-
Notifications
You must be signed in to change notification settings - Fork 0
/
docker-compose.ci.yaml
110 lines (106 loc) · 3.79 KB
/
docker-compose.ci.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
version: "2"
services:
concourse-web:
build: ci
restart: on-failure
command:
- web
ports:
- "8080:8080"
- "8081:8081"
environment:
CONCOURSE_BIND_PORT: "8080"
CONCOURSE_TLS_BIND_PORT: "8081"
CONCOURSE_EXTERNAL_URL: "${ENV_CONCOURSE_URL}"
CONCOURSE_TLS_CERT: "/ci/ca/ci-combined.pem"
CONCOURSE_TLS_KEY: "/ci/ca/ci-key.pem"
CONCOURSE_POSTGRES_HOST: "postgres"
CONCOURSE_POSTGRES_USER: "concourse"
CONCOURSE_POSTGRES_PASSWORD: "concourse"
CONCOURSE_POSTGRES_DATABASE: "concourse"
CONCOURSE_ADD_LOCAL_USER: "test:test"
CONCOURSE_MAIN_TEAM_LOCAL_USER: "test"
CONCOURSE_TSA_HOST_KEY: "/ci/web/tsa_host_key"
CONCOURSE_TSA_AUTHORIZED_KEYS: "/ci/web/authorized_worker_keys"
CONCOURSE_SESSION_SIGNING_KEY: "/ci/web/session_signing_key"
CONCOURSE_TSA_BIND_PORT: "2222"
CONCOURSE_VAULT_URL: "https://vault-server:8200"
CONCOURSE_VAULT_PATH_PREFIX: "/concourse"
CONCOURSE_VAULT_CA_CERT: "/ci/ca/ca.pem"
CONCOURSE_VAULT_AUTH_BACKEND: "cert"
CONCOURSE_VAULT_CLIENT_CERT: "/ci/ca/auth.pem"
CONCOURSE_VAULT_CLIENT_KEY: "/ci/ca/auth-key.pem"
CONCOURSE_VAULT_AUTH_BACKEND_MAX_TTL: "1h"
CONCOURSE_OIDC_DISPLAY_NAME: "DEX"
CONCOURSE_OIDC_ISSUER: "${ENV_ISSUER_URL}"
CONCOURSE_OIDC_CLIENT_ID: "concourse"
CONCOURSE_OIDC_CLIENT_SECRET: "concourse"
CONCOURSE_OIDC_CA_CERT: "/ci/ca/ca.pem"
CONCOURSE_MAIN_TEAM_OIDC_GROUP: "admins"
CONCOURSE_OIDC_USER_NAME_KEY: "email"
CONCOURSE_OIDC_GROUPS_KEY: "groups"
CONCOURSE_OIDC_SCOPE: "openid email profile groups"
CONCOURSE_LDAP_DISPLAY_NAME: "LDAP"
CONCOURSE_LDAP_HOST: "openldap:636"
CONCOURSE_LDAP_BIND_DN: "cn=readonly,dc=contoso,dc=com"
CONCOURSE_LDAP_BIND_PW: "readonly"
CONCOURSE_LDAP_CA_CERT: "/ci/ca/ca.pem"
CONCOURSE_LDAP_USER_SEARCH_BASE_DN: "ou=People,dc=contoso,dc=com"
CONCOURSE_LDAP_USER_SEARCH_FILTER: "(objectClass=person)"
CONCOURSE_LDAP_USER_SEARCH_USERNAME: "cn"
CONCOURSE_LDAP_USER_SEARCH_SCOPE: "one"
CONCOURSE_LDAP_USER_SEARCH_ID_ATTR: "DN"
CONCOURSE_LDAP_USER_SEARCH_EMAIL_ATTR: "mail"
CONCOURSE_LDAP_USER_SEARCH_NAME_ATTR: "cn"
CONCOURSE_LDAP_GROUP_SEARCH_BASE_DN: "ou=Groups,dc=contoso,dc=com"
CONCOURSE_LDAP_GROUP_SEARCH_FILTER: "(objectClass=groupOfUniqueNames)"
CONCOURSE_LDAP_GROUP_SEARCH_SCOPE: "one"
CONCOURSE_LDAP_GROUP_SEARCH_USER_ATTR: "DN"
CONCOURSE_LDAP_GROUP_SEARCH_GROUP_ATTR: "uniqueMember"
CONCOURSE_LDAP_GROUP_SEARCH_NAME_ATTR: "cn"
CONCOURSE_MAIN_TEAM_LDAP_GROUP: "admins"
depends_on:
- postgres
- vault-server
- dexidp
- openldap
concourse-worker-a:
build: ci
restart: on-failure
privileged: true
# entrypoint:
# - /bin/sh
# - -c
# command:
# - |
# apt-get update
# apt-get -y install module-init-tools
# /usr/local/bin/dumb-init /usr/local/bin/concourse worker > /log 2>&1
command:
- worker
environment:
CONCOURSE_TSA_HOST: concourse-web:2222
CONCOURSE_TSA_PUBLIC_KEY: "/ci/worker_a/tsa_host_key.pub"
CONCOURSE_TSA_WORKER_PRIVATE_KEY: "/ci/worker_a/worker_key"
depends_on:
- concourse-web
concourse-worker-b:
build: ci
restart: on-failure
privileged: true
# entrypoint:
# - /bin/sh
# - -c
# command:
# - |
# apt-get update
# apt-get -y install module-init-tools
# /usr/local/bin/dumb-init /usr/local/bin/concourse worker > /log 2>&1
command:
- worker
environment:
CONCOURSE_TSA_HOST: concourse-web:2222
CONCOURSE_TSA_PUBLIC_KEY: "/ci/worker_b/tsa_host_key.pub"
CONCOURSE_TSA_WORKER_PRIVATE_KEY: "/ci/worker_b/worker_key"
depends_on:
- concourse-web