deploy komodo

This commit is contained in:
Mael G. 2024-10-20 15:56:25 +02:00
parent ccc272d73b
commit 14da445f2b
3 changed files with 143 additions and 1 deletions

1
.gitignore vendored
View file

@ -1 +1,2 @@
.vscode .vscode
.env.priv

60
internals/komodo/core.env Normal file
View file

@ -0,0 +1,60 @@
COMPOSE_LOGGING_DRIVER=local
#REDACTED DB_USERNAME=
#REDACTED DB_PASSWORD=
#=-------------------------=#
#= Komodo Core Environment =#
#=-------------------------=#
KOMODO_HOST=https://deploy.net.enpls.org
KOMODO_TITLE=Deploy
KOMODO_FIRST_SERVER=https://periphery:8120
KOMODO_DISABLE_CONFIRM_DIALOG=false
KOMODO_MONITORING_INTERVAL="15-sec"
KOMODO_RESOURCE_POLL_INTERVAL="5-min"
## Used to auth against periphery. Alt: KOMODO_PASSKEY_FILE
#REDACTED KOMODO_PASSKEY=
## Used to auth incoming webhooks. Alt: KOMODO_WEBHOOK_SECRET_FILE
#REDACTED KOMODO_WEBHOOK_SECRET=
## Used to generate jwt. Alt: KOMODO_JWT_SECRET_FILE
#REDACTED KOMODO_JWT_SECRET=
## Enable login with username + password.
KOMODO_LOCAL_AUTH=false
KOMODO_DISABLE_USER_REGISTRATION=true
KOMODO_ENABLE_NEW_USERS=true
KOMODO_DISABLE_NON_ADMIN_CREATE=false
KOMODO_TRANSPARENT_MODE=false
## Time to live for jwt tokens.
## Options: 1-hr, 12-hr, 1-day, 3-day, 1-wk, 2-wk
KOMODO_JWT_TTL="1-day"
## OIDC Login
KOMODO_OIDC_ENABLED=true
## Must reachable from Komodo Core container
KOMODO_OIDC_PROVIDER=https://connect.enpls.org/oidc
## Must be reachable by users (optional if it is the same as above).
# KOMODO_OIDC_REDIRECT=https://oidc.provider.external/application/o/komodo
## Your client credentials
KOMODO_OIDC_CLIENT_ID=gt67wvsdggzhfdgg194d5 # Alt: KOMODO_OIDC_CLIENT_ID_FILE
#REDACTED KOMODO_OIDC_CLIENT_SECRET= # Alt: KOMODO_OIDC_CLIENT_SECRET_FILE
## Make usernames the full email.
# KOMODO_OIDC_USE_FULL_EMAIL=true
## Add additional trusted audiences for token claims verification.
## Supports comma separated list, and passing with _FILE (for compose secrets).
# KOMODO_OIDC_ADDITIONAL_AUDIENCES=abc,123 # Alt: KOMODO_OIDC_ADDITIONAL_AUDIENCES_FILE
#=------------------------------=#
#= Komodo Periphery Environment =#
#=------------------------------=#
## Periphery passkeys must include KOMODO_PASSKEY to authenticate
#REDACTED PERIPHERY_PASSKEYS=${PASSKEY}
PERIPHERY_SSL_ENABLED=true
PERIPHERY_INCLUDE_DISK_MOUNTS=/etc/hostname

View file

@ -0,0 +1,81 @@
services:
mongo:
image: mongo
labels:
komodo.skip:
command: --quiet --wiredTigerCacheSizeGB 0.25
restart: unless-stopped
logging:
driver: ${COMPOSE_LOGGING_DRIVER:-local}
networks:
- default
volumes:
- mongo-data:/data/db
- mongo-config:/data/configdb
environment:
MONGO_INITDB_ROOT_USERNAME: ${DB_USERNAME}
MONGO_INITDB_ROOT_PASSWORD: ${DB_PASSWORD}
env_file:
- path: ./core.env
- path: ./.env.env
core:
image: ghcr.io/mbecker20/komodo:${COMPOSE_KOMODO_IMAGE_TAG:-latest}
restart: unless-stopped
depends_on:
- mongo
logging:
driver: ${COMPOSE_LOGGING_DRIVER:-local}
networks:
- default
ports:
- 9120:9120
env_file:
- path: ./core.env
- path: ./.env.env
environment:
KOMODO_DATABASE_ADDRESS: mongo:27017
KOMODO_DATABASE_USERNAME: ${DB_USERNAME}
KOMODO_DATABASE_PASSWORD: ${DB_PASSWORD}
volumes:
- repo-cache:/repo-cache
labels:
- "traefik.enable=true"
- "traefik.http.routers.komodo.entryPoints=websecure"
- "traefik.http.routers.komodo.rule=Host(`deploy.net.enpls.org`)"
- "traefik.http.routers.komodo.tls=true"
- "traefik.http.routers.komodo.tls.certresolver=defaultacme"
- "traefik.http.routers.komodo.middlewares=proxyHeader@file,proxyError@file"
- "komodo.skip:"
periphery:
image: ghcr.io/mbecker20/periphery:${COMPOSE_KOMODO_IMAGE_TAG:-latest}
labels:
komodo.skip: # Prevent Komodo from stopping with StopAllContainers
restart: unless-stopped
logging:
driver: ${COMPOSE_LOGGING_DRIVER:-local}
networks:
- default
env_file:
- path: ./core.env
- path: ./.env.env
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /proc:/proc
- ssl-certs:/etc/komodo/ssl
- repos:/etc/komodo/repos
- stacks:/etc/komodo/stacks
volumes:
# Mongo
mongo-data:
mongo-config:
# Core
repo-cache:
# Periphery
ssl-certs:
repos:
stacks:
networks:
default: {}