-
Notifications
You must be signed in to change notification settings - Fork 4
Expand file tree
/
Copy pathdocker-compose.arm64.yaml
More file actions
124 lines (115 loc) · 3.63 KB
/
docker-compose.arm64.yaml
File metadata and controls
124 lines (115 loc) · 3.63 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
# Copyright IBM Corp. 2021, 2025
# SPDX-License-Identifier: MPL-2.0
version: "3.9"
services:
app:
build: WebService/
environment:
VAULT_ADDRESS: http://vault-server:8200
VAULT_APPROLE_ROLE_ID: demo-web-app
VAULT_APPROLE_SECRET_ID_FILE: /tmp/secret
VAULT_API_KEY_PATH: api-key
VAULT_API_KEY_FIELD: api-key-descriptor
VAULT_DATABASE_CREDENTIALS_ROLE: dev-readonly
DATABASE_DATA_SOURCE: tcp:database,1433
DATABASE_INITIAL_CATALOG: example
DATABASE_TIMEOUT: 30
SECURE_SERVICE_ENDPOINT: http://secure-service/api
volumes:
- type: volume
source: trusted-orchestrator-volume
target: /tmp
ports:
- 80:80
depends_on:
vault-server:
condition: service_healthy
trusted-orchestrator:
condition: service_healthy
database-data:
condition: service_completed_successfully
secure-service:
condition: service_healthy
vault-server:
build: ./setup/vault-server/
cap_add:
- IPC_LOCK
environment:
VAULT_DEV_ROOT_TOKEN_ID: root
APPROLE_ROLE_ID: demo-web-app
ORCHESTRATOR_TOKEN: insecure_token
DATABASE_HOSTNAME: database
DATABASE_PORT: 1433
ports:
- 8200:8200
depends_on:
database-data:
condition: service_completed_successfully
trusted-orchestrator:
build: ./setup/trusted-orchestrator
environment:
VAULT_ADDRESS: http://vault-server:8200
ORCHESTRATOR_TOKEN: insecure_token
volumes:
- type: volume
source: trusted-orchestrator-volume
target: /tmp
depends_on:
vault-server:
condition: service_healthy
# docker-compose.arm64.yaml uses mcr.microsoft.com/azure-sql-edge and
# mcr.microsoft.com/mssql-tools images in place of the default
# mcr.microsoft.com/mssql/server image. This is to work around mssql/server's
# incompatibility with arm64 architecture
database:
image: mcr.microsoft.com/azure-sql-edge:latest
init: true
environment:
ACCEPT_EULA: y
MSSQL_SA_PASSWORD: DatabaseAdminPassword1
MSSQL_PID: Developer
cap_add:
- SYS_PTRACE
ports:
- 1433:1433
database-data:
image: mcr.microsoft.com/mssql-tools
init: true
environment:
DATABASE_HOSTNAME: database
DATABASE_PORT: 1433
SA_PASSWORD: DatabaseAdminPassword1
volumes:
- type: bind
source: setup/database
target: /home/database/.
command: [ "/home/database/populate.sh" ]
depends_on:
database:
condition: service_started
# a simulated 3rd party service that requires a specific header to get a 200 response
secure-service:
image: nginx:latest
environment:
EXPECTED_API_KEY: my-secret-key # sets the expected value for incoming requests' header X-API-KEY
volumes:
- type: bind
source: ./setup/secure-service/default.conf.template
target: /etc/nginx/templates/default.conf.template
ports:
- 8080:80
healthcheck:
test: curl --fail -s http://localhost/healthcheck || exit 1
start_period: 1s
interval: 1s
timeout: 1s
retries: 30
# a dummy service which blocks "docker compose up -d" from returning until all services are up & healthy
app-healthy:
image: alpine:latest
command: [ "echo", "all services are up & healthy" ]
depends_on:
app:
condition: service_healthy
volumes:
trusted-orchestrator-volume: