-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathcompose.yaml
More file actions
86 lines (81 loc) · 2.35 KB
/
compose.yaml
File metadata and controls
86 lines (81 loc) · 2.35 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
# Podman Compose configuration for testing envoy-acme-xds
#
# Services:
# - pebble: ACME test server (Let's Encrypt's official test server)
# - xds-server: The envoy-acme-xds server (this project)
# - envoy: Envoy proxy configured to use the XDS server
#
# Usage:
# 1. Generate test certificates: ./test/generate-certs.sh
# 2. Start services: podman compose up -d
# 3. Watch logs: podman compose logs -f
# 4. Stop services: podman compose down
networks:
test-net:
driver: bridge
ipam:
config:
- subnet: 172.28.0.0/16
volumes:
xds-data:
services:
# Pebble ACME server
pebble:
image: ghcr.io/letsencrypt/pebble:latest
command: ["-config", "/test/config/pebble-config.json"]
environment:
# Skip sleep delays during validation
PEBBLE_VA_NOSLEEP: "1"
extra_hosts:
- "site-a.example.com:172.28.0.10"
- "www.site-a.example.com:172.28.0.10"
- "site-b.example.com:172.28.0.10"
- "api.example.com:172.28.0.10"
volumes:
- ./test/pebble:/test/config:ro,Z
- ./certificates:/test/certs:ro,z
ports:
- "14000:14000" # ACME directory
- "15000:15000" # Management interface
networks:
test-net:
aliases:
- pebble
# XDS server (this project)
xds-server:
build:
context: .
dockerfile: Containerfile
volumes:
- xds-data:/var/lib/envoy-acme-xds
- ./test/xds-config.yaml:/etc/envoy-acme-xds/config.yaml:ro,Z
- ./certificates/pebble-ca.pem:/etc/envoy-acme-xds/ca.pem:ro,z
environment:
RUST_LOG: "envoy_acme_xds=debug,tower=debug,tonic=debug,h2=debug,info"
networks:
test-net:
aliases:
- xds-server
depends_on:
- pebble
# Envoy proxy
envoy:
image: docker.io/envoyproxy/envoy:v1.32-latest
entrypoint: ["envoy"]
command: ["-c", "/etc/envoy/envoy.yaml", "--log-level", "info"]
user: "0:0" # Run as root to bind to privileged ports
volumes:
- xds-data:/var/lib/envoy-acme-xds
- ./test/envoy/envoy.yaml:/etc/envoy/envoy.yaml:ro,Z
ports:
- "8080:5001" # HTTP (for ACME challenges) - host:container
- "8443:8443" # HTTPS
- "9000:9000" # TCP proxy
- "9901:9901" # Admin interface
networks:
test-net:
ipv4_address: 172.28.0.10
aliases:
- envoy
depends_on:
- xds-server