зеркало из https://github.com/Azure/ARO-RP.git
164 строки
4.1 KiB
YAML
164 строки
4.1 KiB
YAML
services:
|
|
vpn:
|
|
image: ${LOCAL_VPN_IMAGE}:${VERSION}
|
|
build:
|
|
context: .
|
|
dockerfile: Dockerfile.vpn
|
|
container_name: vpn
|
|
privileged: true
|
|
network_mode: host
|
|
volumes:
|
|
- ${PWD}/secrets:/secrets:z
|
|
devices:
|
|
- /dev/net/tun # required to modify VPN on host
|
|
entrypoint: "openvpn"
|
|
command: ["/secrets/vpn-eastus.ovpn"]
|
|
healthcheck:
|
|
test: ["CMD", "pidof", "openvpn"]
|
|
start_period: 20s
|
|
interval: 20s
|
|
timeout: 3s
|
|
retries: 3
|
|
|
|
selenium:
|
|
image: selenium/standalone-edge:4.10.0-20230607
|
|
container_name: selenium-container
|
|
network_mode: host
|
|
healthcheck:
|
|
test: ["CMD", "curl", "-f", "http://localhost:4444"]
|
|
interval: 30s
|
|
timeout: 10s
|
|
retries: 3
|
|
|
|
rp:
|
|
image: ${LOCAL_ARO_RP_IMAGE}:${VERSION}
|
|
build:
|
|
context: .
|
|
dockerfile: Dockerfile.ci-rp
|
|
args:
|
|
- REGISTRY=${REGISTRY}
|
|
- ARO_VERSION=${VERSION}
|
|
ulimits:
|
|
nofile:
|
|
soft: 4096
|
|
hard: 4096
|
|
container_name: aro-rp
|
|
depends_on:
|
|
vpn:
|
|
condition: service_healthy
|
|
command: ["rp"]
|
|
secrets:
|
|
- source: proxy-client-key
|
|
target: /app/secrets/proxy-client.key
|
|
- source: proxy-client-crt
|
|
target: /app/secrets/proxy-client.crt
|
|
- source: proxy-crt
|
|
target: /app/secrets/proxy.crt
|
|
- source: hive-kubeconfig
|
|
target: /app/secrets/aks.kubeconfig
|
|
environment:
|
|
# inherit from host
|
|
- ADMIN_OBJECT_ID
|
|
- ARO_IMAGE
|
|
- AZURE_ARM_CLIENT_ID
|
|
- AZURE_CLIENT_ID
|
|
- AZURE_CLIENT_SECRET
|
|
- AZURE_ENVIRONMENT
|
|
- AZURE_FP_CLIENT_ID
|
|
- AZURE_FP_SERVICE_PRINCIPAL_ID
|
|
- AZURE_GATEWAY_CLIENT_ID
|
|
- AZURE_GATEWAY_CLIENT_SECRET
|
|
- AZURE_GATEWAY_SERVICE_PRINCIPAL_ID
|
|
- AZURE_PORTAL_ACCESS_GROUP_IDS
|
|
- AZURE_PORTAL_CLIENT_ID
|
|
- AZURE_RP_CLIENT_ID
|
|
- AZURE_RP_CLIENT_SECRET
|
|
- AZURE_SERVICE_PRINCIPAL_ID
|
|
- AZURE_SUBSCRIPTION_ID
|
|
- AZURE_TENANT_ID
|
|
- DATABASE_ACCOUNT_NAME
|
|
- DATABASE_NAME
|
|
- DOMAIN_NAME
|
|
- KEYVAULT_PREFIX
|
|
- LOCATION
|
|
- MOCK_MSI_CERT
|
|
- MOCK_MSI_CLIENT_ID
|
|
- MOCK_MSI_TENANT_ID
|
|
- OIDC_STORAGE_ACCOUNT_NAME
|
|
- PARENT_DOMAIN_NAME
|
|
- PARENT_DOMAIN_RESOURCEGROUP
|
|
- PROXY_HOSTNAME
|
|
- PULL_SECRET
|
|
- RESOURCEGROUP
|
|
- SECRET_SA_ACCOUNT_NAME
|
|
- STORAGE_ACCOUNT_DOMAIN
|
|
|
|
# override
|
|
- ARO_ADOPT_BY_HIVE=true
|
|
- ARO_CHECKOUT_PATH=/app
|
|
- ARO_INSTALL_VIA_HIVE=true
|
|
- HIVE_KUBE_CONFIG_PATH=/app/secrets/aks.kubeconfig
|
|
- KUBECONFIG=/app/secrets/aks.kubeconfig
|
|
- RP_MODE=development
|
|
expose:
|
|
- "8443"
|
|
ports:
|
|
- "127.0.0.1:8443:8443"
|
|
healthcheck:
|
|
test: ["CMD", "curl", "-k", "http://localhost:8443/healthz"]
|
|
interval: 30s
|
|
timeout: 30s
|
|
retries: 3
|
|
restart: on-failure:3
|
|
|
|
portal:
|
|
image: ${LOCAL_ARO_RP_IMAGE}:${VERSION}
|
|
container_name: aro-portal
|
|
depends_on:
|
|
rp:
|
|
condition: service_healthy
|
|
environment:
|
|
- RP_MODE
|
|
- AZURE_SUBSCRIPTION_ID
|
|
- AZURE_TENANT_ID
|
|
- LOCATION
|
|
- RESOURCEGROUP
|
|
- AZURE_PORTAL_CLIENT_ID
|
|
- AZURE_PORTAL_ELEVATED_GROUP_IDS
|
|
- AZURE_PORTAL_ACCESS_GROUP_IDS
|
|
- AZURE_RP_CLIENT_SECRET
|
|
- AZURE_RP_CLIENT_ID
|
|
- KEYVAULT_PREFIX
|
|
- DATABASE_ACCOUNT_NAME
|
|
- DATABASE_NAME
|
|
- NO_NPM=1
|
|
ports:
|
|
- "127.0.0.1:8444:8444"
|
|
- "127.0.0.1:2222:2222"
|
|
secrets:
|
|
- source: proxy-client-key
|
|
target: /app/secrets/proxy-client.key
|
|
- source: proxy-client-crt
|
|
target: /app/secrets/proxy-client.crt
|
|
- source: proxy-crt
|
|
target: /app/secrets/proxy.crt
|
|
cap_drop:
|
|
- NET_RAW
|
|
command: ["portal"]
|
|
restart: on-failure:3
|
|
healthcheck:
|
|
test: ["CMD", "curl", "-k", "http://localhost:8444/healthz"]
|
|
interval: 30s
|
|
timeout: 10s
|
|
retries: 3
|
|
|
|
secrets:
|
|
proxy-client-key:
|
|
file: ./secrets/proxy-client.key
|
|
proxy-client-crt:
|
|
file: ./secrets/proxy-client.crt
|
|
proxy-crt:
|
|
file: ./secrets/proxy.crt
|
|
hive-kubeconfig:
|
|
file: ./aks.kubeconfig
|