ARO-RP/docker-compose.yml

164 строки
4.1 KiB
YAML

services:
vpn:
image: ${LOCAL_VPN_IMAGE}:${VERSION}
build:
context: .
dockerfile: Dockerfile.vpn
container_name: vpn
privileged: true
network_mode: host
volumes:
- ${PWD}/secrets:/secrets:z
devices:
- /dev/net/tun # required to modify VPN on host
entrypoint: "openvpn"
command: ["/secrets/vpn-eastus.ovpn"]
healthcheck:
test: ["CMD", "pidof", "openvpn"]
start_period: 20s
interval: 20s
timeout: 3s
retries: 3
selenium:
image: selenium/standalone-edge:4.10.0-20230607
container_name: selenium-container
network_mode: host
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:4444"]
interval: 30s
timeout: 10s
retries: 3
rp:
image: ${LOCAL_ARO_RP_IMAGE}:${VERSION}
build:
context: .
dockerfile: Dockerfile.ci-rp
args:
- REGISTRY=${REGISTRY}
- ARO_VERSION=${VERSION}
ulimits:
nofile:
soft: 4096
hard: 4096
container_name: aro-rp
depends_on:
vpn:
condition: service_healthy
command: ["rp"]
secrets:
- source: proxy-client-key
target: /app/secrets/proxy-client.key
- source: proxy-client-crt
target: /app/secrets/proxy-client.crt
- source: proxy-crt
target: /app/secrets/proxy.crt
- source: hive-kubeconfig
target: /app/secrets/aks.kubeconfig
environment:
# inherit from host
- ADMIN_OBJECT_ID
- ARO_IMAGE
- AZURE_ARM_CLIENT_ID
- AZURE_CLIENT_ID
- AZURE_CLIENT_SECRET
- AZURE_ENVIRONMENT
- AZURE_FP_CLIENT_ID
- AZURE_FP_SERVICE_PRINCIPAL_ID
- AZURE_GATEWAY_CLIENT_ID
- AZURE_GATEWAY_CLIENT_SECRET
- AZURE_GATEWAY_SERVICE_PRINCIPAL_ID
- AZURE_PORTAL_ACCESS_GROUP_IDS
- AZURE_PORTAL_CLIENT_ID
- AZURE_RP_CLIENT_ID
- AZURE_RP_CLIENT_SECRET
- AZURE_SERVICE_PRINCIPAL_ID
- AZURE_SUBSCRIPTION_ID
- AZURE_TENANT_ID
- DATABASE_ACCOUNT_NAME
- DATABASE_NAME
- DOMAIN_NAME
- KEYVAULT_PREFIX
- LOCATION
- MOCK_MSI_CERT
- MOCK_MSI_CLIENT_ID
- MOCK_MSI_TENANT_ID
- OIDC_STORAGE_ACCOUNT_NAME
- PARENT_DOMAIN_NAME
- PARENT_DOMAIN_RESOURCEGROUP
- PROXY_HOSTNAME
- PULL_SECRET
- RESOURCEGROUP
- SECRET_SA_ACCOUNT_NAME
- STORAGE_ACCOUNT_DOMAIN
# override
- ARO_ADOPT_BY_HIVE=true
- ARO_CHECKOUT_PATH=/app
- ARO_INSTALL_VIA_HIVE=true
- HIVE_KUBE_CONFIG_PATH=/app/secrets/aks.kubeconfig
- KUBECONFIG=/app/secrets/aks.kubeconfig
- RP_MODE=development
expose:
- "8443"
ports:
- "127.0.0.1:8443:8443"
healthcheck:
test: ["CMD", "curl", "-k", "http://localhost:8443/healthz"]
interval: 30s
timeout: 30s
retries: 3
restart: on-failure:3
portal:
image: ${LOCAL_ARO_RP_IMAGE}:${VERSION}
container_name: aro-portal
depends_on:
rp:
condition: service_healthy
environment:
- RP_MODE
- AZURE_SUBSCRIPTION_ID
- AZURE_TENANT_ID
- LOCATION
- RESOURCEGROUP
- AZURE_PORTAL_CLIENT_ID
- AZURE_PORTAL_ELEVATED_GROUP_IDS
- AZURE_PORTAL_ACCESS_GROUP_IDS
- AZURE_RP_CLIENT_SECRET
- AZURE_RP_CLIENT_ID
- KEYVAULT_PREFIX
- DATABASE_ACCOUNT_NAME
- DATABASE_NAME
- NO_NPM=1
ports:
- "127.0.0.1:8444:8444"
- "127.0.0.1:2222:2222"
secrets:
- source: proxy-client-key
target: /app/secrets/proxy-client.key
- source: proxy-client-crt
target: /app/secrets/proxy-client.crt
- source: proxy-crt
target: /app/secrets/proxy.crt
cap_drop:
- NET_RAW
command: ["portal"]
restart: on-failure:3
healthcheck:
test: ["CMD", "curl", "-k", "http://localhost:8444/healthz"]
interval: 30s
timeout: 10s
retries: 3
secrets:
proxy-client-key:
file: ./secrets/proxy-client.key
proxy-client-crt:
file: ./secrets/proxy-client.crt
proxy-crt:
file: ./secrets/proxy.crt
hive-kubeconfig:
file: ./aks.kubeconfig