Last active
March 23, 2020 22:44
-
-
Save sue445/a46ac5c02f0015e8a79c2a0332c94b56 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| version: '3.7' | |
| services: | |
| redis: | |
| restart: always | |
| image: sameersbn/redis:4.0.9-2 | |
| command: | |
| - --loglevel warning | |
| deploy: | |
| update_config: | |
| parallelism: 1 | |
| delay: 1s | |
| order: start-first | |
| postgresql: | |
| restart: always | |
| image: sameersbn/postgresql:10-2 | |
| environment: | |
| - DB_USER=gitlab | |
| - DB_PASS= | |
| - DB_NAME=gitlabhq_production | |
| - DB_EXTENSION=pg_trgm | |
| # postgresユーザのパスワードを設定した状態でコンテナを作らないとpgloaderからデータを投入できないので注意 | |
| - PG_PASSWORD= | |
| # NOTE: 明示的にUTCにしないとDBの時刻がズレるため | |
| - TZ=UTC | |
| deploy: | |
| update_config: | |
| parallelism: 1 | |
| delay: 1s | |
| order: start-first | |
| pgbouncer: | |
| restart: always | |
| image: pgbouncer/pgbouncer:1.10.0 | |
| depends_on: | |
| - postgresql | |
| # 設定値は下記を参照 | |
| # * Dockerイメージの環境変数: https://gitlab.com/aztek-io/pgbouncer-container/blob/master/entrypoint.sh | |
| # * pgbouncer.iniの設定: https://pgbouncer.github.io/config.html | |
| environment: | |
| - DATABASES_HOST=postgresql | |
| - DATABASES_USER=gitlab | |
| - DATABASES_PORT=5432 | |
| - PGBOUNCER_LISTEN_PORT=6432 | |
| # c.f. | |
| # * https://about.gitlab.com/2017/10/02/scaling-the-gitlab-database/ | |
| # * https://gitlab.com/gitlab-org/omnibus-gitlab/blob/c7fda3c84dc57fafe830b3318d337c6fea68eae5/files/gitlab-cookbooks/gitlab-ee/attributes/default.rb#L159-261 | |
| - PGBOUNCER_DEFAULT_POOL_SIZE=100 | |
| - PGBOUNCER_RESERVE_POOL_SIZE=5 | |
| - PGBOUNCER_RESERVE_POOL_TIMEOUT=3 | |
| - PGBOUNCER_MAX_CLIENT_CONN=2048 | |
| - PGBOUNCER_POOL_MODE=transaction | |
| - PGBOUNCER_SERVER_IDLE_TIMEOUT=30 | |
| healthcheck: | |
| # pgbouncerが起動しきるまで待つ | |
| # FIXME: できればPostgreSQLに接続可能になるまで待ちたいのだがpsqlが入っていないので厳しい | |
| test: ps aux | grep -v grep | grep pgbouncer | |
| interval: 1s | |
| timeout: 5s | |
| retries: 30 | |
| # FIXME: 念の為待つ | |
| start_period: 30s | |
| deploy: | |
| restart_policy: | |
| condition: on-failure | |
| update_config: | |
| parallelism: 1 | |
| delay: 1s | |
| order: start-first | |
| gitlab: | |
| restart: always | |
| image: sameersbn/gitlab:12.2.1-1 | |
| depends_on: | |
| - redis | |
| - pgbouncer | |
| ports: | |
| - "10080:80" | |
| - "10022:22" | |
| environment: | |
| - DEBUG=false | |
| - DB_HOST=pgbouncer | |
| - DB_PORT=6432 | |
| - DB_USER=gitlab | |
| - DB_PASS= | |
| - DB_NAME=gitlabhq_production | |
| - REDIS_HOST=redis | |
| - REDIS_PORT=6379 | |
| # NOTE: 明示的にUTCにしないとDBの時刻がズレるため | |
| - TZ=UTC | |
| - GITLAB_TIMEZONE=Tokyo | |
| - GITLAB_HTTPS=false | |
| - SSL_SELF_SIGNED=false | |
| - GITLAB_HOST=localhost | |
| - GITLAB_PORT=10080 | |
| - GITLAB_SSH_PORT=10022 | |
| - GITLAB_RELATIVE_URL_ROOT= | |
| - GITLAB_SECRETS_DB_KEY_BASE= | |
| - GITLAB_SECRETS_SECRET_KEY_BASE= | |
| - GITLAB_SECRETS_OTP_KEY_BASE= | |
| - GITLAB_ROOT_PASSWORD= | |
| - GITLAB_ROOT_EMAIL= | |
| - GITLAB_NOTIFY_ON_BROKEN_BUILDS=true | |
| - GITLAB_NOTIFY_PUSHER=false | |
| - [email protected] | |
| - [email protected] | |
| - [email protected] | |
| - GITLAB_BACKUP_SCHEDULE=daily | |
| - GITLAB_BACKUP_TIME=20:00 # NOTE: コンテナ内はUTCなのでJSTだと05:00に動く | |
| - GITLAB_BACKUP_SKIP=artifacts | |
| - GITLAB_BACKUP_ARCHIVE_PERMISSIONS=0644 | |
| - SMTP_ENABLED=false | |
| - SMTP_DOMAIN=www.example.com | |
| - SMTP_HOST=smtp.gmail.com | |
| - SMTP_PORT=587 | |
| - [email protected] | |
| - SMTP_PASS=password | |
| - SMTP_STARTTLS=true | |
| - SMTP_AUTHENTICATION=login | |
| - IMAP_ENABLED=false | |
| - IMAP_HOST=imap.gmail.com | |
| - IMAP_PORT=993 | |
| - [email protected] | |
| - IMAP_PASS=password | |
| - IMAP_SSL=true | |
| - IMAP_STARTTLS=false | |
| - OAUTH_ENABLED=false | |
| - OAUTH_AUTO_SIGN_IN_WITH_PROVIDER= | |
| - OAUTH_ALLOW_SSO= | |
| - OAUTH_BLOCK_AUTO_CREATED_USERS=true | |
| - OAUTH_AUTO_LINK_LDAP_USER=false | |
| - OAUTH_AUTO_LINK_SAML_USER=false | |
| - OAUTH_EXTERNAL_PROVIDERS= | |
| - OAUTH_CAS3_LABEL=cas3 | |
| - OAUTH_CAS3_SERVER= | |
| - OAUTH_CAS3_DISABLE_SSL_VERIFICATION=false | |
| - OAUTH_CAS3_LOGIN_URL=/cas/login | |
| - OAUTH_CAS3_VALIDATE_URL=/cas/p3/serviceValidate | |
| - OAUTH_CAS3_LOGOUT_URL=/cas/logout | |
| - OAUTH_GOOGLE_API_KEY= | |
| - OAUTH_GOOGLE_APP_SECRET= | |
| - OAUTH_GOOGLE_RESTRICT_DOMAIN= | |
| - OAUTH_FACEBOOK_API_KEY= | |
| - OAUTH_FACEBOOK_APP_SECRET= | |
| - OAUTH_TWITTER_API_KEY= | |
| - OAUTH_TWITTER_APP_SECRET= | |
| - OAUTH_GITHUB_API_KEY= | |
| - OAUTH_GITHUB_APP_SECRET= | |
| - OAUTH_GITHUB_URL= | |
| - OAUTH_GITHUB_VERIFY_SSL= | |
| - OAUTH_GITLAB_API_KEY= | |
| - OAUTH_GITLAB_APP_SECRET= | |
| - OAUTH_BITBUCKET_API_KEY= | |
| - OAUTH_BITBUCKET_APP_SECRET= | |
| - OAUTH_SAML_ASSERTION_CONSUMER_SERVICE_URL= | |
| - OAUTH_SAML_IDP_CERT_FINGERPRINT= | |
| - OAUTH_SAML_IDP_SSO_TARGET_URL= | |
| - OAUTH_SAML_ISSUER= | |
| - OAUTH_SAML_LABEL="Our SAML Provider" | |
| - OAUTH_SAML_NAME_IDENTIFIER_FORMAT=urn:oasis:names:tc:SAML:2.0:nameid-format:transient | |
| - OAUTH_SAML_GROUPS_ATTRIBUTE= | |
| - OAUTH_SAML_EXTERNAL_GROUPS= | |
| - OAUTH_SAML_ATTRIBUTE_STATEMENTS_EMAIL= | |
| - OAUTH_SAML_ATTRIBUTE_STATEMENTS_NAME= | |
| - OAUTH_SAML_ATTRIBUTE_STATEMENTS_USERNAME= | |
| - OAUTH_SAML_ATTRIBUTE_STATEMENTS_FIRST_NAME= | |
| - OAUTH_SAML_ATTRIBUTE_STATEMENTS_LAST_NAME= | |
| - OAUTH_CROWD_SERVER_URL= | |
| - OAUTH_CROWD_APP_NAME= | |
| - OAUTH_CROWD_APP_PASSWORD= | |
| - OAUTH_AUTH0_CLIENT_ID= | |
| - OAUTH_AUTH0_CLIENT_SECRET= | |
| - OAUTH_AUTH0_DOMAIN= | |
| - OAUTH_AZURE_API_KEY= | |
| - OAUTH_AZURE_API_SECRET= | |
| - OAUTH_AZURE_TENANT_ID= | |
| # Registry | |
| - GITLAB_REGISTRY_ENABLED=true | |
| - GITLAB_REGISTRY_HOST=registry.example.com | |
| - GITLAB_REGISTRY_PORT=443 | |
| - GITLAB_REGISTRY_API_URL=http://registry:5000 | |
| - GITLAB_REGISTRY_KEY_PATH=/certs/registry.key | |
| - GITLAB_SIGNUP_ENABLED=false | |
| # コンテナ内からhealth check APIを叩くため許可する | |
| - GITLAB_MONITORING_IP_WHITELIST=127.0.0.0/8 | |
| healthcheck: | |
| test: ["CMD", "curl", "-f", "http://localhost/-/liveness"] | |
| interval: 10s | |
| timeout: 5s | |
| # Railsの起動に時間がかかるので長めにとっておく | |
| retries: 100 | |
| start_period: 30s | |
| deploy: | |
| # start-firstであれば新しいコンテナ起動中は新旧コンテナが共存するので1でよい | |
| replicas: 1 | |
| restart_policy: | |
| condition: on-failure | |
| update_config: | |
| # deploy時は1台ずつコンテナを作ることにより有効なコンテナが必ず1台以上いる状態にする | |
| parallelism: 1 | |
| delay: 30s | |
| order: start-first | |
| registry: | |
| image: registry | |
| restart: always | |
| expose: | |
| - "5000" | |
| ports: | |
| - "5000:5000" | |
| environment: | |
| - REGISTRY_LOG_LEVEL=info | |
| - REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=/registry | |
| - REGISTRY_AUTH_TOKEN_REALM=https://git.example.com/jwt/auth | |
| - REGISTRY_AUTH_TOKEN_SERVICE=container_registry | |
| - REGISTRY_AUTH_TOKEN_ISSUER=gitlab-issuer | |
| - REGISTRY_AUTH_TOKEN_ROOTCERTBUNDLE=/certs/registry.crt | |
| - REGISTRY_STORAGE_DELETE_ENABLED=true | |
| deploy: | |
| update_config: | |
| parallelism: 1 | |
| delay: 1s | |
| order: start-first | |
| plantuml: | |
| image: plantuml/plantuml-server:tomcat | |
| restart: always | |
| ports: | |
| - "8082:8080" | |
| deploy: | |
| update_config: | |
| parallelism: 1 | |
| delay: 1s | |
| order: start-first |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment