Skip to content

Instantly share code, notes, and snippets.

@sue445
Last active Mar 23, 2020
Embed
What would you like to do?
version: '3.7'
services:
redis:
restart: always
image: sameersbn/redis:4.0.9-2
command:
- --loglevel warning
deploy:
update_config:
parallelism: 1
delay: 1s
order: start-first
postgresql:
restart: always
image: sameersbn/postgresql:10-2
environment:
- DB_USER=gitlab
- DB_PASS=
- DB_NAME=gitlabhq_production
- DB_EXTENSION=pg_trgm
# postgresユーザのパスワードを設定した状態でコンテナを作らないとpgloaderからデータを投入できないので注意
- PG_PASSWORD=
# NOTE: 明示的にUTCにしないとDBの時刻がズレるため
- TZ=UTC
deploy:
update_config:
parallelism: 1
delay: 1s
order: start-first
pgbouncer:
restart: always
image: pgbouncer/pgbouncer:1.10.0
depends_on:
- postgresql
# 設定値は下記を参照
# * Dockerイメージの環境変数: https://gitlab.com/aztek-io/pgbouncer-container/blob/master/entrypoint.sh
# * pgbouncer.iniの設定: https://pgbouncer.github.io/config.html
environment:
- DATABASES_HOST=postgresql
- DATABASES_USER=gitlab
- DATABASES_PORT=5432
- PGBOUNCER_LISTEN_PORT=6432
# c.f.
# * https://about.gitlab.com/2017/10/02/scaling-the-gitlab-database/
# * https://gitlab.com/gitlab-org/omnibus-gitlab/blob/c7fda3c84dc57fafe830b3318d337c6fea68eae5/files/gitlab-cookbooks/gitlab-ee/attributes/default.rb#L159-261
- PGBOUNCER_DEFAULT_POOL_SIZE=100
- PGBOUNCER_RESERVE_POOL_SIZE=5
- PGBOUNCER_RESERVE_POOL_TIMEOUT=3
- PGBOUNCER_MAX_CLIENT_CONN=2048
- PGBOUNCER_POOL_MODE=transaction
- PGBOUNCER_SERVER_IDLE_TIMEOUT=30
healthcheck:
# pgbouncerが起動しきるまで待つ
# FIXME: できればPostgreSQLに接続可能になるまで待ちたいのだがpsqlが入っていないので厳しい
test: ps aux | grep -v grep | grep pgbouncer
interval: 1s
timeout: 5s
retries: 30
# FIXME: 念の為待つ
start_period: 30s
deploy:
restart_policy:
condition: on-failure
update_config:
parallelism: 1
delay: 1s
order: start-first
gitlab:
restart: always
image: sameersbn/gitlab:12.2.1-1
depends_on:
- redis
- pgbouncer
ports:
- "10080:80"
- "10022:22"
environment:
- DEBUG=false
- DB_HOST=pgbouncer
- DB_PORT=6432
- DB_USER=gitlab
- DB_PASS=
- DB_NAME=gitlabhq_production
- REDIS_HOST=redis
- REDIS_PORT=6379
# NOTE: 明示的にUTCにしないとDBの時刻がズレるため
- TZ=UTC
- GITLAB_TIMEZONE=Tokyo
- GITLAB_HTTPS=false
- SSL_SELF_SIGNED=false
- GITLAB_HOST=localhost
- GITLAB_PORT=10080
- GITLAB_SSH_PORT=10022
- GITLAB_RELATIVE_URL_ROOT=
- GITLAB_SECRETS_DB_KEY_BASE=
- GITLAB_SECRETS_SECRET_KEY_BASE=
- GITLAB_SECRETS_OTP_KEY_BASE=
- GITLAB_ROOT_PASSWORD=
- GITLAB_ROOT_EMAIL=
- GITLAB_NOTIFY_ON_BROKEN_BUILDS=true
- GITLAB_NOTIFY_PUSHER=false
- GITLAB_EMAIL=notifications@example.com
- GITLAB_EMAIL_REPLY_TO=noreply@example.com
- GITLAB_INCOMING_EMAIL_ADDRESS=reply@example.com
- GITLAB_BACKUP_SCHEDULE=daily
- GITLAB_BACKUP_TIME=20:00 # NOTE: コンテナ内はUTCなのでJSTだと05:00に動く
- GITLAB_BACKUP_SKIP=artifacts
- GITLAB_BACKUP_ARCHIVE_PERMISSIONS=0644
- SMTP_ENABLED=false
- SMTP_DOMAIN=www.example.com
- SMTP_HOST=smtp.gmail.com
- SMTP_PORT=587
- SMTP_USER=mailer@example.com
- SMTP_PASS=password
- SMTP_STARTTLS=true
- SMTP_AUTHENTICATION=login
- IMAP_ENABLED=false
- IMAP_HOST=imap.gmail.com
- IMAP_PORT=993
- IMAP_USER=mailer@example.com
- IMAP_PASS=password
- IMAP_SSL=true
- IMAP_STARTTLS=false
- OAUTH_ENABLED=false
- OAUTH_AUTO_SIGN_IN_WITH_PROVIDER=
- OAUTH_ALLOW_SSO=
- OAUTH_BLOCK_AUTO_CREATED_USERS=true
- OAUTH_AUTO_LINK_LDAP_USER=false
- OAUTH_AUTO_LINK_SAML_USER=false
- OAUTH_EXTERNAL_PROVIDERS=
- OAUTH_CAS3_LABEL=cas3
- OAUTH_CAS3_SERVER=
- OAUTH_CAS3_DISABLE_SSL_VERIFICATION=false
- OAUTH_CAS3_LOGIN_URL=/cas/login
- OAUTH_CAS3_VALIDATE_URL=/cas/p3/serviceValidate
- OAUTH_CAS3_LOGOUT_URL=/cas/logout
- OAUTH_GOOGLE_API_KEY=
- OAUTH_GOOGLE_APP_SECRET=
- OAUTH_GOOGLE_RESTRICT_DOMAIN=
- OAUTH_FACEBOOK_API_KEY=
- OAUTH_FACEBOOK_APP_SECRET=
- OAUTH_TWITTER_API_KEY=
- OAUTH_TWITTER_APP_SECRET=
- OAUTH_GITHUB_API_KEY=
- OAUTH_GITHUB_APP_SECRET=
- OAUTH_GITHUB_URL=
- OAUTH_GITHUB_VERIFY_SSL=
- OAUTH_GITLAB_API_KEY=
- OAUTH_GITLAB_APP_SECRET=
- OAUTH_BITBUCKET_API_KEY=
- OAUTH_BITBUCKET_APP_SECRET=
- OAUTH_SAML_ASSERTION_CONSUMER_SERVICE_URL=
- OAUTH_SAML_IDP_CERT_FINGERPRINT=
- OAUTH_SAML_IDP_SSO_TARGET_URL=
- OAUTH_SAML_ISSUER=
- OAUTH_SAML_LABEL="Our SAML Provider"
- OAUTH_SAML_NAME_IDENTIFIER_FORMAT=urn:oasis:names:tc:SAML:2.0:nameid-format:transient
- OAUTH_SAML_GROUPS_ATTRIBUTE=
- OAUTH_SAML_EXTERNAL_GROUPS=
- OAUTH_SAML_ATTRIBUTE_STATEMENTS_EMAIL=
- OAUTH_SAML_ATTRIBUTE_STATEMENTS_NAME=
- OAUTH_SAML_ATTRIBUTE_STATEMENTS_USERNAME=
- OAUTH_SAML_ATTRIBUTE_STATEMENTS_FIRST_NAME=
- OAUTH_SAML_ATTRIBUTE_STATEMENTS_LAST_NAME=
- OAUTH_CROWD_SERVER_URL=
- OAUTH_CROWD_APP_NAME=
- OAUTH_CROWD_APP_PASSWORD=
- OAUTH_AUTH0_CLIENT_ID=
- OAUTH_AUTH0_CLIENT_SECRET=
- OAUTH_AUTH0_DOMAIN=
- OAUTH_AZURE_API_KEY=
- OAUTH_AZURE_API_SECRET=
- OAUTH_AZURE_TENANT_ID=
# Registry
- GITLAB_REGISTRY_ENABLED=true
- GITLAB_REGISTRY_HOST=registry.example.com
- GITLAB_REGISTRY_PORT=443
- GITLAB_REGISTRY_API_URL=http://registry:5000
- GITLAB_REGISTRY_KEY_PATH=/certs/registry.key
- GITLAB_SIGNUP_ENABLED=false
# コンテナ内からhealth check APIを叩くため許可する
- GITLAB_MONITORING_IP_WHITELIST=127.0.0.0/8
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost/-/liveness"]
interval: 10s
timeout: 5s
# Railsの起動に時間がかかるので長めにとっておく
retries: 100
start_period: 30s
deploy:
# start-firstであれば新しいコンテナ起動中は新旧コンテナが共存するので1でよい
replicas: 1
restart_policy:
condition: on-failure
update_config:
# deploy時は1台ずつコンテナを作ることにより有効なコンテナが必ず1台以上いる状態にする
parallelism: 1
delay: 30s
order: start-first
registry:
image: registry
restart: always
expose:
- "5000"
ports:
- "5000:5000"
environment:
- REGISTRY_LOG_LEVEL=info
- REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=/registry
- REGISTRY_AUTH_TOKEN_REALM=https://git.example.com/jwt/auth
- REGISTRY_AUTH_TOKEN_SERVICE=container_registry
- REGISTRY_AUTH_TOKEN_ISSUER=gitlab-issuer
- REGISTRY_AUTH_TOKEN_ROOTCERTBUNDLE=/certs/registry.crt
- REGISTRY_STORAGE_DELETE_ENABLED=true
deploy:
update_config:
parallelism: 1
delay: 1s
order: start-first
plantuml:
image: plantuml/plantuml-server:tomcat
restart: always
ports:
- "8082:8080"
deploy:
update_config:
parallelism: 1
delay: 1s
order: start-first
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment