-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathstack.yml
115 lines (110 loc) · 3.19 KB
/
stack.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
version: '3.8'
x-application: &application
image: "${IMAGE_NAME}:${IMAGE_TAG}"
environment:
- AUTO_MIGRATION=yes
- DATABASE_URL=postgres://$POSTGRES_USER:$POSTGRES_PASSWORD@postgres/$POSTGRES_DB
- REDIS_URL=redis://redis:6379 # NOTE: Create standalone Redis for cache for scale
- SECRET_KEY_BASE
- STATUS_CHECK_TOKEN
- SENTRY_DSN
- SENTRY_ENVIRONMENT
- SETTINGS__REGISTER_ALLOWLIST__SPREADSHEET_KEY
- SETTINGS__GAME_DATA__SPREADSHEET_KEY
secrets:
- source: new-era_spreadsheet-service_account
target: /src/app/config/credentials/spreadsheet-service_account.json
depends_on:
- postgres
- redis
services:
postgres:
image: postgres:14.3-alpine
environment:
- POSTGRES_DB
- POSTGRES_USER
- POSTGRES_PASSWORD
deploy:
placement:
constraints:
- node.role != manager
volumes:
- postgres_data:/var/lib/postgresql/data
networks:
- net
redis:
image: redis:7-alpine
command: redis-server --save 60 1 --appendonly yes
deploy:
placement:
constraints:
- node.role != manager
volumes:
- redis_data:/data
networks:
- net
application:
<<: *application
networks:
- net
- traefik-public
deploy:
placement:
constraints:
- node.role != manager
update_config:
parallelism: 2
delay: 3s
order: start-first
failure_action: rollback
labels:
- traefik.enable=true
- traefik.docker.network=traefik-public
# Hosts
- "traefik.http.routers.${DEPLOY_NAME}-http.rule=Host(`${DEPLOY_DOMAIN}`)"
- "traefik.http.routers.${DEPLOY_NAME}-http.entrypoints=web"
- "traefik.http.routers.${DEPLOY_NAME}-http.middlewares=https-redirect"
- "traefik.http.routers.${DEPLOY_NAME}-https.rule=Host(`${DEPLOY_DOMAIN}`)"
- "traefik.http.routers.${DEPLOY_NAME}-https.entrypoints=websecure"
- "traefik.http.routers.${DEPLOY_NAME}-https.tls=true"
- "traefik.http.routers.${DEPLOY_NAME}-https.tls.certresolver=letsencrypt"
- "traefik.http.routers.${DEPLOY_NAME}-https.tls.domains[0].sans=*.${DEPLOY_BASE_DOMAIN}"
- "traefik.http.services.${DEPLOY_NAME}.loadbalancer.server.port=3000"
- "traefik.http.services.${DEPLOY_NAME}.loadbalancer.sticky.cookie=true"
- "traefik.http.services.${DEPLOY_NAME}.loadbalancer.healthcheck.path=/status?token=${STATUS_CHECK_TOKEN}"
sidekiq:
<<: *application
command: sidekiq
healthcheck:
disable: true
networks:
- net
deploy:
placement:
constraints:
- node.role != manager
update_config:
parallelism: 2
delay: 3s
order: start-first
failure_action: rollback
volumes:
postgres_data:
driver_opts:
type: "nfs"
o: "addr=$NFS_SERVER,rw,async,vers=4"
device: ":$POSTGRES_VOLUME_PATH"
redis_data:
driver_opts:
type: "nfs"
o: "addr=$NFS_SERVER,rw,async,vers=4"
device: ":$REDIS_VOLUME_PATH"
networks:
net:
driver: overlay
attachable: true
traefik-public:
external: true
secrets:
new-era_spreadsheet-service_account:
external: true