-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathdocker-compose.yml
More file actions
57 lines (55 loc) · 1.84 KB
/
docker-compose.yml
File metadata and controls
57 lines (55 loc) · 1.84 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
services:
vault:
image: hashicorp/vault:latest
container_name: vault
restart: unless-stopped
ports:
- 8200:8200
volumes:
- ./vault-data:/vault/data
- /etc/localtime:/etc/localtime:ro
command: server
environment:
VAULT_ADDR: "http://0.0.0.0:8200"
VAULT_LOCAL_CONFIG: |
ui = true
cluster_name = "Test Vault Cluster"
api_addr = "http://vault:8200"
log_level = "info"
disable_mlock = true
default_lease_ttl = "168h"
max_lease_ttl = "8760h"
cluster_addr = "http://vault:8201"
storage "raft" {
path = "/vault/data"
node_id = "node-1"
}
listener "tcp" {
address = "0.0.0.0:8200"
tls_disable = "true"
}
cap_add:
- IPC_LOCK
networks:
- vault-network
vault-automator:
build: .
container_name: vault-automator
restart: unless-stopped
volumes:
- ./unseal:/unseal
- /etc/localtime:/etc/localtime:ro
depends_on:
- vault
environment:
VAULT_ADDR: "http://vault:8200" # Vault API address (should match the Vault container)
UNSEAL_FILE: "/unseal/vault-keys.json" # Where to save unseal keys and root token (local path inside container)
VAULT_SHARES: 5 # Number of key shares to split the unseal keys into (for Vault init)
VAULT_THRESHOLD: 3 # Number of keys required to unseal Vault (for Vault init)
POLL_INTERVAL: 5 # How often (in seconds) to check Vault status and unseal if needed
TIMEOUT_SECONDS: 5 # Timeout (in seconds) for Vault status command (prevents hanging)
networks:
- vault-network
networks:
vault-network:
driver: bridge