development/docker-compose.traefik.yml from RnDAO/tc-operation

development/docker-compose.traefik.yml
Summary

Maintainability

Test Coverage

Issues
version: "3.3"

networks:
  public:
  private:

secrets:
  cf_dns_api_token:
    file: "./secrets/cf_dns_api_token.secret"

services:

  traefik:
    image: "traefik:v2.10"
    container_name: "traefik"
    command:
      - "--api.insecure=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"
      - "--certificatesresolvers.myresolver.acme.dnschallenge=true"
      - "--certificatesresolvers.myresolver.acme.dnschallenge.provider=cloudflare"
      - "--certificatesresolvers.myresolver.acme.email=postmaster@togethercrew.com"
      - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
      # - "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
      # - "--log.level=DEBUG"
      - "--metrics.prometheus=true"
      - "--providers.docker.watch=true"
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"
    secrets:
      - "cf_dns_api_token"
    environment:
      - "CF_DNS_API_TOKEN_FILE=/run/secrets/cf_dns_api_token"
    volumes:
      - "./letsencrypt:/letsencrypt"
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
    networks:
      - public
      - private
    logging:
      options:
        max-size: "10m"
        max-file: "3"
    restart: unless-stopped

  whoami:
    image: "traefik/whoami"
    container_name: "simple-service"
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.whoami.rule=Host(`whoami.${HOST_NAME}`)"
      - "traefik.http.routers.whoami.entrypoints=websecure"
      - "traefik.http.routers.whoami.tls.certresolver=myresolver"
    networks:
      - private

  prometheus:
    image: prom/prometheus
    volumes:
      - ./prometheus/:/etc/prometheus/:ro
      - prometheus:/prometheus
    command:
      - '--config.file=/etc/prometheus/prometheus.yml'
      - '--storage.tsdb.path=/prometheus'
      - '--storage.tsdb.retention.size=256MB'
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.prometheus.rule=Host(`prom.${HOST_NAME}`)"
      - "traefik.http.routers.prometheus.service=prometheus"
      # - "traefik.http.routers.prometheus.middlewares=traefik-auth"
      - "traefik.http.services.prometheus.loadbalancer.server.port=9090"
      - "traefik.http.routers.prometheus.entrypoints=websecure"
      - "traefik.http.routers.prometheus.tls.certresolver=myresolver"
    networks:
      - private
    restart: unless-stopped
    logging:
      options:
        max-size: "10m"
        max-file: "3"

volumes:
  prometheus: