-
Notifications
You must be signed in to change notification settings - Fork 91
/
Copy pathdocker-compose.yaml
83 lines (70 loc) · 4.5 KB
/
docker-compose.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
{% from "macros/keys.sh" import gen_keys %}
{% set tpl = ix_lib.base.render.Render(values) %}
{% set perm_container = tpl.deps.perms(values.consts.perms_container_name) %}
{% set web = tpl.add_container(values.consts.concourse_web_container_name, "image") %}
{% set worker = tpl.add_container(values.consts.concourse_worker_container_name, "image") %}
{% set keys = tpl.add_container(values.consts.concourse_keys_container_name, "image") %}
{% set pg_config = {
"user": values.consts.db_user,
"password": values.concourse.db_password,
"database": values.consts.db_name,
"volume": values.storage.postgres_data,
} %}
{% set postgres = tpl.deps.postgres(
values.consts.postgres_container_name,
values.concourse.postgres_image_selector,
pg_config, perm_container
) %}
{# Keys #}
{% do keys.healthcheck.disable() %}
{% do keys.restart.set_policy("on-failure", 1) %}
{% do keys.deploy.resources.set_profile("low") %}
{% do keys.configs.add("config.sh", gen_keys(values), "/config.sh", "0755") %}
{% do keys.set_entrypoint(["/config.sh"]) %}
{% do keys.add_storage(values.consts.keys_path, values.storage.keystore) %}
{# Worker #}
{% do worker.set_cgroup("host") %}
{% do worker.set_privileged(true) %}
{% do worker.set_command(["worker"]) %}
{% do worker.depends.add_dependency(values.consts.concourse_web_container_name, "service_healthy") %}
{% do worker.depends.add_dependency(values.consts.concourse_keys_container_name, "service_completed_successfully") %}
{% do worker.healthcheck.set_test("http", {"port": values.consts.worker_healthcheck_port}) %}
{% do worker.environment.add_env("CONCOURSE_BIND_PORT", values.consts.worker_port) %}
{% do worker.environment.add_env("CONCOURSE_HEALTHCHECK_BIND_PORT", values.consts.worker_healthcheck_port) %}
{% do worker.environment.add_env("CONCOURSE_RUNTIME", "containerd") %}
{% do worker.environment.add_env("CONCOURSE_WORK_DIR", values.concourse.worker_workspace) %}
{% do worker.environment.add_env("CONCOURSE_TSA_HOST", "%s:%d" | format(values.consts.concourse_web_container_name, values.consts.web_tsa_bind_port)) %}
{% do worker.environment.add_env("CONCOURSE_TSA_PUBLIC_KEY", values.consts.tsa_public_key_path) %}
{% do worker.environment.add_env("CONCOURSE_TSA_WORKER_PRIVATE_KEY", values.consts.tsa_worker_private_key_path) %}
{% do worker.environment.add_user_envs(values.concourse.worker_additional_envs) %}
{% do worker.add_storage(values.consts.worker_workspace, values.storage.workspace) %}
{% do worker.add_storage(values.consts.keys_path, values.storage.keystore) %}
{# Web #}
{% do web.set_command(["web"]) %}
{% do web.depends.add_dependency(values.consts.postgres_container_name, "service_healthy") %}
{% do web.healthcheck.set_test("http", {"port": values.network.web_port.port_number, "path": "/api/v1/info"}) %}
{# FIXME: This accepts a list of users #}
{% do web.environment.add_env("CONCOURSE_ADD_LOCAL_USER", "%s:%s" | format(values.concourse.username, values.concourse.password)) %}
{% do web.environment.add_env("CONCOURSE_BIND_PORT", values.network.web_port.port_number) %}
{% do web.environment.add_env("CONCOURSE_TSA_BIND_PORT", values.consts.web_tsa_bind_port) %}
{% do web.environment.add_env("CONCOURSE_MAIN_TEAM_LOCAL_USER", values.concourse.username) %}
{% do web.environment.add_env("CONCOURSE_SESSION_SIGNING_KEY", values.consts.session_signing_key_path) %}
{% do web.environment.add_env("CONCOURSE_TSA_HOST_KEY", values.consts.tsa_host_key_path) %}
{% do web.environment.add_env("CONCOURSE_TSA_AUTHORIZED_KEYS", values.consts.tsa_authorized_keys_path) %}
{% do web.environment.add_env("CONCOURSE_POSTGRES_HOST", values.consts.postgres_container_name) %}
{% do web.environment.add_env("CONCOURSE_POSTGRES_PORT", 5432) %}
{% do web.environment.add_env("CONCOURSE_POSTGRES_USER", values.consts.db_user) %}
{% do web.environment.add_env("CONCOURSE_POSTGRES_DATABASE", values.consts.db_name) %}
{% do web.environment.add_env("CONCOURSE_POSTGRES_PASSWORD", values.concourse.db_password) %}
{% do web.environment.add_user_envs(values.concourse.web_additional_envs) %}
{% do web.add_port(values.network.web_port) %}
{% do web.add_storage(values.consts.keys_path, values.storage.keystore) %}
{% for store in values.storage.additional_storage %}
{% do worker.add_storage(store.mount_path, store) %}
{% endfor %}
{% if perm_container.has_actions() %}
{% do perm_container.activate() %}
{% do postgres.add_dependency(values.consts.perms_container_name, "service_completed_successfully") %}
{% endif %}
{% do tpl.portals.add_portal({"port": values.network.web_port.port_number}) %}
{{ tpl.render() | tojson }}