opensource/supermq
1
0
Fork 0
mirror of https://github.com/absmach/supermq.git synced 2026-06-23 07:40:17 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
Files
5841d3f7e4a2295a4e60039d8e9575ebabd5dbc4
supermq/docker/supermq-docker/addons/certs/docker-compose.yaml
T
dusan 5841d3f7e4 NOISSUE - Update SMQ 
Signed-off-by: dusan <borovcanindusan1@gmail.com>
2026-03-17 19:57:15 +01:00

162 lines
6.5 KiB
YAML
Raw Blame History

# Copyright (c) Abstract Machines
# SPDX-License-Identifier: Apache-2.0
name: "certs"
networks:
certs-base-net:
driver: bridge
volumes:
openbao-data:
certs-db-volume:
services:
certs:
image: ghcr.io/absmach/certs:${AM_CERTS_RELEASE_TAG}
container_name: certs
depends_on:
openbao:
condition: service_healthy
certs-db:
condition: service_started
restart: on-failure
networks:
- certs-base-net
environment:
AM_CERTS_LOG_LEVEL: ${AM_CERTS_LOG_LEVEL}
AM_CERTS_HTTP_HOST: ${AM_CERTS_HTTP_HOST}
AM_CERTS_HTTP_PORT: ${AM_CERTS_HTTP_PORT}
AM_CERTS_GRPC_HOST: ${AM_CERTS_GRPC_HOST}
AM_CERTS_GRPC_PORT: ${AM_CERTS_GRPC_PORT}
AM_JAEGER_URL: ${AM_JAEGER_URL}
AM_JAEGER_TRACE_RATIO: ${AM_JAEGER_TRACE_RATIO}
AM_CERTS_OPENBAO_HOST: ${AM_CERTS_OPENBAO_HOST}
AM_CERTS_OPENBAO_APP_ROLE: ${AM_CERTS_OPENBAO_APP_ROLE}
AM_CERTS_OPENBAO_APP_SECRET: ${AM_CERTS_OPENBAO_APP_SECRET}
AM_CERTS_OPENBAO_NAMESPACE: ${AM_CERTS_OPENBAO_NAMESPACE}
AM_CERTS_OPENBAO_PKI_PATH: ${AM_CERTS_OPENBAO_PKI_PATH}
AM_CERTS_OPENBAO_ROLE: ${AM_CERTS_OPENBAO_ROLE}
AM_CERTS_OPENBAO_SECRET_ID_TTL: ${AM_CERTS_OPENBAO_SECRET_ID_TTL}
AM_CERTS_DB_HOST: ${AM_CERTS_DB_HOST}
AM_CERTS_DB_PORT: ${AM_CERTS_DB_PORT}
AM_CERTS_DB_USER: ${AM_CERTS_DB_USER}
AM_CERTS_DB_PASS: ${AM_CERTS_DB_PASS}
AM_CERTS_DB: ${AM_CERTS_DB}
AM_CERTS_DB_SSL_MODE: ${AM_CERTS_DB_SSL_MODE}
AM_AUTH_GRPC_URL: ${AM_AUTH_GRPC_URL}
AM_AUTH_GRPC_TIMEOUT: ${AM_AUTH_GRPC_TIMEOUT}
AM_AUTH_GRPC_CLIENT_CERT: ${AM_AUTH_GRPC_CLIENT_CERT:+/auth-grpc-client.crt}
AM_AUTH_GRPC_CLIENT_KEY: ${AM_AUTH_GRPC_CLIENT_KEY:+/auth-grpc-client.key}
AM_AUTH_GRPC_SERVER_CA_CERTS: ${AM_AUTH_GRPC_SERVER_CA_CERTS:+/auth-grpc-server-ca.crt}
AM_DOMAINS_GRPC_URL: ${AM_DOMAINS_GRPC_URL}
AM_DOMAINS_GRPC_TIMEOUT: ${AM_DOMAINS_GRPC_TIMEOUT}
AM_DOMAINS_GRPC_CLIENT_CERT: ${AM_DOMAINS_GRPC_CLIENT_CERT:+/domains-grpc-client.crt}
AM_DOMAINS_GRPC_CLIENT_KEY: ${AM_DOMAINS_GRPC_CLIENT_KEY:+/domains-grpc-client.key}
AM_DOMAINS_GRPC_SERVER_CA_CERTS: ${AM_DOMAINS_GRPC_SERVER_CA_CERTS:+/domains-grpc-server-ca.crt}
AM_CERTS_SECRET: ${AM_CERTS_SECRET}
AM_CERTS_SERVICE_TOKEN_PATH: ${AM_CERTS_SERVICE_TOKEN_PATH}
AM_CERTS_SECRET_ID_PATH: ${AM_CERTS_SECRET_ID_PATH}
AM_CERTS_SECRET_RENEW_THRESHOLD: ${AM_CERTS_SECRET_RENEW_THRESHOLD}
AM_CERTS_SECRET_CHECK_INTERVAL: ${AM_CERTS_SECRET_CHECK_INTERVAL}
SMQ_ALLOW_UNVERIFIED_USER: ${SMQ_ALLOW_UNVERIFIED_USER}
ports:
- ${AM_CERTS_HTTP_PORT}:${AM_CERTS_HTTP_PORT}
- ${AM_CERTS_GRPC_PORT}:${AM_CERTS_GRPC_PORT}
volumes:
- openbao-data:/openbao:ro
- type: bind
source: ${SMQ_ADDONS_CERTS_PATH_PREFIX}${AM_AUTH_GRPC_CLIENT_CERT:-./ssl/certs/dummy/client_cert}
target: /auth-grpc-client.crt
bind:
create_host_path: true
- type: bind
source: ${SMQ_ADDONS_CERTS_PATH_PREFIX}${AM_AUTH_GRPC_CLIENT_KEY:-./ssl/certs/dummy/client_key}
target: /auth-grpc-client.key
bind:
create_host_path: true
- type: bind
source: ${SMQ_ADDONS_CERTS_PATH_PREFIX}${AM_AUTH_GRPC_SERVER_CA_CERTS:-./ssl/certs/dummy/server_ca}
target: /auth-grpc-server-ca.crt
bind:
create_host_path: true
- type: bind
source: ${SMQ_ADDONS_CERTS_PATH_PREFIX}${AM_DOMAINS_GRPC_CLIENT_CERT:-./ssl/certs/dummy/client_cert}
target: /domains-grpc-client.crt
bind:
create_host_path: true
- type: bind
source: ${SMQ_ADDONS_CERTS_PATH_PREFIX}${AM_DOMAINS_GRPC_CLIENT_KEY:-./ssl/certs/dummy/client_key}
target: /domains-grpc-client.key
bind:
create_host_path: true
- type: bind
source: ${SMQ_ADDONS_CERTS_PATH_PREFIX}${AM_DOMAINS_GRPC_SERVER_CA_CERTS:-./ssl/certs/dummy/server_ca}
target: /domains-grpc-server-ca.crt
bind:
create_host_path: true
certs-db:
image: postgres:16.2-alpine
container_name: certs-db
restart: on-failure
networks:
- certs-base-net
command: postgres -c "max_connections=${AM_CERTS_DB_MAX_CONNECTIONS}"
environment:
POSTGRES_USER: ${AM_CERTS_DB_USER}
POSTGRES_PASSWORD: ${AM_CERTS_DB_PASS}
POSTGRES_DB: ${AM_CERTS_DB}
ports:
- 5454:5432
volumes:
- certs-db-volume:/var/lib/postgresql/data
openbao:
image: openbao/openbao:2.4.0
container_name: certs-openbao
restart: on-failure
networks:
- certs-base-net
ports:
- 8200:8200
healthcheck:
test: ["CMD", "sh", "-c", "test -f /opt/openbao/data/service_token"]
interval: 5s
timeout: 3s
retries: 20
start_period: 30s
environment:
- BAO_ADDR=http://127.0.0.1:8200
- BAO_LOG_LEVEL=info
- AM_CERTS_OPENBAO_PKI_ROLE=${AM_CERTS_OPENBAO_ROLE}
- AM_CERTS_OPENBAO_APP_ROLE=${AM_CERTS_OPENBAO_APP_ROLE}
- AM_CERTS_OPENBAO_APP_SECRET=${AM_CERTS_OPENBAO_APP_SECRET}
- AM_CERTS_OPENBAO_SECRET_ID_TTL=${AM_CERTS_OPENBAO_SECRET_ID_TTL}
- AM_CERTS_OPENBAO_NAMESPACE=${AM_CERTS_OPENBAO_NAMESPACE}
- AM_CERTS_OPENBAO_PKI_CA_CN=${AM_CERTS_OPENBAO_PKI_CA_CN}
- AM_CERTS_OPENBAO_PKI_CA_OU=${AM_CERTS_OPENBAO_PKI_CA_OU}
- AM_CERTS_OPENBAO_PKI_CA_O=${AM_CERTS_OPENBAO_PKI_CA_O}
- AM_CERTS_OPENBAO_PKI_CA_C=${AM_CERTS_OPENBAO_PKI_CA_C}
- AM_CERTS_OPENBAO_PKI_CA_L=${AM_CERTS_OPENBAO_PKI_CA_L}
- AM_CERTS_OPENBAO_PKI_CA_ST=${AM_CERTS_OPENBAO_PKI_CA_ST}
- AM_CERTS_OPENBAO_PKI_CA_ADDR=${AM_CERTS_OPENBAO_PKI_CA_ADDR}
- AM_CERTS_OPENBAO_PKI_CA_PO=${AM_CERTS_OPENBAO_PKI_CA_PO}
- AM_CERTS_OPENBAO_PKI_CA_DNS_NAMES=${AM_CERTS_OPENBAO_PKI_CA_DNS_NAMES}
- AM_CERTS_OPENBAO_PKI_CA_IP_ADDRESSES=${AM_CERTS_OPENBAO_PKI_CA_IP_ADDRESSES}
- AM_CERTS_OPENBAO_PKI_CA_URI_SANS=${AM_CERTS_OPENBAO_PKI_CA_URI_SANS}
- AM_CERTS_OPENBAO_PKI_CA_EMAIL_ADDRESSES=${AM_CERTS_OPENBAO_PKI_CA_EMAIL_ADDRESSES}
- AM_CERTS_OPENBAO_UNSEAL_KEY_1=${AM_CERTS_OPENBAO_UNSEAL_KEY_1}
- AM_CERTS_OPENBAO_UNSEAL_KEY_2=${AM_CERTS_OPENBAO_UNSEAL_KEY_2}
- AM_CERTS_OPENBAO_UNSEAL_KEY_3=${AM_CERTS_OPENBAO_UNSEAL_KEY_3}
- AM_CERTS_OPENBAO_ROOT_TOKEN=${AM_CERTS_OPENBAO_ROOT_TOKEN}
cap_add:
- IPC_LOCK
mem_swappiness: 0
volumes:
- openbao-data:/opt/openbao/data
- openbao-data:/opt/openbao/config
- ./openbao-entrypoint.sh:/entrypoint.sh
entrypoint: /bin/sh
command: /entrypoint.sh
Reference in New Issue View Git Blame Copy Permalink