deploy komodo
This commit is contained in:
parent
ccc272d73b
commit
14da445f2b
3 changed files with 143 additions and 1 deletions
1
.gitignore
vendored
1
.gitignore
vendored
|
|
@ -1 +1,2 @@
|
||||||
.vscode
|
.vscode
|
||||||
|
.env.priv
|
||||||
60
internals/komodo/core.env
Normal file
60
internals/komodo/core.env
Normal file
|
|
@ -0,0 +1,60 @@
|
||||||
|
COMPOSE_LOGGING_DRIVER=local
|
||||||
|
|
||||||
|
#REDACTED DB_USERNAME=
|
||||||
|
#REDACTED DB_PASSWORD=
|
||||||
|
|
||||||
|
#=-------------------------=#
|
||||||
|
#= Komodo Core Environment =#
|
||||||
|
#=-------------------------=#
|
||||||
|
|
||||||
|
KOMODO_HOST=https://deploy.net.enpls.org
|
||||||
|
KOMODO_TITLE=Deploy
|
||||||
|
|
||||||
|
KOMODO_FIRST_SERVER=https://periphery:8120
|
||||||
|
KOMODO_DISABLE_CONFIRM_DIALOG=false
|
||||||
|
|
||||||
|
KOMODO_MONITORING_INTERVAL="15-sec"
|
||||||
|
KOMODO_RESOURCE_POLL_INTERVAL="5-min"
|
||||||
|
|
||||||
|
## Used to auth against periphery. Alt: KOMODO_PASSKEY_FILE
|
||||||
|
#REDACTED KOMODO_PASSKEY=
|
||||||
|
## Used to auth incoming webhooks. Alt: KOMODO_WEBHOOK_SECRET_FILE
|
||||||
|
#REDACTED KOMODO_WEBHOOK_SECRET=
|
||||||
|
## Used to generate jwt. Alt: KOMODO_JWT_SECRET_FILE
|
||||||
|
#REDACTED KOMODO_JWT_SECRET=
|
||||||
|
|
||||||
|
## Enable login with username + password.
|
||||||
|
KOMODO_LOCAL_AUTH=false
|
||||||
|
KOMODO_DISABLE_USER_REGISTRATION=true
|
||||||
|
KOMODO_ENABLE_NEW_USERS=true
|
||||||
|
KOMODO_DISABLE_NON_ADMIN_CREATE=false
|
||||||
|
KOMODO_TRANSPARENT_MODE=false
|
||||||
|
|
||||||
|
## Time to live for jwt tokens.
|
||||||
|
## Options: 1-hr, 12-hr, 1-day, 3-day, 1-wk, 2-wk
|
||||||
|
KOMODO_JWT_TTL="1-day"
|
||||||
|
|
||||||
|
## OIDC Login
|
||||||
|
KOMODO_OIDC_ENABLED=true
|
||||||
|
## Must reachable from Komodo Core container
|
||||||
|
KOMODO_OIDC_PROVIDER=https://connect.enpls.org/oidc
|
||||||
|
## Must be reachable by users (optional if it is the same as above).
|
||||||
|
# KOMODO_OIDC_REDIRECT=https://oidc.provider.external/application/o/komodo
|
||||||
|
## Your client credentials
|
||||||
|
KOMODO_OIDC_CLIENT_ID=gt67wvsdggzhfdgg194d5 # Alt: KOMODO_OIDC_CLIENT_ID_FILE
|
||||||
|
#REDACTED KOMODO_OIDC_CLIENT_SECRET= # Alt: KOMODO_OIDC_CLIENT_SECRET_FILE
|
||||||
|
## Make usernames the full email.
|
||||||
|
# KOMODO_OIDC_USE_FULL_EMAIL=true
|
||||||
|
## Add additional trusted audiences for token claims verification.
|
||||||
|
## Supports comma separated list, and passing with _FILE (for compose secrets).
|
||||||
|
# KOMODO_OIDC_ADDITIONAL_AUDIENCES=abc,123 # Alt: KOMODO_OIDC_ADDITIONAL_AUDIENCES_FILE
|
||||||
|
|
||||||
|
#=------------------------------=#
|
||||||
|
#= Komodo Periphery Environment =#
|
||||||
|
#=------------------------------=#
|
||||||
|
|
||||||
|
## Periphery passkeys must include KOMODO_PASSKEY to authenticate
|
||||||
|
#REDACTED PERIPHERY_PASSKEYS=${PASSKEY}
|
||||||
|
PERIPHERY_SSL_ENABLED=true
|
||||||
|
|
||||||
|
PERIPHERY_INCLUDE_DISK_MOUNTS=/etc/hostname
|
||||||
81
internals/komodo/docker-compose.yaml
Normal file
81
internals/komodo/docker-compose.yaml
Normal file
|
|
@ -0,0 +1,81 @@
|
||||||
|
services:
|
||||||
|
mongo:
|
||||||
|
image: mongo
|
||||||
|
labels:
|
||||||
|
komodo.skip:
|
||||||
|
command: --quiet --wiredTigerCacheSizeGB 0.25
|
||||||
|
restart: unless-stopped
|
||||||
|
logging:
|
||||||
|
driver: ${COMPOSE_LOGGING_DRIVER:-local}
|
||||||
|
networks:
|
||||||
|
- default
|
||||||
|
volumes:
|
||||||
|
- mongo-data:/data/db
|
||||||
|
- mongo-config:/data/configdb
|
||||||
|
environment:
|
||||||
|
MONGO_INITDB_ROOT_USERNAME: ${DB_USERNAME}
|
||||||
|
MONGO_INITDB_ROOT_PASSWORD: ${DB_PASSWORD}
|
||||||
|
env_file:
|
||||||
|
- path: ./core.env
|
||||||
|
- path: ./.env.env
|
||||||
|
core:
|
||||||
|
image: ghcr.io/mbecker20/komodo:${COMPOSE_KOMODO_IMAGE_TAG:-latest}
|
||||||
|
restart: unless-stopped
|
||||||
|
depends_on:
|
||||||
|
- mongo
|
||||||
|
logging:
|
||||||
|
driver: ${COMPOSE_LOGGING_DRIVER:-local}
|
||||||
|
networks:
|
||||||
|
- default
|
||||||
|
ports:
|
||||||
|
- 9120:9120
|
||||||
|
env_file:
|
||||||
|
- path: ./core.env
|
||||||
|
- path: ./.env.env
|
||||||
|
environment:
|
||||||
|
KOMODO_DATABASE_ADDRESS: mongo:27017
|
||||||
|
KOMODO_DATABASE_USERNAME: ${DB_USERNAME}
|
||||||
|
KOMODO_DATABASE_PASSWORD: ${DB_PASSWORD}
|
||||||
|
volumes:
|
||||||
|
- repo-cache:/repo-cache
|
||||||
|
labels:
|
||||||
|
- "traefik.enable=true"
|
||||||
|
- "traefik.http.routers.komodo.entryPoints=websecure"
|
||||||
|
- "traefik.http.routers.komodo.rule=Host(`deploy.net.enpls.org`)"
|
||||||
|
- "traefik.http.routers.komodo.tls=true"
|
||||||
|
- "traefik.http.routers.komodo.tls.certresolver=defaultacme"
|
||||||
|
- "traefik.http.routers.komodo.middlewares=proxyHeader@file,proxyError@file"
|
||||||
|
- "komodo.skip:"
|
||||||
|
|
||||||
|
periphery:
|
||||||
|
image: ghcr.io/mbecker20/periphery:${COMPOSE_KOMODO_IMAGE_TAG:-latest}
|
||||||
|
labels:
|
||||||
|
komodo.skip: # Prevent Komodo from stopping with StopAllContainers
|
||||||
|
restart: unless-stopped
|
||||||
|
logging:
|
||||||
|
driver: ${COMPOSE_LOGGING_DRIVER:-local}
|
||||||
|
networks:
|
||||||
|
- default
|
||||||
|
env_file:
|
||||||
|
- path: ./core.env
|
||||||
|
- path: ./.env.env
|
||||||
|
volumes:
|
||||||
|
- /var/run/docker.sock:/var/run/docker.sock
|
||||||
|
- /proc:/proc
|
||||||
|
- ssl-certs:/etc/komodo/ssl
|
||||||
|
- repos:/etc/komodo/repos
|
||||||
|
- stacks:/etc/komodo/stacks
|
||||||
|
|
||||||
|
volumes:
|
||||||
|
# Mongo
|
||||||
|
mongo-data:
|
||||||
|
mongo-config:
|
||||||
|
# Core
|
||||||
|
repo-cache:
|
||||||
|
# Periphery
|
||||||
|
ssl-certs:
|
||||||
|
repos:
|
||||||
|
stacks:
|
||||||
|
|
||||||
|
networks:
|
||||||
|
default: {}
|
||||||
Loading…
Reference in a new issue