64 lines
1.7 KiB
YAML
64 lines
1.7 KiB
YAML
---
|
|
|
|
# Name of this instance (controls job and service name)
|
|
instance: bounca
|
|
|
|
bounca:
|
|
|
|
# Version of BounCA
|
|
version: 0.4.5
|
|
|
|
# The image to use
|
|
image: '[[ .docker.repo ]]bounca:[[ .bounca.version ]]-1'
|
|
|
|
vault:
|
|
# Vault policies to use
|
|
policies:
|
|
- '[[ .instance ]][[ .consul.suffix ]]'
|
|
# Random secrets to generate
|
|
rand_secrets:
|
|
fields:
|
|
- django_secret
|
|
|
|
postgres:
|
|
database: '[[ .instance ]]'
|
|
user: '{{ with secret "[[ .vault.root ]]/database/creds/[[ .instance ]]" }}{{ .Data.username }}{{ end }}'
|
|
password: '{{ with secret "[[ .vault.root ]]/database/creds/[[ .instance ]]" }}{{ .Data.password }}{{ end }}'
|
|
|
|
# Env variable to pass to the container
|
|
env:
|
|
BOUNCA_DB_NAME: '[[ .bounca.postgres.database ]]'
|
|
BOUNCA_DJANGO_SECRET: '{{ with secret "[[ .vault.root ]]/kv/service/[[ .instance ]]" }}{{ .Data.data.django_secret }}{{ end }}'
|
|
|
|
# Public URL where user can reach the app
|
|
public_url: https://pki.example.org
|
|
|
|
# Custom django settings
|
|
django_custom_settings: ""
|
|
|
|
# Wait for postgres to be ready before starting
|
|
wait_for:
|
|
- service: master.postgres[[ .consul.suffix ]]
|
|
|
|
# Connect to the postgres service through the service mesh]
|
|
consul:
|
|
connect:
|
|
upstreams:
|
|
- destination_name: postgres[[ .consul.suffix ]]
|
|
local_bind_port: 5432
|
|
|
|
# Traefik settings
|
|
traefik: {}
|
|
|
|
# Settings for /public, which can be different from the main interface
|
|
# /public expose certificates and CRL so it should usually be publicly accessible
|
|
public:
|
|
traefik:
|
|
auto_rule: false
|
|
router: '[[ .instance ]]-public[[ .consul.suffix ]]'
|
|
|
|
# Resource allocation for the main bounca task
|
|
resources:
|
|
cpu: 200
|
|
memory: 192
|