Mainflux.mainflux/docker/addons/vault/docker-compose.yml

# Copyright (c) Mainflux
# SPDX-License-Identifier: Apache-2.0

# This docker-compose file contains optional Vault service for Mainflux platform.
# Since this is optional, this file is dependent of docker-compose file
# from <project_root>/docker. In order to run these services, execute command:
# docker-compose -f docker/docker-compose.yml -f docker/addons/vault/docker-compose.yml up
# from project root. Vault default port (8200) is exposed, so you can use Vault CLI tool for
# vault inspection and administration, as well as access the UI.

version: '3.7'

networks:
  mainflux-base-net:

volumes:
  mainflux-vault-volume:

services:
  vault:
    image: vault:1.12.2
    container_name: mainflux-vault
    ports:
      - ${MF_VAULT_PORT}:8200
    networks:
      - mainflux-base-net
    volumes:
      - mainflux-vault-volume:/vault/file
      - mainflux-vault-volume:/vault/logs
      - ./config.hcl:/vault/config/config.hcl
      - ./entrypoint.sh:/entrypoint.sh
    environment:
      VAULT_ADDR: http://127.0.0.1:${MF_VAULT_PORT}
      MF_VAULT_PORT: ${MF_VAULT_PORT}
      MF_VAULT_UNSEAL_KEY_1: ${MF_VAULT_UNSEAL_KEY_1}
      MF_VAULT_UNSEAL_KEY_2: ${MF_VAULT_UNSEAL_KEY_2}
      MF_VAULT_UNSEAL_KEY_3: ${MF_VAULT_UNSEAL_KEY_3}
    entrypoint: /bin/sh
    command: /entrypoint.sh
    cap_add:
      - IPC_LOCK
NOISSSUE - Vault integration as an addon. (#1266) Integrates Vault PKI service as a service addon. Also adds some helper scripts to help setup the CA in Vault, as well as some docs to explain how to use them. Originally based from https://github.com/mteodor/vault. Signed-off-by: Joao Matos <joao@tritao.eu> Co-authored-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> 2020-11-01 04:44:25 +08:00			`# Copyright (c) Mainflux`
			`# SPDX-License-Identifier: Apache-2.0`

			`# This docker-compose file contains optional Vault service for Mainflux platform.`
			`# Since this is optional, this file is dependent of docker-compose file`
			`# from <project_root>/docker. In order to run these services, execute command:`
			`# docker-compose -f docker/docker-compose.yml -f docker/addons/vault/docker-compose.yml up`
			`# from project root. Vault default port (8200) is exposed, so you can use Vault CLI tool for`
			`# vault inspection and administration, as well as access the UI.`

			`version: '3.7'`

			`networks:`
NOISSUE - Implementation of gRPC mTLS (#1848) Rebase with master and squash commits add: rootCA and clientCA in grpc server add: rootCA and client certificate in grpc client add: docker-compose for grpc-mtls and make target for mtls cert generation fix: typo in makefile fix: loadCertFile function in internal/clients/grpc/connect.go fix: env.parser test remove: commented lines add: make commands update: make commands and grpc clients fix: typo in makefile fix: loadCertFile function in internal/clients/grpc/connect.go remove: commented lines update: make commands and grpc clients update: make commands and docker-compose add: end of line fix: typos in makefile add: end of line fix: typos in makefile revert: grafana port in .env change: loadCertFile function change: certficate logic change: env name and update in compose file fix: makefile remove: tls env var change: ioutil to os for ReadFile change loadfile remove: test which is no needed fix: docker project name single docker-compose file single docker-compose file single docker-compose file fix space and new lines fix makefile add: GRPC_TLS varaible and imporved logging in gRPC Client fix mtls and tls env vars fix mtls and tls env vars grpc_mtls fix docker-compose fix makefile fix const name to go idomatic --------- Signed-off-by: Arvindh <arvindh91@gmail.com> 2023-08-17 01:11:33 +08:00			`mainflux-base-net:`
NOISSSUE - Vault integration as an addon. (#1266) Integrates Vault PKI service as a service addon. Also adds some helper scripts to help setup the CA in Vault, as well as some docs to explain how to use them. Originally based from https://github.com/mteodor/vault. Signed-off-by: Joao Matos <joao@tritao.eu> Co-authored-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> 2020-11-01 04:44:25 +08:00
			`volumes:`
			`mainflux-vault-volume:`

			`services:`
			`vault:`
NOISSUE - Add cert revocation to SDK (#1693) * initial commit Signed-off-by: rodneyosodo <socials@rodneyosodo.com> * fix certificate revoking Signed-off-by: rodneyosodo <socials@rodneyosodo.com> * change from mapstructure to json Signed-off-by: rodneyosodo <socials@rodneyosodo.com> * add comments to serial modification Signed-off-by: rodneyosodo <socials@rodneyosodo.com> * fix typo Signed-off-by: rodneyosodo <socials@rodneyosodo.com> * update vault docker version Signed-off-by: rodneyosodo <socials@rodneyosodo.com> * write env variables Signed-off-by: rodneyosodo <socials@rodneyosodo.com> * change env path Signed-off-by: rodneyosodo <socials@rodneyosodo.com> * return revocation time Signed-off-by: rodneyosodo <socials@rodneyosodo.com> * revert to intermediate CA Signed-off-by: rodneyosodo <socials@rodneyosodo.com> * remove deadcode Signed-off-by: rodneyosodo <socials@rodneyosodo.com> * make revoke cert output readable Signed-off-by: rodneyosodo <socials@rodneyosodo.com> * remove keybits and keytype Signed-off-by: rodneyosodo <socials@rodneyosodo.com> * remove dead code Signed-off-by: rodneyosodo <socials@rodneyosodo.com> * make inline Signed-off-by: rodneyosodo <socials@rodneyosodo.com> * add empty line Signed-off-by: rodneyosodo <socials@rodneyosodo.com> * remove commented code Signed-off-by: rodneyosodo <socials@rodneyosodo.com> * remove keyBits Signed-off-by: rodneyosodo <socials@rodneyosodo.com> * remove keyBits Signed-off-by: rodneyosodo <socials@rodneyosodo.com> Signed-off-by: rodneyosodo <socials@rodneyosodo.com> Co-authored-by: rodneyosodo <socials@rodneyosodo.com> 2023-01-13 21:33:00 +08:00			`image: vault:1.12.2`
NOISSSUE - Vault integration as an addon. (#1266) Integrates Vault PKI service as a service addon. Also adds some helper scripts to help setup the CA in Vault, as well as some docs to explain how to use them. Originally based from https://github.com/mteodor/vault. Signed-off-by: Joao Matos <joao@tritao.eu> Co-authored-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> 2020-11-01 04:44:25 +08:00			`container_name: mainflux-vault`
			`ports:`
			`- ${MF_VAULT_PORT}:8200`
			`networks:`
NOISSUE - Implementation of gRPC mTLS (#1848) Rebase with master and squash commits add: rootCA and clientCA in grpc server add: rootCA and client certificate in grpc client add: docker-compose for grpc-mtls and make target for mtls cert generation fix: typo in makefile fix: loadCertFile function in internal/clients/grpc/connect.go fix: env.parser test remove: commented lines add: make commands update: make commands and grpc clients fix: typo in makefile fix: loadCertFile function in internal/clients/grpc/connect.go remove: commented lines update: make commands and grpc clients update: make commands and docker-compose add: end of line fix: typos in makefile add: end of line fix: typos in makefile revert: grafana port in .env change: loadCertFile function change: certficate logic change: env name and update in compose file fix: makefile remove: tls env var change: ioutil to os for ReadFile change loadfile remove: test which is no needed fix: docker project name single docker-compose file single docker-compose file single docker-compose file fix space and new lines fix makefile add: GRPC_TLS varaible and imporved logging in gRPC Client fix mtls and tls env vars fix mtls and tls env vars grpc_mtls fix docker-compose fix makefile fix const name to go idomatic --------- Signed-off-by: Arvindh <arvindh91@gmail.com> 2023-08-17 01:11:33 +08:00			`- mainflux-base-net`
NOISSSUE - Vault integration as an addon. (#1266) Integrates Vault PKI service as a service addon. Also adds some helper scripts to help setup the CA in Vault, as well as some docs to explain how to use them. Originally based from https://github.com/mteodor/vault. Signed-off-by: Joao Matos <joao@tritao.eu> Co-authored-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> 2020-11-01 04:44:25 +08:00			`volumes:`
			`- mainflux-vault-volume:/vault/file`
			`- mainflux-vault-volume:/vault/logs`
			`- ./config.hcl:/vault/config/config.hcl`
			`- ./entrypoint.sh:/entrypoint.sh`
			`environment:`
			`VAULT_ADDR: http://127.0.0.1:${MF_VAULT_PORT}`
			`MF_VAULT_PORT: ${MF_VAULT_PORT}`
			`MF_VAULT_UNSEAL_KEY_1: ${MF_VAULT_UNSEAL_KEY_1}`
			`MF_VAULT_UNSEAL_KEY_2: ${MF_VAULT_UNSEAL_KEY_2}`
			`MF_VAULT_UNSEAL_KEY_3: ${MF_VAULT_UNSEAL_KEY_3}`
			`entrypoint: /bin/sh`
			`command: /entrypoint.sh`
			`cap_add:`
			`- IPC_LOCK`