-
Notifications
You must be signed in to change notification settings - Fork 0
/
docker-compose.yml
52 lines (50 loc) · 1.25 KB
/
docker-compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
services:
vault:
image: hashicorp/vault:1.15
container_name: vault
ports:
- 443:443
environment:
VAULT_ADDR: http://127.0.0.1:8200
volumes:
- ./vault/config:/vault/config
- ./vault/certs:/mnt/certs
- vault-data:/vault/file
- vault-logs:/var/log/vault
cap_add:
- IPC_LOCK
networks:
vault-network:
ipv4_address: 172.21.0.10
aliases:
- vault
entrypoint: vault server -config=/vault/config
unseal-sidecar:
image: hashicorp/vault:1.15
container_name: unseal-sidecar
restart: no
environment:
VAULT_ADDR: https://vault:443
VAULT_SKIP_VERIFY: '1'
volumes:
# Store initial root + unseal token to allow for persisted storage over container restarts, see entrypoint
- vault-misc:/vault/operator
- ./scripts/unseal-entrypoint.sh:/usr/local/bin/unseal-entrypoint.sh
networks:
vault-network:
ipv4_address: 172.21.0.11
aliases:
- unseal-sidecar
entrypoint: /usr/local/bin/unseal-entrypoint.sh
depends_on:
vault:
condition: service_started
networks:
vault-network:
ipam:
config:
- subnet: 172.21.0.0/24
volumes:
vault-data:
vault-misc:
vault-logs: