-
Notifications
You must be signed in to change notification settings - Fork 12
Expand file tree
/
Copy pathdocker-compose.yml
More file actions
113 lines (100 loc) · 3.16 KB
/
docker-compose.yml
File metadata and controls
113 lines (100 loc) · 3.16 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
services:
# Redis with mTLS enabled
redis-mtls:
image: redis:7-alpine
container_name: ff-proxy-redis-mtls
ports:
- "6380:6380"
volumes:
- ./certs:/certs:ro
- ./redis.conf:/tmp/redis.conf:ro
command: ["sh", "-c", "if [ ! -f /tmp/redis.conf ]; then echo 'ERROR: redis.conf file not found at /tmp/redis.conf'; echo 'Please ensure redis.conf exists in the examples/redis_mtls/ directory'; exit 1; fi; echo 'Starting Redis with mTLS configuration...'; redis-server /tmp/redis.conf"]
healthcheck:
test: ["CMD", "redis-cli", "--tls", "--cert", "/certs/client.crt", "--key", "/certs/client.key", "--cacert", "/certs/ca.crt", "-p", "6380", "ping"]
interval: 5s
timeout: 3s
retries: 5
start_period: 10s
networks:
- ff-proxy-network
# Primary ff-proxy instance
primary:
image: "harness/ff-proxy:latest"
container_name: ff-proxy-primary-mtls
environment:
# Logging
- LOG_LEVEL=DEBUG
# Harness Feature Flags configuration
- PROXY_KEY=<your-proxy-key-here>
# Redis connection
- REDIS_ADDRESS=rediss://redis-mtls:6380
# Redis mTLS configuration
- REDIS_MTLS_CA_CERT=/certs/ca.crt
- REDIS_MTLS_CLIENT_CERT=/certs/client.crt
- REDIS_MTLS_CLIENT_KEY=/certs/client.key
# Proxy configuration
- READ_REPLICA=false
- AUTH_SECRET=my-secret-key
# Optional: Redis pool configuration
- REDIS_POOL_SIZE=10
- REDIS_MAX_RETRIES=3
- REDIS_DIAL_TIMEOUT_SECONDS=5
- REDIS_READ_TIMEOUT_SECONDS=3
- REDIS_WRITE_TIMEOUT_SECONDS=3
ports:
- "7001:7000"
volumes:
- ./certs:/certs:ro
depends_on:
redis-mtls:
condition: service_healthy
networks:
- ff-proxy-network
healthcheck:
test: ["CMD", "wget", "--quiet", "--tries=1", "--spider", "http://localhost:7000/health"]
interval: 10s
timeout: 5s
retries: 3
start_period: 15s
# Replica ff-proxy instance
replica:
image: "harness/ff-proxy:latest"
container_name: ff-proxy-replica-mtls
environment:
# Logging
- LOG_LEVEL=INFO
# Redis connection
- REDIS_ADDRESS=rediss://redis-mtls:6380
# Redis mTLS configuration
- REDIS_MTLS_CA_CERT=/certs/ca.crt
- REDIS_MTLS_CLIENT_CERT=/certs/client.crt
- REDIS_MTLS_CLIENT_KEY=/certs/client.key
# Proxy configuration
- READ_REPLICA=true
- AUTH_SECRET=my-secret-key
# Optional: Redis pool configuration
- REDIS_POOL_SIZE=10
- REDIS_MAX_RETRIES=3
- REDIS_DIAL_TIMEOUT_SECONDS=5
- REDIS_READ_TIMEOUT_SECONDS=3
- REDIS_WRITE_TIMEOUT_SECONDS=3
ports:
- "7002:7000"
volumes:
- ./certs:/certs:ro
depends_on:
redis-mtls:
condition: service_healthy
primary:
condition: service_healthy
networks:
- ff-proxy-network
healthcheck:
test: ["CMD", "wget", "--quiet", "--tries=1", "--spider", "http://localhost:7000/health"]
interval: 10s
timeout: 5s
retries: 3
start_period: 20s
networks:
ff-proxy-network:
driver: bridge