mosaic/stack
1
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases 2 Wiki Activity
Files
4e96a32714da6b0994c1ca1727c93fe74c858ba8
stack/docker-compose.openbao.yml
Jason Woltje 4e96a32714
All checks were successful
ci/woodpecker/push/infra Pipeline was successful
Details
ci/woodpecker/push/orchestrator Pipeline was successful
Details
ci/woodpecker/push/coordinator Pipeline was successful
Details
ci/woodpecker/push/web Pipeline was successful
Details
ci/woodpecker/push/api Pipeline was successful
Details
chore: switch from develop/dev to main/latest image tags 
Remove develop branch references from CI, compose, env, and docs
now that all development uses trunk-based workflow on main.

- CI: remove develop branch filters and dev tag logic
- Compose: default IMAGE_TAG from dev to latest
- Env: update IMAGE_TAG default and comments
- Docs: update branching strategy, PR targets, and image tag docs

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-21 16:01:05 -06:00

86 lines
2.3 KiB
YAML
Raw Blame History

# ==============================================
# OpenBao Secrets Vault - Swarm / Portainer Stack
# ==============================================
#
# Deploy via Portainer or Docker Swarm:
# docker stack deploy -c docker-compose.openbao.yml stack-openbao
#
# Connects to the main Mosaic stack's overlay network (mosaic_internal).
# The init sidecar auto-initializes and unseals OpenBao on first run.
# ==============================================
services:
# ======================
# OpenBao Secrets Vault
# ======================
openbao:
image: git.mosaicstack.dev/mosaic/stack-openbao:${IMAGE_TAG:-latest}
entrypoint: ["dumb-init", "--"]
command: ["bao", "server", "-config=/openbao/config/config.hcl"]
environment:
OPENBAO_ADDR: http://0.0.0.0:8200
volumes:
- openbao_data:/openbao/data
- openbao_logs:/openbao/logs
- openbao_init:/openbao/init
cap_add:
- IPC_LOCK
healthcheck:
test:
[
"CMD-SHELL",
"wget --spider --quiet 'http://localhost:8200/v1/sys/health?standbyok=true&uninitcode=200&sealedcode=200'",
]
interval: 10s
timeout: 5s
retries: 5
start_period: 30s
networks:
- mosaic_internal
deploy:
restart_policy:
condition: on-failure
# ======================
# OpenBao Init Sidecar
# ======================
# Auto-initializes and unseals OpenBao on first run.
# Has built-in retry logic (polls OpenBao API for 60 seconds).
# After init, runs an unseal watch loop to handle container restarts.
openbao-init:
image: git.mosaicstack.dev/mosaic/stack-openbao:${IMAGE_TAG:-latest}
command: /openbao/init.sh
environment:
VAULT_ADDR: http://openbao:8200
volumes:
- openbao_init:/openbao/init
networks:
- mosaic_internal
deploy:
restart_policy:
condition: on-failure
max_attempts: 5
delay: 10s
# ======================
# Volumes
# ======================
volumes:
openbao_data:
name: mosaic-openbao-data
driver: local
openbao_logs:
name: mosaic-openbao-logs
driver: local
openbao_init:
name: mosaic-openbao-init
driver: local
# ======================
# Networks
# ======================
networks:
mosaic_internal:
external: true
name: mosaic_internal
Reference in New Issue View Git Blame Copy Permalink