mosaic/stack
1
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases 2 Wiki Activity
Files
3485ab7883db4a2f25962e10c98645e7c85e6f04
stack/docker-compose.openbao.yml
Jason Woltje 83dee62f0e
Some checks failed
ci/woodpecker/push/woodpecker Pipeline failed
Details
fix(openbao): use simple depends_on syntax for Portainer compatibility 
- Change depends_on from condition-based to simple list syntax
- Fixes: 'Services.openbao-init.depends_on must be a list' error
- Compatible with Portainer's compose parser

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-08 17:38:40 -06:00

93 lines
2.4 KiB
YAML
Raw Blame History

# ==============================================
# OpenBao Standalone Deployment
# ==============================================
#
# IMPORTANT: This file deploys OpenBao as a STANDALONE container.
# Do NOT include this in docker stack deploy - it will fail due to port binding conflicts.
#
# Usage:
# docker compose -f docker-compose.openbao.yml up -d
#
# This is required when:
# - Using Docker Swarm (stateful services don't work well in swarm)
# - You want OpenBao isolated from the main stack
#
# Alternative: Use external HashiCorp Vault or managed secrets service
# ==============================================
services:
# ======================
# OpenBao Secrets Vault
# ======================
openbao:
image: git.mosaicstack.dev/mosaic/stack-openbao:${IMAGE_TAG:-dev}
container_name: mosaic-openbao
command: server -config=/openbao/config/config.hcl
env_file: .env
environment:
OPENBAO_ADDR: http://0.0.0.0:8200
ports:
- "127.0.0.1:${OPENBAO_PORT:-8200}:8200" # Localhost only for security
volumes:
- openbao_data:/openbao/data
- openbao_logs:/openbao/logs
- openbao_init:/openbao/init
cap_add:
- IPC_LOCK
healthcheck:
test:
- CMD
- wget
- --spider
- --quiet
- http://localhost:8200/v1/sys/health?standbyok=true
interval: 10s
timeout: 5s
retries: 5
start_period: 30s
restart: unless-stopped
networks:
- mosaic_internal
# ======================
# OpenBao Init Sidecar
# ======================
# Auto-initializes and unseals OpenBao on first run
openbao-init:
image: git.mosaicstack.dev/mosaic/stack-openbao:${IMAGE_TAG:-dev}
container_name: mosaic-openbao-init
env_file: .env
command: /openbao/init.sh
environment:
OPENBAO_ADDR: http://openbao:8200
volumes:
- openbao_init:/openbao/init
depends_on:
- openbao
restart: "no"
networks:
- mosaic_internal
# ======================
# Volumes
# ======================
volumes:
openbao_data:
name: mosaic-openbao-data
driver: local
openbao_logs:
name: mosaic-openbao-logs
driver: local
openbao_init:
name: mosaic-openbao-init
driver: local
# ======================
# Networks
# ======================
# Connect to the swarm stack's internal network
networks:
mosaic_internal:
external: true
name: mosaic_internal
Reference in New Issue View Git Blame Copy Permalink