From cdba78b51d6766edfd0951a783f3ffdbbab87941 Mon Sep 17 00:00:00 2001 From: Maidul Islam Date: Sun, 28 Apr 2024 20:16:01 -0400 Subject: [PATCH] add docker swarm --- .env.example => docker-swarm/.env-example | 12 +- docker-swarm/haproxy.cfg | 78 +++++++ docker-swarm/stack.yaml | 259 ++++++++++++++++++++++ 3 files changed, 340 insertions(+), 9 deletions(-) rename .env.example => docker-swarm/.env-example (84%) create mode 100644 docker-swarm/haproxy.cfg create mode 100644 docker-swarm/stack.yaml diff --git a/.env.example b/docker-swarm/.env-example similarity index 84% rename from .env.example rename to docker-swarm/.env-example index bdb3e536d0..03d05a08e7 100644 --- a/.env.example +++ b/docker-swarm/.env-example @@ -8,16 +8,10 @@ ENCRYPTION_KEY=6c1fe4e407b8911c104518103505b218 # THIS IS A SAMPLE AUTH_SECRET KEY AND SHOULD NEVER BE USED FOR PRODUCTION AUTH_SECRET=5lrMXKKWCVocS/uerPsl7V+TX/aaUaI7iDkgl3tSmLE= -# Postgres creds -POSTGRES_PASSWORD=infisical -POSTGRES_USER=infisical -POSTGRES_DB=infisical - -# Required -DB_CONNECTION_URI=postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@db:5432/${POSTGRES_DB} - +DB_CONNECTION_URI=postgres://infisical:infisical@haproxy:5433/infisical?sslmode=no-verify # Redis -REDIS_URL=redis://redis:6379 +REDIS_URL=redis://:123456@haproxy:6379 + # Website URL # Required diff --git a/docker-swarm/haproxy.cfg b/docker-swarm/haproxy.cfg new file mode 100644 index 0000000000..3717fedacc --- /dev/null +++ b/docker-swarm/haproxy.cfg @@ -0,0 +1,78 @@ +global + maxconn 10000 + log stdout format raw local0 + +defaults + log global + mode tcp + retries 3 + timeout client 30m + timeout connect 10s + timeout server 30m + timeout check 5s + +listen stats + mode http + bind *:7000 + stats enable + stats uri / + +resolvers hostdns + nameserver dns 127.0.0.11:53 + resolve_retries 3 + timeout resolve 1s + timeout retry 1s + hold valid 5s + +frontend master + bind *:5433 + default_backend master_backend + +frontend replicas + bind *:5434 + default_backend replica_backend + + +backend master_backend + option httpchk GET /master + http-check expect status 200 + default-server inter 3s fall 3 rise 2 on-marked-down shutdown-sessions + server postgres-1 postgres-1:5432 check port 8008 resolvers hostdns + server postgres-2 postgres-2:5432 check port 8008 resolvers hostdns + server postgres-3 postgres-3:5432 check port 8008 resolvers hostdns + +backend replica_backend + option httpchk GET /replica + http-check expect status 200 + default-server inter 3s fall 3 rise 2 on-marked-down shutdown-sessions + server postgres-1 postgres-1:5432 check port 8008 resolvers hostdns + server postgres-2 postgres-2:5432 check port 8008 resolvers hostdns + server postgres-3 postgres-3:5432 check port 8008 resolvers hostdns + + +frontend redis_frontend + bind *:6379 + default_backend redis_backend + +backend redis_backend + option tcp-check + tcp-check send AUTH\ 123456\r\n + tcp-check expect string +OK + tcp-check send PING\r\n + tcp-check expect string +PONG + tcp-check send info\ replication\r\n + tcp-check expect string role:master + tcp-check send QUIT\r\n + tcp-check expect string +OK + server redis_master redis_replica0:6379 check inter 1s + server redis_replica1 redis_replica1:6379 check inter 1s + server redis_replica2 redis_replica2:6379 check inter 1s + +frontend infisical_frontend + bind *:8080 + default_backend infisical_backend + +backend infisical_backend + option httpchk GET /api/status + http-check expect status 200 + server infisical infisical:8080 check inter 1s diff --git a/docker-swarm/stack.yaml b/docker-swarm/stack.yaml new file mode 100644 index 0000000000..11d5f5c624 --- /dev/null +++ b/docker-swarm/stack.yaml @@ -0,0 +1,259 @@ +version: "3" + +services: + haproxy: + image: haproxy:latest + ports: + - '7001:7000' + - '5002:5433' + - '5003:5434' + - '6379:6379' + - '8080:8080' + networks: + - infisical + configs: + - source: haproxy-config + target: /usr/local/etc/haproxy/haproxy.cfg + deploy: + placement: + constraints: + - node.labels.name == node1 + + infisical: + container_name: infisical-backend + image: infisical/infisical:latest-postgres + env_file: .env + ports: + - 80:8080 + environment: + - NODE_ENV=production + networks: + - infisical + secrets: + - env_file + + etcd1: + image: ghcr.io/zalando/spilo-16:3.2-p2 + networks: + - infisical + environment: + ETCD_UNSUPPORTED_ARCH: arm64 + container_name: demo-etcd1 + deploy: + placement: + constraints: + - node.labels.name == node1 + hostname: etcd1 + command: | + etcd --name etcd1 + --listen-client-urls http://0.0.0.0:2379 + --listen-peer-urls=http://0.0.0.0:2380 + --advertise-client-urls http://etcd1:2379 + --initial-cluster=etcd1=http://etcd1:2380,etcd2=http://etcd2:2380,etcd3=http://etcd3:2380 + --initial-advertise-peer-urls=http://etcd1:2380 + --initial-cluster-state=new + + etcd2: + image: ghcr.io/zalando/spilo-16:3.2-p2 + networks: + - infisical + environment: + ETCD_UNSUPPORTED_ARCH: arm64 + container_name: demo-etcd2 + hostname: etcd2 + deploy: + placement: + constraints: + - node.labels.name == node2 + command: | + etcd --name etcd2 + --listen-client-urls http://0.0.0.0:2379 + --listen-peer-urls=http://0.0.0.0:2380 + --advertise-client-urls http://etcd2:2379 + --initial-cluster=etcd1=http://etcd1:2380,etcd2=http://etcd2:2380,etcd3=http://etcd3:2380 + --initial-advertise-peer-urls=http://etcd2:2380 + --initial-cluster-state=new + + etcd3: + image: ghcr.io/zalando/spilo-16:3.2-p2 + networks: + - infisical + environment: + ETCD_UNSUPPORTED_ARCH: arm64 + container_name: demo-etcd3 + hostname: etcd3 + deploy: + placement: + constraints: + - node.labels.name == node3 + command: | + etcd --name etcd3 + --listen-client-urls http://0.0.0.0:2379 + --listen-peer-urls=http://0.0.0.0:2380 + --advertise-client-urls http://etcd3:2379 + --initial-cluster=etcd1=http://etcd1:2380,etcd2=http://etcd2:2380,etcd3=http://etcd3:2380 + --initial-advertise-peer-urls=http://etcd3:2380 + --initial-cluster-state=new + + spolo1: + image: ghcr.io/zalando/spilo-16:3.2-p2 + container_name: postgres-1 + networks: + - infisical + hostname: postgres-1 + environment: + ETCD_HOSTS: etcd1:2379,etcd2:2379,etcd3:2379 + SCOPE: infisical + volumes: + - postgres_data1:/home/postgres/pgdata + deploy: + placement: + constraints: + - node.labels.name == node1 + + spolo2: + image: ghcr.io/zalando/spilo-16:3.2-p2 + container_name: postgres-2 + networks: + - infisical + hostname: postgres-2 + environment: + ETCD_HOSTS: etcd1:2379,etcd2:2379,etcd3:2379 + SCOPE: infisical + volumes: + - postgres_data2:/home/postgres/pgdata + deploy: + placement: + constraints: + - node.labels.name == node2 + + spolo3: + image: ghcr.io/zalando/spilo-16:3.2-p2 + container_name: postgres-3 + networks: + - infisical + hostname: postgres-3 + environment: + ETCD_HOSTS: etcd1:2379,etcd2:2379,etcd3:2379 + SCOPE: infisical + volumes: + - postgres_data3:/home/postgres/pgdata + deploy: + placement: + constraints: + - node.labels.name == node3 + + + redis_replica0: + image: bitnami/redis:6.2.10 + environment: + - REDIS_REPLICATION_MODE=master + - REDIS_PASSWORD=123456 + networks: + - infisical + deploy: + placement: + constraints: + - node.labels.name == node1 + + redis_replica1: + image: bitnami/redis:6.2.10 + environment: + - REDIS_REPLICATION_MODE=slave + - REDIS_MASTER_HOST=redis_replica0 + - REDIS_MASTER_PORT_NUMBER=6379 + - REDIS_MASTER_PASSWORD=123456 + - REDIS_PASSWORD=123456 + networks: + - infisical + deploy: + placement: + constraints: + - node.labels.name == node2 + + redis_replica2: + image: bitnami/redis:6.2.10 + environment: + - REDIS_REPLICATION_MODE=slave + - REDIS_MASTER_HOST=redis_replica0 + - REDIS_MASTER_PORT_NUMBER=6379 + - REDIS_MASTER_PASSWORD=123456 + - REDIS_PASSWORD=123456 + networks: + - infisical + deploy: + placement: + constraints: + - node.labels.name == node3 + + redis_sentinel1: + image: bitnami/redis-sentinel:6.2.10 + environment: + - REDIS_SENTINEL_QUORUM=2 + - REDIS_SENTINEL_DOWN_AFTER_MILLISECONDS=5000 + - REDIS_SENTINEL_FAILOVER_TIMEOUT=60000 + - REDIS_SENTINEL_PORT_NUMBER=26379 + - REDIS_MASTER_HOST=redis_replica1 + - REDIS_MASTER_PORT_NUMBER=6379 + - REDIS_MASTER_PASSWORD=123456 + networks: + - infisical + deploy: + placement: + constraints: + - node.labels.name == node1 + + redis_sentinel2: + image: bitnami/redis-sentinel:6.2.10 + environment: + - REDIS_SENTINEL_QUORUM=2 + - REDIS_SENTINEL_DOWN_AFTER_MILLISECONDS=5000 + - REDIS_SENTINEL_FAILOVER_TIMEOUT=60000 + - REDIS_SENTINEL_PORT_NUMBER=26379 + - REDIS_MASTER_HOST=redis_replica1 + - REDIS_MASTER_PORT_NUMBER=6379 + - REDIS_MASTER_PASSWORD=123456 + networks: + - infisical + deploy: + placement: + constraints: + - node.labels.name == node2 + + redis_sentinel3: + image: bitnami/redis-sentinel:6.2.10 + environment: + - REDIS_SENTINEL_QUORUM=2 + - REDIS_SENTINEL_DOWN_AFTER_MILLISECONDS=5000 + - REDIS_SENTINEL_FAILOVER_TIMEOUT=60000 + - REDIS_SENTINEL_PORT_NUMBER=26379 + - REDIS_MASTER_HOST=redis_replica1 + - REDIS_MASTER_PORT_NUMBER=6379 + - REDIS_MASTER_PASSWORD=123456 + networks: + - infisical + deploy: + placement: + constraints: + - node.labels.name == node3 + +networks: + infisical: + + +volumes: + postgres_data1: + postgres_data2: + postgres_data3: + postgres_data4: + redis0: + redis1: + redis2: + +configs: + haproxy-config: + file: ./haproxy.cfg + +secrets: + env_file: + file: .env \ No newline at end of file