-
Notifications
You must be signed in to change notification settings - Fork 8
/
Copy pathdocker-compose.instance.yaml
51 lines (43 loc) · 2.04 KB
/
docker-compose.instance.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
#! This is a ytt template file for docker-compose.override.yaml
#! References:
#! https://carvel.dev/ytt
#! https://docs.docker.com/compose/extends/#adding-and-overriding-configuration
#! https://github.com/enigmacurry/d.rymcg.tech#overriding-docker-composeyaml-per-instance
#! ### Standard project vars:
#@ load("@ytt:data", "data")
#@ project = data.values.project
#@ instance = data.values.instance
#@ context = data.values.context
#@ traefik_host = data.values.traefik_host
#@ ip_sourcerange = data.values.ip_sourcerange
#@ ports = [port for port in data.values.ports.split(" ") if port != ""]
#@ enable_http_auth = len(data.values.http_auth.strip()) > 0
#@ http_auth = data.values.http_auth_var
#@ enabled_middlewares = []
#@yaml/text-templated-strings
services:
linux:
#@ service = "linux"
labels:
- "backup-volume.stop-during-backup=true"
#! Services must opt-in to be proxied by Traefik:
- "traefik.enable=true"
#! 'router' is the fully qualified key in traefik for this router/service: project + instance + service
#@ router = "{}-{}-{}".format(project,instance,service)
#! The host matching router rule:
- "traefik.http.routers.(@= router @).rule=Host(`(@= traefik_host @)`)"
- "traefik.http.routers.(@= router @).entrypoints=websecure"
#@ enabled_middlewares.append("{}-ipallowlist".format(router))
- "traefik.http.middlewares.(@= router @)-ipallowlist.ipallowlist.sourcerange=(@= ip_sourcerange @)"
#@ if enable_http_auth:
#@ enabled_middlewares.append("{}-basicauth".format(router))
- "traefik.http.middlewares.(@= router @)-basicauth.basicauth.users=(@= http_auth @)"
- "traefik.http.middlewares.(@= router @)-basicauth.basicauth.headerField=X-Forwarded-User"
#@ end
- "traefik.http.services.(@= router @).loadbalancer.server.port=80"
#! Apply all middlewares (do this at the end!)
- "traefik.http.routers.(@= router @).middlewares=(@= ','.join(enabled_middlewares) @)"
ports:
#@ for port in ports:
- #@ port
#@ end