sue445/docker-compose.yml

## docker-compose.yml
version: '3.7'

services:
  redis:
    restart: always
    image: sameersbn/redis:4.0.9-2
    command:
    - --loglevel warning

    deploy:
      update_config:
        parallelism: 1
        delay: 1s
        order: start-first

  postgresql:
    restart: always
    image: sameersbn/postgresql:10-2
    environment:
    - DB_USER=gitlab
    - DB_PASS=
    - DB_NAME=gitlabhq_production
    - DB_EXTENSION=pg_trgm

    # postgresユーザのパスワードを設定した状態でコンテナを作らないとpgloaderからデータを投入できないので注意
    - PG_PASSWORD=

    # NOTE: 明示的にUTCにしないとDBの時刻がズレるため
    - TZ=UTC

    deploy:
      update_config:
        parallelism: 1
        delay: 1s
        order: start-first

  pgbouncer:
    restart: always
    image: pgbouncer/pgbouncer:1.10.0
    depends_on:
    - postgresql

    # 設定値は下記を参照
    # * Dockerイメージの環境変数: https://gitlab.com/aztek-io/pgbouncer-container/blob/master/entrypoint.sh
    # * pgbouncer.iniの設定: https://pgbouncer.github.io/config.html
    environment:
    - DATABASES_HOST=postgresql
    - DATABASES_USER=gitlab
    - DATABASES_PORT=5432
    - PGBOUNCER_LISTEN_PORT=6432

    # c.f.
    # * https://about.gitlab.com/2017/10/02/scaling-the-gitlab-database/
    # * https://gitlab.com/gitlab-org/omnibus-gitlab/blob/c7fda3c84dc57fafe830b3318d337c6fea68eae5/files/gitlab-cookbooks/gitlab-ee/attributes/default.rb#L159-261
    - PGBOUNCER_DEFAULT_POOL_SIZE=100
    - PGBOUNCER_RESERVE_POOL_SIZE=5
    - PGBOUNCER_RESERVE_POOL_TIMEOUT=3
    - PGBOUNCER_MAX_CLIENT_CONN=2048
    - PGBOUNCER_POOL_MODE=transaction
    - PGBOUNCER_SERVER_IDLE_TIMEOUT=30

    healthcheck:
      # pgbouncerが起動しきるまで待つ
      # FIXME: できればPostgreSQLに接続可能になるまで待ちたいのだがpsqlが入っていないので厳しい
      test: ps aux | grep -v grep | grep pgbouncer
      interval: 1s
      timeout: 5s
      retries: 30

      # FIXME: 念の為待つ
      start_period: 30s

    deploy:
      restart_policy:
        condition: on-failure
      update_config:
        parallelism: 1
        delay: 1s
        order: start-first

  gitlab:
    restart: always
    image: sameersbn/gitlab:12.2.1-1
    depends_on:
    - redis
    - pgbouncer
    ports:
    - "10080:80"
    - "10022:22"
    environment:
    - DEBUG=false

    - DB_HOST=pgbouncer
    - DB_PORT=6432
    - DB_USER=gitlab
    - DB_PASS=
    - DB_NAME=gitlabhq_production

    - REDIS_HOST=redis
    - REDIS_PORT=6379

    # NOTE: 明示的にUTCにしないとDBの時刻がズレるため
    - TZ=UTC
    - GITLAB_TIMEZONE=Tokyo

    - GITLAB_HTTPS=false
    - SSL_SELF_SIGNED=false

    - GITLAB_HOST=localhost
    - GITLAB_PORT=10080
    - GITLAB_SSH_PORT=10022
    - GITLAB_RELATIVE_URL_ROOT=
    - GITLAB_SECRETS_DB_KEY_BASE=
    - GITLAB_SECRETS_SECRET_KEY_BASE=
    - GITLAB_SECRETS_OTP_KEY_BASE=

    - GITLAB_ROOT_PASSWORD=
    - GITLAB_ROOT_EMAIL=

    - GITLAB_NOTIFY_ON_BROKEN_BUILDS=true
    - GITLAB_NOTIFY_PUSHER=false

    - GITLAB_EMAIL=notifications@example.com
    - GITLAB_EMAIL_REPLY_TO=noreply@example.com
    - GITLAB_INCOMING_EMAIL_ADDRESS=reply@example.com

    - GITLAB_BACKUP_SCHEDULE=daily
    - GITLAB_BACKUP_TIME=20:00 # NOTE: コンテナ内はUTCなのでJSTだと05:00に動く
    - GITLAB_BACKUP_SKIP=artifacts
    - GITLAB_BACKUP_ARCHIVE_PERMISSIONS=0644

    - SMTP_ENABLED=false
    - SMTP_DOMAIN=www.example.com
    - SMTP_HOST=smtp.gmail.com
    - SMTP_PORT=587
    - SMTP_USER=mailer@example.com
    - SMTP_PASS=password
    - SMTP_STARTTLS=true
    - SMTP_AUTHENTICATION=login

    - IMAP_ENABLED=false
    - IMAP_HOST=imap.gmail.com
    - IMAP_PORT=993
    - IMAP_USER=mailer@example.com
    - IMAP_PASS=password
    - IMAP_SSL=true
    - IMAP_STARTTLS=false

    - OAUTH_ENABLED=false
    - OAUTH_AUTO_SIGN_IN_WITH_PROVIDER=
    - OAUTH_ALLOW_SSO=
    - OAUTH_BLOCK_AUTO_CREATED_USERS=true
    - OAUTH_AUTO_LINK_LDAP_USER=false
    - OAUTH_AUTO_LINK_SAML_USER=false
    - OAUTH_EXTERNAL_PROVIDERS=

    - OAUTH_CAS3_LABEL=cas3
    - OAUTH_CAS3_SERVER=
    - OAUTH_CAS3_DISABLE_SSL_VERIFICATION=false
    - OAUTH_CAS3_LOGIN_URL=/cas/login
    - OAUTH_CAS3_VALIDATE_URL=/cas/p3/serviceValidate
    - OAUTH_CAS3_LOGOUT_URL=/cas/logout

    - OAUTH_GOOGLE_API_KEY=
    - OAUTH_GOOGLE_APP_SECRET=
    - OAUTH_GOOGLE_RESTRICT_DOMAIN=

    - OAUTH_FACEBOOK_API_KEY=
    - OAUTH_FACEBOOK_APP_SECRET=

    - OAUTH_TWITTER_API_KEY=
    - OAUTH_TWITTER_APP_SECRET=

    - OAUTH_GITHUB_API_KEY=
    - OAUTH_GITHUB_APP_SECRET=
    - OAUTH_GITHUB_URL=
    - OAUTH_GITHUB_VERIFY_SSL=

    - OAUTH_GITLAB_API_KEY=
    - OAUTH_GITLAB_APP_SECRET=

    - OAUTH_BITBUCKET_API_KEY=
    - OAUTH_BITBUCKET_APP_SECRET=

    - OAUTH_SAML_ASSERTION_CONSUMER_SERVICE_URL=
    - OAUTH_SAML_IDP_CERT_FINGERPRINT=
    - OAUTH_SAML_IDP_SSO_TARGET_URL=
    - OAUTH_SAML_ISSUER=
    - OAUTH_SAML_LABEL="Our SAML Provider"
    - OAUTH_SAML_NAME_IDENTIFIER_FORMAT=urn:oasis:names:tc:SAML:2.0:nameid-format:transient
    - OAUTH_SAML_GROUPS_ATTRIBUTE=
    - OAUTH_SAML_EXTERNAL_GROUPS=
    - OAUTH_SAML_ATTRIBUTE_STATEMENTS_EMAIL=
    - OAUTH_SAML_ATTRIBUTE_STATEMENTS_NAME=
    - OAUTH_SAML_ATTRIBUTE_STATEMENTS_USERNAME=
    - OAUTH_SAML_ATTRIBUTE_STATEMENTS_FIRST_NAME=
    - OAUTH_SAML_ATTRIBUTE_STATEMENTS_LAST_NAME=

    - OAUTH_CROWD_SERVER_URL=
    - OAUTH_CROWD_APP_NAME=
    - OAUTH_CROWD_APP_PASSWORD=

    - OAUTH_AUTH0_CLIENT_ID=
    - OAUTH_AUTH0_CLIENT_SECRET=
    - OAUTH_AUTH0_DOMAIN=

    - OAUTH_AZURE_API_KEY=
    - OAUTH_AZURE_API_SECRET=
    - OAUTH_AZURE_TENANT_ID=

    # Registry
    - GITLAB_REGISTRY_ENABLED=true
    - GITLAB_REGISTRY_HOST=registry.example.com
    - GITLAB_REGISTRY_PORT=443
    - GITLAB_REGISTRY_API_URL=http://registry:5000
    - GITLAB_REGISTRY_KEY_PATH=/certs/registry.key

    - GITLAB_SIGNUP_ENABLED=false

    # コンテナ内からhealth check APIを叩くため許可する
    - GITLAB_MONITORING_IP_WHITELIST=127.0.0.0/8

    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost/-/liveness"]
      interval: 10s
      timeout: 5s

      # Railsの起動に時間がかかるので長めにとっておく
      retries: 100
      start_period: 30s

    deploy:
      # start-firstであれば新しいコンテナ起動中は新旧コンテナが共存するので1でよい
      replicas: 1

      restart_policy:
        condition: on-failure
      update_config:
        # deploy時は1台ずつコンテナを作ることにより有効なコンテナが必ず1台以上いる状態にする
        parallelism: 1

        delay: 30s
        order: start-first

  registry:
    image: registry
    restart: always
    expose:
    - "5000"
    ports:
    - "5000:5000"
    environment:
    - REGISTRY_LOG_LEVEL=info
    - REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=/registry
    - REGISTRY_AUTH_TOKEN_REALM=https://git.example.com/jwt/auth
    - REGISTRY_AUTH_TOKEN_SERVICE=container_registry
    - REGISTRY_AUTH_TOKEN_ISSUER=gitlab-issuer
    - REGISTRY_AUTH_TOKEN_ROOTCERTBUNDLE=/certs/registry.crt
    - REGISTRY_STORAGE_DELETE_ENABLED=true

    deploy:
      update_config:
        parallelism: 1
        delay: 1s
        order: start-first

  plantuml:
    image: plantuml/plantuml-server:tomcat
    restart: always
    ports:
    - "8082:8080"

    deploy:
      update_config:
        parallelism: 1
        delay: 1s
        order: start-first
	version: '3.7'

	services:
	redis:
	restart: always
	image: sameersbn/redis:4.0.9-2
	command:
	- --loglevel warning

	deploy:
	update_config:
	parallelism: 1
	delay: 1s
	order: start-first

	postgresql:
	restart: always
	image: sameersbn/postgresql:10-2
	environment:
	- DB_USER=gitlab
	- DB_PASS=
	- DB_NAME=gitlabhq_production
	- DB_EXTENSION=pg_trgm

	# postgresユーザのパスワードを設定した状態でコンテナを作らないとpgloaderからデータを投入できないので注意
	- PG_PASSWORD=

	# NOTE: 明示的にUTCにしないとDBの時刻がズレるため
	- TZ=UTC

	deploy:
	update_config:
	parallelism: 1
	delay: 1s
	order: start-first

	pgbouncer:
	restart: always
	image: pgbouncer/pgbouncer:1.10.0
	depends_on:
	- postgresql

	# 設定値は下記を参照
	# * Dockerイメージの環境変数: https://gitlab.com/aztek-io/pgbouncer-container/blob/master/entrypoint.sh
	# * pgbouncer.iniの設定: https://pgbouncer.github.io/config.html
	environment:
	- DATABASES_HOST=postgresql
	- DATABASES_USER=gitlab
	- DATABASES_PORT=5432
	- PGBOUNCER_LISTEN_PORT=6432

	# c.f.
	# * https://about.gitlab.com/2017/10/02/scaling-the-gitlab-database/
	# * https://gitlab.com/gitlab-org/omnibus-gitlab/blob/c7fda3c84dc57fafe830b3318d337c6fea68eae5/files/gitlab-cookbooks/gitlab-ee/attributes/default.rb#L159-261
	- PGBOUNCER_DEFAULT_POOL_SIZE=100
	- PGBOUNCER_RESERVE_POOL_SIZE=5
	- PGBOUNCER_RESERVE_POOL_TIMEOUT=3
	- PGBOUNCER_MAX_CLIENT_CONN=2048
	- PGBOUNCER_POOL_MODE=transaction
	- PGBOUNCER_SERVER_IDLE_TIMEOUT=30

	healthcheck:
	# pgbouncerが起動しきるまで待つ
	# FIXME: できればPostgreSQLに接続可能になるまで待ちたいのだがpsqlが入っていないので厳しい
	test: ps aux \| grep -v grep \| grep pgbouncer
	interval: 1s
	timeout: 5s
	retries: 30

	# FIXME: 念の為待つ
	start_period: 30s

	deploy:
	restart_policy:
	condition: on-failure
	update_config:
	parallelism: 1
	delay: 1s
	order: start-first

	gitlab:
	restart: always
	image: sameersbn/gitlab:12.2.1-1
	depends_on:
	- redis
	- pgbouncer
	ports:
	- "10080:80"
	- "10022:22"
	environment:
	- DEBUG=false

	- DB_HOST=pgbouncer
	- DB_PORT=6432
	- DB_USER=gitlab
	- DB_PASS=
	- DB_NAME=gitlabhq_production

	- REDIS_HOST=redis
	- REDIS_PORT=6379

	# NOTE: 明示的にUTCにしないとDBの時刻がズレるため
	- TZ=UTC
	- GITLAB_TIMEZONE=Tokyo

	- GITLAB_HTTPS=false
	- SSL_SELF_SIGNED=false

	- GITLAB_HOST=localhost
	- GITLAB_PORT=10080
	- GITLAB_SSH_PORT=10022
	- GITLAB_RELATIVE_URL_ROOT=
	- GITLAB_SECRETS_DB_KEY_BASE=
	- GITLAB_SECRETS_SECRET_KEY_BASE=
	- GITLAB_SECRETS_OTP_KEY_BASE=

	- GITLAB_ROOT_PASSWORD=
	- GITLAB_ROOT_EMAIL=

	- GITLAB_NOTIFY_ON_BROKEN_BUILDS=true
	- GITLAB_NOTIFY_PUSHER=false

	- GITLAB_EMAIL=notifications@example.com
	- GITLAB_EMAIL_REPLY_TO=noreply@example.com
	- GITLAB_INCOMING_EMAIL_ADDRESS=reply@example.com

	- GITLAB_BACKUP_SCHEDULE=daily
	- GITLAB_BACKUP_TIME=20:00 # NOTE: コンテナ内はUTCなのでJSTだと05:00に動く
	- GITLAB_BACKUP_SKIP=artifacts
	- GITLAB_BACKUP_ARCHIVE_PERMISSIONS=0644

	- SMTP_ENABLED=false
	- SMTP_DOMAIN=www.example.com
	- SMTP_HOST=smtp.gmail.com
	- SMTP_PORT=587
	- SMTP_USER=mailer@example.com
	- SMTP_PASS=password
	- SMTP_STARTTLS=true
	- SMTP_AUTHENTICATION=login

	- IMAP_ENABLED=false
	- IMAP_HOST=imap.gmail.com
	- IMAP_PORT=993
	- IMAP_USER=mailer@example.com
	- IMAP_PASS=password
	- IMAP_SSL=true
	- IMAP_STARTTLS=false

	- OAUTH_ENABLED=false
	- OAUTH_AUTO_SIGN_IN_WITH_PROVIDER=
	- OAUTH_ALLOW_SSO=
	- OAUTH_BLOCK_AUTO_CREATED_USERS=true
	- OAUTH_AUTO_LINK_LDAP_USER=false
	- OAUTH_AUTO_LINK_SAML_USER=false
	- OAUTH_EXTERNAL_PROVIDERS=

	- OAUTH_CAS3_LABEL=cas3
	- OAUTH_CAS3_SERVER=
	- OAUTH_CAS3_DISABLE_SSL_VERIFICATION=false
	- OAUTH_CAS3_LOGIN_URL=/cas/login
	- OAUTH_CAS3_VALIDATE_URL=/cas/p3/serviceValidate
	- OAUTH_CAS3_LOGOUT_URL=/cas/logout

	- OAUTH_GOOGLE_API_KEY=
	- OAUTH_GOOGLE_APP_SECRET=
	- OAUTH_GOOGLE_RESTRICT_DOMAIN=

	- OAUTH_FACEBOOK_API_KEY=
	- OAUTH_FACEBOOK_APP_SECRET=

	- OAUTH_TWITTER_API_KEY=
	- OAUTH_TWITTER_APP_SECRET=

	- OAUTH_GITHUB_API_KEY=
	- OAUTH_GITHUB_APP_SECRET=
	- OAUTH_GITHUB_URL=
	- OAUTH_GITHUB_VERIFY_SSL=

	- OAUTH_GITLAB_API_KEY=
	- OAUTH_GITLAB_APP_SECRET=

	- OAUTH_BITBUCKET_API_KEY=
	- OAUTH_BITBUCKET_APP_SECRET=

	- OAUTH_SAML_ASSERTION_CONSUMER_SERVICE_URL=
	- OAUTH_SAML_IDP_CERT_FINGERPRINT=
	- OAUTH_SAML_IDP_SSO_TARGET_URL=
	- OAUTH_SAML_ISSUER=
	- OAUTH_SAML_LABEL="Our SAML Provider"
	- OAUTH_SAML_NAME_IDENTIFIER_FORMAT=urn:oasis:names:tc:SAML:2.0:nameid-format:transient
	- OAUTH_SAML_GROUPS_ATTRIBUTE=
	- OAUTH_SAML_EXTERNAL_GROUPS=
	- OAUTH_SAML_ATTRIBUTE_STATEMENTS_EMAIL=
	- OAUTH_SAML_ATTRIBUTE_STATEMENTS_NAME=
	- OAUTH_SAML_ATTRIBUTE_STATEMENTS_USERNAME=
	- OAUTH_SAML_ATTRIBUTE_STATEMENTS_FIRST_NAME=
	- OAUTH_SAML_ATTRIBUTE_STATEMENTS_LAST_NAME=

	- OAUTH_CROWD_SERVER_URL=
	- OAUTH_CROWD_APP_NAME=
	- OAUTH_CROWD_APP_PASSWORD=

	- OAUTH_AUTH0_CLIENT_ID=
	- OAUTH_AUTH0_CLIENT_SECRET=
	- OAUTH_AUTH0_DOMAIN=

	- OAUTH_AZURE_API_KEY=
	- OAUTH_AZURE_API_SECRET=
	- OAUTH_AZURE_TENANT_ID=

	# Registry
	- GITLAB_REGISTRY_ENABLED=true
	- GITLAB_REGISTRY_HOST=registry.example.com
	- GITLAB_REGISTRY_PORT=443
	- GITLAB_REGISTRY_API_URL=http://registry:5000
	- GITLAB_REGISTRY_KEY_PATH=/certs/registry.key

	- GITLAB_SIGNUP_ENABLED=false

	# コンテナ内からhealth check APIを叩くため許可する
	- GITLAB_MONITORING_IP_WHITELIST=127.0.0.0/8

	healthcheck:
	test: ["CMD", "curl", "-f", "http://localhost/-/liveness"]
	interval: 10s
	timeout: 5s

	# Railsの起動に時間がかかるので長めにとっておく
	retries: 100
	start_period: 30s

	deploy:
	# start-firstであれば新しいコンテナ起動中は新旧コンテナが共存するので1でよい
	replicas: 1

	restart_policy:
	condition: on-failure
	update_config:
	# deploy時は1台ずつコンテナを作ることにより有効なコンテナが必ず1台以上いる状態にする
	parallelism: 1

	delay: 30s
	order: start-first

	registry:
	image: registry
	restart: always
	expose:
	- "5000"
	ports:
	- "5000:5000"
	environment:
	- REGISTRY_LOG_LEVEL=info
	- REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=/registry
	- REGISTRY_AUTH_TOKEN_REALM=https://git.example.com/jwt/auth
	- REGISTRY_AUTH_TOKEN_SERVICE=container_registry
	- REGISTRY_AUTH_TOKEN_ISSUER=gitlab-issuer
	- REGISTRY_AUTH_TOKEN_ROOTCERTBUNDLE=/certs/registry.crt
	- REGISTRY_STORAGE_DELETE_ENABLED=true

	deploy:
	update_config:
	parallelism: 1
	delay: 1s
	order: start-first

	plantuml:
	image: plantuml/plantuml-server:tomcat
	restart: always
	ports:
	- "8082:8080"

	deploy:
	update_config:
	parallelism: 1
	delay: 1s
	order: start-first