ExternalVendorCode/open-balena
1
0
Fork 0
mirror of https://github.com/balena-io/open-balena.git synced 2025-01-13 00:10:04 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
a029160caf
open-balena/compose/services.yml
Rich Bayliss a029160caf
feature: Support deployment via balena push to local-mode balenaOS devices 
- remove some `.gitignore` entries as this is also honoured by `balena push`
- added a step to `scripts/quickstart` to produce a single, flat `docker-compose.yml` after running
- set the compose file versions to `2.0` to ensure only supported terms are used in the `docker-compose.yml` file output
- quoted empty env values as these need to be passed in as blank, and not ommitted
- include the MDNS publisher service IF the domain being used is a .local one
- corrected spelling of macOS in script messages
- move sidecar container source into ./src as per convention

Change-type: patch
Signed-off-by: Rich Bayliss <rich@balena.io>
2019-07-30 12:10:01 +01:00

186 lines
5.5 KiB
YAML
Raw Blame History

version: "2.0"
volumes:
certs: {}
cert-provider: {}
db: {}
redis: {}
registry: {}
s3: {}
services:
api:
extends:
file: ./common.yml
service: component
image: balena/open-balena-api:${OPENBALENA_API_VERSION_TAG}
depends_on:
- db
- s3
- redis
environment:
API_VPN_SERVICE_API_KEY: ${OPENBALENA_API_VPN_SERVICE_API_KEY}
BALENA_ROOT_CA: ${OPENBALENA_ROOT_CA}
COOKIE_SESSION_SECRET: ${OPENBALENA_COOKIE_SESSION_SECRET}
DB_HOST: db
DB_PASSWORD: docker
DB_PORT: 5432
DB_USER: docker
DELTA_HOST: delta.${OPENBALENA_HOST_NAME}
DEVICE_CONFIG_OPENVPN_CA: ${OPENBALENA_VPN_CA_CHAIN}
DEVICE_CONFIG_SSH_AUTHORIZED_KEYS: ${OPENBALENA_SSH_AUTHORIZED_KEYS}
HOST: api.${OPENBALENA_HOST_NAME}
IMAGE_MAKER_URL: img.${OPENBALENA_HOST_NAME}
IMAGE_STORAGE_BUCKET: resin-production-img-cloudformation
IMAGE_STORAGE_PREFIX: resinos
IMAGE_STORAGE_ENDPOINT: s3.amazonaws.com
JSON_WEB_TOKEN_EXPIRY_MINUTES: 10080
JSON_WEB_TOKEN_SECRET: ${OPENBALENA_JWT_SECRET}
MIXPANEL_TOKEN: __unused__
PRODUCTION_MODE: "${OPENBALENA_PRODUCTION_MODE}"
PUBNUB_PUBLISH_KEY: __unused__
PUBNUB_SUBSCRIBE_KEY: __unused__
REDIS_HOST: redis
REDIS_PORT: 6379
REGISTRY2_HOST: registry.${OPENBALENA_HOST_NAME}
REGISTRY_HOST: registry.${OPENBALENA_HOST_NAME}
SENTRY_DSN: ""
TOKEN_AUTH_BUILDER_TOKEN: ${OPENBALENA_TOKEN_AUTH_BUILDER_TOKEN}
TOKEN_AUTH_CERT_ISSUER: api.${OPENBALENA_HOST_NAME}
TOKEN_AUTH_CERT_KEY: ${OPENBALENA_TOKEN_AUTH_KEY}
TOKEN_AUTH_CERT_KID: ${OPENBALENA_TOKEN_AUTH_KID}
TOKEN_AUTH_CERT_PUB: ${OPENBALENA_TOKEN_AUTH_PUB}
TOKEN_AUTH_JWT_ALGO: "ES256"
VPN_HOST: vpn.${OPENBALENA_HOST_NAME}
VPN_PORT: 443
VPN_SERVICE_API_KEY: ${OPENBALENA_VPN_SERVICE_API_KEY}
SUPERUSER_EMAIL: ${OPENBALENA_SUPERUSER_EMAIL}
SUPERUSER_PASSWORD: ${OPENBALENA_SUPERUSER_PASSWORD}
registry:
extends:
file: ./common.yml
service: component
image: balena/open-balena-registry:${OPENBALENA_REGISTRY_VERSION_TAG}
depends_on:
- s3
- redis
volumes:
- registry:/data
environment:
API_TOKENAUTH_CRT: ${OPENBALENA_TOKEN_AUTH_PUB}
BALENA_REGISTRY2_HOST: registry.${OPENBALENA_HOST_NAME}
BALENA_ROOT_CA: ${OPENBALENA_ROOT_CA}
BALENA_TOKEN_AUTH_ISSUER: api.${OPENBALENA_HOST_NAME}
BALENA_TOKEN_AUTH_REALM: https://api.${OPENBALENA_HOST_NAME}/auth/v1/token
COMMON_REGION:
REGISTRY2_CACHE_ENABLED: "false"
REGISTRY2_CACHE_ADDR: 127.0.0.1:6379
REGISTRY2_CACHE_DB: 0
REGISTRY2_CACHE_MAXMEMORY_MB: 1024 # megabytes
REGISTRY2_CACHE_MAXMEMORY_POLICY: allkeys-lru
REGISTRY2_S3_BUCKET:
REGISTRY2_S3_KEY:
REGISTRY2_S3_SECRET:
REGISTRY2_SECRETKEY: ${OPENBALENA_REGISTRY_SECRET_KEY}
REGISTRY2_STORAGEPATH: /data
vpn:
extends:
file: ./common.yml
service: component
image: balena/open-balena-vpn:${OPENBALENA_VPN_VERSION_TAG}
depends_on:
- api
cap_add:
- NET_ADMIN
environment:
API_SERVICE_API_KEY: ${OPENBALENA_API_VPN_SERVICE_API_KEY}
BALENA_API_HOST: api.${OPENBALENA_HOST_NAME}
BALENA_ROOT_CA: ${OPENBALENA_ROOT_CA}
BALENA_VPN_PORT: 443
PRODUCTION_MODE: "${OPENBALENA_PRODUCTION_MODE}"
RESIN_VPN_GATEWAY: 10.2.0.1
SENTRY_DSN: ""
VPN_HAPROXY_USEPROXYPROTOCOL: "true"
VPN_OPENVPN_CA_CRT: ${OPENBALENA_VPN_CA}
VPN_OPENVPN_SERVER_CRT: ${OPENBALENA_VPN_SERVER_CRT}
VPN_OPENVPN_SERVER_DH: ${OPENBALENA_VPN_SERVER_DH}
VPN_OPENVPN_SERVER_KEY: ${OPENBALENA_VPN_SERVER_KEY}
VPN_SERVICE_API_KEY: ${OPENBALENA_VPN_SERVICE_API_KEY}
db:
extends:
file: ./common.yml
service: system
image: balena/open-balena-db:${OPENBALENA_DB_VERSION_TAG}
volumes:
- db:/var/lib/postgresql/data
s3:
extends:
file: ./common.yml
service: component
image: balena/open-balena-s3:${OPENBALENA_S3_VERSION_TAG}
volumes:
- s3:/export
environment:
S3_MINIO_ACCESS_KEY: abcdef1234
S3_MINIO_SECRET_KEY: "1234567890"
redis:
extends:
file: ./common.yml
service: system
image: redis:alpine
volumes:
- redis:/data
haproxy:
extends:
file: ./common.yml
service: system
build: ../src/haproxy
depends_on:
- api
- cert-provider
- db
- s3
- redis
- registry
- vpn
ports:
- "80:80"
- "443:443"
- "3128:3128"
expose:
- "222"
- "5432"
- "6379"
networks:
default:
aliases:
- api.${OPENBALENA_HOST_NAME}
- registry.${OPENBALENA_HOST_NAME}
- vpn.${OPENBALENA_HOST_NAME}
- db.${OPENBALENA_HOST_NAME}
- s3.${OPENBALENA_HOST_NAME}
- redis.${OPENBALENA_HOST_NAME}
environment:
BALENA_HAPROXY_CRT: ${OPENBALENA_ROOT_CRT}
BALENA_HAPROXY_KEY: ${OPENBALENA_ROOT_KEY}
BALENA_ROOT_CA: ${OPENBALENA_ROOT_CA}
HAPROXY_HOSTNAME: ${OPENBALENA_HOST_NAME}
volumes:
- certs:/certs:ro
cert-provider:
build: ../src/cert-provider
volumes:
- certs:/certs
- cert-provider:/usr/src/app/certs
environment:
ACTIVE: ${OPENBALENA_ACME_CERT_ENABLED}
DOMAINS: "api.${OPENBALENA_HOST_NAME},registry.${OPENBALENA_HOST_NAME},s3.${OPENBALENA_HOST_NAME},vpn.${OPENBALENA_HOST_NAME}"
OUTPUT_PEM: /certs/open-balena.pem
Reference in New Issue View Git Blame Copy Permalink