-
Notifications
You must be signed in to change notification settings - Fork 8
/
docker-compose.yaml
43 lines (40 loc) · 1.38 KB
/
docker-compose.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
volumes:
config:
services:
config:
build:
context: config
args:
IMAGE: ${STEP_CA_IMAGE}
security_opt:
- no-new-privileges:true
volumes:
- config:/home/step
environment:
- AUTHORITY_CLAIMS_MIN_TLS_CERT_DURATION=${STEP_CA_AUTHORITY_CLAIMS_MIN_TLS_CERT_DURATION}
- AUTHORITY_CLAIMS_MAX_TLS_CERT_DURATION=${STEP_CA_AUTHORITY_CLAIMS_MAX_TLS_CERT_DURATION}
- AUTHORITY_POLICY_X509_ALLOW_DNS=${STEP_CA_AUTHORITY_POLICY_X509_ALLOW_DNS}
- AUTHORITY_CLAIMS_DEFAULT_TLS_CERT_DURATION=${STEP_CA_AUTHORITY_CLAIMS_DEFAULT_TLS_CERT_DURATION}
- AUTHORITY_CLAIMS_DISABLE_RENEWAL=${STEP_CA_AUTHORITY_CLAIMS_DISABLE_RENEWAL}
labels:
- "backup-volume.stop-during-backup=true"
step-ca:
depends_on: [config]
build:
context: step-ca
args:
IMAGE: ${STEP_CA_IMAGE}
security_opt:
- no-new-privileges:true
sysctls:
- net.ipv4.ip_unprivileged_port_start=1024
restart: unless-stopped
environment:
- DOCKER_STEPCA_INIT_NAME=${STEP_CA_TRAEFIK_HOST}
- DOCKER_STEPCA_INIT_DNS_NAMES=localhost,${STEP_CA_TRAEFIK_HOST}
volumes:
- config:/home/step
# All labels are defined in the template: docker-compose.instance.yaml
# The labels will merge together here from the template output:
# docker-compose.override_{DOCKER_CONTEXT}_{INSTANCE}.yaml
labels: []