Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Initial SSL for swarm tutorial #107

Closed
wants to merge 11 commits into from
Closed

Initial SSL for swarm tutorial #107

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
7f18911
Initial SSL for swarm tutorial
LucasRoesler Dec 24, 2018
65d048b
Fix duplicate "is" typo
LucasRoesler Dec 28, 2018
d309564
Add missing word to configure traefik intro
LucasRoesler Dec 28, 2018
19b95b4
Fix traefix typo in traefik part number 6
LucasRoesler Dec 28, 2018
f35ceb2
Fix logs debug command
LucasRoesler Dec 28, 2018
9965f0b
Cleanup quotes in the traefik command
LucasRoesler Dec 28, 2018
37b1500
Remove profit section
LucasRoesler Jan 2, 2019
b1b8278
Consolidate traefik configuration steps
LucasRoesler Jan 2, 2019
1657316
Update titles to active voice
LucasRoesler Jan 2, 2019
ce6fecd
Simplify the configure openfaas section
LucasRoesler Jan 2, 2019
0157693
Update guide to use the traefik 2.1.0
LucasRoesler Feb 1, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
265 changes: 265 additions & 0 deletions docs/reference/ssl/compose-example.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,265 @@
version: "3.3"
services:
traefik:
image: traefik:v2.1.3
container_name: "traefik"
command:
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--certificatesresolvers.myhttpchallenge.acme.httpchallenge=true"
- "--certificatesresolvers.myhttpchallenge.acme.httpchallenge.entrypoint=web"
- "--certificatesresolvers.myhttpchallenge.acme.email=<your-email-here>"
- "--certificatesresolvers.myhttpchallenge.acme.storage=/letsencrypt/acme.json"
ports:
- "80:80"
- "443:443"
- "8080:8080"
volumes:
- "./letsencrypt:/letsencrypt"
- "/var/run/docker.sock:/var/run/docker.sock"
networks:
- functions
placement:
constraints: [node.role == manager]

gateway:
ports:
- 8080:8080
image: openfaas/gateway:0.18.10
networks:
- functions
labels:
- "traefik.enable=true"
- "traefik.http.routers.gateway.rule=Host(`gw.example.com`)"
- "traefik.http.routers.gateway.entrypoints=websecure"
- "traefik.http.routers.gateway.tls.certresolver=myhttpchallenge"
environment:
functions_provider_url: "http://faas-swarm:8080/"
read_timeout: "5m5s" # Maximum time to read HTTP request
write_timeout: "5m5s" # Maximum time to write HTTP response
upstream_timeout: "5m" # Maximum duration of upstream function call - should be more than read_timeout and write_timeout
dnsrr: "true" # Temporarily use dnsrr in place of VIP while issue persists on PWD
faas_nats_address: "nats"
faas_nats_port: 4222
direct_functions: "true" # Functions are invoked directly over the overlay network
direct_functions_suffix: ""
basic_auth: "${BASIC_AUTH:-false}"
secret_mount_path: "/run/secrets/"
scale_from_zero: "true" # Enable if you want functions to scale from 0/0 to min replica count upon invoke
max_idle_conns: 1024
max_idle_conns_per_host: 1024
auth_proxy_url: "${AUTH_URL:-}"
auth_proxy_pass_body: "false"
deploy:
resources:
# limits: # Enable if you want to limit memory usage
# memory: 200M
reservations:
memory: 100M
restart_policy:
condition: on-failure
delay: 5s
max_attempts: 20
window: 380s
placement:
constraints:
- "node.platform.os == linux"
secrets:
- basic-auth-user
- basic-auth-password

# auth service provide basic-auth plugin for system APIs
basic-auth-plugin:
image: openfaas/basic-auth-plugin:0.18.10
networks:
- functions
environment:
secret_mount_path: "/run/secrets/"
user_filename: "basic-auth-user"
pass_filename: "basic-auth-password"
deploy:
placement:
constraints:
- "node.role == manager"
- "node.platform.os == linux"
resources:
# limits: # Enable if you want to limit memory usage
# memory: 100M
reservations:
memory: 50M
restart_policy:
condition: on-failure
delay: 5s
max_attempts: 20
window: 380s
secrets:
- basic-auth-user
- basic-auth-password

# Docker Swarm provider
faas-swarm:
volumes:
- "/var/run/docker.sock:/var/run/docker.sock"
image: openfaas/faas-swarm:0.8.2
networks:
- functions
environment:
read_timeout: "5m5s" # set both here, and on your functions
write_timeout: "5m5s" # set both here, and on your functions
DOCKER_API_VERSION: "1.30"
basic_auth: "${BASIC_AUTH:-false}"
secret_mount_path: "/run/secrets/"
deploy:
placement:
constraints:
- "node.role == manager"
- "node.platform.os == linux"
resources:
# limits: # Enable if you want to limit memory usage
# memory: 100M
reservations:
memory: 100M
restart_policy:
condition: on-failure
delay: 5s
max_attempts: 20
window: 380s
secrets:
- basic-auth-user
- basic-auth-password

nats:
image: nats-streaming:0.11.2
# Uncomment the following port mappings if you wish to expose the
# NATS client and/or management ports you must also add `-m 8222` to the command
# ports:
# - 4222:4222
# - 8222:8222
command: "--store memory --cluster_id faas-cluster"
networks:
- functions
deploy:
resources:
limits:
memory: 125M
reservations:
memory: 50M
placement:
constraints:
- "node.platform.os == linux"

queue-worker:
image: openfaas/queue-worker:0.8.4
networks:
- functions
environment:
max_inflight: "1"
ack_wait: "5m5s" # Max duration of any async task / request
basic_auth: "${BASIC_AUTH:-false}"
secret_mount_path: "/run/secrets/"
gateway_invoke: "true"
faas_gateway_address: "gateway"
deploy:
resources:
limits:
memory: 50M
reservations:
memory: 20M
restart_policy:
condition: on-failure
delay: 5s
max_attempts: 20
window: 380s
placement:
constraints:
- "node.platform.os == linux"
secrets:
- basic-auth-user
- basic-auth-password

# End services

# Start monitoring

prometheus:
image: prom/prometheus:v2.11.0
environment:
no_proxy: "gateway"
configs:
- source: prometheus_config
target: /etc/prometheus/prometheus.yml
- source: prometheus_rules
target: /etc/prometheus/alert.rules.yml
command:
- "--config.file=/etc/prometheus/prometheus.yml"
# - '-storage.local.path=/prometheus'
ports:
- 9090:9090
networks:
- functions
deploy:
placement:
constraints:
- "node.role == manager"
- "node.platform.os == linux"
resources:
limits:
memory: 500M
reservations:
memory: 200M

alertmanager:
image: prom/alertmanager:v0.18.0
environment:
no_proxy: "gateway"
command:
- "--config.file=/alertmanager.yml"
- "--storage.path=/alertmanager"
networks:
- functions
# Uncomment the following port mapping if you wish to expose the Prometheus
# Alertmanager UI.
# ports:
# - 9093:9093
deploy:
resources:
limits:
memory: 50M
reservations:
memory: 20M
placement:
constraints:
- "node.role == manager"
- "node.platform.os == linux"
configs:
- source: alertmanager_config
target: /alertmanager.yml
secrets:
- basic-auth-password

configs:
prometheus_config:
file: ./prometheus/prometheus.yml
prometheus_rules:
file: ./prometheus/alert.rules.yml
alertmanager_config:
file: ./prometheus/alertmanager.yml

networks:
functions:
driver: overlay
attachable: true
labels:
- "openfaas=true"

secrets:
basic-auth-user:
external: true
basic-auth-password:
external: true

volumes:
letsencrypt:
Loading