-
-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathcompose.admin.yaml
More file actions
118 lines (113 loc) · 3.22 KB
/
compose.admin.yaml
File metadata and controls
118 lines (113 loc) · 3.22 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
---
services:
worker-redis:
hostname: worker-example-redis
container_name: worker-example-redis
image: redis/redis-stack-server:latest
environment:
- REDIS_ARGS=--requirepass supersecret
healthcheck:
test: ["CMD", "redis-cli", "-a", "supersecret", "ping"]
interval: 5s
timeout: 10s
retries: 3
restart: unless-stopped
ports:
- "6380:6379"
- "8001:8001"
volumes:
- redis-worker-stack_data:/data
networks:
redis-worker-net:
ipv4_address: 100.10.10.15
worker-admin:
build:
context: .
environment:
NODE_ENV: development
WORKER_ADMIN_GRPC_TARGET: worker-service:50052
WORKER_REDIS_ADDR: worker-redis:6379
WORKER_REDIS_PASSWORD: supersecret
WORKER_REDIS_PREFIX: go-worker
WORKER_ADMIN_GRPC_ADDR: 0.0.0.0:50052
WORKER_ADMIN_HTTP_ADDR: 0.0.0.0:8081
WORKER_ADMIN_TLS_CERT: /certs/server.crt
WORKER_ADMIN_TLS_KEY: /certs/server.key
WORKER_ADMIN_TLS_CA: /certs/ca.crt
WORKER_ADMIN_JOB_TARBALL_DIR: /workspace
WORKER_ADMIN_AUDIT_EVENT_LIMIT: "500"
WORKER_ADMIN_AUDIT_EXPORT_LIMIT_MAX: "5000"
volumes:
- ./certs:/certs:ro
- ./:/workspace:ro
ports:
- "8081:8081"
depends_on:
- worker-service
- worker-redis
networks:
- redis-worker-net
worker-service:
build:
context: .
dockerfile: Dockerfile.worker
target: runtime-docker
environment:
WORKER_REDIS_ADDR: worker-redis:6379
WORKER_REDIS_PASSWORD: supersecret
WORKER_REDIS_PREFIX: go-worker
WORKER_GRPC_ADDR: 0.0.0.0:50052
WORKER_CRON_DEFAULT_SPEC: "@every 1m"
WORKER_DURABLE_CRON_HANDLERS: cron_handler
WORKER_JOB_TARBALL_DIR: /workspace
# Kept outside /workspace because that bind mount is read-only; nesting a
# named volume inside a :ro bind mount is unreliable under Docker Desktop's
# VirtioFS (surfaces as EROFS on mkdir during job run).
WORKER_JOB_WORKDIR: /var/lib/go-worker/job-work
WORKER_JOB_EVENT_DIR: /var/lib/go-worker/job-events
WORKER_JOB_EVENT_MAX_ENTRIES: "10000"
WORKER_JOB_EVENT_CACHE_TTL: 5s
WORKER_ADMIN_AUDIT_EVENT_LIMIT: "500"
DOCKER_BUILDKIT: "1"
ports:
- "50052:50052"
depends_on:
- worker-redis
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./:/workspace:ro
- worker-job-work:/var/lib/go-worker/job-work
- worker-job-events:/var/lib/go-worker/job-events
networks:
- redis-worker-net
admin-ui:
build:
context: ./admin-ui
environment:
WORKER_ADMIN_API_URL: https://worker-admin:8081
WORKER_ADMIN_MTLS_CERT: /certs/client.crt
WORKER_ADMIN_MTLS_KEY: /certs/client.key
WORKER_ADMIN_MTLS_CA: /certs/ca.crt
WORKER_ADMIN_PASSWORD: change-me
volumes:
- ./certs:/certs:ro
ports:
- "3000:3000"
depends_on:
- worker-admin
networks:
- redis-worker-net
volumes:
redis-worker-stack_data:
driver: local
worker-job-work:
worker-job-events:
driver: local
networks:
redis-worker-net:
name: redis-worker-net
driver: bridge
attachable: true
ipam:
config:
- subnet: 100.10.10.0/24