2021-06-11 11:36:21 +00:00
|
|
|
---
|
|
|
|
version: "3.8"
|
|
|
|
|
|
|
|
services:
|
|
|
|
app:
|
2021-06-11 11:40:49 +00:00
|
|
|
image: "decentral1se/keycloak-collective-portal:latest"
|
2021-06-11 14:03:03 +00:00
|
|
|
environment:
|
2021-06-11 16:36:49 +00:00
|
|
|
- APP_SECRET_KEY_FILE=/run/secrets/app_secret_key
|
2021-06-11 14:03:03 +00:00
|
|
|
- KEYCLOAK_CLIENT_ID
|
2021-06-11 14:15:39 +00:00
|
|
|
- KEYCLOAK_CLIENT_SECRET_FILE=/run/secrets/keycloak_client_secret
|
2021-06-11 14:03:03 +00:00
|
|
|
- KEYCLOAK_DOMAIN
|
2021-06-11 14:54:03 +00:00
|
|
|
- KEYCLOAK_REALM
|
2021-06-11 14:03:03 +00:00
|
|
|
secrets:
|
|
|
|
- app_secret_key
|
|
|
|
- keycloak_client_secret
|
2021-06-11 11:36:21 +00:00
|
|
|
networks:
|
2021-06-13 10:09:05 +00:00
|
|
|
- proxy
|
2021-06-11 11:40:49 +00:00
|
|
|
configs:
|
|
|
|
- source: entrypoint_sh
|
|
|
|
target: /usr/local/bin/entrypoint.sh
|
|
|
|
mode: 0555
|
|
|
|
entrypoint: /usr/local/bin/entrypoint.sh
|
2021-06-13 10:09:05 +00:00
|
|
|
deploy:
|
|
|
|
update_config:
|
|
|
|
failure_action: rollback
|
|
|
|
labels:
|
|
|
|
- "traefik.enable=true"
|
|
|
|
- "traefik.http.services.kcp.loadbalancer.server.port=8000"
|
|
|
|
- "traefik.http.routers.kcp.rule=Host(`${DOMAIN}`)"
|
|
|
|
- "traefik.http.routers.kcp.entrypoints=web-secure"
|
|
|
|
- "traefik.http.routers.kcp.tls.certresolver=production"
|
2021-06-11 16:55:01 +00:00
|
|
|
command: |
|
|
|
|
uvicorn
|
|
|
|
--host 0.0.0.0
|
2021-06-11 17:16:52 +00:00
|
|
|
--forwarded-allow-ips="*"
|
2021-06-11 17:05:20 +00:00
|
|
|
--proxy-headers
|
|
|
|
keycloak_collective_portal:app
|
2021-06-11 11:36:21 +00:00
|
|
|
|
|
|
|
networks:
|
|
|
|
proxy:
|
|
|
|
external: true
|
2021-06-11 11:40:49 +00:00
|
|
|
|
|
|
|
configs:
|
|
|
|
entrypoint_sh:
|
|
|
|
name: ${STACK_NAME}_entrypoint_conf_${ENTRYPOINT_CONF_VERSION}
|
|
|
|
file: entrypoint.sh.tmpl
|
|
|
|
template_driver: golang
|
2021-06-11 14:03:03 +00:00
|
|
|
|
|
|
|
secrets:
|
|
|
|
app_secret_key:
|
|
|
|
external: true
|
|
|
|
name: ${STACK_NAME}_app_secret_key_${SECRET_APP_SECRET_KEY}
|
|
|
|
keycloak_client_secret:
|
|
|
|
external: true
|
|
|
|
name: ${STACK_NAME}_keycloak_client_secret_${SECRET_KEYCLOAK_CLIENT_SECRET}
|