admin/k3s-gitops
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
aac588eee1240d99478dbce09455e779d30946a2
k3s-gitops/sandbox/docker-compose.yml
admin b712acd6b9 Add sandbox/docker-compose.yml
2026-01-13 13:44:56 +00:00

430 lines
14 KiB
YAML
Raw Blame History

x-all-secrets-perm:
&all-secrets-perm
uid: "1000"
gid: "1000"
mode: 0400
x-secrets:
&all-secrets
secrets:
- source: card_iv.txt
target: card_iv.txt
<<: *all-secrets-perm
- source: card_qwe.txt
target: card_qwe.txt
<<: *all-secrets-perm
- source: card_asd.txt
target: card_asd.txt
<<: *all-secrets-perm
- source: db_access
target: db_access
<<: *all-secrets-perm
- source: salts
target: salts
<<: *all-secrets-perm
- source: connectors.json
target: connectors.json
<<: *all-secrets-perm
- source: msmtp.conf
target: msmtp.conf
<<: *all-secrets-perm
- source: smtp_ca.cert
target: smtp_ca.cert
<<: *all-secrets-perm
x-nginx-secrets-perm:
&nginx-secrets-perm
uid: "101"
gid: "101"
mode: 0400
x-nginx-secrets:
&nginx-secrets
secrets:
- source: server.admin.crt
target: server.admin.crt
<<: *nginx-secrets-perm
- source: server.admin.key
target: server.admin.key
<<: *nginx-secrets-perm
- source: server.api.admin-control.crt
target: server.api.admin-control.crt
<<: *nginx-secrets-perm
- source: server.api.admin-control.key
target: server.api.admin-control.key
<<: *nginx-secrets-perm
- source: server.api-client.crt
target: server.api-client.crt
<<: *nginx-secrets-perm
- source: server.api-client.key
target: server.api-client.key
<<: *nginx-secrets-perm
- source: server.api-test.crt
target: server.api-test.crt
<<: *nginx-secrets-perm
- source: server.api-test.key
target: server.api-test.key
<<: *nginx-secrets-perm
- source: server.api.admin.crt
target: server.api.admin.crt
<<: *nginx-secrets-perm
- source: server.api.admin.key
target: server.api.admin.key
<<: *nginx-secrets-perm
- source: server.api.partner.crt
target: server.api.partner.crt
<<: *nginx-secrets-perm
- source: server.api.partner.key
target: server.api.partner.key
<<: *nginx-secrets-perm
- source: server.rtps.crt
target: server.rtps.crt
<<: *nginx-secrets-perm
- source: server.rtps.key
target: server.rtps.key
<<: *nginx-secrets-perm
- source: server.webhook.crt
target: server.webhook.crt
<<: *nginx-secrets-perm
- source: server.webhook.key
target: server.webhook.key
<<: *nginx-secrets-perm
- source: server.webapi-i-client.crt
target: server.webapi-i-client.crt
<<: *nginx-secrets-perm
- source: server.webapi-i-client.key
target: server.webapi-i-client.key
<<: *nginx-secrets-perm
- source: server.bonus-client.crt
target: server.bonus-client.crt
<<: *nginx-secrets-perm
- source: server.bonus-client.key
target: server.bonus-client.key
<<: *nginx-secrets-perm
- source: server.i_client.crt
target: server.i_client.crt
<<: *nginx-secrets-perm
- source: server.i_client.key
target: server.i_client.key
<<: *nginx-secrets-perm
- source: monitoring_allowed_hosts.txt
target: monitoring_allowed_hosts.txt
<<: *nginx-secrets-perm
x-webhook-secrets-perm:
&webhook-secrets-perm
uid: "1000"
gid: "1000"
mode: 0400
x-webhook-secrets:
&webhook-secrets
secrets:
- source: db_access
target: db_access
<<: *all-secrets-perm
- source: salts
target: salts
<<: *all-secrets-perm
- source: connectors.json
target: connectors.json
<<: *all-secrets-perm
- source: webhook.auth
target: webhook.auth
<<: *webhook-secrets-perm
x-pdf-renderer-secrets-perm:
&pdf-renderer-secrets-perm
uid: "1000"
gid: "1000"
mode: 0400
x-pdf-renderer-secrets:
&pdf-renderer-secrets
secrets:
- source: pdf_renderer.auth
target: pdf_renderer.auth
<<: *pdf-renderer-secrets-perm
x-settings:
&env-settings
env_file:
- $PROJECT_SETTINGS
x-report-generator-env:
&report_generator_env
REPORT_GENERATOR_BASE_URL: "http://pdf-renderer:5000"
REPORT_GENERATOR_USERNAME: "renderer"
REPORT_GENERATOR_PASSWORD: "renderer"
x-nginx-settings:
&nginx-settings
environment:
FRONTEND_URL: http://admin_web:3000
FRONTEND_I_CLIENT_URL: http://i_client_web:3000
FRONTEND_I_CLIENT_V2_URL: http://i_client_v2_web:3000
BACKEND_URL: http://admin_api:10000
BONUS_CLIENT_URL: http://bonus_client_api:10001
RTPS_URL: http://rtps_api:10002
PARTNER_URL: http://partner_api:10003
APITEST_URL: http://apitest_api:10004
CLIENT_URL: http://client_api:10005
INDIVIDUAL_CLIENT_URL: http://client_individual_webapi:10006
WEBHOOK_URL: http://webhook_api:10007
BACKEND_ADMIN_CONTROL_URL: http://admin_control_api:10008
PARTNER_ONBOARDING_API_URL: http://partner_onboarding_api:10009
CLIENT_ONBOARDING_URL: http://client_onboarding:10010
x-deploy:
&deploy-settings
deploy:
replicas: $REPLICAS
update_config:
order: stop-first
restart_policy:
condition: on-failure
x-network:
&network-simple
networks:
- issuing
x-health-core:
&health-core
healthcheck:
test: "exit 0"
x-health-external:
&health-external
healthcheck:
test: "exit 0"
x-graceful-timeout:
&graceful-timeout
stop_grace_period: "${GRACEFUL_TIMEOUT:-2m}"
services:
migrate:
image: $DOCKER_REGISTRY/core:$TAG_MIGRATE
<<: [*env-settings,*network-simple,*deploy-settings,*all-secrets,*health-core]
command: /job.sh migrate
task_template:
image: $DOCKER_REGISTRY/core:$TAG_TASK_TEMPLATE
command: "/wait_forever.sh"
<<: [*env-settings,*network-simple,*deploy-settings,*all-secrets,*health-core,*graceful-timeout]
environment:
<<: *report_generator_env
admin_api:
image: $DOCKER_REGISTRY/core:$TAG_ADMIN_API
command: /entrypoint-admin.sh
<<: [*env-settings,*network-simple,*deploy-settings,*all-secrets,*health-core,*graceful-timeout]
environment:
<<: *report_generator_env
NAMELESS_CONFIG: "/opt/project/configs/admin.conf"
admin_control_api:
image: $DOCKER_REGISTRY/core:$TAG_ADMIN_CONTROL_API
command: /entrypoint-admin-control.sh
<<: [*env-settings,*network-simple,*deploy-settings,*all-secrets,*health-core,*graceful-timeout]
environment:
<<: *report_generator_env
NAMELESS_CONFIG: "/opt/project/configs/admin_control.conf"
client_individual_webapi:
image: $DOCKER_REGISTRY/core:$TAG_CLIENT_INDIVIDUALAPI
command: /entrypoint-individual-webclient.sh
<<: [*env-settings,*network-simple,*deploy-settings,*all-secrets,*health-core,*graceful-timeout]
environment:
<<: *report_generator_env
NAMELESS_CONFIG: "/opt/project/configs/individual_webclient.conf"
bonus_client_api:
image: $DOCKER_REGISTRY/core:$TAG_BONUS_CLIENT_API
command: /entrypoint-bonus-client.sh
<<: [*env-settings,*network-simple,*deploy-settings,*all-secrets,*health-core,*graceful-timeout]
environment:
- "NAMELESS_CONFIG=/opt/project/configs/bonus_client.conf"
client_api:
image: $DOCKER_REGISTRY/core:$TAG_CLIENT_API
command: /entrypoint-apiclient.sh
<<: [*env-settings,*network-simple,*deploy-settings,*all-secrets,*health-core,*graceful-timeout]
environment:
- "NAMELESS_CONFIG=/opt/project/configs/apiclient.conf"
rtps_api:
image: $DOCKER_REGISTRY/core:$TAG_RTPS_API
command: /entrypoint-rtps.sh
<<: [*env-settings,*network-simple,*deploy-settings,*all-secrets,*health-core,*graceful-timeout]
environment:
- "NAMELESS_CONFIG=/opt/project/configs/rtps.conf"
webhook_api:
image: $DOCKER_REGISTRY/core:$TAG_WEBHOOK_API
command: /entrypoint-webhook.sh
<<: [*env-settings,*network-simple,*deploy-settings,*webhook-secrets,*health-core,*graceful-timeout]
environment:
- "NAMELESS_CONFIG=/opt/project/configs/webhook.conf"
partner_api:
image: $DOCKER_REGISTRY/core:$TAG_PARTNER_API
command: /entrypoint-partner.sh
<<: [*env-settings,*network-simple,*deploy-settings,*all-secrets,*health-core,*graceful-timeout]
environment:
- "NAMELESS_CONFIG=/opt/project/configs/partner.conf"
front_nginx:
image: $DOCKER_REGISTRY/front-web-nginx:$TAG_FRONT_NGINX
ports:
- "$PUBLIC_NODE_IP:5443:4443"
- "$PUBLIC_NODE_IP:5444:4444"
<<: [*env-settings,*network-simple,*deploy-settings,*nginx-secrets,*nginx-settings,*health-external,*graceful-timeout]
admin_web:
image: $DOCKER_REGISTRY/internet-banking-admin:$TAG_ADMIN_WEB
<<: [*env-settings,*network-simple,*deploy-settings,*health-external,*graceful-timeout]
env_file:
- ".project.admin.tmp.env"
i_client_web:
image: $DOCKER_REGISTRY/internet-banking-client:$TAG_I_CLIENT_WEB
<<: [*env-settings,*network-simple,*deploy-settings,*health-external,*graceful-timeout]
env_file:
- ".project.i_client.tmp.env"
cron_service:
image: $DOCKER_REGISTRY/scheduler:$TAG_CRON_SERVICE
volumes:
- /var/run/docker.sock:/var/run/docker.sock
deploy:
replicas: 1
update_config:
order: stop-first
restart_policy:
condition: any
placement:
constraints:
- node.role == manager
<<: [*env-settings,*network-simple,*health-external,*graceful-timeout]
environment:
- "SCHEDULER_EXEC_MODE=1"
pdf-renderer:
image: $DOCKER_REGISTRY/coin-pdf-renderer:$TAG_PDF_RENDERER_SERVICE
command: /entrypoint.sh
<<: [*env-settings,*network-simple,*deploy-settings,*health-external,*graceful-timeout,*pdf-renderer-secrets]
environment:
- "AUTH_FILE=/run/secrets/pdf_renderer.auth"
env_file:
- ".project.renderer.tmp.env"
secrets:
card_iv.txt:
file: ./secrets/card_iv.txt
name: card_iv.$SV_card_iv
card_asd.txt:
file: ./secrets/card_asd.txt
name: card_asd.$SV_card_asd
card_qwe.txt:
file: ./secrets/card_qwe.txt
name: card_qwe.$SV_card_qwe
db_access:
file: ./secrets/db_access
name: db_access.$SV_db_access
salts:
file: ./secrets/salts
name: salts.$SV_salts
connectors.json:
file: ./secrets/connectors.json
name: connectors.$SV_connectors
server.admin.crt:
file: ./secrets/server.admin.crt
name: server_admin_crt.$SV_server_admin_crt
server.admin.key:
file: ./secrets/server.admin.key
name: server_admin_key.$SV_server_admin_key
server.webhook.crt:
file: ./secrets/server.webhook.crt
name: server_webhook_crt.$SV_server_webhook_crt
server.webhook.key:
file: ./secrets/server.webhook.key
name: server_webhook_key.$SV_server_webhook_key
server.api-client.crt:
file: ./secrets/server.api-client.crt
name: server_api_client_crt.$SV_server_api_client_crt
server.api-client.key:
file: ./secrets/server.api-client.key
name: server_api_client_key.$SV_server_api_client_key
server.api-test.crt:
file: ./secrets/server.api-test.crt
name: server_api_test_crt.$SV_server_api_test_crt
server.api-test.key:
file: ./secrets/server.api-test.key
name: server_api_test_key.$SV_server_api_test_key
server.api.admin.crt:
file: ./secrets/server.api.admin.crt
name: server_api_admin_crt.$SV_server_api_admin_crt
server.api.admin.key:
file: ./secrets/server.api.admin.key
name: server_api_admin_key.$SV_server_api_admin_key
server.api.admin-control.crt:
file: ./secrets/server.api.admin-control.crt
name: server_api_admin_control_crt.$SV_server_admin_control_crt
server.api.admin-control.key:
file: ./secrets/server.api.admin-control.key
name: server_api_admin_control_key.$SV_server_admin_control_key
server.api.partner.crt:
file: ./secrets/server.api.partner.crt
name: server_api_partner_crt.$SV_server_api_partner_crt
server.api.partner.key:
file: ./secrets/server.api.partner.key
name: server_api_partner_key.$SV_server_api_partner_key
server.rtps.crt:
file: ./secrets/server.rtps.crt
name: server_rtps_crt.$SV_server_rtps_crt
server.rtps.key:
file: ./secrets/server.rtps.key
name: server_rtps_key.$SV_server_rtps_key
server.webapi-i-client.crt:
file: ./secrets/server.webapi-i-client.crt
name: server_webapi_i_client_crt.$SV_server_webapi_i_client_crt
server.webapi-i-client.key:
file: ./secrets/server.webapi-i-client.key
name: server_webapi_i_client_key.$SV_server_webapi_i_client_key
server.bonus-client.crt:
file: ./secrets/server.bonus-client.crt
name: server_bonus_client_crt.$SV_server_bonus_client_crt
server.bonus-client.key:
file: ./secrets/server.bonus-client.key
name: server_bonus_client_key.$SV_server_bonus_client_key
server.i_client.crt:
file: ./secrets/server.i_client.crt
name: server_i_client_crt.$SV_server_i_client_crt
server.i_client.key:
file: ./secrets/server.i_client.key
name: server_i_client_key.$SV_server_i_client_key
webhook.auth:
file: ./secrets/webhook.auth
name: webhook.auth.$SV_webhook_auth
monitoring_allowed_hosts.txt:
file: ./secrets/monitoring_allowed_hosts.txt
name: monitoring_allowed_hosts.txt.$SV_monitoring_allowed_hosts_txt
pdf_renderer.auth:
file: ./secrets/pdf_renderer.auth
name: pdf_renderer.auth.$SV_pdf_renderer_auth
msmtp.conf:
file: ./secrets/msmtp.conf
name: msmtp.conf.$SV_msmtp_conf
smtp_ca.cert:
file: ./secrets/smtp_ca.cert
name: smtp_ca.cert.$SV_smtp_ca_cert
networks:
issuing:
driver: overlay
driver_opts:
scope: swarm
attachable: true
Reference in New Issue View Git Blame Copy Permalink