57 lines
1.7 KiB
YAML
57 lines
1.7 KiB
YAML
version: "{{ compose_version }}"
|
|
|
|
services:
|
|
api:
|
|
image: registry.kadet.net/management/api-server:{{ api_server_version }}
|
|
command: ['--proxy-headers']
|
|
extra_hosts:
|
|
- manager.swarm.local:{{ swarm_host_address }}
|
|
networks:
|
|
- default
|
|
- "{{ ingress_network }}"
|
|
environment:
|
|
- API_INVENTORY=inventory/swarm.ini
|
|
- ANSIBLE_VAULT_PASSWORD_FILE=/var/run/secrets/vault-password
|
|
volumes:
|
|
- ./project:/var/project
|
|
- private-dir:/var/run/ansible
|
|
secrets:
|
|
- source: id-rsa
|
|
target: /home/api-server/.ssh/id_rsa
|
|
- source: users_{{ users_config.checksum }}
|
|
target: /etc/api-server/users.yaml
|
|
- source: vault-password_{{ vault_password.checksum[:12] }}
|
|
target: /var/run/secrets/vault-password
|
|
configs:
|
|
- source: id-rsa-pub
|
|
target: /home/api-server/.ssh/id_rsa.pub
|
|
- source: inventory_{{ inventory_config.checksum }}
|
|
target: /var/project/inventory/swarm.ini
|
|
deploy:
|
|
labels:
|
|
- traefik.enable=true
|
|
- traefik.http.routers.{{ service }}.rule=Host(`mgmt.{{ main_domain }}`)
|
|
- traefik.http.routers.{{ service }}.tls=true
|
|
- traefik.http.routers.{{ service }}.tls.certresolver=lets-encrypt
|
|
- traefik.http.services.{{ service }}.loadbalancer.server.port=8080
|
|
placement:
|
|
constraints:
|
|
- node.role == manager
|
|
|
|
volumes:
|
|
private-dir: ~
|
|
|
|
configs:
|
|
id-rsa-pub:
|
|
file: ./ssh/id_rsa.pub
|
|
inventory_{{ inventory_config.checksum }}:
|
|
file: ./config/inventory.ini
|
|
|
|
secrets:
|
|
id-rsa:
|
|
file: ./ssh/id_rsa
|
|
users_{{ users_config.checksum }}:
|
|
file: ./config/users.yaml
|
|
vault-password_{{ vault_password.checksum[:12] }}:
|
|
file: ./config/vault-password
|