blob: e2358e55fe8e8a0e38fa7244af3a312c0b08b17a (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
|
services:
db:
image: postgres
environment:
POSTGRES_DB: concourse
POSTGRES_PASSWORD: concourse_pass
POSTGRES_USER: concourse_user
PGDATA: /database
POSTGRES_HOST_AUTH_METHOD: trust
healthcheck:
test: ["CMD-SHELL", "pg_isready -U concourse_user -d concourse"]
interval: 3s
timeout: 3s
retries: 5
networks:
- ci
worker:
image: concourse/concourse
command: worker
privileged: true
depends_on:
web:
condition: service_healthy
volumes:
- {{ ci_base }}/volumes/keys/worker:/concourse-keys
networks:
- ci
stop_signal: SIGUSR2
environment:
CONCOURSE_TSA_HOST: web:2222
CONCOURSE_GARDEN_DNS_PROXY_ENABLE: "true"
web:
image: concourse
depends_on:
db:
condition: service_healthy
volumes:
- {{ ci_base }}/volumes/keys/web:/concourse-keys
environment:
- TZ={{ timezone }}
- DEPLOYMENT_TIME={{ deployment_time }}
- CONCOURSE_POSTGRES_HOST: db
- CONCOURSE_POSTGRES_USER: concourse_user
- CONCOURSE_POSTGRES_PASSWORD: concourse_pass
- CONCOURSE_POSTGRES_DATABASE: concourse
- CONCOURSE_EXTERNAL_URL: https://{{ ci_domain }}
- # instead of relying on the default "detect"
- CONCOURSE_WORKER_BAGGAGECLAIM_DRIVER=overlay
- CONCOURSE_CLUSTER_NAME={{ ci_domain }}
- CONCOURSE_OIDC_DISPLAY_NAME={{ domain }} <3
- CONCOURSE_OIDC_CLIENT_ID=concourse
- CONCOURSE_OIDC_CLIENT_SECRET={{ concourse_secret_key }}
- CONCOURSE_OID_ISSUER=https://{{ idm_domain }}/oauth2/openid/concourse/
networks:
- ci
- proxy
healthcheck:
test: ["CMD-SHELL", "curl", "--fail", "http://localhost:8080"]
timeout: 15s
interval: 30s
retries: 3
start_period: 5s
deploy:
mode: replicated
update_config:
parallelism: 1
failure_action: rollback
order: start-first
delay: 5s
monitor: 20s
replicas: 1
labels:
- traefik.enable=true
- traefik.swarm.network=proxy
- traefik.http.routers.ci.tls=true
- traefik.http.routers.ci.tls.certResolver=letsencrypt
- traefik.http.routers.ci.rule=Host(`{{ ci_domain }}`)
- traefik.http.routers.ci.entrypoints=websecure
- traefik.http.services.ci.loadbalancer.server.port=8080
networks:
ci:
proxy:
external: true
|