Files
step-ca_postgres/compose.yaml

85 lines
2.3 KiB
YAML

name: step-ca
services:
postgres:
image: postgres:16-alpine
container_name: ca-postgres
restart: unless-stopped
environment:
POSTGRES_DB: stepca
POSTGRES_USER: stepca
POSTGRES_PASSWORD_FILE: /run/secrets/postgres_password
volumes:
- postgres-data:/var/lib/postgresql/data
networks:
- ca-internal
secrets:
- postgres_password
healthcheck:
test: ["CMD-SHELL", "pg_isready -U stepca"]
interval: 10s
timeout: 5s
retries: 5
step-ca:
#image: smallstep/step-ca
container_name: ca
build:
context: .
dockerfile: Dockerfile
restart: unless-stopped
stdin_open: true
tty: true
depends_on:
postgres:
condition: service_healthy
ports:
- ${STEP_CA_IP:-127.0.0.1}:${STEP_CA_PORT:-9000}:9000
dns:
- ${DNS_1:-8.8.8.8}
- ${DNS_2:-8.8.4.4}
dns_search:
- ${DNS_SEARCH_1:-localhost}
- ${DNS_SEARCH_2:-local}
- ${DNS_SEARCH_3:-internal}
entrypoint: ["/scripts/init.sh"]
environment:
- DOCKER_STEPCA_INIT_NAME=${STEP_CA_NAME:-Default CA}
- DOCKER_STEPCA_INIT_ISSUER=${STEP_CA_ISSUER:-CN=Default CA, O=Organization, C=US}
- DOCKER_STEPCA_INIT_DNS_NAMES=${STEP_CA_DNS_NAMES:-localhost,ca.local}
- DOCKER_STEPCA_INIT_PROVISIONER_NAME=${STEP_CA_PROVISIONER:-admin}
- DOCKER_STEPCA_INIT_REMOTE_MANAGEMENT=${STEP_CA_REMOTE_MANAGEMENT:-true}
- DOCKER_STEPCA_INIT_ADMIN_SUBJECT=${STEP_CA_ADMIN_SUBJECT:-admin@example.com}
- DOCKER_STEPCA_INIT_SSH=${STEP_CA_SSH:-true}
- DOCKER_STEPCA_INIT_ACME=${STEP_CA_ACME:-true}
- POSTGRES_PASSWORD_FILE=/run/secrets/postgres_password
- DOCKER_STEPCA_INIT_PWD_FILE=/run/secrets/password
volumes:
- stepca-data:/home/step
- ./init.sh:/scripts/init.sh:ro
networks:
- ca-internal
secrets:
- postgres_password
- source: step_pwd
target: /run/secrets/password
alpine:
image: alpine:latest
volumes:
- stepca-data:/step
entrypoint: /bin/ash
volumes:
stepca-data:
name: ca-stepca-data
postgres-data:
name: ca-postgres-data
secrets:
postgres_password:
file: ./secrets/postgres_password.txt
step_pwd:
file: ./secrets/step_pwd.txt
networks:
ca-internal:
driver: bridge