Skip to content

Commit 1cd5341

Browse files
vonjacketsvonjackets
committed
define a secret management plan, containers no longer run as root
1 parent 61788d9 commit 1cd5341

File tree

6 files changed

+187
-369
lines changed

6 files changed

+187
-369
lines changed

conf/gitlab_compose/docker-compose.yml

Lines changed: 46 additions & 46 deletions
Original file line numberDiff line numberDiff line change
@@ -25,61 +25,61 @@
2525
services:
2626
neo4j:
2727
# user: 7474:7474
28-
image: neo4j:5.10.0-community
29-
restart: unless-stopped
28+
image: neo4j:5.26.2-community
29+
restart: never
3030
environment:
3131
- NEO4J_AUTH=neo4j/somepassword
3232
networks:
3333
- polar
3434
ports:
3535
- '7473:7473'
3636
- '7687:7687'
37+
# volumes:
38+
# - ../neo4j_setup/conf/neo4j.conf:/var/lib/neo4j/conf/neo4j.conf
39+
# - ../certs/neo4j/server_neo4j_certificate.pem:/var/lib/neo4j/certificates/https/tls.crt
40+
# - ../certs/neo4j/server_neo4j_key.pem:/var/lib/neo4j/certificates/https/tls.key
41+
cassini:
42+
image: cassini:0.1.0
43+
networks:
44+
- polar
45+
ports:
46+
- 8080:8080
47+
environment:
48+
- CASSINI_BIND_ADDR=0.0.0.0:8080
49+
- TLS_CA_CERT=/etc/ssl/ca_certificate.pem
50+
- TLS_SERVER_CERT_CHAIN=/etc/ssl/server_cassini_certificate.pem
51+
- TLS_SERVER_KEY=/etc/ssl/server_cassini_key.pem
3752
volumes:
38-
- ../neo4j_setup/conf/neo4j.conf:/var/lib/neo4j/conf/neo4j.conf
39-
- ../certs/neo4j/server_neo4j_certificate.pem:/var/lib/neo4j/certificates/https/tls.crt
40-
- ../certs/neo4j/server_neo4j_key.pem:/var/lib/neo4j/certificates/https/tls.key
41-
# cassini:
42-
# image: cassini:latest
43-
# networks:
44-
# - polar
45-
# ports:
46-
# - 8080:8080
47-
# environment:
48-
# - CASSINI_BIND_ADDR=0.0.0.0:8080
49-
# - TLS_CA_CERT=/etc/ssl/ca_certificate.pem
50-
# - TLS_SERVER_CERT_CHAIN=/etc/ssl/server_polar_certificate.pem
51-
# - TLS_SERVER_KEY=/etc/ssl/server_polar_key.pem
52-
# volumes:
53-
# - ../certs/ca_certificates/ca_certificate.pem:/etc/ssl/ca_certificate.pem:ro
54-
# - ../certs/server/server_polar_key.pem:/etc/ssl/server_polar_key.pem:ro
55-
# - ../certs/server/server_polar_certificate.pem:/etc/ssl/server_polar_certificate.pem:ro
53+
- ../certs/ca_certificates/ca_certificate.pem:/etc/ssl/ca_certificate.pem:ro
54+
- ../certs/server/server_cassini_key.pem:/etc/ssl/server_cassini_key.pem:ro
55+
- ../certs/server/server_cassini_certificate.pem:/etc/ssl/server_cassini_certificate.pem:ro
5656

57-
# gitlab-observer:
58-
# image: polar-gitlab-observer:0.1.0
59-
# depends_on:
60-
# - cassini
61-
# env_file:
62-
# - observer.env
63-
# networks:
64-
# - polar
65-
# volumes:
66-
# - ../certs/ca_certificates/ca_certificate.pem:/etc/ssl/ca_certificate.pem:ro
67-
# - ../certs/client/client_polar_certificate.pem:/etc/ssl/client_polar_certificate.pem:ro
68-
# - ../certs/client/client_polar_key.pem:/etc/ssl/client_polar_key.pem:ro
69-
# - ../certs/host/zscaler.pem:/etc/ssl/proxy_ca.pem:ro
70-
# gitlab-consumer:
71-
# image: polar-gitlab-consumer:0.1.0
72-
# depends_on:
73-
# - cassini
74-
# - neo4j
75-
# env_file:
76-
# - consumer.env
77-
# networks:
78-
# - polar
79-
# volumes:
80-
# - ../certs/ca_certificates/ca_certificate.pem:/etc/ssl/ca_certificate.pem:ro
81-
# - ../certs/client/client_polar_certificate.pem:/etc/ssl/client_polar_certificate.pem:ro
82-
# - ../certs/client/client_polar_key.pem:/etc/ssl/client_polar_key.pem:ro
57+
gitlab-observer:
58+
image: polar-gitlab-observer:0.1.0
59+
depends_on:
60+
- cassini
61+
env_file:
62+
- observer.env
63+
networks:
64+
- polar
65+
volumes:
66+
- ../certs/ca_certificates/ca_certificate.pem:/etc/ssl/ca_certificate.pem:ro
67+
- ../certs/client/client_cassini_certificate.pem:/etc/ssl/client_cassini_certificate.pem:ro
68+
- ../certs/client/client_cassini_key.pem:/etc/ssl/client_cassini_key.pem:ro
69+
- ../certs/host/zscaler.pem:/etc/ssl/proxy_ca.pem:ro
70+
gitlab-consumer:
71+
image: polar-gitlab-consumer:0.1.0
72+
depends_on:
73+
- cassini
74+
- neo4j
75+
env_file:
76+
- consumer.env
77+
networks:
78+
- polar
79+
volumes:
80+
- ../certs/ca_certificates/ca_certificate.pem:/etc/ssl/ca_certificate.pem:ro
81+
- ../certs/client/client_cassini_certificate.pem:/etc/ssl/client_cassini_certificate.pem:ro
82+
- ../certs/client/client_cassini_key.pem:/etc/ssl/client_cassini_key.pem:ro
8383

8484
networks:
8585
polar:

0 commit comments

Comments
 (0)