tech/sendico
2
0
Fork 0
Code Issues 30 Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
840a7f85c8d2ddcf3df3e561e6e4d79502c6bf32
sendico/infra/registry/docker-compose.yml
Arseni 840a7f85c8 updated for infra
2026-03-10 20:40:20 +03:00

79 lines
2.1 KiB
YAML
Raw Blame History

configs:
registry_wait_sh:
file: ./registry-wait.sh
registry_config_yml:
file: ./config.yml
services:
vault-agent-registry:
image: hashicorp/vault:latest
command: >
sh -lc 'vault agent -config=/etc/vault/agent.hcl'
cap_add: ["IPC_LOCK"]
environment:
VAULT_ADDR: "http://vault:8200"
secrets:
- source: registry_vault_role_id
target: /vault/secrets/role_id
- source: registry_vault_secret_id
target: /vault/secrets/secret_id
volumes:
- ./vault:/etc/vault:ro
- vault-secrets:/vault/secrets:rw
networks: [cicd]
healthcheck:
test: ["CMD-SHELL", "test -s /vault/secrets/htpasswd -a -s /vault/secrets/env"]
interval: 10s
timeout: 3s
retries: 10
deploy:
placement:
constraints: [node.role == manager]
registry:
image: registry:latest
entrypoint: ["/usr/local/bin/registry-wait"]
command: ["serve", "/etc/registry/config.yml"]
configs:
- source: registry_wait_sh
target: /usr/local/bin/registry-wait
mode: 0755
- source: registry_config_yml
target: /etc/registry/config.yml
volumes:
- registry_data:/var/lib/registry
- vault-secrets:/vault/secrets:ro
environment:
OTEL_TRACES_EXPORTER: "none"
networks: [cicd]
deploy:
placement:
constraints: [node.role == manager]
labels:
- "traefik.enable=true"
- "traefik.docker.network=cicd"
- "traefik.http.services.registry.loadbalancer.server.port=5000"
- "traefik.http.routers.registry.rule=Host(`registry.sendico.io`)"
- "traefik.http.routers.registry.entrypoints=websecure"
- "traefik.http.routers.registry.tls=true"
- "traefik.http.routers.registry.tls.certresolver=letsencrypt"
networks:
cicd:
external: true
volumes:
vault-secrets:
driver: local
driver_opts:
type: tmpfs
device: tmpfs
o: size=16m,uid=1000,gid=1000,mode=0750
registry_data:
secrets:
registry_vault_role_id:
external: true
registry_vault_secret_id:
external: true
Reference in New Issue View Git Blame Copy Permalink