-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdocker-compose.yml
116 lines (108 loc) · 2.48 KB
/
docker-compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
version: '3.7'
networks:
edgex-network:
driver: bridge
volumes:
spiffe_ca: {}
spiffe_server: {}
spiffe_agent: {}
services:
spiffe-server:
image: spiffe-server:latest
hostname: spiffe-server
container_name: spiffe-server
restart: on-failure
build:
context: server
tmpfs:
- /run
volumes:
- spiffe_ca:/srv/spiffe/ca:z
- spiffe_server:/srv/spiffe/server:z
- /tmp/edgex/secrets/spiffe:/tmp/edgex/secrets/spiffe:z
networks:
edgex-network: {}
read_only: true
pid: host
security_opt:
- "no-new-privileges:true"
expose:
- "8081"
ports:
- "127.0.0.1:8081:8081"
spiffe-agent:
image: spiffe-agent:latest
hostname: spiffe-agent
container_name: spiffe-agent
restart: on-failure
build:
context: agent
tmpfs:
- /run
volumes:
- spiffe_ca:/srv/spiffe/ca:z
- spiffe_agent:/srv/spiffe/agent:z
- /tmp/edgex/secrets/spiffe:/tmp/edgex/secrets/spiffe:z
- /var/run/docker.sock:/var/run/docker.sock
networks:
edgex-network: {}
read_only: true
pid: host
security_opt:
- "no-new-privileges:true"
spiffe-config:
image: spiffe-config:latest
hostname: spiffe-config
container_name: spiffe-config
restart: on-failure
build:
context: config
volumes:
- /tmp/edgex/secrets/spiffe:/tmp/edgex/secrets/spiffe:z
networks:
edgex-network: {}
read_only: true
pid: host
security_opt:
- "no-new-privileges:true"
depends_on:
- spiffe-agent
spiffe-service1:
image: spiffe-service1:latest
hostname: spiffe-service1
container_name: spiffe-service1
restart: on-failure
build:
context: service1
volumes:
- /tmp/edgex/secrets/spiffe:/tmp/edgex/secrets/spiffe:z
networks:
edgex-network: {}
read_only: false # fixme later
ports:
- "127.0.0.1:8123:443"
tmpfs:
- /tmp
security_opt:
- "no-new-privileges:true"
depends_on:
- spiffe-agent
- spiffe-config
spiffe-service2:
image: spiffe-service2:latest
hostname: spiffe-service2
container_name: spiffe-service2
restart: on-failure
build:
context: service2
volumes:
- /tmp/edgex/secrets/spiffe:/tmp/edgex/secrets/spiffe:z
networks:
edgex-network: {}
read_only: false # fixme later
tmpfs:
- /tmp
security_opt:
- "no-new-privileges:true"
depends_on:
- spiffe-service1