-
Notifications
You must be signed in to change notification settings - Fork 213
/
Copy pathdocker-compose-tls.yml
122 lines (122 loc) · 3.49 KB
/
docker-compose-tls.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
version: "3.5"
services:
elasticsearch:
container_name: temporal-elasticsearch
environment:
- cluster.routing.allocation.disk.threshold_enabled=true
- cluster.routing.allocation.disk.watermark.low=512mb
- cluster.routing.allocation.disk.watermark.high=256mb
- cluster.routing.allocation.disk.watermark.flood_stage=128mb
- discovery.type=single-node
- ES_JAVA_OPTS=-Xms256m -Xmx256m
- ELASTIC_PASSWORD=elastic
- xpack.security.enabled=true
- xpack.security.http.ssl.enabled=true
- xpack.security.http.ssl.key=certs/elasticsearch-key.pem
- xpack.security.http.ssl.certificate=certs/elasticsearch.pem
- xpack.security.http.ssl.certificate_authorities=certs/ca.pem
- xpack.security.transport.ssl.enabled=true
- xpack.security.transport.ssl.key=certs/elasticsearch-key.pem
- xpack.security.transport.ssl.certificate=certs/elasticsearch.pem
- xpack.security.transport.ssl.certificate_authorities=certs/ca.pem
image: elasticsearch:${ELASTICSEARCH_VERSION}
networks:
- temporal-network
expose:
- 9200
volumes:
- temporal_tls_pki:/usr/share/elasticsearch/config/certs
- /var/lib/elasticsearch/data
restart: on-failure
postgresql:
container_name: temporal-postgresql
command:
- "-c"
- "ssl=on"
- "-c"
- "ssl_cert_file=/pki/postgresql.pem"
- "-c"
- "ssl_key_file=/pki/postgresql-key.pem"
- "-c"
- "ssl_ca_file=/pki/ca.pem"
environment:
POSTGRES_PASSWORD: temporal
POSTGRES_USER: temporal
image: postgres:${POSTGRESQL_VERSION}
networks:
- temporal-network
expose:
- 5432
volumes:
- temporal_tls_pki:/pki
- /var/lib/postgresql/data
restart: on-failure
temporal:
container_name: temporal
build:
context: .
dockerfile: tls/Dockerfile.auto-setup-tls
args:
- BASEIMAGE=auto-setup:${TEMPORAL_VERSION}
image: auto-setup-tls:${TEMPORAL_VERSION}
depends_on:
- postgresql
- elasticsearch
environment:
- DB=postgres12
- DB_PORT=5432
- POSTGRES_USER=temporal
- POSTGRES_PWD=temporal
- POSTGRES_SEEDS=postgresql
- SQL_TLS=true
- DYNAMIC_CONFIG_FILE_PATH=config/dynamicconfig/development-sql.yaml
- ENABLE_ES=true
- ES_SEEDS=elasticsearch
- ES_VERSION=v7
- ES_SCHEME=https
- ES_USER=elastic
- ES_PWD=elastic
networks:
- temporal-network
ports:
- 7233:7233
volumes:
- ./dynamicconfig:/etc/temporal/config/dynamicconfig
restart: on-failure
temporal-admin-tools:
container_name: temporal-admin-tools
depends_on:
- temporal
environment:
- TEMPORAL_ADDRESS=temporal:7233
- TEMPORAL_CLI_ADDRESS=temporal:7233
build:
context: .
dockerfile: tls/Dockerfile.admin-tools-tls
args:
- BASEIMAGE=admin-tools:${TEMPORAL_VERSION}
image: temporalio/admin-tools-tls:${TEMPORAL_VERSION}
networks:
- temporal-network
stdin_open: true
tty: true
temporal-ui:
container_name: temporal-ui
depends_on:
- temporal
environment:
- TEMPORAL_ADDRESS=temporal:7233
- TEMPORAL_CORS_ORIGINS=http://localhost:3000
image: temporalio/ui:${TEMPORAL_UI_VERSION}
networks:
- temporal-network
ports:
- 8080:8080
restart: on-failure
networks:
temporal-network:
driver: bridge
name: temporal-network
volumes:
temporal_tls_pki:
external: true