48 lines
1.4 KiB
YAML
48 lines
1.4 KiB
YAML
---
|
|
|
|
bounca:
|
|
|
|
# Name of this instance (controls job and service name)
|
|
instance: bounca
|
|
|
|
# The image to use
|
|
image: danielberteaud/bounca:0.4.4-2
|
|
|
|
# Env variable to pass to the container
|
|
env:
|
|
BOUNCA_DB_USER: '{{ with secret "[[ .vault.prefix ]]/database/creds/[[ .bounca.instance ]]" }}{{ .Data.username }}{{ end }}'
|
|
BOUNCA_DB_PASSWORD: '{{ with secret "[[ .vault.prefix ]]/database/creds/[[ .bounca.instance ]]" }}{{ .Data.password }}{{ end }}'
|
|
BOUNCA_DJANGO_SECRET: '{{ with secret "[[ .vault.prefix ]]/kv/service/[[ .bounca.instance ]]" }}{{ .Data.data.django_secret }}{{ end }}'
|
|
|
|
# Public URL where user can reach the app
|
|
public_url: https://pki.example.org
|
|
|
|
# Custom django settings
|
|
django_custom_settings: ""
|
|
|
|
# Wait for postgres to be ready before starting
|
|
wait_for:
|
|
- service: master.postgres[[ .consul.suffix ]]
|
|
|
|
# Connect to the postgres service through the service mesh]
|
|
consul:
|
|
connect:
|
|
upstreams:
|
|
- destination_name: postgres[[ .consul.suffix ]]
|
|
local_bind_port: 5432
|
|
|
|
# Traefik settings
|
|
traefik:
|
|
enabled: true
|
|
|
|
# Settings for /public, which can be different from the main interface
|
|
# /public expose certificates and CRL so it should usually be publicly accessible
|
|
public:
|
|
traefik:
|
|
enabled: true
|
|
|
|
# Resource allocation for the main bounca task
|
|
resources:
|
|
cpu: 200
|
|
memory: 192
|