Jason Woltje
66269fa816
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
- Create docker-compose.portainer.yml - No env_file directive (Portainer doesn't support it) - Port exposed on 0.0.0.0 (Portainer limitation) - Simple depends_on syntax - All environment variables explicit - Create docs/PORTAINER-DEPLOYMENT.md - Complete Portainer deployment guide - Step-by-step instructions - Environment variables reference - Troubleshooting section - Best practices for security and backups - Update README.md - Add Portainer deployment section - Reference Portainer deployment guide Fixes: - 'open /data/compose/94/.env: no such file or directory' - 'ignoring IP-address (127.0.0.1:8200:8200/tcp)' warning Portainer requires different compose syntax than standard docker-compose. This provides a deployment path optimized for Portainer's stack parser. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
96 lines
2.5 KiB
YAML
96 lines
2.5 KiB
YAML
# ==============================================
|
|
# OpenBao Standalone Deployment - Portainer Version
|
|
# ==============================================
|
|
#
|
|
# This file is optimized for Portainer deployment:
|
|
# - No env_file directive (define variables in Portainer's environment editor)
|
|
# - Port exposed on all interfaces (Portainer limitation)
|
|
# - All environment variables explicitly defined
|
|
#
|
|
# Usage in Portainer:
|
|
# 1. Stacks -> Add Stack
|
|
# 2. Name: mosaic-openbao
|
|
# 3. Paste this file content
|
|
# 4. Add environment variables in "Environment variables" section:
|
|
# - IMAGE_TAG=dev
|
|
# - OPENBAO_PORT=8200
|
|
# 5. Deploy
|
|
#
|
|
# SECURITY NOTE: Port 8200 will be exposed on 0.0.0.0 (all interfaces)
|
|
# Use firewall rules to restrict access if needed.
|
|
# ==============================================
|
|
|
|
services:
|
|
# ======================
|
|
# OpenBao Secrets Vault
|
|
# ======================
|
|
openbao:
|
|
image: git.mosaicstack.dev/mosaic/stack-openbao:${IMAGE_TAG:-dev}
|
|
container_name: mosaic-openbao
|
|
command: server -config=/openbao/config/config.hcl
|
|
environment:
|
|
OPENBAO_ADDR: http://0.0.0.0:8200
|
|
ports:
|
|
- "${OPENBAO_PORT:-8200}:8200"
|
|
volumes:
|
|
- openbao_data:/openbao/data
|
|
- openbao_logs:/openbao/logs
|
|
- openbao_init:/openbao/init
|
|
cap_add:
|
|
- IPC_LOCK
|
|
healthcheck:
|
|
test:
|
|
- CMD
|
|
- wget
|
|
- --spider
|
|
- --quiet
|
|
- http://localhost:8200/v1/sys/health?standbyok=true
|
|
interval: 10s
|
|
timeout: 5s
|
|
retries: 5
|
|
start_period: 30s
|
|
restart: unless-stopped
|
|
networks:
|
|
- mosaic_internal
|
|
|
|
# ======================
|
|
# OpenBao Init Sidecar
|
|
# ======================
|
|
# Auto-initializes and unseals OpenBao on first run
|
|
openbao-init:
|
|
image: git.mosaicstack.dev/mosaic/stack-openbao:${IMAGE_TAG:-dev}
|
|
container_name: mosaic-openbao-init
|
|
command: /openbao/init.sh
|
|
environment:
|
|
OPENBAO_ADDR: http://openbao:8200
|
|
volumes:
|
|
- openbao_init:/openbao/init
|
|
depends_on:
|
|
- openbao
|
|
restart: "no"
|
|
networks:
|
|
- mosaic_internal
|
|
|
|
# ======================
|
|
# Volumes
|
|
# ======================
|
|
volumes:
|
|
openbao_data:
|
|
name: mosaic-openbao-data
|
|
driver: local
|
|
openbao_logs:
|
|
name: mosaic-openbao-logs
|
|
driver: local
|
|
openbao_init:
|
|
name: mosaic-openbao-init
|
|
driver: local
|
|
|
|
# ======================
|
|
# Networks
|
|
# ======================
|
|
# Connect to the swarm stack's internal network
|
|
networks:
|
|
mosaic_internal:
|
|
external: true
|
|
name: mosaic_internal
|