|
||||
|
||||
bonus_client_api:
|
||||
image: $DOCKER_REGISTRY/core:$TAG_BONUS_CLIENT_API
|
||||
command: /entrypoint-bonus-client.sh
|
||||
<<: [*env-settings,*network-simple,*deploy-settings,*all-secrets,*health-core,*graceful-timeout]
|
||||
environment:
|
||||
- "NAMELESS_CONFIG=/opt/project/configs/bonus_client.conf"
|
||||
|
||||
client_api:
|
||||
image: $DOCKER_REGISTRY/core:$TAG_CLIENT_API
|
||||
command: /entrypoint-apiclient.sh
|
||||
<<: [*env-settings,*network-simple,*deploy-settings,*all-secrets,*health-core,*graceful-timeout]
|
||||
environment:
|
||||
- "NAMELESS_CONFIG=/opt/project/configs/apiclient.conf"
|
||||
|
||||
rtps_api:
|
||||
image: $DOCKER_REGISTRY/core:$TAG_RTPS_API
|
||||
command: /entrypoint-rtps.sh
|
||||
<<: [*env-settings,*network-simple,*deploy-settings,*all-secrets,*health-core,*graceful-timeout]
|
||||
environment:
|
||||
- "NAMELESS_CONFIG=/opt/project/configs/rtps.conf"
|
||||
|
||||
webhook_api:
|
||||
image: $DOCKER_REGISTRY/core:$TAG_WEBHOOK_API
|
||||
command: /entrypoint-webhook.sh
|
||||
<<: [*env-settings,*network-simple,*deploy-settings,*webhook-secrets,*health-core,*graceful-timeout]
|
||||
environment:
|
||||
- "NAMELESS_CONFIG=/opt/project/configs/webhook.conf"
|
||||
|
||||
partner_api:
|
||||
image: $DOCKER_REGISTRY/core:$TAG_PARTNER_API
|
||||
command: /entrypoint-partner.sh
|
||||
<<: [*env-settings,*network-simple,*deploy-settings,*all-secrets,*health-core,*graceful-timeout]
|
||||
environment:
|
||||
- "NAMELESS_CONFIG=/opt/project/configs/partner.conf"
|
||||
|
||||
front_nginx:
|
||||
image: $DOCKER_REGISTRY/front-web-nginx:$TAG_FRONT_NGINX
|
||||
ports:
|
||||
- "$PUBLIC_NODE_IP:5443:4443"
|
||||
- "$PUBLIC_NODE_IP:5444:4444"
|
||||
<<: [*env-settings,*network-simple,*deploy-settings,*nginx-secrets,*nginx-settings,*health-external,*graceful-timeout]
|
||||
|
||||
admin_web:
|
||||
image: $DOCKER_REGISTRY/internet-banking-admin:$TAG_ADMIN_WEB
|
||||
<<: [*env-settings,*network-simple,*deploy-settings,*health-external,*graceful-timeout]
|
||||
env_file:
|
||||
- ".project.admin.tmp.env"
|
||||
|
||||
i_client_web:
|
||||
image: $DOCKER_REGISTRY/internet-banking-client:$TAG_I_CLIENT_WEB
|
||||
<<: [*env-settings,*network-simple,*deploy-settings,*health-external,*graceful-timeout]
|
||||
env_file:
|
||||
- ".project.i_client.tmp.env"
|
||||
|
||||
cron_service:
|
||||
image: $DOCKER_REGISTRY/scheduler:$TAG_CRON_SERVICE
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
deploy:
|
||||
replicas: 1
|
||||
update_config:
|
||||
order: stop-first
|
||||
restart_policy:
|
||||
condition: any
|
||||
placement:
|
||||
constraints:
|
||||
- node.role == manager
|
||||
<<: [*env-settings,*network-simple,*health-external,*graceful-timeout]
|
||||
environment:
|
||||
- "SCHEDULER_EXEC_MODE=1"
|
||||
|
||||
pdf-renderer:
|
||||
image: $DOCKER_REGISTRY/coin-pdf-renderer:$TAG_PDF_RENDERER_SERVICE
|
||||
command: /entrypoint.sh
|
||||
<<: [*env-settings,*network-simple,*deploy-settings,*health-external,*graceful-timeout,*pdf-renderer-secrets]
|
||||
environment:
|
||||
- "AUTH_FILE=/run/secrets/pdf_renderer.auth"
|
||||
env_file:
|
||||
- ".project.renderer.tmp.env"
|
||||
|
||||
secrets:
|
||||
card_iv.txt:
|
||||
file: ./secrets/card_iv.txt
|
||||
name: card_iv.$SV_card_iv
|
||||
card_asd.txt:
|
||||
file: ./secrets/card_asd.txt
|
||||
name: card_asd.$SV_card_asd
|
||||
card_qwe.txt:
|
||||
file: ./secrets/card_qwe.txt
|
||||
name: card_qwe.$SV_card_qwe
|
||||
db_access:
|
||||
file: ./secrets/db_access
|
||||
name: db_access.$SV_db_access
|
||||
salts:
|
||||
file: ./secrets/salts
|
||||
name: salts.$SV_salts
|
||||
connectors.json:
|
||||
file: ./secrets/connectors.json
|
||||
name: connectors.$SV_connectors
|
||||
server.admin.crt:
|
||||
file: ./secrets/server.admin.crt
|
||||
name: server_admin_crt.$SV_server_admin_crt
|
||||
server.admin.key:
|
||||
file: ./secrets/server.admin.key
|
||||
name: server_admin_key.$SV_server_admin_key
|
||||
server.webhook.crt:
|
||||
file: ./secrets/server.webhook.crt
|
||||
name: server_webhook_crt.$SV_server_webhook_crt
|
||||
server.webhook.key:
|
||||
file: ./secrets/server.webhook.key
|
||||
name: server_webhook_key.$SV_server_webhook_key
|
||||
server.api-client.crt:
|
||||
file: ./secrets/server.api-client.crt
|
||||
name: server_api_client_crt.$SV_server_api_client_crt
|
||||
server.api-client.key:
|
||||
file: ./secrets/server.api-client.key
|
||||
name: server_api_client_key.$SV_server_api_client_key
|
||||
server.api-test.crt:
|
||||
file: ./secrets/server.api-test.crt
|
||||
name: server_api_test_crt.$SV_server_api_test_crt
|
||||
server.api-test.key:
|
||||
file: ./secrets/server.api-test.key
|
||||
name: server_api_test_key.$SV_server_api_test_key
|
||||
server.api.admin.crt:
|
||||
file: ./secrets/server.api.admin.crt
|
||||
name: server_api_admin_crt.$SV_server_api_admin_crt
|
||||
server.api.admin.key:
|
||||
file: ./secrets/server.api.admin.key
|
||||
name: server_api_admin_key.$SV_server_api_admin_key
|
||||
server.api.admin-control.crt:
|
||||
file: ./secrets/server.api.admin-control.crt
|
||||
name: server_api_admin_control_crt.$SV_server_admin_control_crt
|
||||
server.api.admin-control.key:
|
||||
file: ./secrets/server.api.admin-control.key
|
||||
name: server_api_admin_control_key.$SV_server_admin_control_key
|
||||
server.api.partner.crt:
|
||||
file: ./secrets/server.api.partner.crt
|
||||
name: server_api_partner_crt.$SV_server_api_partner_crt
|
||||
server.api.partner.key:
|
||||
file: ./secrets/server.api.partner.key
|
||||
name: server_api_partner_key.$SV_server_api_partner_key
|
||||
server.rtps.crt:
|
||||
file: ./secrets/server.rtps.crt
|
||||
name: server_rtps_crt.$SV_server_rtps_crt
|
||||
server.rtps.key:
|
||||
file: ./secrets/server.rtps.key
|
||||
name: server_rtps_key.$SV_server_rtps_key
|
||||
server.webapi-i-client.crt:
|
||||
file: ./secrets/server.webapi-i-client.crt
|
||||
name: server_webapi_i_client_crt.$SV_server_webapi_i_client_crt
|
||||
server.webapi-i-client.key:
|
||||
file: ./secrets/server.webapi-i-client.key
|
||||
name: server_webapi_i_client_key.$SV_server_webapi_i_client_key
|
||||
server.bonus-client.crt:
|
||||
file: ./secrets/server.bonus-client.crt
|
||||
name: server_bonus_client_crt.$SV_server_bonus_client_crt
|
||||
server.bonus-client.key:
|
||||
file: ./secrets/server.bonus-client.key
|
||||
name: server_bonus_client_key.$SV_server_bonus_client_key
|
||||
server.i_client.crt:
|
||||
file: ./secrets/server.i_client.crt
|
||||
name: server_i_client_crt.$SV_server_i_client_crt
|
||||
server.i_client.key:
|
||||
file: ./secrets/server.i_client.key
|
||||
name: server_i_client_key.$SV_server_i_client_key
|
||||
webhook.auth:
|
||||
file: ./secrets/webhook.auth
|
||||
name: webhook.auth.$SV_webhook_auth
|
||||
monitoring_allowed_hosts.txt:
|
||||
file: ./secrets/monitoring_allowed_hosts.txt
|
||||
name: monitoring_allowed_hosts.txt.$SV_monitoring_allowed_hosts_txt
|
||||
pdf_renderer.auth:
|
||||
file: ./secrets/pdf_renderer.auth
|
||||
name: pdf_renderer.auth.$SV_pdf_renderer_auth
|
||||
msmtp.conf:
|
||||
file: ./secrets/msmtp.conf
|
||||
name: msmtp.conf.$SV_msmtp_conf
|
||||
smtp_ca.cert:
|
||||
file: ./secrets/smtp_ca.cert
|
||||
name: smtp_ca.cert.$SV_smtp_ca_cert
|
||||
|
||||
networks:
|
||||
issuing:
|
||||
driver: overlay
|
||||
driver_opts:
|
||||
scope: swarm
|
||||
attachable: true
|
||||
Reference in New Issue
Block a user