-
Notifications
You must be signed in to change notification settings - Fork 9
/
docker-compose.instance.yaml
39 lines (32 loc) · 1.58 KB
/
docker-compose.instance.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
#! This is a ytt template file for docker-compose.override.yaml
#! References:
#! https://carvel.dev/ytt
#! https://docs.docker.com/compose/extends/#adding-and-overriding-configuration
#! https://github.com/enigmacurry/d.rymcg.tech#overriding-docker-composeyaml-per-instance
#! ### Standard project vars:
#@ load("@ytt:data", "data")
#@ project = data.values.project
#@ instance = data.values.instance
#@ context = data.values.context
#@ traefik_host = data.values.traefik_host
#@ ip_sourcerange = data.values.ip_sourcerange
#@ enabled_middlewares = []
#@yaml/text-templated-strings
services:
step-ca:
#@ service = "step-ca"
labels:
- "backup-volume.stop-during-backup=true"
#! Services must opt-in to be proxied by Traefik:
- "traefik.enable=true"
#! 'router' is the fully qualified key in traefik for this router/service: project + instance + service
#@ router = "{}-{}-{}".format(project,instance,service)
#! The host matching router rule:
- "traefik.tcp.routers.(@= router @).rule=HostSNI(`(@= traefik_host @)`)"
- "traefik.tcp.routers.(@= router @).entrypoints=websecure"
- "traefik.tcp.routers.(@= router @).tls.passthrough=true"
#@ enabled_middlewares.append("{}-ipallowlist".format(router))
- "traefik.tcp.middlewares.(@= router @)-ipallowlist.ipallowlist.sourcerange=(@= ip_sourcerange @)"
- "traefik.tcp.services.(@= router @).loadbalancer.server.port=9000"
#! Apply all middlewares (do this at the end!)
- "traefik.tcp.routers.(@= router @).middlewares=(@= ','.join(enabled_middlewares) @)"