diff --git a/compose-builder/.env b/compose-builder/.env index 323c71f6..3eaa3752 100644 --- a/compose-builder/.env +++ b/compose-builder/.env @@ -41,6 +41,10 @@ DEVICE_UART_VERSION=latest DEVICE_ONVIFCAM_VERSION=latest DEVICE_USBCAM_VERSION=latest DEVICE_S7_VERSION=latest +CP_FLAGS='-cp=consul.http://edgex-core-consul:8500' +REGISTRY_HOST=edgex-core-consul +REGISTRY_PORT=8500 +REGISTRY_TYPE=consul # Lock on Vault 1.14 (last MPL-2.0 version) VAULT_VERSION=1.14 @@ -55,5 +59,3 @@ NATS_VERSION=2.9-alpine NGINX_VERSION=1.25-alpine-slim EDGEX_USER=2002 EDGEX_GROUP=2001 - -DEFAULT_EDGEX_RUN_CMD_PARMS="-cp=consul.http://edgex-core-consul:8500 --registry" diff --git a/compose-builder/Makefile b/compose-builder/Makefile index 1d567bd4..1c8751b9 100644 --- a/compose-builder/Makefile +++ b/compose-builder/Makefile @@ -34,6 +34,7 @@ EXTRA_PROXY_ROUTE_LIST= GEN_EXT_DIR=gen_ext_compose BUS= NANOMQ= +REGISTRY= BROKER_YAML=add-mqtt-broker-mosquitto.yml TAF_BROKER_YAML=add-taf-mqtt-broker-mosquitto.yml @@ -49,6 +50,7 @@ define OPTIONS - ds-coap ds-gpio ds-uart ds-s7 - - asc-http asc-mqtt asc-sample asc-metrics as-llrp as-record-replay asc-ex-mqtt - - modbus-sim zero-trust no-cleanup - + - consul keeper - endef export OPTIONS @@ -119,6 +121,17 @@ else export MQTT_VERBOSE= endif +ifeq (keeper, $(filter keeper,$(ARGS))) + export CP_FLAGS='-cp=keeper.http://edgex-core-keeper:59890' + export REGISTRY_HOST=edgex-core-keeper + export REGISTRY_PORT=59890 + export REGISTRY_TYPE=keeper + ifneq (no-secty, $(filter no-secty,$(ARGS))) + export STAGEGATE_REGISTRY_HOST=edgex-core-keeper + export STAGEGATE_REGISTRY_PORT=59890 + endif +endif + # When in delay-start mode, we have to make sure support serivces be delayed-start-compliant: i.e. the runtime-token configuration be added etc.. ifeq (delayed-start, $(filter delayed-start,$(ARGS))) ext_file_sup_notif:= $(shell ZERO_TRUST="$(MAKE_ZERO_TRUST)" GEN_EXT_DIR="$(GEN_EXT_DIR)" ./gen_runtime_token_config_compose_ext.sh support-notifications) @@ -202,7 +215,7 @@ ifeq (ds-bacnet-ip, $(filter ds-bacnet-ip,$(ARGS))) else EXTRA_PROXY_ROUTE_LIST:=$(EXTRA_PROXY_ROUTE_LIST),$(PROXY_ROUTE) endif - extension_file:= $(shell ZERO_TRUST="$(MAKE_ZERO_TRUST)" GEN_EXT_DIR="$(GEN_EXT_DIR)" ./gen_secure_compose_ext.sh device-bacnet-ip device-bacnet-ip device-bacnet-ip/device-bacnet-c " -cp=consul://edgex-core-consul:8500 --registry") + extension_file:= $(shell ZERO_TRUST="$(MAKE_ZERO_TRUST)" GEN_EXT_DIR="$(GEN_EXT_DIR)" ./gen_secure_compose_ext.sh device-bacnet-ip device-bacnet-ip device-bacnet-ip/device-bacnet-c " --registry ${CP_FLAGS}") COMPOSE_FILES:=$(COMPOSE_FILES) -f $(extension_file) # add runtime token config for delayed-start if specified @@ -231,7 +244,7 @@ ifeq (ds-bacnet-mstp, $(filter ds-bacnet-mstp,$(ARGS))) else EXTRA_PROXY_ROUTE_LIST:=$(EXTRA_PROXY_ROUTE_LIST),$(PROXY_ROUTE) endif - extension_file:= $(shell ZERO_TRUST="$(MAKE_ZERO_TRUST)" GEN_EXT_DIR="$(GEN_EXT_DIR)" ./gen_secure_compose_ext.sh device-bacnet-mstp device-bacnet-mstp device-bacnet-mstp/device-bacnet-c " -cp=consul://edgex-core-consul:8500 --registry") + extension_file:= $(shell ZERO_TRUST="$(MAKE_ZERO_TRUST)" GEN_EXT_DIR="$(GEN_EXT_DIR)" ./gen_secure_compose_ext.sh device-bacnet-mstp device-bacnet-mstp device-bacnet-mstp/device-bacnet-c " --registry ${CP_FLAGS}") COMPOSE_FILES:=$(COMPOSE_FILES) -f $(extension_file) # add runtime token config for delayed-start if specified @@ -808,6 +821,20 @@ else endif endif +# Add switch to set registry +ifeq (keeper, $(filter keeper,$(ARGS))) + COMPOSE_FILES:=$(COMPOSE_FILES) -f add-keeper.yml + REGISTRY:=-keeper + ifneq (no-secty, $(filter no-secty,$(ARGS))) + COMPOSE_FILES:=$(COMPOSE_FILES) -f add-secure-keeper.yml + endif +else + COMPOSE_FILES:=$(COMPOSE_FILES) -f add-consul.yml + ifneq (no-secty, $(filter no-secty,$(ARGS))) + COMPOSE_FILES:=$(COMPOSE_FILES) -f add-secure-consul.yml + endif +endif + # Build compose for TAF secure testing (ignore all other compose file options) ifeq (taf-secty, $(filter taf-secty,$(ARGS))) TOKEN_LIST:=app-http-export,app-mqtt-export,app-functional-tests,app-scalability-test-mqtt-export,app-sample,device-modbus,app-external-mqtt-trigger,device-onvif-camera @@ -846,6 +873,13 @@ ifeq (taf-secty, $(filter taf-secty,$(ARGS))) IS_MQTT_BUS:=0 endif + ifeq (keeper, $(filter keeper,$(ARGS))) + COMPOSE_FILES:=$(COMPOSE_FILES) -f add-keeper.yml -f add-secure-keeper.yml + REGISTRY:=-keeper + else + COMPOSE_FILES:=$(COMPOSE_FILES) -f add-consul.yml -f add-secure-consul.yml + endif + asc_http_export_ext:= $(shell ZERO_TRUST="$(MAKE_ZERO_TRUST)" GEN_EXT_DIR="$(GEN_EXT_DIR)" ./gen_secure_compose_ext.sh app-http-export \ app-http-export app-service-configurable) asc_mqtt_export_ext:= $(shell ZERO_TRUST="$(MAKE_ZERO_TRUST)" GEN_EXT_DIR="$(GEN_EXT_DIR)" IS_MQTT_BUS="$(IS_MQTT_BUS)" ./gen_secure_compose_ext.sh app-mqtt-export \ @@ -860,9 +894,9 @@ ifeq (taf-secty, $(filter taf-secty,$(ARGS))) # taf has its special place holder from taf-device-services-mods and thus we need to keep it # and extend security related things on top of it ds_virtual_ext:= $(shell ZERO_TRUST="$(MAKE_ZERO_TRUST)" GEN_EXT_DIR="$(GEN_EXT_DIR)" ./gen_secure_compose_ext.sh device-virtual \ - device-virtual device-virtual ' -cp=consul.http:\/\/edgex-core-consul:8500 --registry --configDir=CONFIG_DIR_PLACE_HOLDER') + device-virtual device-virtual " ${CP_FLAGS} --configDir=CONFIG_DIR_PLACE_HOLDER") ds_modbus_ext:= $(shell ZERO_TRUST="$(MAKE_ZERO_TRUST)" GEN_EXT_DIR="$(GEN_EXT_DIR)" ./gen_secure_compose_ext.sh device-modbus \ - device-modbus device-modbus ' -cp=consul.http:\/\/edgex-core-consul:8500 --registry --configDir=CONFIG_DIR_PLACE_HOLDER') + device-modbus device-modbus " ${CP_FLAGS} --configDir=CONFIG_DIR_PLACE_HOLDER") ds_camera_ext:= $(shell ZERO_TRUST="$(MAKE_ZERO_TRUST)" GEN_EXT_DIR="$(GEN_EXT_DIR)" ./gen_secure_compose_ext.sh device-onvif-camera) COMPOSE_FILES:=$(COMPOSE_FILES) -f $(asc_http_export_ext) -f $(asc_mqtt_export_ext) -f $(asc_external_mqtt_trigger_ext) -f $(scalability_mqtt_export_ext) -f $(asc_sample_ext) COMPOSE_FILES:=$(COMPOSE_FILES) -f $(ds_virtual_ext) -f $(ds_rest_ext) -f $(ds_modbus_ext) -f $(ds_camera_ext) @@ -897,6 +931,13 @@ else IS_SECURE_MODE:=0 COMPOSE_FILES:=$(COMPOSE_FILES) -f add-mqtt-messagebus.yml endif + + ifeq (keeper, $(filter keeper,$(ARGS))) + COMPOSE_FILES:=$(COMPOSE_FILES) -f add-keeper.yml + REGISTRY:=-keeper + else + COMPOSE_FILES:=$(COMPOSE_FILES) -f add-consul.yml + endif else # Build compose for TAF secure performance testing (ignore all other compose file options) ifeq (taf-perf, $(filter taf-perf,$(ARGS))) @@ -907,16 +948,24 @@ else EXTRA_PROXY_ROUTE_LIST:=device-modbus.http://edgex-device-modbus:59901 COMPOSE_FILES:= \ - -f docker-compose-base.yml \ - -f add-security.yml \ - -f add-security-proxy.yml \ - -f add-secure-redis-messagebus.yml \ - -f add-asc-mqtt-export.yml \ - -f add-device-virtual.yml \ - -f add-device-rest.yml \ - -f add-mqtt-broker-mosquitto.yml \ + -f docker-compose-base.yml \ + -f add-security.yml \ + -f add-security-proxy.yml \ + -f add-secure-redis-messagebus.yml \ + -f add-asc-mqtt-export.yml \ + -f add-device-virtual.yml \ + -f add-device-rest.yml \ + -f add-mqtt-broker-mosquitto.yml \ -f add-taf-mqtt-broker-mosquitto.yml \ - -f add-delayed-start-services.yml + -f add-delayed-start-services.yml + + ifeq (keeper, $(filter keeper,$(ARGS))) + COMPOSE_FILES:=$(COMPOSE_FILES) -f add-keeper.yml -f add-secure-keeper.yml + REGISTRY:=-keeper + else + COMPOSE_FILES:=$(COMPOSE_FILES) -f add-consul.yml -f add-secure-consul.yml + endif + asc_mqtt_export_ext:= $(shell ZERO_TRUST="$(MAKE_ZERO_TRUST)" GEN_EXT_DIR="$(GEN_EXT_DIR)" IS_MQTT_BUS="0" ./gen_secure_compose_ext.sh app-mqtt-export \ app-mqtt-export app-service-configurable) ds_virtual_ext:= $(shell ZERO_TRUST="$(MAKE_ZERO_TRUST)" GEN_EXT_DIR="$(GEN_EXT_DIR)" ./gen_secure_compose_ext.sh device-virtual) @@ -933,6 +982,12 @@ else -f ${BROKER_YAML} \ -f ${TAF_BROKER_YAML} + ifeq (keeper, $(filter keeper,$(ARGS))) + COMPOSE_FILES:=$(COMPOSE_FILES) -f add-keeper.yml + REGISTRY:=-keeper + else + COMPOSE_FILES:=$(COMPOSE_FILES) -f add-consul.yml + endif NO_SECURITY:=-no-secty endif endif @@ -983,6 +1038,10 @@ define COMPOSE_DOWN -f add-security-proxy.yml \ -f add-secure-redis-messagebus.yml \ -f add-delayed-start-services.yml \ + -f add-consul.yml \ + -f add-secure-consul.yml \ + -f add-keeper.yml \ + -f add-secure-keeper.yml \ down $1 endef @@ -1029,6 +1088,14 @@ build-taf: make taf-compose taf-no-secty mqtt-bus mqtt-verbose make taf-compose taf-secty mqtt-bus mqtt-verbose arm64 make taf-compose taf-no-secty mqtt-bus mqtt-verbose arm64 + make taf-compose taf-secty keeper + make taf-compose taf-no-secty keeper + make taf-compose taf-secty keeper arm64 + make taf-compose taf-no-secty keeper arm64 + make taf-compose taf-secty keeper mqtt-bus mqtt-verbose + make taf-compose taf-no-secty keeper mqtt-bus mqtt-verbose + make taf-compose taf-secty keeper mqtt-bus mqtt-verbose arm64 + make taf-compose taf-no-secty keeper mqtt-bus mqtt-verbose arm64 make taf-compose-perf taf-perf make taf-compose-perf taf-perf-no-secty make taf-compose-perf taf-perf arm64 @@ -1036,13 +1103,15 @@ build-taf: build-taf-nanomq: make taf-compose taf-no-secty mqtt-bus nanomq no-secty + make taf-compose taf-no-secty keeper mqtt-bus nanomq no-secty make taf-compose-perf taf-perf-no-secty mqtt-bus nanomq no-secty + make taf-compose-perf taf-perf-no-secty consul mqtt-bus nanomq no-secty compose: gen cat gen-header docker-compose.yml > $(RELEASE_FOLDER)/docker-compose$(NO_SECURITY)$(APP_SAMPLE)$(BUS)$(NANOMQ)$(ZERO_TRUST_COMPOSE)$(ARCH).yml taf-compose: gen - cat gen-header docker-compose.yml > $(RELEASE_FOLDER)/taf/docker-compose-taf$(NO_SECURITY)$(BUS)$(NANOMQ)$(ARCH).yml + cat gen-header docker-compose.yml > $(RELEASE_FOLDER)/taf/docker-compose-taf$(NO_SECURITY)$(BUS)$(NANOMQ)$(REGISTRY)$(ARCH).yml taf-compose-perf: gen cat gen-header docker-compose.yml > $(RELEASE_FOLDER)taf/docker-compose-taf-perf$(NO_SECURITY)$(BUS)$(NANOMQ)$(ARCH).yml diff --git a/compose-builder/README.md b/compose-builder/README.md index a40e9c13..5616cfb7 100644 --- a/compose-builder/README.md +++ b/compose-builder/README.md @@ -128,6 +128,10 @@ This folder contains the following compose files: TAF App Services **extending** `add-taf-app-services` compose file, and services are enabled with secret store by default. - **add-taf-device-services-mods.yml**
TAF Device Services **extending** compose file. Modifies setting of Device Virtual and Device Modbus for the TAF testing compose files. **Must be used in conjunction with add-device-modbus.yml and add-device-virtual.yml** +- **add-keeper.yml**
+ Registry Service **extending** compose file. Adds the **Core Keeper** service. +- **add-consul.yml**
+ Registry Service **extending** compose file. Adds the **Consul** service. ### Environment Files @@ -182,11 +186,23 @@ Standard compose variations are: full secure general testing (docker-compose-taf.yml) full secure general testing for arm64 (docker-compose-taf-arm64.yml) non-secure general testing (docker-compose-taf-no-secty.yml) - nonsecure general testing for arm64 (docker-compose-taf-no-secty-arm64.yml) + non-secure general testing for arm64 (docker-compose-taf-no-secty-arm64.yml) full secure perf testing (docker-compose-taf-perf.yml) full secure perf testing for arm64 (docker-compose-taf-perf-arm64.yml) non-secure perf testing (docker-compose-taf-perf-no-secty.yml) - nonsecure perf testing for arm64 (docker-compose-taf-perf-no-secty-arm64.yml) + non-secure perf testing for arm64 (docker-compose-taf-perf-no-secty-arm64.yml) + full secure general testing with mqtt-bus (docker-compose-taf-mqtt-bus.yml) + full secure general testing with mqtt-bus for arm64 (docker-compose-taf-mqtt-bus-arm64.yml) + non-secure general testing with mqtt-bus (docker-compose-taf-no-secty-mqtt-bus.yml) + non-secure general testing with mqtt-bus for arm64 (docker-compose-taf-no-secty-mqtt-bus-arm64.yml) + full secure general testing with core-keeper (docker-compose-taf-keeper.yml) + full secure general testing with core-keeper for arm64 (docker-compose-taf-keeper-arm64.yml) + non-secure general testing with core-keeper (docker-compose-taf-no-secty-keeper.yml) + non-secure general testing with core-keeper for arm64 (docker-compose-taf-no-secty-keeper-arm64.yml) + full secure general testing with mqtt-bus with core-keeper (docker-compose-taf-mqtt-bus-keeper.yml) + full secure general testing with mqtt-bus with core-keeper for arm64 (docker-compose-taf-mqtt-bus-keeper-arm64.yml) + non-secure general testing with mqtt-bus with core-keeper (docker-compose-taf-no-secty-mqtt-bus-keeper.yml) + non-secure general testing with mqtt-bus with core-keeper for arm64 (docker-compose-taf-no-secty-mqtt-bus-keeper-arm64.yml) ``` #### Run @@ -239,6 +255,7 @@ Options: nats-bus: Runs with services configure for NATS Message Bus The NATS Server service is also included. no-cleanup: Leaves generated files behind for debugging purposes. + keeper: Runs to registry service to core-keeper Services: : Runs only services listed (and their dependent services) where 'name' matches a service name in one of the compose files used ``` @@ -296,7 +313,8 @@ Options: Pull includes NonoMQ MQTT broker when mqtt-broker or mqtt-bus are specified Not valid in secure mode when uses with mqtt-bus nats-bus: Pull includes additional services for NATS Message Bus - no-cleanup: Leaves generated files behind for debugging purposes. + no-cleanup: Leaves generated files behind for debugging purposes + keeper: Pull includes core-keeper Services: : Pulls only images for the service(s) listed @@ -353,6 +371,8 @@ Options: nats-bus: Generates compose file with services configured for NAT Message Bus The NATS Server service is also included. no-cleanup: Leaves generated files behind for debugging purposes. + keeper: Generates compose file with services registry to core-keeper + The core-keeper service is also included ``` #### Clean @@ -465,6 +485,7 @@ Options: nats-bus: Generates compose file with services configure for NATS Message Bus The NATS Server service is also included. no-cleanup: Leaves generated files behind for debugging purposes. + keeper: Generates compose file to registry service to core-keeper ``` #### TAF Compose @@ -477,6 +498,7 @@ Options: taf-secty: Generates general TAF testing compose file with security services taf-no-secty: Generates general TAF testing compose file without security services arm64: Generates TAF compose file using ARM64 images + keeper: Generates compose file to registry service to core-keeper ``` #### Taf Perf Compose diff --git a/compose-builder/add-app-record-replay.yml b/compose-builder/add-app-record-replay.yml index 2cb85c69..14189433 100644 --- a/compose-builder/add-app-record-replay.yml +++ b/compose-builder/add-app-record-replay.yml @@ -18,6 +18,7 @@ version: '3.7' services: app-record-replay: image: ${APP_SVC_REPOSITORY}/app-record-replay${ARCH}:${APP_RECORD_REPLAY_VERSION} + command: "--registry ${CP_FLAGS}" ports: - 127.0.0.1:59712:59712/tcp container_name: edgex-app-record-replay @@ -27,7 +28,7 @@ services: environment: SERVICE_HOST: edgex-app-record-replay depends_on: - - consul + - ${REGISTRY_TYPE} - database - core-metadata - core-common-config-bootstrapper diff --git a/compose-builder/add-app-rfid-llrp-inventory.yml b/compose-builder/add-app-rfid-llrp-inventory.yml index 315a1d6b..2a92105f 100644 --- a/compose-builder/add-app-rfid-llrp-inventory.yml +++ b/compose-builder/add-app-rfid-llrp-inventory.yml @@ -21,6 +21,7 @@ volumes: services: app-rfid-llrp-inventory: image: ${APP_SVC_REPOSITORY}/app-rfid-llrp-inventory${ARCH}:${APP_LLRP_VERSION} + command: "--registry ${CP_FLAGS}" ports: - 127.0.0.1:59711:59711/tcp container_name: edgex-app-rfid-llrp-inventory @@ -30,7 +31,7 @@ services: environment: SERVICE_HOST: edgex-app-rfid-llrp-inventory depends_on: - - consul + - ${REGISTRY_TYPE} - core-data - core-metadata - core-common-config-bootstrapper diff --git a/compose-builder/add-asc-external-mqtt-trigger.yml b/compose-builder/add-asc-external-mqtt-trigger.yml index 2e46f1a9..568d55d3 100644 --- a/compose-builder/add-asc-external-mqtt-trigger.yml +++ b/compose-builder/add-asc-external-mqtt-trigger.yml @@ -18,6 +18,7 @@ version: '3.7' services: app-external-mqtt-trigger: image: ${APP_SVC_REPOSITORY}/app-service-configurable${ARCH}:${APP_SERVICE_CONFIG_VERSION} + command: "--registry ${CP_FLAGS}" ports: - 127.0.0.1:59706:59706/tcp container_name: edgex-app-external-mqtt-trigger @@ -32,7 +33,7 @@ services: WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_TOPIC: edgex-export WRITABLE_LOGLEVEL: INFO depends_on: - - consul + - ${REGISTRY_TYPE} - core-data - core-metadata - core-common-config-bootstrapper diff --git a/compose-builder/add-asc-http-export.yml b/compose-builder/add-asc-http-export.yml index 53dceae5..5eff28a6 100644 --- a/compose-builder/add-asc-http-export.yml +++ b/compose-builder/add-asc-http-export.yml @@ -18,6 +18,7 @@ version: '3.7' services: app-http-export: image: ${APP_SVC_REPOSITORY}/app-service-configurable${ARCH}:${APP_SERVICE_CONFIG_VERSION} + command: "--registry ${CP_FLAGS}" ports: - 127.0.0.1:59704:59704/tcp container_name: edgex-app-http-export @@ -30,7 +31,7 @@ services: WRITABLE_PIPELINE_FUNCTIONS_HTTPEXPORT_PARAMETERS_URL: "http://EXPORT_HOST_PLACE_HOLDER:7770" WRITABLE_LOGLEVEL: INFO # allows scripts to find and change with sed depends_on: - - consul + - ${REGISTRY_TYPE} - core-data - core-metadata - core-common-config-bootstrapper diff --git a/compose-builder/add-asc-metrics-influxdb.yml b/compose-builder/add-asc-metrics-influxdb.yml index 32a6c574..8a33efa9 100644 --- a/compose-builder/add-asc-metrics-influxdb.yml +++ b/compose-builder/add-asc-metrics-influxdb.yml @@ -18,6 +18,7 @@ version: '3.7' services: app-metrics-influxdb: image: ${APP_SVC_REPOSITORY}/app-service-configurable${ARCH}:${APP_SERVICE_CONFIG_VERSION} + command: "--registry ${CP_FLAGS}" ports: - 127.0.0.1:59707:59707/tcp container_name: edgex-app-metrics-influxdb @@ -28,7 +29,7 @@ services: SERVICE_HOST: edgex-app-metrics-influxdb EDGEX_PROFILE: metrics-influxdb depends_on: - - consul + - ${REGISTRY_TYPE} - core-metadata - core-common-config-bootstrapper read_only: true diff --git a/compose-builder/add-asc-mqtt-export.yml b/compose-builder/add-asc-mqtt-export.yml index 5b2d9aaf..244f9315 100644 --- a/compose-builder/add-asc-mqtt-export.yml +++ b/compose-builder/add-asc-mqtt-export.yml @@ -18,6 +18,7 @@ version: '3.7' services: app-mqtt-export: image: ${APP_SVC_REPOSITORY}/app-service-configurable${ARCH}:${APP_SERVICE_CONFIG_VERSION} + command: "--registry ${CP_FLAGS}" ports: - 127.0.0.1:59703:59703/tcp container_name: edgex-app-mqtt-export @@ -31,7 +32,7 @@ services: WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_TOPIC: edgex-events WRITABLE_LOGLEVEL: INFO # allows scripts to find and change with sed depends_on: - - consul + - ${REGISTRY_TYPE} - core-metadata - core-common-config-bootstrapper read_only: true diff --git a/compose-builder/add-asc-sample.yml b/compose-builder/add-asc-sample.yml index d3112dc8..6db897bf 100644 --- a/compose-builder/add-asc-sample.yml +++ b/compose-builder/add-asc-sample.yml @@ -18,6 +18,7 @@ version: '3.7' services: app-sample: image: ${APP_SVC_REPOSITORY}/app-service-configurable${ARCH}:${APP_SERVICE_CONFIG_VERSION} + command: "--registry ${CP_FLAGS}" ports: - 127.0.0.1:59700:59700/tcp container_name: edgex-app-sample @@ -31,7 +32,7 @@ services: CLIENTS_CORE_COMMAND_HOST: edgex-core-command CLIENTS_SUPPORT-NOTIFICATIONS_HOST: edgex-support-notifications depends_on: - - consul + - ${REGISTRY_TYPE} - core-metadata - core-common-config-bootstrapper read_only: true diff --git a/compose-builder/add-consul.yml b/compose-builder/add-consul.yml new file mode 100644 index 00000000..0e28467a --- /dev/null +++ b/compose-builder/add-consul.yml @@ -0,0 +1,39 @@ +# /******************************************************************************* +# * Copyright 2024 IOTech Ltd +# * +# * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except +# * in compliance with the License. You may obtain a copy of the License at +# * +# * http://www.apache.org/licenses/LICENSE-2.0 +# * +# * Unless required by applicable law or agreed to in writing, software distributed under the License +# * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express +# * or implied. See the License for the specific language governing permissions and limitations under +# * the License. +# * +# *******************************************************************************/ + +version: '3.7' + +volumes: + consul-config: + consul-data: + +services: + consul: + image: hashicorp/consul:${CONSUL_VERSION} + command: "agent -ui -bootstrap -server -client 0.0.0.0" + user: "root:root" # Note that Consul is run under the 'consul' user, but entry point scripts need to first run as root + ports: + - "127.0.0.1:8500:8500" + container_name: edgex-core-consul + hostname: edgex-core-consul + read_only: true + restart: always + networks: + edgex-network: + volumes: + - consul-config:/consul/config + - consul-data:/consul/data + security_opt: + - no-new-privileges:true diff --git a/compose-builder/add-delayed-start-services.yml b/compose-builder/add-delayed-start-services.yml index bfdb9b5a..e45ca510 100644 --- a/compose-builder/add-delayed-start-services.yml +++ b/compose-builder/add-delayed-start-services.yml @@ -116,7 +116,7 @@ services: image: ${CORE_EDGEX_REPOSITORY}/security-spiffe-token-provider${ARCH}:${CORE_EDGEX_VERSION} entrypoint: - /edgex-init/ready_to_run_wait_install.sh - command: /security-spiffe-token-provider -cp=consul.http://edgex-core-consul:8500 + command: /security-spiffe-token-provider --registry ${CP_FLAGS} user: "root:root" container_name: edgex-security-spiffe-token-provider hostname: edgex-security-spiffe-token-provider @@ -140,7 +140,7 @@ services: - /tmp/edgex/secrets/spiffe:/tmp/edgex/secrets/spiffe:z - /tmp/edgex/secrets/security-spiffe-token-provider:/tmp/edgex/secrets/security-spiffe-token-provider:z depends_on: - - consul + - ${REGISTRY_TYPE} - security-spire-agent - security-bootstrapper security_opt: diff --git a/compose-builder/add-device-bacnet-ip.yml b/compose-builder/add-device-bacnet-ip.yml index 44bb8683..1b2add10 100644 --- a/compose-builder/add-device-bacnet-ip.yml +++ b/compose-builder/add-device-bacnet-ip.yml @@ -19,7 +19,7 @@ version: '3.7' services: device-bacnet-ip: image: ${DEVICE_SVC_REPOSITORY}/device-bacnet${ARCH}:${DEVICE_BACNET_VERSION} - command: "-cp=consul://edgex-core-consul:8500 --registry" + command: "${CP_FLAGS} --registry" ports: - "127.0.0.1:59980:59980" container_name: edgex-device-bacnet-ip @@ -30,12 +30,11 @@ services: - common-non-security.env environment: SERVICE_HOST: edgex-device-bacnet-ip - REGISTRY_HOST: edgex-core-consul DATABASE_HOST: edgex-redis MESSAGEBUS_HOST: edgex-redis CLIENTS_CORE_METADATA_HOST: edgex-core-metadata depends_on: - - consul + - ${REGISTRY_TYPE} - core-data - core-metadata - core-common-config-bootstrapper diff --git a/compose-builder/add-device-bacnet-mstp.yml b/compose-builder/add-device-bacnet-mstp.yml index 6f77852a..efd0531a 100644 --- a/compose-builder/add-device-bacnet-mstp.yml +++ b/compose-builder/add-device-bacnet-mstp.yml @@ -19,7 +19,7 @@ version: '3.7' services: device-bacnet-mstp: image: ${DEVICE_SVC_REPOSITORY}/device-bacnet${ARCH}:${DEVICE_BACNET_VERSION} - command: "-cp=consul://edgex-core-consul:8500 --registry" + command: "${CP_FLAGS} --registry" entrypoint: - /device-bacnet-mstp/device-bacnet-c ports: @@ -32,12 +32,11 @@ services: - common-non-security.env environment: SERVICE_HOST: edgex-device-bacnet-mstp - REGISTRY_HOST: edgex-core-consul DATABASE_HOST: edgex-redis MESSAGEBUS_HOST: edgex-redis CLIENTS_CORE_METADATA_HOST: edgex-core-metadata depends_on: - - consul + - ${REGISTRY_TYPE} - core-data - core-metadata - core-common-config-bootstrapper diff --git a/compose-builder/add-device-coap.yml b/compose-builder/add-device-coap.yml index 06836d42..450ab8bf 100644 --- a/compose-builder/add-device-coap.yml +++ b/compose-builder/add-device-coap.yml @@ -18,6 +18,7 @@ version: '3.7' services: device-coap: image: ${DEVICE_SVC_REPOSITORY}/device-coap${ARCH}:${DEVICE_COAP_VERSION} + command: "${CP_FLAGS} --registry" ports: - "127.0.0.1:59988:59988" container_name: edgex-device-coap @@ -30,12 +31,11 @@ services: - common-non-security.env environment: SERVICE_HOST: edgex-device-coap - REGISTRY_HOST: edgex-core-consul DATABASE_HOST: edgex-redis MESSAGEBUS_HOST: edgex-redis CLIENTS_CORE_METADATA_HOST: edgex-core-metadata depends_on: - - consul + - ${REGISTRY_TYPE} - core-data - core-metadata - core-common-config-bootstrapper diff --git a/compose-builder/add-device-gpio.yml b/compose-builder/add-device-gpio.yml index 7a0ea346..8ec1cb24 100644 --- a/compose-builder/add-device-gpio.yml +++ b/compose-builder/add-device-gpio.yml @@ -18,6 +18,7 @@ version: '3.7' services: device-gpio: image: ${DEVICE_SVC_REPOSITORY}/device-gpio${ARCH}:${DEVICE_GPIO_VERSION} + command: "${CP_FLAGS} --registry" ports: - "127.0.0.1:59910:59910" container_name: edgex-device-gpio @@ -31,7 +32,7 @@ services: environment: SERVICE_HOST: edgex-device-gpio depends_on: - - consul + - ${REGISTRY_TYPE} - core-data - core-metadata - core-common-config-bootstrapper diff --git a/compose-builder/add-device-modbus.yml b/compose-builder/add-device-modbus.yml index b3fab62a..dae65c31 100644 --- a/compose-builder/add-device-modbus.yml +++ b/compose-builder/add-device-modbus.yml @@ -18,6 +18,7 @@ version: '3.7' services: device-modbus: image: ${DEVICE_SVC_REPOSITORY}/device-modbus${ARCH}:${DEVICE_MODBUS_VERSION} + command: "${CP_FLAGS} --registry" ports: - "127.0.0.1:59901:59901" container_name: edgex-device-modbus @@ -29,7 +30,7 @@ services: environment: SERVICE_HOST: edgex-device-modbus depends_on: - - consul + - ${REGISTRY_TYPE} - core-data - core-metadata - core-common-config-bootstrapper diff --git a/compose-builder/add-device-mqtt.yml b/compose-builder/add-device-mqtt.yml index 7bd096a3..914f656b 100644 --- a/compose-builder/add-device-mqtt.yml +++ b/compose-builder/add-device-mqtt.yml @@ -18,6 +18,7 @@ version: '3.7' services: device-mqtt: image: ${DEVICE_SVC_REPOSITORY}/device-mqtt${ARCH}:${DEVICE_MQTT_VERSION} + command: "${CP_FLAGS} --registry" ports: - "127.0.0.1:59982:59982" container_name: edgex-device-mqtt @@ -32,7 +33,7 @@ services: SERVICE_HOST: edgex-device-mqtt MQTTBROKERINFO_HOST: edgex-mqtt-broker depends_on: - - consul + - ${REGISTRY_TYPE} - core-data - core-metadata - mqtt-broker diff --git a/compose-builder/add-device-onvif-camera.yml b/compose-builder/add-device-onvif-camera.yml index 814bb846..747e7e73 100644 --- a/compose-builder/add-device-onvif-camera.yml +++ b/compose-builder/add-device-onvif-camera.yml @@ -19,6 +19,7 @@ version: '3.7' services: device-onvif-camera: image: ${DEVICE_SVC_REPOSITORY}/device-onvif-camera${ARCH}:${DEVICE_ONVIFCAM_VERSION} + command: "${CP_FLAGS} --registry" ports: - "127.0.0.1:59984:59984" container_name: edgex-device-onvif-camera @@ -32,7 +33,7 @@ services: environment: SERVICE_HOST: edgex-device-onvif-camera depends_on: - - consul + - ${REGISTRY_TYPE} - core-data - core-metadata - core-common-config-bootstrapper diff --git a/compose-builder/add-device-rest.yml b/compose-builder/add-device-rest.yml index 72cfc2e3..8133b7dd 100644 --- a/compose-builder/add-device-rest.yml +++ b/compose-builder/add-device-rest.yml @@ -18,6 +18,7 @@ version: '3.7' services: device-rest: image: ${DEVICE_SVC_REPOSITORY}/device-rest${ARCH}:${DEVICE_REST_VERSION} + command: "${CP_FLAGS} --registry" ports: - "127.0.0.1:59986:59986" container_name: edgex-device-rest @@ -31,7 +32,7 @@ services: environment: SERVICE_HOST: edgex-device-rest depends_on: - - consul + - ${REGISTRY_TYPE} - core-data - core-metadata - core-common-config-bootstrapper diff --git a/compose-builder/add-device-rfid-llrp.yml b/compose-builder/add-device-rfid-llrp.yml index e75be50f..3bc2d39f 100644 --- a/compose-builder/add-device-rfid-llrp.yml +++ b/compose-builder/add-device-rfid-llrp.yml @@ -18,6 +18,7 @@ version: '3.7' services: device-rfid-llrp: image: ${DEVICE_SVC_REPOSITORY}/device-rfid-llrp${ARCH}:${DEVICE_LLRP_VERSION} + command: "${CP_FLAGS} --registry" ports: - "127.0.0.1:59989:59989" container_name: edgex-device-rfid-llrp @@ -31,7 +32,7 @@ services: environment: SERVICE_HOST: edgex-device-rfid-llrp depends_on: - - consul + - ${REGISTRY_TYPE} - core-data - core-metadata - core-common-config-bootstrapper diff --git a/compose-builder/add-device-s7.yml b/compose-builder/add-device-s7.yml index 6aa3efe8..22a5a72a 100644 --- a/compose-builder/add-device-s7.yml +++ b/compose-builder/add-device-s7.yml @@ -18,6 +18,7 @@ version: '3.7' services: device-s7: image: ${DEVICE_SVC_REPOSITORY}/device-s7${ARCH}:${DEVICE_S7_VERSION} + command: "${CP_FLAGS} --registry" ports: - '127.0.0.1:59994:59994' container_name: edgex-device-s7 @@ -29,7 +30,7 @@ services: environment: SERVICE_HOST: edgex-device-s7 depends_on: - - consul + - ${REGISTRY_TYPE} - core-data - core-metadata - core-common-config-bootstrapper diff --git a/compose-builder/add-device-snmp.yml b/compose-builder/add-device-snmp.yml index a5513391..1b1e94fb 100644 --- a/compose-builder/add-device-snmp.yml +++ b/compose-builder/add-device-snmp.yml @@ -18,6 +18,7 @@ version: '3.7' services: device-snmp: image: ${DEVICE_SVC_REPOSITORY}/device-snmp${ARCH}:${DEVICE_SNMP_VERSION} + command: "${CP_FLAGS} --registry" ports: - "127.0.0.1:59993:59993" container_name: edgex-device-snmp @@ -29,7 +30,7 @@ services: environment: SERVICE_HOST: edgex-device-snmp depends_on: - - consul + - ${REGISTRY_TYPE} - core-data - core-metadata - core-common-config-bootstrapper diff --git a/compose-builder/add-device-uart.yml b/compose-builder/add-device-uart.yml index 6b836c19..5a46244a 100644 --- a/compose-builder/add-device-uart.yml +++ b/compose-builder/add-device-uart.yml @@ -18,6 +18,7 @@ version: '3.7' services: device-uart: image: ${DEVICE_SVC_REPOSITORY}/device-uart${ARCH}:${DEVICE_UART_VERSION} + command: "${CP_FLAGS} --registry" ports: - "127.0.0.1:59995:59995" container_name: edgex-device-uart @@ -31,10 +32,10 @@ services: environment: SERVICE_HOST: edgex-device-uart depends_on: - - consul + - ${REGISTRY_TYPE} - core-data - core-metadata - core-common-config-bootstrapper security_opt: - no-new-privileges:true - user: "${EDGEX_USER}:${EDGEX_GROUP}" \ No newline at end of file + user: "${EDGEX_USER}:${EDGEX_GROUP}" diff --git a/compose-builder/add-device-usb-camera.yml b/compose-builder/add-device-usb-camera.yml index 7662df5e..be4fb17a 100644 --- a/compose-builder/add-device-usb-camera.yml +++ b/compose-builder/add-device-usb-camera.yml @@ -19,6 +19,7 @@ version: '3.7' services: device-usb-camera: image: ${DEVICE_SVC_REPOSITORY}/device-usb-camera${ARCH}:${DEVICE_USBCAM_VERSION} + command: "${CP_FLAGS} --registry" ports: - "127.0.0.1:59983:59983" - "127.0.0.1:8554:8554/tcp" @@ -33,7 +34,7 @@ services: environment: SERVICE_HOST: edgex-device-usb-camera depends_on: - - consul + - ${REGISTRY_TYPE} - core-data - core-metadata - core-common-config-bootstrapper diff --git a/compose-builder/add-device-virtual.yml b/compose-builder/add-device-virtual.yml index acfcc997..e93e30a3 100644 --- a/compose-builder/add-device-virtual.yml +++ b/compose-builder/add-device-virtual.yml @@ -18,6 +18,7 @@ version: '3.7' services: device-virtual: image: ${DEVICE_SVC_REPOSITORY}/device-virtual${ARCH}:${DEVICE_VIRTUAL_VERSION} + command: "${CP_FLAGS} --registry" ports: - "127.0.0.1:59900:59900" container_name: edgex-device-virtual @@ -31,7 +32,7 @@ services: environment: SERVICE_HOST: edgex-device-virtual depends_on: - - consul + - ${REGISTRY_TYPE} - core-data - core-metadata - core-common-config-bootstrapper diff --git a/compose-builder/add-keeper.yml b/compose-builder/add-keeper.yml new file mode 100644 index 00000000..ff58aa5a --- /dev/null +++ b/compose-builder/add-keeper.yml @@ -0,0 +1,40 @@ +# /******************************************************************************* +# * Copyright 2024 IOTech Ltd +# * +# * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except +# * in compliance with the License. You may obtain a copy of the License at +# * +# * http://www.apache.org/licenses/LICENSE-2.0 +# * +# * Unless required by applicable law or agreed to in writing, software distributed under the License +# * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express +# * or implied. See the License for the specific language governing permissions and limitations under +# * the License. +# * +# *******************************************************************************/ + +version: '3.7' + +services: + keeper: + image: ${CORE_EDGEX_REPOSITORY}/core-keeper${ARCH}:${CORE_EDGEX_VERSION} + user: "${EDGEX_USER}:${EDGEX_GROUP}" + ports: + - "127.0.0.1:59890:59890" + container_name: edgex-core-keeper + hostname: edgex-core-keeper + read_only: true + restart: always + networks: + - edgex-network + env_file: + - common-non-security.env + environment: + DATABASE_HOST: edgex-redis + MESSAGEBUS_HOST: edgex-redis + SERVICE_HOST: edgex-core-keeper + security_opt: + - no-new-privileges:true + volumes: + # use host timezone + - /etc/localtime:/etc/localtime:ro diff --git a/compose-builder/add-secure-consul.yml b/compose-builder/add-secure-consul.yml new file mode 100644 index 00000000..e211c1f9 --- /dev/null +++ b/compose-builder/add-secure-consul.yml @@ -0,0 +1,46 @@ +# /******************************************************************************* +# * Copyright 2024 IOTech Ltd +# * +# * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except +# * in compliance with the License. You may obtain a copy of the License at +# * +# * http://www.apache.org/licenses/LICENSE-2.0 +# * +# * Unless required by applicable law or agreed to in writing, software distributed under the License +# * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express +# * or implied. See the License for the specific language governing permissions and limitations under +# * the License. +# * +# *******************************************************************************/ + +version: '3.7' + +volumes: + consul-acl-token: + +services: + consul: + entrypoint: ["/edgex-init/consul_wait_install.sh"] + env_file: + # needed for vault host/port + - common-security.env + - common-sec-stage-gate.env + environment: + EDGEX_ADD_REGISTRY_ACL_ROLES: ${TOKEN_LIST} + EDGEX_USER: ${EDGEX_USER} + EDGEX_GROUP: ${EDGEX_GROUP} + # uncomment and modify the following "ADD_REGISTRY_ACL_ROLES" to add additional registry ACL roles on the fly + # the list is comma-separated service keys for these services + #ADD_REGISTRY_ACL_ROLES: app-sample,app-rules-engine-redis, app-rules-engine-mqtt, app-push-to-core + STAGEGATE_REGISTRY_ACL_SENTINELFILEPATH: /consul/config/consul_acl_done + STAGEGATE_REGISTRY_ACL_BOOTSTRAPTOKENPATH: /tmp/edgex/secrets/consul-acl-token/bootstrap_token.json + STAGEGATE_REGISTRY_ACL_MANAGEMENTTOKENPATH: /tmp/edgex/secrets/consul-acl-token/mgmt_token.json + volumes: + - edgex-init:/edgex-init:ro + - /tmp/edgex/secrets/edgex-consul:/tmp/edgex/secrets/edgex-consul:ro,z + # using regular volume to avoid lose of token due to host system reboot + # and it is only shared between consul and proxy-setup + - consul-acl-token:/tmp/edgex/secrets/consul-acl-token + depends_on: + - security-bootstrapper + - vault diff --git a/compose-builder/add-secure-keeper.yml b/compose-builder/add-secure-keeper.yml new file mode 100644 index 00000000..cc807cdb --- /dev/null +++ b/compose-builder/add-secure-keeper.yml @@ -0,0 +1,31 @@ +# /******************************************************************************* +# * Copyright 2024 IOTech Ltd +# * +# * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except +# * in compliance with the License. You may obtain a copy of the License at +# * +# * http://www.apache.org/licenses/LICENSE-2.0 +# * +# * Unless required by applicable law or agreed to in writing, software distributed under the License +# * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express +# * or implied. See the License for the specific language governing permissions and limitations under +# * the License. +# * +# *******************************************************************************/ + +version: '3.7' + +services: + keeper: + command: "/core-keeper" + env_file: + - common-security.env + - common-sec-stage-gate.env + volumes: + - edgex-init:/edgex-init:ro + - /tmp/edgex/secrets/core-keeper:/tmp/edgex/secrets/core-keeper:ro,z + depends_on: + - security-bootstrapper + - security-secretstore-setup + - database + diff --git a/compose-builder/add-security-proxy.yml b/compose-builder/add-security-proxy.yml index bd59862d..a43aa8e8 100644 --- a/compose-builder/add-security-proxy.yml +++ b/compose-builder/add-security-proxy.yml @@ -16,6 +16,7 @@ version: '3.7' volumes: + consul-acl-token: nginx-templates: nginx-tls: @@ -103,11 +104,7 @@ services: networks: - edgex-network entrypoint: ["/bin/sh", "/edgex-init/ready_to_run_wait_install.sh"] - command: - - "entrypoint.sh" - - "/security-proxy-auth" - - "-cp=consul.http://edgex-core-consul:8500" - - "--registry" + command: entrypoint.sh /security-proxy-auth --registry ${CP_FLAGS} env_file: - common-security.env - common-sec-stage-gate.env @@ -124,4 +121,4 @@ services: security_opt: - no-new-privileges:true -# end of containers for reverse proxy \ No newline at end of file +# end of containers for reverse proxy diff --git a/compose-builder/add-security-zero-trust.yml b/compose-builder/add-security-zero-trust.yml index ff2aebea..f46a4f92 100644 --- a/compose-builder/add-security-zero-trust.yml +++ b/compose-builder/add-security-zero-trust.yml @@ -59,14 +59,10 @@ services: - "--configDir=res/docker" container_name: edgex-ui-go depends_on: - consul: - condition: service_started - core-common-config-bootstrapper: - condition: service_started - core-metadata: - condition: service_started - security-bootstrapper: - condition: service_started + - ${REGISTRY_TYPE} + - core-common-config-bootstrapper + - core-metadata + - security-bootstrapper env_file: - common-security.env - common-sec-stage-gate.env diff --git a/compose-builder/add-security.yml b/compose-builder/add-security.yml index d4f6d05f..eacc0b7a 100644 --- a/compose-builder/add-security.yml +++ b/compose-builder/add-security.yml @@ -20,7 +20,6 @@ volumes: vault-config: vault-file: vault-logs: - consul-acl-token: # non-shared volumes redis-config: @@ -98,31 +97,6 @@ services: security_opt: - no-new-privileges:true - consul: - entrypoint: ["/edgex-init/consul_wait_install.sh"] - env_file: - # needed for vault host/port - - common-security.env - - common-sec-stage-gate.env - environment: - EDGEX_USER: ${EDGEX_USER} - EDGEX_GROUP: ${EDGEX_GROUP} - # uncomment and modify the following "ADD_REGISTRY_ACL_ROLES" to add additional registry ACL roles on the fly - # the list is comma-separated service keys for these services - #ADD_REGISTRY_ACL_ROLES: app-sample,app-rules-engine-redis, app-rules-engine-mqtt, app-push-to-core - STAGEGATE_REGISTRY_ACL_SENTINELFILEPATH: /consul/config/consul_acl_done - STAGEGATE_REGISTRY_ACL_BOOTSTRAPTOKENPATH: /tmp/edgex/secrets/consul-acl-token/bootstrap_token.json - STAGEGATE_REGISTRY_ACL_MANAGEMENTTOKENPATH: /tmp/edgex/secrets/consul-acl-token/mgmt_token.json - volumes: - - edgex-init:/edgex-init:ro - - /tmp/edgex/secrets/edgex-consul:/tmp/edgex/secrets/edgex-consul:ro,z - # using regular volume to avoid lose of token due to host system reboot - # and it is only shared between consul and proxy-setup - - consul-acl-token:/tmp/edgex/secrets/consul-acl-token - depends_on: - - security-bootstrapper - - vault - vault: image: hashicorp/vault:${VAULT_VERSION} user: "root:root" # Note that Vault is run under the 'vault' user, but entry point scripts need to first run as root @@ -157,7 +131,7 @@ services: - common-security.env - common-sec-stage-gate.env entrypoint: ["/edgex-init/ready_to_run_wait_install.sh"] - command: "/support-notifications ${DEFAULT_EDGEX_RUN_CMD_PARMS}" + command: "/support-notifications --registry ${CP_FLAGS}" volumes: - edgex-init:/edgex-init:ro - /tmp/edgex/secrets/support-notifications:/tmp/edgex/secrets/support-notifications:ro,z @@ -171,7 +145,7 @@ services: - common-security.env - common-sec-stage-gate.env entrypoint: ["/edgex-init/ready_to_run_wait_install.sh"] - command: "/core-metadata ${DEFAULT_EDGEX_RUN_CMD_PARMS}" + command: "/core-metadata --registry ${CP_FLAGS}" volumes: - edgex-init:/edgex-init:ro - /tmp/edgex/secrets/core-metadata:/tmp/edgex/secrets/core-metadata:ro,z @@ -185,7 +159,7 @@ services: - common-security.env - common-sec-stage-gate.env entrypoint: ["/edgex-init/ready_to_run_wait_install.sh"] - command: "/core-data ${DEFAULT_EDGEX_RUN_CMD_PARMS}" + command: "/core-data --registry ${CP_FLAGS}" volumes: - edgex-init:/edgex-init:ro - /tmp/edgex/secrets/core-data:/tmp/edgex/secrets/core-data:ro,z @@ -199,7 +173,7 @@ services: - common-security.env - common-sec-stage-gate.env entrypoint: ["/edgex-init/ready_to_run_wait_install.sh"] - command: "/core-command ${DEFAULT_EDGEX_RUN_CMD_PARMS}" + command: "/core-command --registry ${CP_FLAGS}" volumes: - edgex-init:/edgex-init:ro - /tmp/edgex/secrets/core-command:/tmp/edgex/secrets/core-command:ro,z @@ -213,7 +187,7 @@ services: - common-security.env - common-sec-stage-gate.env entrypoint: ["/edgex-init/ready_to_run_wait_install.sh"] - command: ["/entrypoint.sh", "/core-common-config-bootstrapper", "-cp=consul.http://edgex-core-consul:8500"] + command: /entrypoint.sh /core-common-config-bootstrapper --registry ${CP_FLAGS} volumes: - edgex-init:/edgex-init:ro - /tmp/edgex/secrets/core-common-config-bootstrapper:/tmp/edgex/secrets/core-common-config-bootstrapper:ro,z @@ -226,7 +200,7 @@ services: - common-security.env - common-sec-stage-gate.env entrypoint: ["/edgex-init/ready_to_run_wait_install.sh"] - command: "/support-scheduler ${DEFAULT_EDGEX_RUN_CMD_PARMS}" + command: "/support-scheduler --registry ${CP_FLAGS}" volumes: - edgex-init:/edgex-init:ro - /tmp/edgex/secrets/support-scheduler:/tmp/edgex/secrets/support-scheduler:ro,z @@ -239,7 +213,7 @@ services: # because it needs to await Consul roles to be created app-rules-engine: entrypoint: ["/edgex-init/ready_to_run_wait_install.sh"] - command: "/app-service-configurable ${DEFAULT_EDGEX_RUN_CMD_PARMS}" + command: "/app-service-configurable --registry ${CP_FLAGS}" env_file: - common-security.env - common-sec-stage-gate.env diff --git a/compose-builder/add-service-secure-template.yml b/compose-builder/add-service-secure-template.yml index e6d6f186..ea65674e 100644 --- a/compose-builder/add-service-secure-template.yml +++ b/compose-builder/add-service-secure-template.yml @@ -21,17 +21,13 @@ services: EDGEX_ADD_SECRETSTORE_TOKENS: ${TOKEN_LIST} EDGEX_ADD_KNOWN_SECRETS: ${KNOWN_SECRETS_LIST} - consul: - environment: - EDGEX_ADD_REGISTRY_ACL_ROLES: ${TOKEN_LIST} - ${ZERO_TRUST}security-proxy-setup: ${ZERO_TRUST} environment: ${ZERO_TRUST} EDGEX_ADD_PROXY_ROUTE: ${EXTRA_PROXY_ROUTE_LIST} ${SERVICE_NAME}: entrypoint: [${SHELL_OVERRIDE} "/edgex-init/ready_to_run_wait_install.sh"] - command: "/${EXECUTABLE} ${DEFAULT_EDGEX_RUN_CMD_PARMS}" + command: "/${EXECUTABLE} --registry ${CP_FLAGS}" env_file: - common-security.env - common-sec-stage-gate.env diff --git a/compose-builder/add-taf-app-services-secure.yml b/compose-builder/add-taf-app-services-secure.yml index b9531a00..232ab189 100644 --- a/compose-builder/add-taf-app-services-secure.yml +++ b/compose-builder/add-taf-app-services-secure.yml @@ -21,13 +21,9 @@ services: EDGEX_ADD_SECRETSTORE_TOKENS: ${TOKEN_LIST} EDGEX_ADD_KNOWN_SECRETS: ${KNOWN_SECRETS_LIST} - consul: - environment: - EDGEX_ADD_REGISTRY_ACL_ROLES: ${TOKEN_LIST} - app-functional-tests: entrypoint: ["/edgex-init/ready_to_run_wait_install.sh"] - command: "/app-service-configurable ${DEFAULT_EDGEX_RUN_CMD_PARMS}" + command: "/app-service-configurable --registry ${CP_FLAGS}" env_file: - common-security.env - common-sec-stage-gate.env @@ -41,7 +37,7 @@ services: app-scalability-test-mqtt-export: entrypoint: ["/edgex-init/ready_to_run_wait_install.sh"] - command: "/app-service-configurable ${DEFAULT_EDGEX_RUN_CMD_PARMS}" + command: "/app-service-configurable --registry ${CP_FLAGS}" env_file: - common-security.env - common-sec-stage-gate.env diff --git a/compose-builder/add-taf-app-services.yml b/compose-builder/add-taf-app-services.yml index f62674f3..684e5466 100644 --- a/compose-builder/add-taf-app-services.yml +++ b/compose-builder/add-taf-app-services.yml @@ -18,6 +18,7 @@ version: '3.7' services: app-functional-tests: image: ${APP_SVC_REPOSITORY}/app-service-configurable${ARCH}:${APP_SERVICE_CONFIG_VERSION} + command: "--registry ${CP_FLAGS}" ports: - 59705:59705/tcp container_name: edgex-app-functional-tests @@ -28,7 +29,7 @@ services: EDGEX_PROFILE: functional-tests SERVICE_HOST: edgex-app-functional-tests depends_on: - - consul + - ${REGISTRY_TYPE} - core-metadata - core-common-config-bootstrapper read_only: true @@ -43,6 +44,7 @@ services: app-scalability-test-mqtt-export: image: ${APP_SVC_REPOSITORY}/app-service-configurable${ARCH}:${APP_SERVICE_CONFIG_VERSION} + command: "--registry ${CP_FLAGS}" ports: - "59710:59703" #Exposing as different port to avoid conflict with other MQTT export instance container_name: edgex-app-scalability-test-mqtt-export @@ -60,7 +62,7 @@ services: MESSAGEBUS_OPTIONAL_CLIENTID: app-scalability-test-mqtt-export WRITABLE_LOGLEVEL: DEBUG depends_on: - - consul + - ${REGISTRY_TYPE} - core-metadata - core-common-config-bootstrapper read_only: true diff --git a/compose-builder/add-taf-device-services-mods.yml b/compose-builder/add-taf-device-services-mods.yml index 7b9ba128..a5dafd12 100644 --- a/compose-builder/add-taf-device-services-mods.yml +++ b/compose-builder/add-taf-device-services-mods.yml @@ -17,12 +17,12 @@ version: '3.7' services: device-virtual: - command: "-cp=consul.http://edgex-core-consul:8500 --registry --configDir=CONFIG_DIR_PLACE_HOLDER" + command: "${CP_FLAGS} --registry --configDir=CONFIG_DIR_PLACE_HOLDER" volumes: - /PROFILE_VOLUME_PLACE_HOLDER:CONFIG_DIR_PLACE_HOLDER:z device-modbus: - command: "-cp=consul.http://edgex-core-consul:8500 --registry --configDir=CONFIG_DIR_PLACE_HOLDER" + command: "${CP_FLAGS} --registry --configDir=CONFIG_DIR_PLACE_HOLDER" volumes: - /PROFILE_VOLUME_PLACE_HOLDER:CONFIG_DIR_PLACE_HOLDER:z depends_on: diff --git a/compose-builder/common-sec-stage-gate.env b/compose-builder/common-sec-stage-gate.env index 5d863698..deb7db39 100644 --- a/compose-builder/common-sec-stage-gate.env +++ b/compose-builder/common-sec-stage-gate.env @@ -26,8 +26,8 @@ STAGEGATE_DATABASE_HOST=edgex-redis STAGEGATE_DATABASE_PORT=6379 STAGEGATE_DATABASE_READYPORT=6379 # this is intended to be the same as Registry.Host/.Port for other services -STAGEGATE_REGISTRY_HOST=edgex-core-consul -STAGEGATE_REGISTRY_PORT=8500 +STAGEGATE_REGISTRY_HOST=${REGISTRY_HOST} +STAGEGATE_REGISTRY_PORT=${REGISTRY_PORT} STAGEGATE_REGISTRY_READYPORT=54324 STAGEGATE_READY_TORUNPORT=54329 PROXY_SETUP_HOST=edgex-security-proxy-setup diff --git a/compose-builder/docker-compose-base.yml b/compose-builder/docker-compose-base.yml index 9920abb5..cf69126b 100644 --- a/compose-builder/docker-compose-base.yml +++ b/compose-builder/docker-compose-base.yml @@ -23,32 +23,12 @@ networks: volumes: db-data: - consul-config: - consul-data: kuiper-data: kuiper-etc: kuiper-log: kuiper-plugins: services: - consul: - image: hashicorp/consul:${CONSUL_VERSION} - command: "agent -ui -bootstrap -server -client 0.0.0.0" - user: "root:root" # Note that Consul is run under the 'consul' user, but entry point scripts need to first run as root - ports: - - "127.0.0.1:8500:8500" - container_name: edgex-core-consul - hostname: edgex-core-consul - read_only: true - restart: always - networks: - edgex-network: - volumes: - - consul-config:/consul/config - - consul-data:/consul/data - security_opt: - - no-new-privileges:true - database: image: redis:${REDIS_VERSION} user: "root:root" # Note that Redis is run under the 'redis' user, but entry point scripts need to first run as root @@ -67,6 +47,7 @@ services: support-notifications: image: ${CORE_EDGEX_REPOSITORY}/support-notifications${ARCH}:${CORE_EDGEX_VERSION} + command: --registry ${CP_FLAGS} user: "${EDGEX_USER}:${EDGEX_GROUP}" ports: - "127.0.0.1:59860:59860" @@ -81,7 +62,7 @@ services: environment: SERVICE_HOST: edgex-support-notifications depends_on: - - consul + - ${REGISTRY_TYPE} - database - core-common-config-bootstrapper security_opt: @@ -92,6 +73,7 @@ services: core-metadata: image: ${CORE_EDGEX_REPOSITORY}/core-metadata${ARCH}:${CORE_EDGEX_VERSION} + command: --registry ${CP_FLAGS} user: "${EDGEX_USER}:${EDGEX_GROUP}" ports: - "127.0.0.1:59881:59881" @@ -106,7 +88,7 @@ services: environment: SERVICE_HOST: edgex-core-metadata depends_on: - - consul + - ${REGISTRY_TYPE} - database security_opt: - no-new-privileges:true @@ -116,6 +98,7 @@ services: core-data: image: ${CORE_EDGEX_REPOSITORY}/core-data${ARCH}:${CORE_EDGEX_VERSION} + command: --registry ${CP_FLAGS} user: "${EDGEX_USER}:${EDGEX_GROUP}" ports: - "127.0.0.1:59880:59880" @@ -130,7 +113,7 @@ services: environment: SERVICE_HOST: edgex-core-data depends_on: - - consul + - ${REGISTRY_TYPE} - database - core-common-config-bootstrapper security_opt: @@ -141,6 +124,7 @@ services: core-command: image: ${CORE_EDGEX_REPOSITORY}/core-command${ARCH}:${CORE_EDGEX_VERSION} + command: --registry ${CP_FLAGS} user: "${EDGEX_USER}:${EDGEX_GROUP}" ports: - "127.0.0.1:59882:59882" @@ -156,7 +140,7 @@ services: SERVICE_HOST: edgex-core-command EXTERNALMQTT_URL: tcp://edgex-mqtt-broker:1883 depends_on: - - consul + - ${REGISTRY_TYPE} - database - core-metadata - core-common-config-bootstrapper @@ -168,6 +152,7 @@ services: core-common-config-bootstrapper: image: ${CORE_EDGEX_REPOSITORY}/core-common-config-bootstrapper${ARCH}:${CORE_EDGEX_VERSION} + command: /core-common-config-bootstrapper --registry ${CP_FLAGS} user: "${EDGEX_USER}:${EDGEX_GROUP}" container_name: edgex-core-common-config-bootstrapper hostname: edgex-core-common-config-bootstrapper @@ -177,13 +162,15 @@ services: env_file: - common-non-security.env environment: - ALL_SERVICES_REGISTRY_HOST: edgex-core-consul + ALL_SERVICES_REGISTRY_HOST: ${REGISTRY_HOST} + ALL_SERVICES_REGISTRY_PORT: ${REGISTRY_PORT} + ALL_SERVICES_REGISTRY_TYPE: ${REGISTRY_TYPE} ALL_SERVICES_DATABASE_HOST: edgex-redis ALL_SERVICES_MESSAGEBUS_HOST: edgex-redis APP_SERVICES_CLIENTS_CORE_METADATA_HOST: edgex-core-metadata DEVICE_SERVICES_CLIENTS_CORE_METADATA_HOST: edgex-core-metadata depends_on: - - consul + - ${REGISTRY_TYPE} security_opt: - no-new-privileges:true volumes: @@ -192,6 +179,7 @@ services: support-scheduler: image: ${CORE_EDGEX_REPOSITORY}/support-scheduler${ARCH}:${CORE_EDGEX_VERSION} + command: --registry ${CP_FLAGS} user: "${EDGEX_USER}:${EDGEX_GROUP}" ports: - "127.0.0.1:59861:59861" @@ -208,7 +196,7 @@ services: INTERVALACTIONS_SCRUBPUSHED_HOST: edgex-core-data INTERVALACTIONS_SCRUBAGED_HOST: edgex-core-data depends_on: - - consul + - ${REGISTRY_TYPE} - database - core-common-config-bootstrapper security_opt: @@ -219,6 +207,7 @@ services: app-rules-engine: image: ${APP_SVC_REPOSITORY}/app-service-configurable${ARCH}:${APP_SERVICE_CONFIG_VERSION} + command: --registry ${CP_FLAGS} user: "${EDGEX_USER}:${EDGEX_GROUP}" ports: - "127.0.0.1:59701:59701" @@ -234,7 +223,7 @@ services: EDGEX_PROFILE: rules-engine SERVICE_HOST: edgex-app-rules-engine depends_on: - - consul + - ${REGISTRY_TYPE} - core-metadata - core-common-config-bootstrapper security_opt: diff --git a/compose-builder/gen_secure_compose_ext.sh b/compose-builder/gen_secure_compose_ext.sh index dbde5d3e..1752f30f 100755 --- a/compose-builder/gen_secure_compose_ext.sh +++ b/compose-builder/gen_secure_compose_ext.sh @@ -21,7 +21,7 @@ num_of_args=$# # we use the inherited pattern to reduce the input number of arguments from the caller # i.e. if only provided one input argument, then the 2nd and 3rd argument will be the same as the first argument -service_name='' service_key='' executable='' params=' ${DEFAULT_EDGEX_RUN_CMD_PARMS}' +service_name='' service_key='' executable='' params=' ${CP_FLAGS}' case "$num_of_args" in 0) echo "ERROR: Invalid number of arguments, should be at least 1" @@ -76,7 +76,7 @@ case "${service_name}" in esac # optional with default value if [ "$num_of_args" -eq 4 ]; then - sed -i 's, ${DEFAULT_EDGEX_RUN_CMD_PARMS},'"$params"',g' "$SERVICE_EXT_COMPOSE_PATH" + sed -i 's, ${CP_FLAGS},'"$params"',g' "$SERVICE_EXT_COMPOSE_PATH" fi diff --git a/docker-compose-arm64.yml b/docker-compose-arm64.yml index 5d20ea50..a201bc62 100644 --- a/docker-compose-arm64.yml +++ b/docker-compose-arm64.yml @@ -30,8 +30,8 @@ services: app-rules-engine: command: - /app-service-configurable - - -cp=consul.http://edgex-core-consul:8500 - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-app-rules-engine depends_on: consul: @@ -185,8 +185,8 @@ services: core-command: command: - /core-command - - -cp=consul.http://edgex-core-consul:8500 - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-core-command depends_on: consul: @@ -266,6 +266,7 @@ services: command: - /entrypoint.sh - /core-common-config-bootstrapper + - --registry - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-core-common-config-bootstrapper depends_on: @@ -284,6 +285,8 @@ services: ALL_SERVICES_DATABASE_HOST: edgex-redis ALL_SERVICES_MESSAGEBUS_HOST: edgex-redis ALL_SERVICES_REGISTRY_HOST: edgex-core-consul + ALL_SERVICES_REGISTRY_PORT: "8500" + ALL_SERVICES_REGISTRY_TYPE: consul APP_SERVICES_CLIENTS_CORE_METADATA_HOST: edgex-core-metadata DEVICE_SERVICES_CLIENTS_CORE_METADATA_HOST: edgex-core-metadata EDGEX_SECURITY_SECRET_STORE: "true" @@ -332,8 +335,8 @@ services: core-data: command: - /core-data - - -cp=consul.http://edgex-core-consul:8500 - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-core-data depends_on: consul: @@ -408,8 +411,8 @@ services: core-metadata: command: - /core-metadata - - -cp=consul.http://edgex-core-consul:8500 - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-core-metadata depends_on: consul: @@ -549,8 +552,8 @@ services: device-rest: command: - /device-rest - - -cp=consul.http://edgex-core-consul:8500 - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-device-rest depends_on: consul: @@ -625,8 +628,8 @@ services: device-virtual: command: - /device-virtual - - -cp=consul.http://edgex-core-consul:8500 - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-device-virtual depends_on: consul: @@ -894,8 +897,8 @@ services: command: - entrypoint.sh - /security-proxy-auth - - -cp=consul.http://edgex-core-consul:8500 - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-proxy-auth depends_on: core-common-config-bootstrapper: @@ -1117,8 +1120,8 @@ services: support-notifications: command: - /support-notifications - - -cp=consul.http://edgex-core-consul:8500 - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-support-notifications depends_on: consul: @@ -1193,8 +1196,8 @@ services: support-scheduler: command: - /support-scheduler - - -cp=consul.http://edgex-core-consul:8500 - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-support-scheduler depends_on: consul: diff --git a/docker-compose-no-secty-arm64.yml b/docker-compose-no-secty-arm64.yml index 08528e8a..3cc97699 100644 --- a/docker-compose-no-secty-arm64.yml +++ b/docker-compose-no-secty-arm64.yml @@ -28,6 +28,9 @@ name: edgex services: app-rules-engine: + command: + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-app-rules-engine depends_on: consul: @@ -99,6 +102,9 @@ services: target: /consul/data volume: {} core-command: + command: + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-core-command depends_on: consul: @@ -140,6 +146,10 @@ services: bind: create_host_path: true core-common-config-bootstrapper: + command: + - /core-common-config-bootstrapper + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-core-common-config-bootstrapper depends_on: consul: @@ -149,6 +159,8 @@ services: ALL_SERVICES_DATABASE_HOST: edgex-redis ALL_SERVICES_MESSAGEBUS_HOST: edgex-redis ALL_SERVICES_REGISTRY_HOST: edgex-core-consul + ALL_SERVICES_REGISTRY_PORT: "8500" + ALL_SERVICES_REGISTRY_TYPE: consul APP_SERVICES_CLIENTS_CORE_METADATA_HOST: edgex-core-metadata DEVICE_SERVICES_CLIENTS_CORE_METADATA_HOST: edgex-core-metadata EDGEX_SECURITY_SECRET_STORE: "false" @@ -168,6 +180,9 @@ services: bind: create_host_path: true core-data: + command: + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-core-data depends_on: consul: @@ -205,6 +220,9 @@ services: bind: create_host_path: true core-metadata: + command: + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-core-metadata depends_on: consul: @@ -261,6 +279,9 @@ services: target: /data volume: {} device-rest: + command: + - -cp=consul.http://edgex-core-consul:8500 + - --registry container_name: edgex-device-rest depends_on: consul: @@ -301,6 +322,9 @@ services: bind: create_host_path: true device-virtual: + command: + - -cp=consul.http://edgex-core-consul:8500 + - --registry container_name: edgex-device-virtual depends_on: consul: @@ -398,6 +422,9 @@ services: target: /kuiper/plugins volume: {} support-notifications: + command: + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-support-notifications depends_on: consul: @@ -435,6 +462,9 @@ services: bind: create_host_path: true support-scheduler: + command: + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-support-scheduler depends_on: consul: diff --git a/docker-compose-no-secty-with-app-sample-arm64.yml b/docker-compose-no-secty-with-app-sample-arm64.yml index 4224057d..815fec4a 100644 --- a/docker-compose-no-secty-with-app-sample-arm64.yml +++ b/docker-compose-no-secty-with-app-sample-arm64.yml @@ -28,6 +28,9 @@ name: edgex services: app-rules-engine: + command: + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-app-rules-engine depends_on: consul: @@ -66,6 +69,9 @@ services: bind: create_host_path: true app-sample: + command: + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-app-sample depends_on: consul: @@ -140,6 +146,9 @@ services: target: /consul/data volume: {} core-command: + command: + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-core-command depends_on: consul: @@ -181,6 +190,10 @@ services: bind: create_host_path: true core-common-config-bootstrapper: + command: + - /core-common-config-bootstrapper + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-core-common-config-bootstrapper depends_on: consul: @@ -190,6 +203,8 @@ services: ALL_SERVICES_DATABASE_HOST: edgex-redis ALL_SERVICES_MESSAGEBUS_HOST: edgex-redis ALL_SERVICES_REGISTRY_HOST: edgex-core-consul + ALL_SERVICES_REGISTRY_PORT: "8500" + ALL_SERVICES_REGISTRY_TYPE: consul APP_SERVICES_CLIENTS_CORE_METADATA_HOST: edgex-core-metadata DEVICE_SERVICES_CLIENTS_CORE_METADATA_HOST: edgex-core-metadata EDGEX_SECURITY_SECRET_STORE: "false" @@ -209,6 +224,9 @@ services: bind: create_host_path: true core-data: + command: + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-core-data depends_on: consul: @@ -246,6 +264,9 @@ services: bind: create_host_path: true core-metadata: + command: + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-core-metadata depends_on: consul: @@ -302,6 +323,9 @@ services: target: /data volume: {} device-rest: + command: + - -cp=consul.http://edgex-core-consul:8500 + - --registry container_name: edgex-device-rest depends_on: consul: @@ -342,6 +366,9 @@ services: bind: create_host_path: true device-virtual: + command: + - -cp=consul.http://edgex-core-consul:8500 + - --registry container_name: edgex-device-virtual depends_on: consul: @@ -439,6 +466,9 @@ services: target: /kuiper/plugins volume: {} support-notifications: + command: + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-support-notifications depends_on: consul: @@ -476,6 +506,9 @@ services: bind: create_host_path: true support-scheduler: + command: + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-support-scheduler depends_on: consul: diff --git a/docker-compose-no-secty-with-app-sample.yml b/docker-compose-no-secty-with-app-sample.yml index af704d8e..f74f3a3f 100644 --- a/docker-compose-no-secty-with-app-sample.yml +++ b/docker-compose-no-secty-with-app-sample.yml @@ -28,6 +28,9 @@ name: edgex services: app-rules-engine: + command: + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-app-rules-engine depends_on: consul: @@ -66,6 +69,9 @@ services: bind: create_host_path: true app-sample: + command: + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-app-sample depends_on: consul: @@ -140,6 +146,9 @@ services: target: /consul/data volume: {} core-command: + command: + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-core-command depends_on: consul: @@ -181,6 +190,10 @@ services: bind: create_host_path: true core-common-config-bootstrapper: + command: + - /core-common-config-bootstrapper + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-core-common-config-bootstrapper depends_on: consul: @@ -190,6 +203,8 @@ services: ALL_SERVICES_DATABASE_HOST: edgex-redis ALL_SERVICES_MESSAGEBUS_HOST: edgex-redis ALL_SERVICES_REGISTRY_HOST: edgex-core-consul + ALL_SERVICES_REGISTRY_PORT: "8500" + ALL_SERVICES_REGISTRY_TYPE: consul APP_SERVICES_CLIENTS_CORE_METADATA_HOST: edgex-core-metadata DEVICE_SERVICES_CLIENTS_CORE_METADATA_HOST: edgex-core-metadata EDGEX_SECURITY_SECRET_STORE: "false" @@ -209,6 +224,9 @@ services: bind: create_host_path: true core-data: + command: + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-core-data depends_on: consul: @@ -246,6 +264,9 @@ services: bind: create_host_path: true core-metadata: + command: + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-core-metadata depends_on: consul: @@ -302,6 +323,9 @@ services: target: /data volume: {} device-rest: + command: + - -cp=consul.http://edgex-core-consul:8500 + - --registry container_name: edgex-device-rest depends_on: consul: @@ -342,6 +366,9 @@ services: bind: create_host_path: true device-virtual: + command: + - -cp=consul.http://edgex-core-consul:8500 + - --registry container_name: edgex-device-virtual depends_on: consul: @@ -439,6 +466,9 @@ services: target: /kuiper/plugins volume: {} support-notifications: + command: + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-support-notifications depends_on: consul: @@ -476,6 +506,9 @@ services: bind: create_host_path: true support-scheduler: + command: + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-support-scheduler depends_on: consul: diff --git a/docker-compose-no-secty.yml b/docker-compose-no-secty.yml index d6e3e261..e6fb187b 100644 --- a/docker-compose-no-secty.yml +++ b/docker-compose-no-secty.yml @@ -28,6 +28,9 @@ name: edgex services: app-rules-engine: + command: + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-app-rules-engine depends_on: consul: @@ -99,6 +102,9 @@ services: target: /consul/data volume: {} core-command: + command: + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-core-command depends_on: consul: @@ -140,6 +146,10 @@ services: bind: create_host_path: true core-common-config-bootstrapper: + command: + - /core-common-config-bootstrapper + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-core-common-config-bootstrapper depends_on: consul: @@ -149,6 +159,8 @@ services: ALL_SERVICES_DATABASE_HOST: edgex-redis ALL_SERVICES_MESSAGEBUS_HOST: edgex-redis ALL_SERVICES_REGISTRY_HOST: edgex-core-consul + ALL_SERVICES_REGISTRY_PORT: "8500" + ALL_SERVICES_REGISTRY_TYPE: consul APP_SERVICES_CLIENTS_CORE_METADATA_HOST: edgex-core-metadata DEVICE_SERVICES_CLIENTS_CORE_METADATA_HOST: edgex-core-metadata EDGEX_SECURITY_SECRET_STORE: "false" @@ -168,6 +180,9 @@ services: bind: create_host_path: true core-data: + command: + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-core-data depends_on: consul: @@ -205,6 +220,9 @@ services: bind: create_host_path: true core-metadata: + command: + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-core-metadata depends_on: consul: @@ -261,6 +279,9 @@ services: target: /data volume: {} device-rest: + command: + - -cp=consul.http://edgex-core-consul:8500 + - --registry container_name: edgex-device-rest depends_on: consul: @@ -301,6 +322,9 @@ services: bind: create_host_path: true device-virtual: + command: + - -cp=consul.http://edgex-core-consul:8500 + - --registry container_name: edgex-device-virtual depends_on: consul: @@ -398,6 +422,9 @@ services: target: /kuiper/plugins volume: {} support-notifications: + command: + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-support-notifications depends_on: consul: @@ -435,6 +462,9 @@ services: bind: create_host_path: true support-scheduler: + command: + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-support-scheduler depends_on: consul: diff --git a/docker-compose-with-app-sample-arm64.yml b/docker-compose-with-app-sample-arm64.yml index 26eadeec..7ef61dfa 100644 --- a/docker-compose-with-app-sample-arm64.yml +++ b/docker-compose-with-app-sample-arm64.yml @@ -30,8 +30,8 @@ services: app-rules-engine: command: - /app-service-configurable - - -cp=consul.http://edgex-core-consul:8500 - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-app-rules-engine depends_on: consul: @@ -104,8 +104,8 @@ services: app-sample: command: - /app-service-configurable - - -cp=consul.http://edgex-core-consul:8500 - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-app-sample depends_on: consul: @@ -262,8 +262,8 @@ services: core-command: command: - /core-command - - -cp=consul.http://edgex-core-consul:8500 - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-core-command depends_on: consul: @@ -343,6 +343,7 @@ services: command: - /entrypoint.sh - /core-common-config-bootstrapper + - --registry - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-core-common-config-bootstrapper depends_on: @@ -361,6 +362,8 @@ services: ALL_SERVICES_DATABASE_HOST: edgex-redis ALL_SERVICES_MESSAGEBUS_HOST: edgex-redis ALL_SERVICES_REGISTRY_HOST: edgex-core-consul + ALL_SERVICES_REGISTRY_PORT: "8500" + ALL_SERVICES_REGISTRY_TYPE: consul APP_SERVICES_CLIENTS_CORE_METADATA_HOST: edgex-core-metadata DEVICE_SERVICES_CLIENTS_CORE_METADATA_HOST: edgex-core-metadata EDGEX_SECURITY_SECRET_STORE: "true" @@ -409,8 +412,8 @@ services: core-data: command: - /core-data - - -cp=consul.http://edgex-core-consul:8500 - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-core-data depends_on: consul: @@ -485,8 +488,8 @@ services: core-metadata: command: - /core-metadata - - -cp=consul.http://edgex-core-consul:8500 - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-core-metadata depends_on: consul: @@ -626,8 +629,8 @@ services: device-rest: command: - /device-rest - - -cp=consul.http://edgex-core-consul:8500 - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-device-rest depends_on: consul: @@ -702,8 +705,8 @@ services: device-virtual: command: - /device-virtual - - -cp=consul.http://edgex-core-consul:8500 - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-device-virtual depends_on: consul: @@ -971,8 +974,8 @@ services: command: - entrypoint.sh - /security-proxy-auth - - -cp=consul.http://edgex-core-consul:8500 - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-proxy-auth depends_on: core-common-config-bootstrapper: @@ -1194,8 +1197,8 @@ services: support-notifications: command: - /support-notifications - - -cp=consul.http://edgex-core-consul:8500 - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-support-notifications depends_on: consul: @@ -1270,8 +1273,8 @@ services: support-scheduler: command: - /support-scheduler - - -cp=consul.http://edgex-core-consul:8500 - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-support-scheduler depends_on: consul: diff --git a/docker-compose-with-app-sample.yml b/docker-compose-with-app-sample.yml index 60f65e71..87972472 100644 --- a/docker-compose-with-app-sample.yml +++ b/docker-compose-with-app-sample.yml @@ -30,8 +30,8 @@ services: app-rules-engine: command: - /app-service-configurable - - -cp=consul.http://edgex-core-consul:8500 - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-app-rules-engine depends_on: consul: @@ -104,8 +104,8 @@ services: app-sample: command: - /app-service-configurable - - -cp=consul.http://edgex-core-consul:8500 - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-app-sample depends_on: consul: @@ -262,8 +262,8 @@ services: core-command: command: - /core-command - - -cp=consul.http://edgex-core-consul:8500 - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-core-command depends_on: consul: @@ -343,6 +343,7 @@ services: command: - /entrypoint.sh - /core-common-config-bootstrapper + - --registry - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-core-common-config-bootstrapper depends_on: @@ -361,6 +362,8 @@ services: ALL_SERVICES_DATABASE_HOST: edgex-redis ALL_SERVICES_MESSAGEBUS_HOST: edgex-redis ALL_SERVICES_REGISTRY_HOST: edgex-core-consul + ALL_SERVICES_REGISTRY_PORT: "8500" + ALL_SERVICES_REGISTRY_TYPE: consul APP_SERVICES_CLIENTS_CORE_METADATA_HOST: edgex-core-metadata DEVICE_SERVICES_CLIENTS_CORE_METADATA_HOST: edgex-core-metadata EDGEX_SECURITY_SECRET_STORE: "true" @@ -409,8 +412,8 @@ services: core-data: command: - /core-data - - -cp=consul.http://edgex-core-consul:8500 - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-core-data depends_on: consul: @@ -485,8 +488,8 @@ services: core-metadata: command: - /core-metadata - - -cp=consul.http://edgex-core-consul:8500 - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-core-metadata depends_on: consul: @@ -626,8 +629,8 @@ services: device-rest: command: - /device-rest - - -cp=consul.http://edgex-core-consul:8500 - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-device-rest depends_on: consul: @@ -702,8 +705,8 @@ services: device-virtual: command: - /device-virtual - - -cp=consul.http://edgex-core-consul:8500 - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-device-virtual depends_on: consul: @@ -971,8 +974,8 @@ services: command: - entrypoint.sh - /security-proxy-auth - - -cp=consul.http://edgex-core-consul:8500 - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-proxy-auth depends_on: core-common-config-bootstrapper: @@ -1194,8 +1197,8 @@ services: support-notifications: command: - /support-notifications - - -cp=consul.http://edgex-core-consul:8500 - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-support-notifications depends_on: consul: @@ -1270,8 +1273,8 @@ services: support-scheduler: command: - /support-scheduler - - -cp=consul.http://edgex-core-consul:8500 - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-support-scheduler depends_on: consul: diff --git a/docker-compose-zero-trust-arm64.yml b/docker-compose-zero-trust-arm64.yml index af3459a8..6f78501d 100644 --- a/docker-compose-zero-trust-arm64.yml +++ b/docker-compose-zero-trust-arm64.yml @@ -30,8 +30,8 @@ services: app-rules-engine: command: - /app-service-configurable - - -cp=consul.http://edgex-core-consul:8500 - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-app-rules-engine depends_on: consul: @@ -180,8 +180,8 @@ services: core-command: command: - /core-command - - -cp=consul.http://edgex-core-consul:8500 - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-core-command depends_on: consul: @@ -259,6 +259,7 @@ services: command: - /entrypoint.sh - /core-common-config-bootstrapper + - --registry - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-core-common-config-bootstrapper depends_on: @@ -277,6 +278,8 @@ services: ALL_SERVICES_DATABASE_HOST: edgex-redis ALL_SERVICES_MESSAGEBUS_HOST: edgex-redis ALL_SERVICES_REGISTRY_HOST: edgex-core-consul + ALL_SERVICES_REGISTRY_PORT: "8500" + ALL_SERVICES_REGISTRY_TYPE: consul ALL_SERVICES_SERVICE_SECURITYOPTIONS_MODE: zerotrust APP_SERVICES_CLIENTS_CORE_METADATA_HOST: core-metadata.edgex.ziti APP_SERVICES_CLIENTS_CORE_METADATA_PORT: "80" @@ -330,8 +333,8 @@ services: core-data: command: - /core-data - - -cp=consul.http://edgex-core-consul:8500 - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-core-data depends_on: consul: @@ -401,8 +404,8 @@ services: core-metadata: command: - /core-metadata - - -cp=consul.http://edgex-core-consul:8500 - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-core-metadata depends_on: consul: @@ -537,8 +540,8 @@ services: device-rest: command: - /device-rest - - -cp=consul.http://edgex-core-consul:8500 - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-device-rest depends_on: consul: @@ -608,8 +611,8 @@ services: device-virtual: command: - /device-virtual - - -cp=consul.http://edgex-core-consul:8500 - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-device-virtual depends_on: consul: @@ -886,8 +889,8 @@ services: support-notifications: command: - /support-notifications - - -cp=consul.http://edgex-core-consul:8500 - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-support-notifications depends_on: consul: @@ -957,8 +960,8 @@ services: support-scheduler: command: - /support-scheduler - - -cp=consul.http://edgex-core-consul:8500 - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-support-scheduler depends_on: consul: diff --git a/docker-compose-zero-trust.yml b/docker-compose-zero-trust.yml index 06f830bf..7ee76137 100644 --- a/docker-compose-zero-trust.yml +++ b/docker-compose-zero-trust.yml @@ -30,8 +30,8 @@ services: app-rules-engine: command: - /app-service-configurable - - -cp=consul.http://edgex-core-consul:8500 - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-app-rules-engine depends_on: consul: @@ -180,8 +180,8 @@ services: core-command: command: - /core-command - - -cp=consul.http://edgex-core-consul:8500 - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-core-command depends_on: consul: @@ -259,6 +259,7 @@ services: command: - /entrypoint.sh - /core-common-config-bootstrapper + - --registry - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-core-common-config-bootstrapper depends_on: @@ -277,6 +278,8 @@ services: ALL_SERVICES_DATABASE_HOST: edgex-redis ALL_SERVICES_MESSAGEBUS_HOST: edgex-redis ALL_SERVICES_REGISTRY_HOST: edgex-core-consul + ALL_SERVICES_REGISTRY_PORT: "8500" + ALL_SERVICES_REGISTRY_TYPE: consul ALL_SERVICES_SERVICE_SECURITYOPTIONS_MODE: zerotrust APP_SERVICES_CLIENTS_CORE_METADATA_HOST: core-metadata.edgex.ziti APP_SERVICES_CLIENTS_CORE_METADATA_PORT: "80" @@ -330,8 +333,8 @@ services: core-data: command: - /core-data - - -cp=consul.http://edgex-core-consul:8500 - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-core-data depends_on: consul: @@ -401,8 +404,8 @@ services: core-metadata: command: - /core-metadata - - -cp=consul.http://edgex-core-consul:8500 - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-core-metadata depends_on: consul: @@ -537,8 +540,8 @@ services: device-rest: command: - /device-rest - - -cp=consul.http://edgex-core-consul:8500 - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-device-rest depends_on: consul: @@ -608,8 +611,8 @@ services: device-virtual: command: - /device-virtual - - -cp=consul.http://edgex-core-consul:8500 - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-device-virtual depends_on: consul: @@ -886,8 +889,8 @@ services: support-notifications: command: - /support-notifications - - -cp=consul.http://edgex-core-consul:8500 - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-support-notifications depends_on: consul: @@ -957,8 +960,8 @@ services: support-scheduler: command: - /support-scheduler - - -cp=consul.http://edgex-core-consul:8500 - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-support-scheduler depends_on: consul: diff --git a/docker-compose.yml b/docker-compose.yml index 1ae58cd1..4a74b50a 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -30,8 +30,8 @@ services: app-rules-engine: command: - /app-service-configurable - - -cp=consul.http://edgex-core-consul:8500 - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-app-rules-engine depends_on: consul: @@ -185,8 +185,8 @@ services: core-command: command: - /core-command - - -cp=consul.http://edgex-core-consul:8500 - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-core-command depends_on: consul: @@ -266,6 +266,7 @@ services: command: - /entrypoint.sh - /core-common-config-bootstrapper + - --registry - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-core-common-config-bootstrapper depends_on: @@ -284,6 +285,8 @@ services: ALL_SERVICES_DATABASE_HOST: edgex-redis ALL_SERVICES_MESSAGEBUS_HOST: edgex-redis ALL_SERVICES_REGISTRY_HOST: edgex-core-consul + ALL_SERVICES_REGISTRY_PORT: "8500" + ALL_SERVICES_REGISTRY_TYPE: consul APP_SERVICES_CLIENTS_CORE_METADATA_HOST: edgex-core-metadata DEVICE_SERVICES_CLIENTS_CORE_METADATA_HOST: edgex-core-metadata EDGEX_SECURITY_SECRET_STORE: "true" @@ -332,8 +335,8 @@ services: core-data: command: - /core-data - - -cp=consul.http://edgex-core-consul:8500 - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-core-data depends_on: consul: @@ -408,8 +411,8 @@ services: core-metadata: command: - /core-metadata - - -cp=consul.http://edgex-core-consul:8500 - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-core-metadata depends_on: consul: @@ -549,8 +552,8 @@ services: device-rest: command: - /device-rest - - -cp=consul.http://edgex-core-consul:8500 - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-device-rest depends_on: consul: @@ -625,8 +628,8 @@ services: device-virtual: command: - /device-virtual - - -cp=consul.http://edgex-core-consul:8500 - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-device-virtual depends_on: consul: @@ -894,8 +897,8 @@ services: command: - entrypoint.sh - /security-proxy-auth - - -cp=consul.http://edgex-core-consul:8500 - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-proxy-auth depends_on: core-common-config-bootstrapper: @@ -1117,8 +1120,8 @@ services: support-notifications: command: - /support-notifications - - -cp=consul.http://edgex-core-consul:8500 - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-support-notifications depends_on: consul: @@ -1193,8 +1196,8 @@ services: support-scheduler: command: - /support-scheduler - - -cp=consul.http://edgex-core-consul:8500 - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-support-scheduler depends_on: consul: diff --git a/taf/docker-compose-taf-arm64.yml b/taf/docker-compose-taf-arm64.yml index 212d79ea..cdff2613 100644 --- a/taf/docker-compose-taf-arm64.yml +++ b/taf/docker-compose-taf-arm64.yml @@ -24,27 +24,33 @@ # # From the compose-builder folder use `make build` to regenerate all standard compose files variations # +# Generated with: Docker Compose version v2.25.0 name: edgex services: app-external-mqtt-trigger: command: - - /app-service-configurable - - -cp=consul.http://edgex-core-consul:8500 - - --registry + - /app-service-configurable + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-app-external-mqtt-trigger depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-data: condition: service_started + required: true core-metadata: condition: service_started + required: true security-bootstrapper: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_PROFILE: external-mqtt-trigger EDGEX_SECURITY_SECRET_STORE: "true" @@ -73,52 +79,56 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59706 - published: "59706" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59706 + published: "59706" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /tmp/edgex/secrets/app-external-mqtt-trigger - target: /tmp/edgex/secrets/app-external-mqtt-trigger - read_only: true - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/app-external-mqtt-trigger + target: /tmp/edgex/secrets/app-external-mqtt-trigger + read_only: true + bind: + selinux: z + create_host_path: true app-functional-tests: command: - - /app-service-configurable - - -cp=consul.http://edgex-core-consul:8500 - - --registry + - /app-service-configurable + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-app-functional-tests depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-metadata: condition: service_started + required: true security-bootstrapper: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_PROFILE: functional-tests EDGEX_SECURITY_SECRET_STORE: "true" @@ -143,52 +153,57 @@ services: networks: edgex-network: null ports: - - mode: ingress - target: 59705 - published: "59705" - protocol: tcp + - mode: ingress + target: 59705 + published: "59705" + protocol: tcp read_only: true security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /tmp/edgex/secrets/app-functional-tests - target: /tmp/edgex/secrets/app-functional-tests - read_only: true - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/app-functional-tests + target: /tmp/edgex/secrets/app-functional-tests + read_only: true + bind: + selinux: z + create_host_path: true app-http-export: command: - - /app-service-configurable - - -cp=consul.http://edgex-core-consul:8500 - - --registry + - /app-service-configurable + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-app-http-export depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-data: condition: service_started + required: true core-metadata: condition: service_started + required: true security-bootstrapper: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_PROFILE: http-export EDGEX_SECURITY_SECRET_STORE: "true" @@ -215,52 +230,56 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59704 - published: "59704" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59704 + published: "59704" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /tmp/edgex/secrets/app-http-export - target: /tmp/edgex/secrets/app-http-export - read_only: true - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/app-http-export + target: /tmp/edgex/secrets/app-http-export + read_only: true + bind: + selinux: z + create_host_path: true app-mqtt-export: command: - - /app-service-configurable - - -cp=consul.http://edgex-core-consul:8500 - - --registry + - /app-service-configurable + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-app-mqtt-export depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-metadata: condition: service_started + required: true security-bootstrapper: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_PROFILE: mqtt-export EDGEX_SECURITY_SECRET_STORE: "true" @@ -288,52 +307,56 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59703 - published: "59703" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59703 + published: "59703" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /tmp/edgex/secrets/app-mqtt-export - target: /tmp/edgex/secrets/app-mqtt-export - read_only: true - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/app-mqtt-export + target: /tmp/edgex/secrets/app-mqtt-export + read_only: true + bind: + selinux: z + create_host_path: true app-rules-engine: command: - - /app-service-configurable - - -cp=consul.http://edgex-core-consul:8500 - - --registry + - /app-service-configurable + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-app-rules-engine depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-metadata: condition: service_started + required: true security-bootstrapper: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_PROFILE: rules-engine EDGEX_SECURITY_SECRET_STORE: "true" @@ -358,52 +381,56 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59701 - published: "59701" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59701 + published: "59701" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /tmp/edgex/secrets/app-rules-engine - target: /tmp/edgex/secrets/app-rules-engine - read_only: true - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/app-rules-engine + target: /tmp/edgex/secrets/app-rules-engine + read_only: true + bind: + selinux: z + create_host_path: true app-sample: command: - - /app-service-configurable - - -cp=consul.http://edgex-core-consul:8500 - - --registry + - /app-service-configurable + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-app-sample depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-metadata: condition: service_started + required: true security-bootstrapper: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: CLIENTS_CORE_COMMAND_HOST: edgex-core-command CLIENTS_CORE_DATA_HOST: edgex-core-data @@ -431,52 +458,56 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59700 - published: "59700" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59700 + published: "59700" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /tmp/edgex/secrets/app-sample - target: /tmp/edgex/secrets/app-sample - read_only: true - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/app-sample + target: /tmp/edgex/secrets/app-sample + read_only: true + bind: + selinux: z + create_host_path: true app-scalability-test-mqtt-export: command: - - /app-service-configurable - - -cp=consul.http://edgex-core-consul:8500 - - --registry + - /app-service-configurable + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-app-scalability-test-mqtt-export depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-metadata: condition: service_started + required: true security-bootstrapper: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_PROFILE: mqtt-export EDGEX_SECURITY_SECRET_STORE: "true" @@ -507,49 +538,51 @@ services: networks: edgex-network: null ports: - - mode: ingress - target: 59703 - published: "59710" - protocol: tcp + - mode: ingress + target: 59703 + published: "59710" + protocol: tcp read_only: true security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /tmp/edgex/secrets/app-scalability-test-mqtt-export - target: /tmp/edgex/secrets/app-scalability-test-mqtt-export - read_only: true - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/app-scalability-test-mqtt-export + target: /tmp/edgex/secrets/app-scalability-test-mqtt-export + read_only: true + bind: + selinux: z + create_host_path: true consul: command: - - agent - - -ui - - -bootstrap - - -server - - -client - - 0.0.0.0 + - agent + - -ui + - -bootstrap + - -server + - -client + - 0.0.0.0 container_name: edgex-core-consul depends_on: security-bootstrapper: condition: service_started + required: true vault: condition: service_started + required: true entrypoint: - - /edgex-init/consul_wait_install.sh + - /edgex-init/consul_wait_install.sh environment: EDGEX_ADD_REGISTRY_ACL_ROLES: app-http-export,app-mqtt-export,app-functional-tests,app-scalability-test-mqtt-export,app-sample,device-modbus,app-external-mqtt-trigger,device-onvif-camera EDGEX_GROUP: "2001" @@ -578,62 +611,68 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 8500 - published: "8500" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 8500 + published: "8500" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: root:root volumes: - - type: volume - source: consul-config - target: /consul/config - volume: {} - - type: volume - source: consul-data - target: /consul/data - volume: {} - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: volume - source: consul-acl-token - target: /tmp/edgex/secrets/consul-acl-token - volume: {} - - type: bind - source: /tmp/edgex/secrets/edgex-consul - target: /tmp/edgex/secrets/edgex-consul - read_only: true - bind: - selinux: z - create_host_path: true + - type: volume + source: consul-config + target: /consul/config + volume: {} + - type: volume + source: consul-data + target: /consul/data + volume: {} + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/edgex-consul + target: /tmp/edgex/secrets/edgex-consul + read_only: true + bind: + selinux: z + create_host_path: true + - type: volume + source: consul-acl-token + target: /tmp/edgex/secrets/consul-acl-token + volume: {} core-command: command: - - /core-command - - -cp=consul.http://edgex-core-consul:8500 - - --registry + - /core-command + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-core-command depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-metadata: condition: service_started + required: true database: condition: service_started + required: true security-bootstrapper: condition: service_started + required: true security-secretstore-setup: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" EXTERNALMQTT_URL: tcp://edgex-mqtt-broker:1883 @@ -658,54 +697,60 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59882 - published: "59882" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59882 + published: "59882" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /tmp/edgex/secrets/core-command - target: /tmp/edgex/secrets/core-command - read_only: true - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/core-command + target: /tmp/edgex/secrets/core-command + read_only: true + bind: + selinux: z + create_host_path: true core-common-config-bootstrapper: command: - - /entrypoint.sh - - /core-common-config-bootstrapper - - -cp=consul.http://edgex-core-consul:8500 + - /entrypoint.sh + - /core-common-config-bootstrapper + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-core-common-config-bootstrapper depends_on: consul: condition: service_started + required: true security-bootstrapper: condition: service_started + required: true security-secretstore-setup: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: ALL_SERVICES_DATABASE_HOST: edgex-redis ALL_SERVICES_MESSAGEBUS_HOST: edgex-redis ALL_SERVICES_REGISTRY_HOST: edgex-core-consul + ALL_SERVICES_REGISTRY_PORT: "8500" + ALL_SERVICES_REGISTRY_TYPE: consul APP_SERVICES_CLIENTS_CORE_METADATA_HOST: edgex-core-metadata DEVICE_SERVICES_CLIENTS_CORE_METADATA_HOST: edgex-core-metadata EDGEX_SECURITY_SECRET_STORE: "true" @@ -730,46 +775,51 @@ services: edgex-network: null read_only: true security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /tmp/edgex/secrets/core-common-config-bootstrapper - target: /tmp/edgex/secrets/core-common-config-bootstrapper - read_only: true - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/core-common-config-bootstrapper + target: /tmp/edgex/secrets/core-common-config-bootstrapper + read_only: true + bind: + selinux: z + create_host_path: true core-data: command: - - /core-data - - -cp=consul.http://edgex-core-consul:8500 - - --registry + - /core-data + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-core-data depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true database: condition: service_started + required: true security-bootstrapper: condition: service_started + required: true security-secretstore-setup: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" PROXY_SETUP_HOST: edgex-security-proxy-setup @@ -793,52 +843,56 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59880 - published: "59880" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59880 + published: "59880" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /tmp/edgex/secrets/core-data - target: /tmp/edgex/secrets/core-data - read_only: true - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/core-data + target: /tmp/edgex/secrets/core-data + read_only: true + bind: + selinux: z + create_host_path: true core-metadata: command: - - /core-metadata - - -cp=consul.http://edgex-core-consul:8500 - - --registry + - /core-metadata + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-core-metadata depends_on: consul: condition: service_started + required: true database: condition: service_started + required: true security-bootstrapper: condition: service_started + required: true security-secretstore-setup: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" PROXY_SETUP_HOST: edgex-security-proxy-setup @@ -862,44 +916,46 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59881 - published: "59881" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59881 + published: "59881" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /tmp/edgex/secrets/core-metadata - target: /tmp/edgex/secrets/core-metadata - read_only: true - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/core-metadata + target: /tmp/edgex/secrets/core-metadata + read_only: true + bind: + selinux: z + create_host_path: true database: container_name: edgex-redis depends_on: security-bootstrapper: condition: service_started + required: true security-secretstore-setup: condition: service_started + required: true entrypoint: - - /edgex-init/redis_wait_install.sh + - /edgex-init/redis_wait_install.sh environment: DATABASECONFIG_NAME: redis.conf DATABASECONFIG_PATH: /run/redis/conf @@ -924,61 +980,67 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 6379 - published: "6379" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 6379 + published: "6379" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true tmpfs: - - /run + - /run user: root:root volumes: - - type: volume - source: db-data - target: /data - volume: {} - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: volume - source: redis-config - target: /run/redis/conf - volume: {} - - type: bind - source: /tmp/edgex/secrets/security-bootstrapper-redis - target: /tmp/edgex/secrets/security-bootstrapper-redis - read_only: true - bind: - selinux: z - create_host_path: true + - type: volume + source: db-data + target: /data + volume: {} + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: volume + source: redis-config + target: /run/redis/conf + volume: {} + - type: bind + source: /tmp/edgex/secrets/security-bootstrapper-redis + target: /tmp/edgex/secrets/security-bootstrapper-redis + read_only: true + bind: + selinux: z + create_host_path: true device-modbus: command: - - /device-modbus - - -cp=consul.http://edgex-core-consul:8500 - - --registry - - --configDir=CONFIG_DIR_PLACE_HOLDER + - /device-modbus + - --registry + - -cp=consul.http://edgex-core-consul:8500 + - --configDir=CONFIG_DIR_PLACE_HOLDER container_name: edgex-device-modbus depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-data: condition: service_started + required: true core-metadata: condition: service_started + required: true modbus-simulator: condition: service_started + required: true security-bootstrapper: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" PROXY_SETUP_HOST: edgex-security-proxy-setup @@ -1002,60 +1064,65 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59901 - published: "59901" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59901 + published: "59901" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /tmp/edgex/secrets/device-modbus - target: /tmp/edgex/secrets/device-modbus - read_only: true - bind: - selinux: z - create_host_path: true - - type: bind - source: /PROFILE_VOLUME_PLACE_HOLDER - target: CONFIG_DIR_PLACE_HOLDER - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: bind + source: /PROFILE_VOLUME_PLACE_HOLDER + target: CONFIG_DIR_PLACE_HOLDER + bind: + selinux: z + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/device-modbus + target: /tmp/edgex/secrets/device-modbus + read_only: true + bind: + selinux: z + create_host_path: true device-onvif-camera: command: - - /device-onvif-camera - - -cp=consul.http://edgex-core-consul:8500 - - --registry + - /device-onvif-camera + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-device-onvif-camera depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-data: condition: service_started + required: true core-metadata: condition: service_started + required: true security-bootstrapper: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" PROXY_SETUP_HOST: edgex-security-proxy-setup @@ -1079,54 +1146,59 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59984 - published: "59984" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59984 + published: "59984" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /tmp/edgex/secrets/device-onvif-camera - target: /tmp/edgex/secrets/device-onvif-camera - read_only: true - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/device-onvif-camera + target: /tmp/edgex/secrets/device-onvif-camera + read_only: true + bind: + selinux: z + create_host_path: true device-rest: command: - - /device-rest - - -cp=consul.http://edgex-core-consul:8500 - - --registry + - /device-rest + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-device-rest depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-data: condition: service_started + required: true core-metadata: condition: service_started + required: true security-bootstrapper: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" PROXY_SETUP_HOST: edgex-security-proxy-setup @@ -1150,55 +1222,60 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59986 - published: "59986" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59986 + published: "59986" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /tmp/edgex/secrets/device-rest - target: /tmp/edgex/secrets/device-rest - read_only: true - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/device-rest + target: /tmp/edgex/secrets/device-rest + read_only: true + bind: + selinux: z + create_host_path: true device-virtual: command: - - /device-virtual - - -cp=consul.http://edgex-core-consul:8500 - - --registry - - --configDir=CONFIG_DIR_PLACE_HOLDER + - /device-virtual + - --registry + - -cp=consul.http://edgex-core-consul:8500 + - --configDir=CONFIG_DIR_PLACE_HOLDER container_name: edgex-device-virtual depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-data: condition: service_started + required: true core-metadata: condition: service_started + required: true security-bootstrapper: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" PROXY_SETUP_HOST: edgex-security-proxy-setup @@ -1222,41 +1299,41 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59900 - published: "59900" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59900 + published: "59900" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /tmp/edgex/secrets/device-virtual - target: /tmp/edgex/secrets/device-virtual - read_only: true - bind: - selinux: z - create_host_path: true - - type: bind - source: /PROFILE_VOLUME_PLACE_HOLDER - target: CONFIG_DIR_PLACE_HOLDER - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: bind + source: /PROFILE_VOLUME_PLACE_HOLDER + target: CONFIG_DIR_PLACE_HOLDER + bind: + selinux: z + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/device-virtual + target: /tmp/edgex/secrets/device-virtual + read_only: true + bind: + selinux: z + create_host_path: true modbus-simulator: container_name: edgex-modbus-simulator hostname: edgex-modbus-simulator @@ -1264,78 +1341,79 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 1502 - published: "1502" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 1502 + published: "1502" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true mqtt-broker: command: - - /usr/sbin/mosquitto - - -c - - /mosquitto-no-auth.conf + - /usr/sbin/mosquitto + - -c + - /mosquitto-no-auth.conf container_name: edgex-mqtt-broker hostname: edgex-mqtt-broker image: eclipse-mosquitto:2.0 networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 1883 - published: "1883" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 1883 + published: "1883" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 mqtt-taf-broker: command: - - /usr/sbin/mosquitto - - -c - - /mosquitto-no-auth.conf + - /usr/sbin/mosquitto + - -c + - /mosquitto-no-auth.conf container_name: edgex-taf-mqtt-broker hostname: edgex-taf-mqtt-broker image: eclipse-mosquitto:2.0 networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 1883 - published: "1884" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 1883 + published: "1884" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 nginx: command: - - /docker-entrypoint.sh - - nginx - - -g - - daemon off; + - /docker-entrypoint.sh + - nginx + - -g + - daemon off; container_name: edgex-nginx depends_on: security-secretstore-setup: condition: service_started + required: true entrypoint: - - /bin/sh - - /edgex-init/nginx_wait_install.sh + - /bin/sh + - /edgex-init/nginx_wait_install.sh environment: PROXY_SETUP_HOST: edgex-security-proxy-setup STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper @@ -1356,44 +1434,47 @@ services: networks: edgex-network: null ports: - - mode: ingress - target: 8443 - published: "8443" - protocol: tcp + - mode: ingress + target: 8443 + published: "8443" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true tmpfs: - - /etc/nginx/conf.d - - /var/cache/nginx - - /var/log/nginx - - /var/run + - /etc/nginx/conf.d + - /var/cache/nginx + - /var/log/nginx + - /var/run volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: volume - source: nginx-templates - target: /etc/nginx/templates - volume: {} - - type: volume - source: nginx-tls - target: /etc/ssl/nginx - volume: {} + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: volume + source: nginx-templates + target: /etc/nginx/templates + volume: {} + - type: volume + source: nginx-tls + target: /etc/ssl/nginx + volume: {} rules-engine: container_name: edgex-kuiper depends_on: database: condition: service_started + required: true security-bootstrapper: condition: service_started + required: true security-secretstore-setup: condition: service_started + required: true entrypoint: - - /edgex-init/kuiper_wait_install.sh + - /edgex-init/kuiper_wait_install.sh environment: CONNECTION__EDGEX__REDISMSGBUS__PORT: "6379" CONNECTION__EDGEX__REDISMSGBUS__PROTOCOL: redis @@ -1405,6 +1486,7 @@ services: EDGEX__DEFAULT__TOPIC: edgex/rules-events EDGEX__DEFAULT__TYPE: redis KUIPER__BASIC__CONSOLELOG: "true" + KUIPER__BASIC__ENABLEOPENZITI: "false" KUIPER__BASIC__RESTPORT: "59720" PROXY_SETUP_HOST: edgex-security-proxy-setup STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper @@ -1421,56 +1503,56 @@ services: STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" STAGEGATE_WAITFOR_TIMEOUT: 60s hostname: edgex-kuiper - image: lfedge/ekuiper:1.12-alpine + image: lfedge/ekuiper:v1.14.0-alpha.2 networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59720 - published: "59720" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59720 + published: "59720" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: kuiper:kuiper volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: volume - source: kuiper-data - target: /kuiper/data - volume: {} - - type: volume - source: kuiper-etc - target: /kuiper/etc - volume: {} - - type: volume - source: kuiper-connections - target: /kuiper/etc/connections - volume: {} - - type: volume - source: kuiper-sources - target: /kuiper/etc/sources - volume: {} - - type: volume - source: kuiper-log - target: /kuiper/log - volume: {} - - type: volume - source: kuiper-plugins - target: /kuiper/plugins - volume: {} + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: kuiper-data + target: /kuiper/data + volume: {} + - type: volume + source: kuiper-etc + target: /kuiper/etc + volume: {} + - type: volume + source: kuiper-log + target: /kuiper/log + volume: {} + - type: volume + source: kuiper-plugins + target: /kuiper/plugins + volume: {} + - type: volume + source: kuiper-sources + target: /kuiper/etc/sources + volume: {} + - type: volume + source: kuiper-connections + target: /kuiper/etc/connections + volume: {} + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} security-bootstrapper: container_name: edgex-security-bootstrapper environment: @@ -1497,34 +1579,36 @@ services: read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: root:root volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: volume - source: edgex-init - target: /edgex-init - volume: {} + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + volume: {} security-proxy-auth: command: - - entrypoint.sh - - /security-proxy-auth - - -cp=consul.http://edgex-core-consul:8500 - - --registry + - entrypoint.sh + - /security-proxy-auth + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-proxy-auth depends_on: core-common-config-bootstrapper: condition: service_started + required: true security-secretstore-setup: condition: service_started + required: true entrypoint: - - /bin/sh - - /edgex-init/ready_to_run_wait_install.sh + - /bin/sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" PROXY_SETUP_HOST: edgex-security-proxy-setup @@ -1548,43 +1632,45 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59842 - published: "59842" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59842 + published: "59842" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /tmp/edgex/secrets/security-proxy-auth - target: /tmp/edgex/secrets/security-proxy-auth - read_only: true - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/security-proxy-auth + target: /tmp/edgex/secrets/security-proxy-auth + read_only: true + bind: + selinux: z + create_host_path: true security-proxy-setup: container_name: edgex-security-proxy-setup depends_on: security-bootstrapper: condition: service_started + required: true security-secretstore-setup: condition: service_started + required: true entrypoint: - - /edgex-init/proxy_setup_wait_install.sh + - /edgex-init/proxy_setup_wait_install.sh environment: EDGEX_ADD_PROXY_ROUTE: device-modbus.http://edgex-device-modbus:59901 EDGEX_SECURITY_SECRET_STORE: "true" @@ -1619,51 +1705,53 @@ services: read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: root:root volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: volume - source: nginx-templates - target: /etc/nginx/templates - volume: {} - - type: volume - source: nginx-tls - target: /etc/ssl/nginx - volume: {} - - type: volume - source: consul-acl-token - target: /tmp/edgex/secrets/consul-acl-token - read_only: true - volume: {} - - type: bind - source: /tmp/edgex/secrets/security-proxy-setup - target: /tmp/edgex/secrets/security-proxy-setup - read_only: true - bind: - selinux: z - create_host_path: true - - type: volume - source: vault-config - target: /vault/config - volume: {} + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: volume + source: vault-config + target: /vault/config + volume: {} + - type: volume + source: nginx-templates + target: /etc/nginx/templates + volume: {} + - type: volume + source: nginx-tls + target: /etc/ssl/nginx + volume: {} + - type: bind + source: /tmp/edgex/secrets/security-proxy-setup + target: /tmp/edgex/secrets/security-proxy-setup + read_only: true + bind: + selinux: z + create_host_path: true + - type: volume + source: consul-acl-token + target: /tmp/edgex/secrets/consul-acl-token + read_only: true + volume: {} security-secretstore-setup: container_name: edgex-security-secretstore-setup depends_on: security-bootstrapper: condition: service_started + required: true vault: condition: service_started + required: true environment: EDGEX_ADD_KNOWN_SECRETS: redisdb[app-rules-engine],redisdb[app-http-export],redisdb[app-mqtt-export],redisdb[app-scalability-test-mqtt-export],redisdb[app-sample],redisdb[device-modbus],redisdb[device-rest],redisdb[device-virtual],redisdb[device-onvif-camera],message-bus[app-rules-engine],message-bus[app-http-export],message-bus[app-mqtt-export],message-bus[app-external-mqtt-trigger],message-bus[app-scalability-test-mqtt-export],message-bus[app-sample],message-bus[device-modbus],message-bus[device-rest],message-bus[device-virtual],message-bus[device-onvif-camera] EDGEX_ADD_SECRETSTORE_TOKENS: app-http-export,app-mqtt-export,app-functional-tests,app-scalability-test-mqtt-export,app-sample,device-modbus,app-external-mqtt-trigger,device-onvif-camera @@ -1693,55 +1781,59 @@ services: read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true tmpfs: - - /run - - /vault + - /run + - /vault user: root:root volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /tmp/edgex/secrets - target: /tmp/edgex/secrets - bind: - selinux: z - create_host_path: true - - type: volume - source: kuiper-sources - target: /tmp/kuiper - volume: {} - - type: volume - source: kuiper-connections - target: /tmp/kuiper-connections - volume: {} - - type: volume - source: vault-config - target: /vault/config - volume: {} + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: volume + source: vault-config + target: /vault/config + volume: {} + - type: bind + source: /tmp/edgex/secrets + target: /tmp/edgex/secrets + bind: + selinux: z + create_host_path: true + - type: volume + source: kuiper-sources + target: /tmp/kuiper + volume: {} + - type: volume + source: kuiper-connections + target: /tmp/kuiper-connections + volume: {} security-spiffe-token-provider: command: - - /security-spiffe-token-provider - - -cp=consul.http://edgex-core-consul:8500 + - /security-spiffe-token-provider + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-security-spiffe-token-provider depends_on: consul: condition: service_started + required: true security-bootstrapper: condition: service_started + required: true security-spire-agent: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" PROXY_SETUP_HOST: edgex-security-proxy-setup @@ -1765,50 +1857,51 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59841 - published: "59841" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59841 + published: "59841" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true tmpfs: - - /run + - /run user: root:root volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: volume - source: edgex-init - target: /edgex-init - volume: {} - - type: bind - source: /tmp/edgex/secrets/spiffe - target: /tmp/edgex/secrets/spiffe - bind: - selinux: z - create_host_path: true - - type: bind - source: /tmp/edgex/secrets/security-spiffe-token-provider - target: /tmp/edgex/secrets/security-spiffe-token-provider - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + volume: {} + - type: bind + source: /tmp/edgex/secrets/spiffe + target: /tmp/edgex/secrets/spiffe + bind: + selinux: z + create_host_path: true + - type: bind + source: /tmp/edgex/secrets/security-spiffe-token-provider + target: /tmp/edgex/secrets/security-spiffe-token-provider + bind: + selinux: z + create_host_path: true security-spire-agent: command: - - docker-entrypoint.sh + - docker-entrypoint.sh container_name: edgex-security-spire-agent depends_on: security-spire-server: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" PROXY_SETUP_HOST: edgex-security-proxy-setup @@ -1835,49 +1928,50 @@ services: read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true tmpfs: - - /run + - /run user: root:root volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: volume - source: edgex-init - target: /edgex-init - volume: {} - - type: volume - source: spire-ca - target: /srv/spiffe/ca - volume: {} - - type: volume - source: spire-agent - target: /srv/spiffe/agent - volume: {} - - type: bind - source: /tmp/edgex/secrets/spiffe - target: /tmp/edgex/secrets/spiffe - bind: - selinux: z - create_host_path: true - - type: bind - source: /var/run/docker.sock - target: /var/run/docker.sock - bind: - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + volume: {} + - type: volume + source: spire-ca + target: /srv/spiffe/ca + volume: {} + - type: volume + source: spire-agent + target: /srv/spiffe/agent + volume: {} + - type: bind + source: /tmp/edgex/secrets/spiffe + target: /tmp/edgex/secrets/spiffe + bind: + selinux: z + create_host_path: true + - type: bind + source: /var/run/docker.sock + target: /var/run/docker.sock + bind: + create_host_path: true security-spire-config: command: - - docker-entrypoint.sh + - docker-entrypoint.sh container_name: edgex-security-spire-config depends_on: security-spire-agent: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" PROXY_SETUP_HOST: edgex-security-proxy-setup @@ -1902,36 +1996,37 @@ services: read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true tmpfs: - - /run + - /run user: root:root volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: volume - source: edgex-init - target: /edgex-init - volume: {} - - type: bind - source: /tmp/edgex/secrets/spiffe - target: /tmp/edgex/secrets/spiffe - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + volume: {} + - type: bind + source: /tmp/edgex/secrets/spiffe + target: /tmp/edgex/secrets/spiffe + bind: + selinux: z + create_host_path: true security-spire-server: command: - - docker-entrypoint.sh + - docker-entrypoint.sh container_name: edgex-security-spire-server depends_on: security-bootstrapper: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" PROXY_SETUP_HOST: edgex-security-proxy-setup @@ -1955,62 +2050,67 @@ services: edgex-network: null pid: host ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59840 - published: "59840" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59840 + published: "59840" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true tmpfs: - - /run + - /run user: root:root volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: volume - source: edgex-init - target: /edgex-init - volume: {} - - type: volume - source: spire-ca - target: /srv/spiffe/ca - volume: {} - - type: volume - source: spire-server - target: /srv/spiffe/server - volume: {} - - type: bind - source: /tmp/edgex/secrets/spiffe - target: /tmp/edgex/secrets/spiffe - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + volume: {} + - type: volume + source: spire-ca + target: /srv/spiffe/ca + volume: {} + - type: volume + source: spire-server + target: /srv/spiffe/server + volume: {} + - type: bind + source: /tmp/edgex/secrets/spiffe + target: /tmp/edgex/secrets/spiffe + bind: + selinux: z + create_host_path: true support-notifications: command: - - /support-notifications - - -cp=consul.http://edgex-core-consul:8500 - - --registry + - /support-notifications + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-support-notifications depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true database: condition: service_started + required: true security-bootstrapper: condition: service_started + required: true security-secretstore-setup: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" PROXY_SETUP_HOST: edgex-security-proxy-setup @@ -2034,54 +2134,59 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59860 - published: "59860" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59860 + published: "59860" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /tmp/edgex/secrets/support-notifications - target: /tmp/edgex/secrets/support-notifications - read_only: true - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/support-notifications + target: /tmp/edgex/secrets/support-notifications + read_only: true + bind: + selinux: z + create_host_path: true support-scheduler: command: - - /support-scheduler - - -cp=consul.http://edgex-core-consul:8500 - - --registry + - /support-scheduler + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-support-scheduler depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true database: condition: service_started + required: true security-bootstrapper: condition: service_started + required: true security-secretstore-setup: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" INTERVALACTIONS_SCRUBAGED_HOST: edgex-core-data @@ -2107,35 +2212,35 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59861 - published: "59861" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59861 + published: "59861" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /tmp/edgex/secrets/support-scheduler - target: /tmp/edgex/secrets/support-scheduler - read_only: true - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/support-scheduler + target: /tmp/edgex/secrets/support-scheduler + read_only: true + bind: + selinux: z + create_host_path: true ui: container_name: edgex-ui-go environment: @@ -2146,33 +2251,34 @@ services: networks: edgex-network: null ports: - - mode: ingress - target: 4000 - published: "4000" - protocol: tcp + - mode: ingress + target: 4000 + published: "4000" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true vault: cap_add: - - IPC_LOCK + - IPC_LOCK command: - - server + - server container_name: edgex-vault depends_on: security-bootstrapper: condition: service_started + required: true entrypoint: - - /edgex-init/vault_wait_install.sh + - /edgex-init/vault_wait_install.sh environment: PROXY_SETUP_HOST: edgex-security-proxy-setup STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper @@ -2196,29 +2302,29 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 8200 - published: "8200" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 8200 + published: "8200" + protocol: tcp restart: always tmpfs: - - /vault/config + - /vault/config user: root:root volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: volume - source: vault-file - target: /vault/file - volume: {} - - type: volume - source: vault-logs - target: /vault/logs - volume: {} + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: volume + source: vault-file + target: /vault/file + volume: {} + - type: volume + source: vault-logs + target: /vault/logs + volume: {} networks: edgex-network: name: edgex_edgex-network diff --git a/taf/docker-compose-taf-keeper-arm64.yml b/taf/docker-compose-taf-keeper-arm64.yml new file mode 100644 index 00000000..88e7f924 --- /dev/null +++ b/taf/docker-compose-taf-keeper-arm64.yml @@ -0,0 +1,2355 @@ +# * Copyright 2024 Intel Corporation. +# * +# * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except +# * in compliance with the License. You may obtain a copy of the License at +# * +# * http://www.apache.org/licenses/LICENSE-2.0 +# * +# * Unless required by applicable law or agreed to in writing, software distributed under the License +# * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express +# * or implied. See the License for the specific language governing permissions and limitations under +# * the License. +# * +# * EdgeX Foundry, Odessa WIP release +# *******************************************************************************/ +# +# +# +# ************************ This is a generated compose file **************************** +# +# DO NOT MAKE CHANGES that are intended to be permanent to EdgeX edgex-compose repo. +# +# Permanent changes can be made to the source compose files located in the compose-builder folder +# at the top level of the edgex-compose repo. +# +# From the compose-builder folder use `make build` to regenerate all standard compose files variations +# +# Generated with: Docker Compose version v2.25.0 +name: edgex +services: + app-external-mqtt-trigger: + command: + - /app-service-configurable + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-app-external-mqtt-trigger + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + core-data: + condition: service_started + required: true + core-metadata: + condition: service_started + required: true + keeper: + condition: service_started + required: true + security-bootstrapper: + condition: service_started + required: true + entrypoint: + - /edgex-init/ready_to_run_wait_install.sh + environment: + EDGEX_PROFILE: external-mqtt-trigger + EDGEX_SECURITY_SECRET_STORE: "true" + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + SERVICE_HOST: edgex-app-external-mqtt-trigger + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + TRIGGER_EXTERNALMQTT_URL: MQTT_BROKER_ADDRESS_PLACE_HOLDER + WRITABLE_LOGLEVEL: INFO + WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_BROKERADDRESS: MQTT_BROKER_ADDRESS_PLACE_HOLDER + WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_TOPIC: edgex-export + hostname: edgex-app-external-mqtt-trigger + image: nexus3.edgexfoundry.org:10004/app-service-configurable-arm64:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59706 + published: "59706" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/app-external-mqtt-trigger + target: /tmp/edgex/secrets/app-external-mqtt-trigger + read_only: true + bind: + selinux: z + create_host_path: true + app-functional-tests: + command: + - /app-service-configurable + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-app-functional-tests + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + core-metadata: + condition: service_started + required: true + keeper: + condition: service_started + required: true + security-bootstrapper: + condition: service_started + required: true + entrypoint: + - /edgex-init/ready_to_run_wait_install.sh + environment: + EDGEX_PROFILE: functional-tests + EDGEX_SECURITY_SECRET_STORE: "true" + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + SERVICE_HOST: edgex-app-functional-tests + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-app-functional-tests + image: nexus3.edgexfoundry.org:10004/app-service-configurable-arm64:latest + networks: + edgex-network: null + ports: + - mode: ingress + target: 59705 + published: "59705" + protocol: tcp + read_only: true + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/app-functional-tests + target: /tmp/edgex/secrets/app-functional-tests + read_only: true + bind: + selinux: z + create_host_path: true + app-http-export: + command: + - /app-service-configurable + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-app-http-export + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + core-data: + condition: service_started + required: true + core-metadata: + condition: service_started + required: true + keeper: + condition: service_started + required: true + security-bootstrapper: + condition: service_started + required: true + entrypoint: + - /edgex-init/ready_to_run_wait_install.sh + environment: + EDGEX_PROFILE: http-export + EDGEX_SECURITY_SECRET_STORE: "true" + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + SERVICE_HOST: edgex-app-http-export + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + WRITABLE_LOGLEVEL: INFO + WRITABLE_PIPELINE_FUNCTIONS_HTTPEXPORT_PARAMETERS_URL: http://EXPORT_HOST_PLACE_HOLDER:7770 + hostname: edgex-app-http-export + image: nexus3.edgexfoundry.org:10004/app-service-configurable-arm64:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59704 + published: "59704" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/app-http-export + target: /tmp/edgex/secrets/app-http-export + read_only: true + bind: + selinux: z + create_host_path: true + app-mqtt-export: + command: + - /app-service-configurable + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-app-mqtt-export + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + core-metadata: + condition: service_started + required: true + keeper: + condition: service_started + required: true + security-bootstrapper: + condition: service_started + required: true + entrypoint: + - /edgex-init/ready_to_run_wait_install.sh + environment: + EDGEX_PROFILE: mqtt-export + EDGEX_SECURITY_SECRET_STORE: "true" + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + SERVICE_HOST: edgex-app-mqtt-export + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + WRITABLE_LOGLEVEL: INFO + WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_BROKERADDRESS: MQTT_BROKER_ADDRESS_PLACE_HOLDER + WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_TOPIC: edgex-events + hostname: edgex-app-mqtt-export + image: nexus3.edgexfoundry.org:10004/app-service-configurable-arm64:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59703 + published: "59703" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/app-mqtt-export + target: /tmp/edgex/secrets/app-mqtt-export + read_only: true + bind: + selinux: z + create_host_path: true + app-rules-engine: + command: + - /app-service-configurable + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-app-rules-engine + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + core-metadata: + condition: service_started + required: true + keeper: + condition: service_started + required: true + security-bootstrapper: + condition: service_started + required: true + entrypoint: + - /edgex-init/ready_to_run_wait_install.sh + environment: + EDGEX_PROFILE: rules-engine + EDGEX_SECURITY_SECRET_STORE: "true" + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + SERVICE_HOST: edgex-app-rules-engine + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-app-rules-engine + image: nexus3.edgexfoundry.org:10004/app-service-configurable-arm64:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59701 + published: "59701" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/app-rules-engine + target: /tmp/edgex/secrets/app-rules-engine + read_only: true + bind: + selinux: z + create_host_path: true + app-sample: + command: + - /app-service-configurable + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-app-sample + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + core-metadata: + condition: service_started + required: true + keeper: + condition: service_started + required: true + security-bootstrapper: + condition: service_started + required: true + entrypoint: + - /edgex-init/ready_to_run_wait_install.sh + environment: + CLIENTS_CORE_COMMAND_HOST: edgex-core-command + CLIENTS_CORE_DATA_HOST: edgex-core-data + CLIENTS_SUPPORT-NOTIFICATIONS_HOST: edgex-support-notifications + EDGEX_PROFILE: sample + EDGEX_SECURITY_SECRET_STORE: "true" + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + SERVICE_HOST: edgex-app-sample + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-app-sample + image: nexus3.edgexfoundry.org:10004/app-service-configurable-arm64:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59700 + published: "59700" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/app-sample + target: /tmp/edgex/secrets/app-sample + read_only: true + bind: + selinux: z + create_host_path: true + app-scalability-test-mqtt-export: + command: + - /app-service-configurable + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-app-scalability-test-mqtt-export + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + core-metadata: + condition: service_started + required: true + keeper: + condition: service_started + required: true + security-bootstrapper: + condition: service_started + required: true + entrypoint: + - /edgex-init/ready_to_run_wait_install.sh + environment: + EDGEX_PROFILE: mqtt-export + EDGEX_SECURITY_SECRET_STORE: "true" + EDGEX_SERVICE_KEY: app-scalability-test-mqtt-export + MESSAGEBUS_OPTIONAL_CLIENTID: app-scalability-test-mqtt-export + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + SERVICE_HOST: edgex-app-scalability-test-mqtt-export + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + WRITABLE_LOGLEVEL: DEBUG + WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_BROKERADDRESS: MQTT_BROKER_ADDRESS_PLACE_HOLDER + WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_CLIENTID: app-scalability-test-mqtt-export + WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_TOPIC: edgex-events + hostname: edgex-app-scalability-test-mqtt-export + image: nexus3.edgexfoundry.org:10004/app-service-configurable-arm64:latest + networks: + edgex-network: null + ports: + - mode: ingress + target: 59703 + published: "59710" + protocol: tcp + read_only: true + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/app-scalability-test-mqtt-export + target: /tmp/edgex/secrets/app-scalability-test-mqtt-export + read_only: true + bind: + selinux: z + create_host_path: true + core-command: + command: + - /core-command + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-core-command + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + core-metadata: + condition: service_started + required: true + database: + condition: service_started + required: true + keeper: + condition: service_started + required: true + security-bootstrapper: + condition: service_started + required: true + security-secretstore-setup: + condition: service_started + required: true + entrypoint: + - /edgex-init/ready_to_run_wait_install.sh + environment: + EDGEX_SECURITY_SECRET_STORE: "true" + EXTERNALMQTT_URL: tcp://edgex-mqtt-broker:1883 + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + SERVICE_HOST: edgex-core-command + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-core-command + image: nexus3.edgexfoundry.org:10004/core-command-arm64:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59882 + published: "59882" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/core-command + target: /tmp/edgex/secrets/core-command + read_only: true + bind: + selinux: z + create_host_path: true + core-common-config-bootstrapper: + command: + - /entrypoint.sh + - /core-common-config-bootstrapper + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-core-common-config-bootstrapper + depends_on: + keeper: + condition: service_started + required: true + security-bootstrapper: + condition: service_started + required: true + security-secretstore-setup: + condition: service_started + required: true + entrypoint: + - /edgex-init/ready_to_run_wait_install.sh + environment: + ALL_SERVICES_DATABASE_HOST: edgex-redis + ALL_SERVICES_MESSAGEBUS_HOST: edgex-redis + ALL_SERVICES_REGISTRY_HOST: edgex-core-keeper + ALL_SERVICES_REGISTRY_PORT: "59890" + ALL_SERVICES_REGISTRY_TYPE: keeper + APP_SERVICES_CLIENTS_CORE_METADATA_HOST: edgex-core-metadata + DEVICE_SERVICES_CLIENTS_CORE_METADATA_HOST: edgex-core-metadata + EDGEX_SECURITY_SECRET_STORE: "true" + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-core-common-config-bootstrapper + image: nexus3.edgexfoundry.org:10004/core-common-config-bootstrapper-arm64:latest + networks: + edgex-network: null + read_only: true + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/core-common-config-bootstrapper + target: /tmp/edgex/secrets/core-common-config-bootstrapper + read_only: true + bind: + selinux: z + create_host_path: true + core-data: + command: + - /core-data + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-core-data + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + database: + condition: service_started + required: true + keeper: + condition: service_started + required: true + security-bootstrapper: + condition: service_started + required: true + security-secretstore-setup: + condition: service_started + required: true + entrypoint: + - /edgex-init/ready_to_run_wait_install.sh + environment: + EDGEX_SECURITY_SECRET_STORE: "true" + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + SERVICE_HOST: edgex-core-data + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-core-data + image: nexus3.edgexfoundry.org:10004/core-data-arm64:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59880 + published: "59880" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/core-data + target: /tmp/edgex/secrets/core-data + read_only: true + bind: + selinux: z + create_host_path: true + core-metadata: + command: + - /core-metadata + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-core-metadata + depends_on: + database: + condition: service_started + required: true + keeper: + condition: service_started + required: true + security-bootstrapper: + condition: service_started + required: true + security-secretstore-setup: + condition: service_started + required: true + entrypoint: + - /edgex-init/ready_to_run_wait_install.sh + environment: + EDGEX_SECURITY_SECRET_STORE: "true" + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + SERVICE_HOST: edgex-core-metadata + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-core-metadata + image: nexus3.edgexfoundry.org:10004/core-metadata-arm64:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59881 + published: "59881" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/core-metadata + target: /tmp/edgex/secrets/core-metadata + read_only: true + bind: + selinux: z + create_host_path: true + database: + container_name: edgex-redis + depends_on: + security-bootstrapper: + condition: service_started + required: true + security-secretstore-setup: + condition: service_started + required: true + entrypoint: + - /edgex-init/redis_wait_install.sh + environment: + DATABASECONFIG_NAME: redis.conf + DATABASECONFIG_PATH: /run/redis/conf + EDGEX_SECURITY_SECRET_STORE: "true" + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-redis + image: redis:7.0-alpine + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 6379 + published: "6379" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + tmpfs: + - /run + user: root:root + volumes: + - type: volume + source: db-data + target: /data + volume: {} + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: volume + source: redis-config + target: /run/redis/conf + volume: {} + - type: bind + source: /tmp/edgex/secrets/security-bootstrapper-redis + target: /tmp/edgex/secrets/security-bootstrapper-redis + read_only: true + bind: + selinux: z + create_host_path: true + device-modbus: + command: + - /device-modbus + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + - --configDir=CONFIG_DIR_PLACE_HOLDER + container_name: edgex-device-modbus + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + core-data: + condition: service_started + required: true + core-metadata: + condition: service_started + required: true + keeper: + condition: service_started + required: true + modbus-simulator: + condition: service_started + required: true + security-bootstrapper: + condition: service_started + required: true + entrypoint: + - /edgex-init/ready_to_run_wait_install.sh + environment: + EDGEX_SECURITY_SECRET_STORE: "true" + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + SERVICE_HOST: edgex-device-modbus + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-device-modbus + image: nexus3.edgexfoundry.org:10004/device-modbus-arm64:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59901 + published: "59901" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: bind + source: /PROFILE_VOLUME_PLACE_HOLDER + target: CONFIG_DIR_PLACE_HOLDER + bind: + selinux: z + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/device-modbus + target: /tmp/edgex/secrets/device-modbus + read_only: true + bind: + selinux: z + create_host_path: true + device-onvif-camera: + command: + - /device-onvif-camera + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-device-onvif-camera + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + core-data: + condition: service_started + required: true + core-metadata: + condition: service_started + required: true + keeper: + condition: service_started + required: true + security-bootstrapper: + condition: service_started + required: true + entrypoint: + - /edgex-init/ready_to_run_wait_install.sh + environment: + EDGEX_SECURITY_SECRET_STORE: "true" + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + SERVICE_HOST: edgex-device-onvif-camera + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-device-onvif-camera + image: nexus3.edgexfoundry.org:10004/device-onvif-camera-arm64:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59984 + published: "59984" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/device-onvif-camera + target: /tmp/edgex/secrets/device-onvif-camera + read_only: true + bind: + selinux: z + create_host_path: true + device-rest: + command: + - /device-rest + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-device-rest + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + core-data: + condition: service_started + required: true + core-metadata: + condition: service_started + required: true + keeper: + condition: service_started + required: true + security-bootstrapper: + condition: service_started + required: true + entrypoint: + - /edgex-init/ready_to_run_wait_install.sh + environment: + EDGEX_SECURITY_SECRET_STORE: "true" + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + SERVICE_HOST: edgex-device-rest + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-device-rest + image: nexus3.edgexfoundry.org:10004/device-rest-arm64:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59986 + published: "59986" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/device-rest + target: /tmp/edgex/secrets/device-rest + read_only: true + bind: + selinux: z + create_host_path: true + device-virtual: + command: + - /device-virtual + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + - --configDir=CONFIG_DIR_PLACE_HOLDER + container_name: edgex-device-virtual + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + core-data: + condition: service_started + required: true + core-metadata: + condition: service_started + required: true + keeper: + condition: service_started + required: true + security-bootstrapper: + condition: service_started + required: true + entrypoint: + - /edgex-init/ready_to_run_wait_install.sh + environment: + EDGEX_SECURITY_SECRET_STORE: "true" + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + SERVICE_HOST: edgex-device-virtual + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-device-virtual + image: nexus3.edgexfoundry.org:10004/device-virtual-arm64:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59900 + published: "59900" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: bind + source: /PROFILE_VOLUME_PLACE_HOLDER + target: CONFIG_DIR_PLACE_HOLDER + bind: + selinux: z + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/device-virtual + target: /tmp/edgex/secrets/device-virtual + read_only: true + bind: + selinux: z + create_host_path: true + keeper: + command: + - /core-keeper + container_name: edgex-core-keeper + depends_on: + database: + condition: service_started + required: true + security-bootstrapper: + condition: service_started + required: true + security-secretstore-setup: + condition: service_started + required: true + environment: + DATABASE_HOST: edgex-redis + EDGEX_SECURITY_SECRET_STORE: "true" + MESSAGEBUS_HOST: edgex-redis + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + SERVICE_HOST: edgex-core-keeper + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-core-keeper + image: nexus3.edgexfoundry.org:10004/core-keeper-arm64:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59890 + published: "59890" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/core-keeper + target: /tmp/edgex/secrets/core-keeper + read_only: true + bind: + selinux: z + create_host_path: true + modbus-simulator: + container_name: edgex-modbus-simulator + hostname: edgex-modbus-simulator + image: nexus3.edgexfoundry.org:10003/edgex-devops/edgex-modbus-simulator-arm64:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 1502 + published: "1502" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + mqtt-broker: + command: + - /usr/sbin/mosquitto + - -c + - /mosquitto-no-auth.conf + container_name: edgex-mqtt-broker + hostname: edgex-mqtt-broker + image: eclipse-mosquitto:2.0 + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 1883 + published: "1883" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + mqtt-taf-broker: + command: + - /usr/sbin/mosquitto + - -c + - /mosquitto-no-auth.conf + container_name: edgex-taf-mqtt-broker + hostname: edgex-taf-mqtt-broker + image: eclipse-mosquitto:2.0 + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 1883 + published: "1884" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + nginx: + command: + - /docker-entrypoint.sh + - nginx + - -g + - daemon off; + container_name: edgex-nginx + depends_on: + security-secretstore-setup: + condition: service_started + required: true + entrypoint: + - /bin/sh + - /edgex-init/nginx_wait_install.sh + environment: + PROXY_SETUP_HOST: edgex-security-proxy-setup + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-nginx + image: nginx:1.25-alpine-slim + networks: + edgex-network: null + ports: + - mode: ingress + target: 8443 + published: "8443" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + tmpfs: + - /etc/nginx/conf.d + - /var/cache/nginx + - /var/log/nginx + - /var/run + volumes: + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: volume + source: nginx-templates + target: /etc/nginx/templates + volume: {} + - type: volume + source: nginx-tls + target: /etc/ssl/nginx + volume: {} + rules-engine: + container_name: edgex-kuiper + depends_on: + database: + condition: service_started + required: true + security-bootstrapper: + condition: service_started + required: true + security-secretstore-setup: + condition: service_started + required: true + entrypoint: + - /edgex-init/kuiper_wait_install.sh + environment: + CONNECTION__EDGEX__REDISMSGBUS__PORT: "6379" + CONNECTION__EDGEX__REDISMSGBUS__PROTOCOL: redis + CONNECTION__EDGEX__REDISMSGBUS__SERVER: edgex-redis + CONNECTION__EDGEX__REDISMSGBUS__TYPE: redis + EDGEX__DEFAULT__PORT: "6379" + EDGEX__DEFAULT__PROTOCOL: redis + EDGEX__DEFAULT__SERVER: edgex-redis + EDGEX__DEFAULT__TOPIC: edgex/rules-events + EDGEX__DEFAULT__TYPE: redis + KUIPER__BASIC__CONSOLELOG: "true" + KUIPER__BASIC__ENABLEOPENZITI: "false" + KUIPER__BASIC__RESTPORT: "59720" + PROXY_SETUP_HOST: edgex-security-proxy-setup + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-kuiper + image: lfedge/ekuiper:v1.14.0-alpha.2 + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59720 + published: "59720" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: kuiper:kuiper + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: kuiper-data + target: /kuiper/data + volume: {} + - type: volume + source: kuiper-etc + target: /kuiper/etc + volume: {} + - type: volume + source: kuiper-log + target: /kuiper/log + volume: {} + - type: volume + source: kuiper-plugins + target: /kuiper/plugins + volume: {} + - type: volume + source: kuiper-sources + target: /kuiper/etc/sources + volume: {} + - type: volume + source: kuiper-connections + target: /kuiper/etc/connections + volume: {} + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + security-bootstrapper: + container_name: edgex-security-bootstrapper + environment: + EDGEX_GROUP: "2001" + EDGEX_USER: "2002" + PROXY_SETUP_HOST: edgex-security-proxy-setup + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-security-bootstrapper + image: nexus3.edgexfoundry.org:10004/security-bootstrapper-arm64:latest + networks: + edgex-network: null + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: root:root + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + volume: {} + security-proxy-auth: + command: + - entrypoint.sh + - /security-proxy-auth + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-proxy-auth + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + security-secretstore-setup: + condition: service_started + required: true + entrypoint: + - /bin/sh + - /edgex-init/ready_to_run_wait_install.sh + environment: + EDGEX_SECURITY_SECRET_STORE: "true" + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + SERVICE_HOST: edgex-proxy-auth + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-proxy-auth + image: nexus3.edgexfoundry.org:10004/security-proxy-auth-arm64:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59842 + published: "59842" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/security-proxy-auth + target: /tmp/edgex/secrets/security-proxy-auth + read_only: true + bind: + selinux: z + create_host_path: true + security-proxy-setup: + container_name: edgex-security-proxy-setup + depends_on: + security-bootstrapper: + condition: service_started + required: true + security-secretstore-setup: + condition: service_started + required: true + entrypoint: + - /edgex-init/proxy_setup_wait_install.sh + environment: + EDGEX_ADD_PROXY_ROUTE: device-modbus.http://edgex-device-modbus:59901 + EDGEX_SECURITY_SECRET_STORE: "true" + PROXY_SETUP_HOST: edgex-security-proxy-setup + ROUTES_CORE_COMMAND_HOST: edgex-core-command + ROUTES_CORE_CONSUL_HOST: edgex-core-consul + ROUTES_CORE_DATA_HOST: edgex-core-data + ROUTES_CORE_METADATA_HOST: edgex-core-metadata + ROUTES_DEVICE_VIRTUAL_HOST: device-virtual + ROUTES_RULES_ENGINE_HOST: edgex-kuiper + ROUTES_SUPPORT_NOTIFICATIONS_HOST: edgex-support-notifications + ROUTES_SUPPORT_SCHEDULER_HOST: edgex-support-scheduler + ROUTES_SYS_MGMT_AGENT_HOST: edgex-sys-mgmt-agent + SECRETSTORE_HOST: edgex-vault + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-security-proxy-setup + image: nexus3.edgexfoundry.org:10004/security-proxy-setup-arm64:latest + networks: + edgex-network: null + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: root:root + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: volume + source: vault-config + target: /vault/config + volume: {} + - type: volume + source: nginx-templates + target: /etc/nginx/templates + volume: {} + - type: volume + source: nginx-tls + target: /etc/ssl/nginx + volume: {} + - type: bind + source: /tmp/edgex/secrets/security-proxy-setup + target: /tmp/edgex/secrets/security-proxy-setup + read_only: true + bind: + selinux: z + create_host_path: true + - type: volume + source: consul-acl-token + target: /tmp/edgex/secrets/consul-acl-token + read_only: true + volume: {} + security-secretstore-setup: + container_name: edgex-security-secretstore-setup + depends_on: + security-bootstrapper: + condition: service_started + required: true + vault: + condition: service_started + required: true + environment: + EDGEX_ADD_KNOWN_SECRETS: redisdb[app-rules-engine],redisdb[app-http-export],redisdb[app-mqtt-export],redisdb[app-scalability-test-mqtt-export],redisdb[app-sample],redisdb[device-modbus],redisdb[device-rest],redisdb[device-virtual],redisdb[device-onvif-camera],message-bus[app-rules-engine],message-bus[app-http-export],message-bus[app-mqtt-export],message-bus[app-external-mqtt-trigger],message-bus[app-scalability-test-mqtt-export],message-bus[app-sample],message-bus[device-modbus],message-bus[device-rest],message-bus[device-virtual],message-bus[device-onvif-camera] + EDGEX_ADD_SECRETSTORE_TOKENS: app-http-export,app-mqtt-export,app-functional-tests,app-scalability-test-mqtt-export,app-sample,device-modbus,app-external-mqtt-trigger,device-onvif-camera + EDGEX_GROUP: "2001" + EDGEX_SECURITY_SECRET_STORE: "true" + EDGEX_USER: "2002" + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + SECUREMESSAGEBUS_TYPE: redis + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-security-secretstore-setup + image: nexus3.edgexfoundry.org:10004/security-secretstore-setup-arm64:latest + networks: + edgex-network: null + read_only: true + restart: always + security_opt: + - no-new-privileges:true + tmpfs: + - /run + - /vault + user: root:root + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: volume + source: vault-config + target: /vault/config + volume: {} + - type: bind + source: /tmp/edgex/secrets + target: /tmp/edgex/secrets + bind: + selinux: z + create_host_path: true + - type: volume + source: kuiper-sources + target: /tmp/kuiper + volume: {} + - type: volume + source: kuiper-connections + target: /tmp/kuiper-connections + volume: {} + security-spiffe-token-provider: + command: + - /security-spiffe-token-provider + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-security-spiffe-token-provider + depends_on: + keeper: + condition: service_started + required: true + security-bootstrapper: + condition: service_started + required: true + security-spire-agent: + condition: service_started + required: true + entrypoint: + - /edgex-init/ready_to_run_wait_install.sh + environment: + EDGEX_SECURITY_SECRET_STORE: "true" + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + SERVICE_HOST: edgex-security-spiffe-token-provider + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-security-spiffe-token-provider + image: nexus3.edgexfoundry.org:10004/security-spiffe-token-provider-arm64:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59841 + published: "59841" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + tmpfs: + - /run + user: root:root + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + volume: {} + - type: bind + source: /tmp/edgex/secrets/spiffe + target: /tmp/edgex/secrets/spiffe + bind: + selinux: z + create_host_path: true + - type: bind + source: /tmp/edgex/secrets/security-spiffe-token-provider + target: /tmp/edgex/secrets/security-spiffe-token-provider + bind: + selinux: z + create_host_path: true + security-spire-agent: + command: + - docker-entrypoint.sh + container_name: edgex-security-spire-agent + depends_on: + security-spire-server: + condition: service_started + required: true + entrypoint: + - /edgex-init/ready_to_run_wait_install.sh + environment: + EDGEX_SECURITY_SECRET_STORE: "true" + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-security-spire-agent + image: nexus3.edgexfoundry.org:10004/security-spire-agent-arm64:latest + networks: + edgex-network: null + pid: host + privileged: true + read_only: true + restart: always + security_opt: + - no-new-privileges:true + tmpfs: + - /run + user: root:root + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + volume: {} + - type: volume + source: spire-ca + target: /srv/spiffe/ca + volume: {} + - type: volume + source: spire-agent + target: /srv/spiffe/agent + volume: {} + - type: bind + source: /tmp/edgex/secrets/spiffe + target: /tmp/edgex/secrets/spiffe + bind: + selinux: z + create_host_path: true + - type: bind + source: /var/run/docker.sock + target: /var/run/docker.sock + bind: + create_host_path: true + security-spire-config: + command: + - docker-entrypoint.sh + container_name: edgex-security-spire-config + depends_on: + security-spire-agent: + condition: service_started + required: true + entrypoint: + - /edgex-init/ready_to_run_wait_install.sh + environment: + EDGEX_SECURITY_SECRET_STORE: "true" + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-security-spire-config + image: nexus3.edgexfoundry.org:10004/security-spire-config-arm64:latest + networks: + edgex-network: null + read_only: true + restart: always + security_opt: + - no-new-privileges:true + tmpfs: + - /run + user: root:root + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + volume: {} + - type: bind + source: /tmp/edgex/secrets/spiffe + target: /tmp/edgex/secrets/spiffe + bind: + selinux: z + create_host_path: true + security-spire-server: + command: + - docker-entrypoint.sh + container_name: edgex-security-spire-server + depends_on: + security-bootstrapper: + condition: service_started + required: true + entrypoint: + - /edgex-init/ready_to_run_wait_install.sh + environment: + EDGEX_SECURITY_SECRET_STORE: "true" + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-security-spire-server + image: nexus3.edgexfoundry.org:10004/security-spire-server-arm64:latest + networks: + edgex-network: null + pid: host + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59840 + published: "59840" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + tmpfs: + - /run + user: root:root + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + volume: {} + - type: volume + source: spire-ca + target: /srv/spiffe/ca + volume: {} + - type: volume + source: spire-server + target: /srv/spiffe/server + volume: {} + - type: bind + source: /tmp/edgex/secrets/spiffe + target: /tmp/edgex/secrets/spiffe + bind: + selinux: z + create_host_path: true + support-notifications: + command: + - /support-notifications + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-support-notifications + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + database: + condition: service_started + required: true + keeper: + condition: service_started + required: true + security-bootstrapper: + condition: service_started + required: true + security-secretstore-setup: + condition: service_started + required: true + entrypoint: + - /edgex-init/ready_to_run_wait_install.sh + environment: + EDGEX_SECURITY_SECRET_STORE: "true" + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + SERVICE_HOST: edgex-support-notifications + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-support-notifications + image: nexus3.edgexfoundry.org:10004/support-notifications-arm64:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59860 + published: "59860" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/support-notifications + target: /tmp/edgex/secrets/support-notifications + read_only: true + bind: + selinux: z + create_host_path: true + support-scheduler: + command: + - /support-scheduler + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-support-scheduler + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + database: + condition: service_started + required: true + keeper: + condition: service_started + required: true + security-bootstrapper: + condition: service_started + required: true + security-secretstore-setup: + condition: service_started + required: true + entrypoint: + - /edgex-init/ready_to_run_wait_install.sh + environment: + EDGEX_SECURITY_SECRET_STORE: "true" + INTERVALACTIONS_SCRUBAGED_HOST: edgex-core-data + INTERVALACTIONS_SCRUBPUSHED_HOST: edgex-core-data + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + SERVICE_HOST: edgex-support-scheduler + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-support-scheduler + image: nexus3.edgexfoundry.org:10004/support-scheduler-arm64:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59861 + published: "59861" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/support-scheduler + target: /tmp/edgex/secrets/support-scheduler + read_only: true + bind: + selinux: z + create_host_path: true + ui: + container_name: edgex-ui-go + environment: + EDGEX_SECURITY_SECRET_STORE: "true" + SERVICE_HOST: edgex-ui-go + hostname: edgex-ui-go + image: nexus3.edgexfoundry.org:10004/edgex-ui-arm64:latest + networks: + edgex-network: null + ports: + - mode: ingress + target: 4000 + published: "4000" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + vault: + cap_add: + - IPC_LOCK + command: + - server + container_name: edgex-vault + depends_on: + security-bootstrapper: + condition: service_started + required: true + entrypoint: + - /edgex-init/vault_wait_install.sh + environment: + PROXY_SETUP_HOST: edgex-security-proxy-setup + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + VAULT_ADDR: http://edgex-vault:8200 + VAULT_CONFIG_DIR: /vault/config + VAULT_UI: "true" + hostname: edgex-vault + image: hashicorp/vault:1.14 + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 8200 + published: "8200" + protocol: tcp + restart: always + tmpfs: + - /vault/config + user: root:root + volumes: + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: volume + source: vault-file + target: /vault/file + volume: {} + - type: volume + source: vault-logs + target: /vault/logs + volume: {} +networks: + edgex-network: + name: edgex_edgex-network + driver: bridge +volumes: + consul-acl-token: + name: edgex_consul-acl-token + db-data: + name: edgex_db-data + edgex-init: + name: edgex_edgex-init + kuiper-connections: + name: edgex_kuiper-connections + kuiper-data: + name: edgex_kuiper-data + kuiper-etc: + name: edgex_kuiper-etc + kuiper-log: + name: edgex_kuiper-log + kuiper-plugins: + name: edgex_kuiper-plugins + kuiper-sources: + name: edgex_kuiper-sources + nginx-templates: + name: edgex_nginx-templates + nginx-tls: + name: edgex_nginx-tls + redis-config: + name: edgex_redis-config + spire-agent: + name: edgex_spire-agent + spire-ca: + name: edgex_spire-ca + spire-server: + name: edgex_spire-server + vault-config: + name: edgex_vault-config + vault-file: + name: edgex_vault-file + vault-logs: + name: edgex_vault-logs diff --git a/taf/docker-compose-taf-keeper.yml b/taf/docker-compose-taf-keeper.yml new file mode 100644 index 00000000..b613419c --- /dev/null +++ b/taf/docker-compose-taf-keeper.yml @@ -0,0 +1,2355 @@ +# * Copyright 2024 Intel Corporation. +# * +# * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except +# * in compliance with the License. You may obtain a copy of the License at +# * +# * http://www.apache.org/licenses/LICENSE-2.0 +# * +# * Unless required by applicable law or agreed to in writing, software distributed under the License +# * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express +# * or implied. See the License for the specific language governing permissions and limitations under +# * the License. +# * +# * EdgeX Foundry, Odessa WIP release +# *******************************************************************************/ +# +# +# +# ************************ This is a generated compose file **************************** +# +# DO NOT MAKE CHANGES that are intended to be permanent to EdgeX edgex-compose repo. +# +# Permanent changes can be made to the source compose files located in the compose-builder folder +# at the top level of the edgex-compose repo. +# +# From the compose-builder folder use `make build` to regenerate all standard compose files variations +# +# Generated with: Docker Compose version v2.25.0 +name: edgex +services: + app-external-mqtt-trigger: + command: + - /app-service-configurable + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-app-external-mqtt-trigger + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + core-data: + condition: service_started + required: true + core-metadata: + condition: service_started + required: true + keeper: + condition: service_started + required: true + security-bootstrapper: + condition: service_started + required: true + entrypoint: + - /edgex-init/ready_to_run_wait_install.sh + environment: + EDGEX_PROFILE: external-mqtt-trigger + EDGEX_SECURITY_SECRET_STORE: "true" + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + SERVICE_HOST: edgex-app-external-mqtt-trigger + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + TRIGGER_EXTERNALMQTT_URL: MQTT_BROKER_ADDRESS_PLACE_HOLDER + WRITABLE_LOGLEVEL: INFO + WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_BROKERADDRESS: MQTT_BROKER_ADDRESS_PLACE_HOLDER + WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_TOPIC: edgex-export + hostname: edgex-app-external-mqtt-trigger + image: nexus3.edgexfoundry.org:10004/app-service-configurable:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59706 + published: "59706" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/app-external-mqtt-trigger + target: /tmp/edgex/secrets/app-external-mqtt-trigger + read_only: true + bind: + selinux: z + create_host_path: true + app-functional-tests: + command: + - /app-service-configurable + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-app-functional-tests + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + core-metadata: + condition: service_started + required: true + keeper: + condition: service_started + required: true + security-bootstrapper: + condition: service_started + required: true + entrypoint: + - /edgex-init/ready_to_run_wait_install.sh + environment: + EDGEX_PROFILE: functional-tests + EDGEX_SECURITY_SECRET_STORE: "true" + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + SERVICE_HOST: edgex-app-functional-tests + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-app-functional-tests + image: nexus3.edgexfoundry.org:10004/app-service-configurable:latest + networks: + edgex-network: null + ports: + - mode: ingress + target: 59705 + published: "59705" + protocol: tcp + read_only: true + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/app-functional-tests + target: /tmp/edgex/secrets/app-functional-tests + read_only: true + bind: + selinux: z + create_host_path: true + app-http-export: + command: + - /app-service-configurable + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-app-http-export + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + core-data: + condition: service_started + required: true + core-metadata: + condition: service_started + required: true + keeper: + condition: service_started + required: true + security-bootstrapper: + condition: service_started + required: true + entrypoint: + - /edgex-init/ready_to_run_wait_install.sh + environment: + EDGEX_PROFILE: http-export + EDGEX_SECURITY_SECRET_STORE: "true" + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + SERVICE_HOST: edgex-app-http-export + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + WRITABLE_LOGLEVEL: INFO + WRITABLE_PIPELINE_FUNCTIONS_HTTPEXPORT_PARAMETERS_URL: http://EXPORT_HOST_PLACE_HOLDER:7770 + hostname: edgex-app-http-export + image: nexus3.edgexfoundry.org:10004/app-service-configurable:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59704 + published: "59704" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/app-http-export + target: /tmp/edgex/secrets/app-http-export + read_only: true + bind: + selinux: z + create_host_path: true + app-mqtt-export: + command: + - /app-service-configurable + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-app-mqtt-export + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + core-metadata: + condition: service_started + required: true + keeper: + condition: service_started + required: true + security-bootstrapper: + condition: service_started + required: true + entrypoint: + - /edgex-init/ready_to_run_wait_install.sh + environment: + EDGEX_PROFILE: mqtt-export + EDGEX_SECURITY_SECRET_STORE: "true" + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + SERVICE_HOST: edgex-app-mqtt-export + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + WRITABLE_LOGLEVEL: INFO + WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_BROKERADDRESS: MQTT_BROKER_ADDRESS_PLACE_HOLDER + WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_TOPIC: edgex-events + hostname: edgex-app-mqtt-export + image: nexus3.edgexfoundry.org:10004/app-service-configurable:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59703 + published: "59703" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/app-mqtt-export + target: /tmp/edgex/secrets/app-mqtt-export + read_only: true + bind: + selinux: z + create_host_path: true + app-rules-engine: + command: + - /app-service-configurable + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-app-rules-engine + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + core-metadata: + condition: service_started + required: true + keeper: + condition: service_started + required: true + security-bootstrapper: + condition: service_started + required: true + entrypoint: + - /edgex-init/ready_to_run_wait_install.sh + environment: + EDGEX_PROFILE: rules-engine + EDGEX_SECURITY_SECRET_STORE: "true" + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + SERVICE_HOST: edgex-app-rules-engine + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-app-rules-engine + image: nexus3.edgexfoundry.org:10004/app-service-configurable:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59701 + published: "59701" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/app-rules-engine + target: /tmp/edgex/secrets/app-rules-engine + read_only: true + bind: + selinux: z + create_host_path: true + app-sample: + command: + - /app-service-configurable + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-app-sample + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + core-metadata: + condition: service_started + required: true + keeper: + condition: service_started + required: true + security-bootstrapper: + condition: service_started + required: true + entrypoint: + - /edgex-init/ready_to_run_wait_install.sh + environment: + CLIENTS_CORE_COMMAND_HOST: edgex-core-command + CLIENTS_CORE_DATA_HOST: edgex-core-data + CLIENTS_SUPPORT-NOTIFICATIONS_HOST: edgex-support-notifications + EDGEX_PROFILE: sample + EDGEX_SECURITY_SECRET_STORE: "true" + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + SERVICE_HOST: edgex-app-sample + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-app-sample + image: nexus3.edgexfoundry.org:10004/app-service-configurable:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59700 + published: "59700" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/app-sample + target: /tmp/edgex/secrets/app-sample + read_only: true + bind: + selinux: z + create_host_path: true + app-scalability-test-mqtt-export: + command: + - /app-service-configurable + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-app-scalability-test-mqtt-export + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + core-metadata: + condition: service_started + required: true + keeper: + condition: service_started + required: true + security-bootstrapper: + condition: service_started + required: true + entrypoint: + - /edgex-init/ready_to_run_wait_install.sh + environment: + EDGEX_PROFILE: mqtt-export + EDGEX_SECURITY_SECRET_STORE: "true" + EDGEX_SERVICE_KEY: app-scalability-test-mqtt-export + MESSAGEBUS_OPTIONAL_CLIENTID: app-scalability-test-mqtt-export + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + SERVICE_HOST: edgex-app-scalability-test-mqtt-export + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + WRITABLE_LOGLEVEL: DEBUG + WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_BROKERADDRESS: MQTT_BROKER_ADDRESS_PLACE_HOLDER + WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_CLIENTID: app-scalability-test-mqtt-export + WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_TOPIC: edgex-events + hostname: edgex-app-scalability-test-mqtt-export + image: nexus3.edgexfoundry.org:10004/app-service-configurable:latest + networks: + edgex-network: null + ports: + - mode: ingress + target: 59703 + published: "59710" + protocol: tcp + read_only: true + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/app-scalability-test-mqtt-export + target: /tmp/edgex/secrets/app-scalability-test-mqtt-export + read_only: true + bind: + selinux: z + create_host_path: true + core-command: + command: + - /core-command + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-core-command + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + core-metadata: + condition: service_started + required: true + database: + condition: service_started + required: true + keeper: + condition: service_started + required: true + security-bootstrapper: + condition: service_started + required: true + security-secretstore-setup: + condition: service_started + required: true + entrypoint: + - /edgex-init/ready_to_run_wait_install.sh + environment: + EDGEX_SECURITY_SECRET_STORE: "true" + EXTERNALMQTT_URL: tcp://edgex-mqtt-broker:1883 + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + SERVICE_HOST: edgex-core-command + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-core-command + image: nexus3.edgexfoundry.org:10004/core-command:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59882 + published: "59882" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/core-command + target: /tmp/edgex/secrets/core-command + read_only: true + bind: + selinux: z + create_host_path: true + core-common-config-bootstrapper: + command: + - /entrypoint.sh + - /core-common-config-bootstrapper + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-core-common-config-bootstrapper + depends_on: + keeper: + condition: service_started + required: true + security-bootstrapper: + condition: service_started + required: true + security-secretstore-setup: + condition: service_started + required: true + entrypoint: + - /edgex-init/ready_to_run_wait_install.sh + environment: + ALL_SERVICES_DATABASE_HOST: edgex-redis + ALL_SERVICES_MESSAGEBUS_HOST: edgex-redis + ALL_SERVICES_REGISTRY_HOST: edgex-core-keeper + ALL_SERVICES_REGISTRY_PORT: "59890" + ALL_SERVICES_REGISTRY_TYPE: keeper + APP_SERVICES_CLIENTS_CORE_METADATA_HOST: edgex-core-metadata + DEVICE_SERVICES_CLIENTS_CORE_METADATA_HOST: edgex-core-metadata + EDGEX_SECURITY_SECRET_STORE: "true" + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-core-common-config-bootstrapper + image: nexus3.edgexfoundry.org:10004/core-common-config-bootstrapper:latest + networks: + edgex-network: null + read_only: true + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/core-common-config-bootstrapper + target: /tmp/edgex/secrets/core-common-config-bootstrapper + read_only: true + bind: + selinux: z + create_host_path: true + core-data: + command: + - /core-data + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-core-data + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + database: + condition: service_started + required: true + keeper: + condition: service_started + required: true + security-bootstrapper: + condition: service_started + required: true + security-secretstore-setup: + condition: service_started + required: true + entrypoint: + - /edgex-init/ready_to_run_wait_install.sh + environment: + EDGEX_SECURITY_SECRET_STORE: "true" + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + SERVICE_HOST: edgex-core-data + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-core-data + image: nexus3.edgexfoundry.org:10004/core-data:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59880 + published: "59880" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/core-data + target: /tmp/edgex/secrets/core-data + read_only: true + bind: + selinux: z + create_host_path: true + core-metadata: + command: + - /core-metadata + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-core-metadata + depends_on: + database: + condition: service_started + required: true + keeper: + condition: service_started + required: true + security-bootstrapper: + condition: service_started + required: true + security-secretstore-setup: + condition: service_started + required: true + entrypoint: + - /edgex-init/ready_to_run_wait_install.sh + environment: + EDGEX_SECURITY_SECRET_STORE: "true" + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + SERVICE_HOST: edgex-core-metadata + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-core-metadata + image: nexus3.edgexfoundry.org:10004/core-metadata:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59881 + published: "59881" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/core-metadata + target: /tmp/edgex/secrets/core-metadata + read_only: true + bind: + selinux: z + create_host_path: true + database: + container_name: edgex-redis + depends_on: + security-bootstrapper: + condition: service_started + required: true + security-secretstore-setup: + condition: service_started + required: true + entrypoint: + - /edgex-init/redis_wait_install.sh + environment: + DATABASECONFIG_NAME: redis.conf + DATABASECONFIG_PATH: /run/redis/conf + EDGEX_SECURITY_SECRET_STORE: "true" + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-redis + image: redis:7.0-alpine + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 6379 + published: "6379" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + tmpfs: + - /run + user: root:root + volumes: + - type: volume + source: db-data + target: /data + volume: {} + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: volume + source: redis-config + target: /run/redis/conf + volume: {} + - type: bind + source: /tmp/edgex/secrets/security-bootstrapper-redis + target: /tmp/edgex/secrets/security-bootstrapper-redis + read_only: true + bind: + selinux: z + create_host_path: true + device-modbus: + command: + - /device-modbus + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + - --configDir=CONFIG_DIR_PLACE_HOLDER + container_name: edgex-device-modbus + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + core-data: + condition: service_started + required: true + core-metadata: + condition: service_started + required: true + keeper: + condition: service_started + required: true + modbus-simulator: + condition: service_started + required: true + security-bootstrapper: + condition: service_started + required: true + entrypoint: + - /edgex-init/ready_to_run_wait_install.sh + environment: + EDGEX_SECURITY_SECRET_STORE: "true" + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + SERVICE_HOST: edgex-device-modbus + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-device-modbus + image: nexus3.edgexfoundry.org:10004/device-modbus:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59901 + published: "59901" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: bind + source: /PROFILE_VOLUME_PLACE_HOLDER + target: CONFIG_DIR_PLACE_HOLDER + bind: + selinux: z + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/device-modbus + target: /tmp/edgex/secrets/device-modbus + read_only: true + bind: + selinux: z + create_host_path: true + device-onvif-camera: + command: + - /device-onvif-camera + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-device-onvif-camera + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + core-data: + condition: service_started + required: true + core-metadata: + condition: service_started + required: true + keeper: + condition: service_started + required: true + security-bootstrapper: + condition: service_started + required: true + entrypoint: + - /edgex-init/ready_to_run_wait_install.sh + environment: + EDGEX_SECURITY_SECRET_STORE: "true" + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + SERVICE_HOST: edgex-device-onvif-camera + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-device-onvif-camera + image: nexus3.edgexfoundry.org:10004/device-onvif-camera:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59984 + published: "59984" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/device-onvif-camera + target: /tmp/edgex/secrets/device-onvif-camera + read_only: true + bind: + selinux: z + create_host_path: true + device-rest: + command: + - /device-rest + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-device-rest + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + core-data: + condition: service_started + required: true + core-metadata: + condition: service_started + required: true + keeper: + condition: service_started + required: true + security-bootstrapper: + condition: service_started + required: true + entrypoint: + - /edgex-init/ready_to_run_wait_install.sh + environment: + EDGEX_SECURITY_SECRET_STORE: "true" + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + SERVICE_HOST: edgex-device-rest + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-device-rest + image: nexus3.edgexfoundry.org:10004/device-rest:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59986 + published: "59986" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/device-rest + target: /tmp/edgex/secrets/device-rest + read_only: true + bind: + selinux: z + create_host_path: true + device-virtual: + command: + - /device-virtual + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + - --configDir=CONFIG_DIR_PLACE_HOLDER + container_name: edgex-device-virtual + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + core-data: + condition: service_started + required: true + core-metadata: + condition: service_started + required: true + keeper: + condition: service_started + required: true + security-bootstrapper: + condition: service_started + required: true + entrypoint: + - /edgex-init/ready_to_run_wait_install.sh + environment: + EDGEX_SECURITY_SECRET_STORE: "true" + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + SERVICE_HOST: edgex-device-virtual + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-device-virtual + image: nexus3.edgexfoundry.org:10004/device-virtual:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59900 + published: "59900" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: bind + source: /PROFILE_VOLUME_PLACE_HOLDER + target: CONFIG_DIR_PLACE_HOLDER + bind: + selinux: z + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/device-virtual + target: /tmp/edgex/secrets/device-virtual + read_only: true + bind: + selinux: z + create_host_path: true + keeper: + command: + - /core-keeper + container_name: edgex-core-keeper + depends_on: + database: + condition: service_started + required: true + security-bootstrapper: + condition: service_started + required: true + security-secretstore-setup: + condition: service_started + required: true + environment: + DATABASE_HOST: edgex-redis + EDGEX_SECURITY_SECRET_STORE: "true" + MESSAGEBUS_HOST: edgex-redis + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + SERVICE_HOST: edgex-core-keeper + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-core-keeper + image: nexus3.edgexfoundry.org:10004/core-keeper:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59890 + published: "59890" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/core-keeper + target: /tmp/edgex/secrets/core-keeper + read_only: true + bind: + selinux: z + create_host_path: true + modbus-simulator: + container_name: edgex-modbus-simulator + hostname: edgex-modbus-simulator + image: nexus3.edgexfoundry.org:10003/edgex-devops/edgex-modbus-simulator:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 1502 + published: "1502" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + mqtt-broker: + command: + - /usr/sbin/mosquitto + - -c + - /mosquitto-no-auth.conf + container_name: edgex-mqtt-broker + hostname: edgex-mqtt-broker + image: eclipse-mosquitto:2.0 + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 1883 + published: "1883" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + mqtt-taf-broker: + command: + - /usr/sbin/mosquitto + - -c + - /mosquitto-no-auth.conf + container_name: edgex-taf-mqtt-broker + hostname: edgex-taf-mqtt-broker + image: eclipse-mosquitto:2.0 + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 1883 + published: "1884" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + nginx: + command: + - /docker-entrypoint.sh + - nginx + - -g + - daemon off; + container_name: edgex-nginx + depends_on: + security-secretstore-setup: + condition: service_started + required: true + entrypoint: + - /bin/sh + - /edgex-init/nginx_wait_install.sh + environment: + PROXY_SETUP_HOST: edgex-security-proxy-setup + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-nginx + image: nginx:1.25-alpine-slim + networks: + edgex-network: null + ports: + - mode: ingress + target: 8443 + published: "8443" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + tmpfs: + - /etc/nginx/conf.d + - /var/cache/nginx + - /var/log/nginx + - /var/run + volumes: + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: volume + source: nginx-templates + target: /etc/nginx/templates + volume: {} + - type: volume + source: nginx-tls + target: /etc/ssl/nginx + volume: {} + rules-engine: + container_name: edgex-kuiper + depends_on: + database: + condition: service_started + required: true + security-bootstrapper: + condition: service_started + required: true + security-secretstore-setup: + condition: service_started + required: true + entrypoint: + - /edgex-init/kuiper_wait_install.sh + environment: + CONNECTION__EDGEX__REDISMSGBUS__PORT: "6379" + CONNECTION__EDGEX__REDISMSGBUS__PROTOCOL: redis + CONNECTION__EDGEX__REDISMSGBUS__SERVER: edgex-redis + CONNECTION__EDGEX__REDISMSGBUS__TYPE: redis + EDGEX__DEFAULT__PORT: "6379" + EDGEX__DEFAULT__PROTOCOL: redis + EDGEX__DEFAULT__SERVER: edgex-redis + EDGEX__DEFAULT__TOPIC: edgex/rules-events + EDGEX__DEFAULT__TYPE: redis + KUIPER__BASIC__CONSOLELOG: "true" + KUIPER__BASIC__ENABLEOPENZITI: "false" + KUIPER__BASIC__RESTPORT: "59720" + PROXY_SETUP_HOST: edgex-security-proxy-setup + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-kuiper + image: lfedge/ekuiper:v1.14.0-alpha.2 + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59720 + published: "59720" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: kuiper:kuiper + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: kuiper-data + target: /kuiper/data + volume: {} + - type: volume + source: kuiper-etc + target: /kuiper/etc + volume: {} + - type: volume + source: kuiper-log + target: /kuiper/log + volume: {} + - type: volume + source: kuiper-plugins + target: /kuiper/plugins + volume: {} + - type: volume + source: kuiper-sources + target: /kuiper/etc/sources + volume: {} + - type: volume + source: kuiper-connections + target: /kuiper/etc/connections + volume: {} + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + security-bootstrapper: + container_name: edgex-security-bootstrapper + environment: + EDGEX_GROUP: "2001" + EDGEX_USER: "2002" + PROXY_SETUP_HOST: edgex-security-proxy-setup + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-security-bootstrapper + image: nexus3.edgexfoundry.org:10004/security-bootstrapper:latest + networks: + edgex-network: null + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: root:root + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + volume: {} + security-proxy-auth: + command: + - entrypoint.sh + - /security-proxy-auth + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-proxy-auth + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + security-secretstore-setup: + condition: service_started + required: true + entrypoint: + - /bin/sh + - /edgex-init/ready_to_run_wait_install.sh + environment: + EDGEX_SECURITY_SECRET_STORE: "true" + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + SERVICE_HOST: edgex-proxy-auth + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-proxy-auth + image: nexus3.edgexfoundry.org:10004/security-proxy-auth:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59842 + published: "59842" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/security-proxy-auth + target: /tmp/edgex/secrets/security-proxy-auth + read_only: true + bind: + selinux: z + create_host_path: true + security-proxy-setup: + container_name: edgex-security-proxy-setup + depends_on: + security-bootstrapper: + condition: service_started + required: true + security-secretstore-setup: + condition: service_started + required: true + entrypoint: + - /edgex-init/proxy_setup_wait_install.sh + environment: + EDGEX_ADD_PROXY_ROUTE: device-modbus.http://edgex-device-modbus:59901 + EDGEX_SECURITY_SECRET_STORE: "true" + PROXY_SETUP_HOST: edgex-security-proxy-setup + ROUTES_CORE_COMMAND_HOST: edgex-core-command + ROUTES_CORE_CONSUL_HOST: edgex-core-consul + ROUTES_CORE_DATA_HOST: edgex-core-data + ROUTES_CORE_METADATA_HOST: edgex-core-metadata + ROUTES_DEVICE_VIRTUAL_HOST: device-virtual + ROUTES_RULES_ENGINE_HOST: edgex-kuiper + ROUTES_SUPPORT_NOTIFICATIONS_HOST: edgex-support-notifications + ROUTES_SUPPORT_SCHEDULER_HOST: edgex-support-scheduler + ROUTES_SYS_MGMT_AGENT_HOST: edgex-sys-mgmt-agent + SECRETSTORE_HOST: edgex-vault + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-security-proxy-setup + image: nexus3.edgexfoundry.org:10004/security-proxy-setup:latest + networks: + edgex-network: null + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: root:root + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: volume + source: vault-config + target: /vault/config + volume: {} + - type: volume + source: nginx-templates + target: /etc/nginx/templates + volume: {} + - type: volume + source: nginx-tls + target: /etc/ssl/nginx + volume: {} + - type: bind + source: /tmp/edgex/secrets/security-proxy-setup + target: /tmp/edgex/secrets/security-proxy-setup + read_only: true + bind: + selinux: z + create_host_path: true + - type: volume + source: consul-acl-token + target: /tmp/edgex/secrets/consul-acl-token + read_only: true + volume: {} + security-secretstore-setup: + container_name: edgex-security-secretstore-setup + depends_on: + security-bootstrapper: + condition: service_started + required: true + vault: + condition: service_started + required: true + environment: + EDGEX_ADD_KNOWN_SECRETS: redisdb[app-rules-engine],redisdb[app-http-export],redisdb[app-mqtt-export],redisdb[app-scalability-test-mqtt-export],redisdb[app-sample],redisdb[device-modbus],redisdb[device-rest],redisdb[device-virtual],redisdb[device-onvif-camera],message-bus[app-rules-engine],message-bus[app-http-export],message-bus[app-mqtt-export],message-bus[app-external-mqtt-trigger],message-bus[app-scalability-test-mqtt-export],message-bus[app-sample],message-bus[device-modbus],message-bus[device-rest],message-bus[device-virtual],message-bus[device-onvif-camera] + EDGEX_ADD_SECRETSTORE_TOKENS: app-http-export,app-mqtt-export,app-functional-tests,app-scalability-test-mqtt-export,app-sample,device-modbus,app-external-mqtt-trigger,device-onvif-camera + EDGEX_GROUP: "2001" + EDGEX_SECURITY_SECRET_STORE: "true" + EDGEX_USER: "2002" + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + SECUREMESSAGEBUS_TYPE: redis + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-security-secretstore-setup + image: nexus3.edgexfoundry.org:10004/security-secretstore-setup:latest + networks: + edgex-network: null + read_only: true + restart: always + security_opt: + - no-new-privileges:true + tmpfs: + - /run + - /vault + user: root:root + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: volume + source: vault-config + target: /vault/config + volume: {} + - type: bind + source: /tmp/edgex/secrets + target: /tmp/edgex/secrets + bind: + selinux: z + create_host_path: true + - type: volume + source: kuiper-sources + target: /tmp/kuiper + volume: {} + - type: volume + source: kuiper-connections + target: /tmp/kuiper-connections + volume: {} + security-spiffe-token-provider: + command: + - /security-spiffe-token-provider + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-security-spiffe-token-provider + depends_on: + keeper: + condition: service_started + required: true + security-bootstrapper: + condition: service_started + required: true + security-spire-agent: + condition: service_started + required: true + entrypoint: + - /edgex-init/ready_to_run_wait_install.sh + environment: + EDGEX_SECURITY_SECRET_STORE: "true" + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + SERVICE_HOST: edgex-security-spiffe-token-provider + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-security-spiffe-token-provider + image: nexus3.edgexfoundry.org:10004/security-spiffe-token-provider:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59841 + published: "59841" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + tmpfs: + - /run + user: root:root + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + volume: {} + - type: bind + source: /tmp/edgex/secrets/spiffe + target: /tmp/edgex/secrets/spiffe + bind: + selinux: z + create_host_path: true + - type: bind + source: /tmp/edgex/secrets/security-spiffe-token-provider + target: /tmp/edgex/secrets/security-spiffe-token-provider + bind: + selinux: z + create_host_path: true + security-spire-agent: + command: + - docker-entrypoint.sh + container_name: edgex-security-spire-agent + depends_on: + security-spire-server: + condition: service_started + required: true + entrypoint: + - /edgex-init/ready_to_run_wait_install.sh + environment: + EDGEX_SECURITY_SECRET_STORE: "true" + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-security-spire-agent + image: nexus3.edgexfoundry.org:10004/security-spire-agent:latest + networks: + edgex-network: null + pid: host + privileged: true + read_only: true + restart: always + security_opt: + - no-new-privileges:true + tmpfs: + - /run + user: root:root + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + volume: {} + - type: volume + source: spire-ca + target: /srv/spiffe/ca + volume: {} + - type: volume + source: spire-agent + target: /srv/spiffe/agent + volume: {} + - type: bind + source: /tmp/edgex/secrets/spiffe + target: /tmp/edgex/secrets/spiffe + bind: + selinux: z + create_host_path: true + - type: bind + source: /var/run/docker.sock + target: /var/run/docker.sock + bind: + create_host_path: true + security-spire-config: + command: + - docker-entrypoint.sh + container_name: edgex-security-spire-config + depends_on: + security-spire-agent: + condition: service_started + required: true + entrypoint: + - /edgex-init/ready_to_run_wait_install.sh + environment: + EDGEX_SECURITY_SECRET_STORE: "true" + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-security-spire-config + image: nexus3.edgexfoundry.org:10004/security-spire-config:latest + networks: + edgex-network: null + read_only: true + restart: always + security_opt: + - no-new-privileges:true + tmpfs: + - /run + user: root:root + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + volume: {} + - type: bind + source: /tmp/edgex/secrets/spiffe + target: /tmp/edgex/secrets/spiffe + bind: + selinux: z + create_host_path: true + security-spire-server: + command: + - docker-entrypoint.sh + container_name: edgex-security-spire-server + depends_on: + security-bootstrapper: + condition: service_started + required: true + entrypoint: + - /edgex-init/ready_to_run_wait_install.sh + environment: + EDGEX_SECURITY_SECRET_STORE: "true" + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-security-spire-server + image: nexus3.edgexfoundry.org:10004/security-spire-server:latest + networks: + edgex-network: null + pid: host + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59840 + published: "59840" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + tmpfs: + - /run + user: root:root + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + volume: {} + - type: volume + source: spire-ca + target: /srv/spiffe/ca + volume: {} + - type: volume + source: spire-server + target: /srv/spiffe/server + volume: {} + - type: bind + source: /tmp/edgex/secrets/spiffe + target: /tmp/edgex/secrets/spiffe + bind: + selinux: z + create_host_path: true + support-notifications: + command: + - /support-notifications + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-support-notifications + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + database: + condition: service_started + required: true + keeper: + condition: service_started + required: true + security-bootstrapper: + condition: service_started + required: true + security-secretstore-setup: + condition: service_started + required: true + entrypoint: + - /edgex-init/ready_to_run_wait_install.sh + environment: + EDGEX_SECURITY_SECRET_STORE: "true" + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + SERVICE_HOST: edgex-support-notifications + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-support-notifications + image: nexus3.edgexfoundry.org:10004/support-notifications:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59860 + published: "59860" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/support-notifications + target: /tmp/edgex/secrets/support-notifications + read_only: true + bind: + selinux: z + create_host_path: true + support-scheduler: + command: + - /support-scheduler + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-support-scheduler + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + database: + condition: service_started + required: true + keeper: + condition: service_started + required: true + security-bootstrapper: + condition: service_started + required: true + security-secretstore-setup: + condition: service_started + required: true + entrypoint: + - /edgex-init/ready_to_run_wait_install.sh + environment: + EDGEX_SECURITY_SECRET_STORE: "true" + INTERVALACTIONS_SCRUBAGED_HOST: edgex-core-data + INTERVALACTIONS_SCRUBPUSHED_HOST: edgex-core-data + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + SERVICE_HOST: edgex-support-scheduler + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-support-scheduler + image: nexus3.edgexfoundry.org:10004/support-scheduler:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59861 + published: "59861" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/support-scheduler + target: /tmp/edgex/secrets/support-scheduler + read_only: true + bind: + selinux: z + create_host_path: true + ui: + container_name: edgex-ui-go + environment: + EDGEX_SECURITY_SECRET_STORE: "true" + SERVICE_HOST: edgex-ui-go + hostname: edgex-ui-go + image: nexus3.edgexfoundry.org:10004/edgex-ui:latest + networks: + edgex-network: null + ports: + - mode: ingress + target: 4000 + published: "4000" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + vault: + cap_add: + - IPC_LOCK + command: + - server + container_name: edgex-vault + depends_on: + security-bootstrapper: + condition: service_started + required: true + entrypoint: + - /edgex-init/vault_wait_install.sh + environment: + PROXY_SETUP_HOST: edgex-security-proxy-setup + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + VAULT_ADDR: http://edgex-vault:8200 + VAULT_CONFIG_DIR: /vault/config + VAULT_UI: "true" + hostname: edgex-vault + image: hashicorp/vault:1.14 + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 8200 + published: "8200" + protocol: tcp + restart: always + tmpfs: + - /vault/config + user: root:root + volumes: + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: volume + source: vault-file + target: /vault/file + volume: {} + - type: volume + source: vault-logs + target: /vault/logs + volume: {} +networks: + edgex-network: + name: edgex_edgex-network + driver: bridge +volumes: + consul-acl-token: + name: edgex_consul-acl-token + db-data: + name: edgex_db-data + edgex-init: + name: edgex_edgex-init + kuiper-connections: + name: edgex_kuiper-connections + kuiper-data: + name: edgex_kuiper-data + kuiper-etc: + name: edgex_kuiper-etc + kuiper-log: + name: edgex_kuiper-log + kuiper-plugins: + name: edgex_kuiper-plugins + kuiper-sources: + name: edgex_kuiper-sources + nginx-templates: + name: edgex_nginx-templates + nginx-tls: + name: edgex_nginx-tls + redis-config: + name: edgex_redis-config + spire-agent: + name: edgex_spire-agent + spire-ca: + name: edgex_spire-ca + spire-server: + name: edgex_spire-server + vault-config: + name: edgex_vault-config + vault-file: + name: edgex_vault-file + vault-logs: + name: edgex_vault-logs diff --git a/taf/docker-compose-taf-mqtt-bus-arm64.yml b/taf/docker-compose-taf-mqtt-bus-arm64.yml index b01c0e60..68832bd6 100644 --- a/taf/docker-compose-taf-mqtt-bus-arm64.yml +++ b/taf/docker-compose-taf-mqtt-bus-arm64.yml @@ -24,27 +24,33 @@ # # From the compose-builder folder use `make build` to regenerate all standard compose files variations # +# Generated with: Docker Compose version v2.25.0 name: edgex services: app-external-mqtt-trigger: command: - - /app-service-configurable - - -cp=consul.http://edgex-core-consul:8500 - - --registry + - /app-service-configurable + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-app-external-mqtt-trigger depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-data: condition: service_started + required: true core-metadata: condition: service_started + required: true security-bootstrapper: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_PROFILE: external-mqtt-trigger EDGEX_SECURITY_SECRET_STORE: "true" @@ -73,52 +79,56 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59706 - published: "59706" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59706 + published: "59706" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /tmp/edgex/secrets/app-external-mqtt-trigger - target: /tmp/edgex/secrets/app-external-mqtt-trigger - read_only: true - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/app-external-mqtt-trigger + target: /tmp/edgex/secrets/app-external-mqtt-trigger + read_only: true + bind: + selinux: z + create_host_path: true app-functional-tests: command: - - /app-service-configurable - - -cp=consul.http://edgex-core-consul:8500 - - --registry + - /app-service-configurable + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-app-functional-tests depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-metadata: condition: service_started + required: true security-bootstrapper: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_PROFILE: functional-tests EDGEX_SECURITY_SECRET_STORE: "true" @@ -143,52 +153,57 @@ services: networks: edgex-network: null ports: - - mode: ingress - target: 59705 - published: "59705" - protocol: tcp + - mode: ingress + target: 59705 + published: "59705" + protocol: tcp read_only: true security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /tmp/edgex/secrets/app-functional-tests - target: /tmp/edgex/secrets/app-functional-tests - read_only: true - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/app-functional-tests + target: /tmp/edgex/secrets/app-functional-tests + read_only: true + bind: + selinux: z + create_host_path: true app-http-export: command: - - /app-service-configurable - - -cp=consul.http://edgex-core-consul:8500 - - --registry + - /app-service-configurable + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-app-http-export depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-data: condition: service_started + required: true core-metadata: condition: service_started + required: true security-bootstrapper: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_PROFILE: http-export EDGEX_SECURITY_SECRET_STORE: "true" @@ -215,52 +230,56 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59704 - published: "59704" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59704 + published: "59704" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /tmp/edgex/secrets/app-http-export - target: /tmp/edgex/secrets/app-http-export - read_only: true - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/app-http-export + target: /tmp/edgex/secrets/app-http-export + read_only: true + bind: + selinux: z + create_host_path: true app-mqtt-export: command: - - /app-service-configurable - - -cp=consul.http://edgex-core-consul:8500 - - --registry + - /app-service-configurable + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-app-mqtt-export depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-metadata: condition: service_started + required: true security-bootstrapper: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_PROFILE: mqtt-export EDGEX_SECURITY_SECRET_STORE: "true" @@ -288,52 +307,56 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59703 - published: "59703" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59703 + published: "59703" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /tmp/edgex/secrets/app-mqtt-export - target: /tmp/edgex/secrets/app-mqtt-export - read_only: true - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/app-mqtt-export + target: /tmp/edgex/secrets/app-mqtt-export + read_only: true + bind: + selinux: z + create_host_path: true app-rules-engine: command: - - /app-service-configurable - - -cp=consul.http://edgex-core-consul:8500 - - --registry + - /app-service-configurable + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-app-rules-engine depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-metadata: condition: service_started + required: true security-bootstrapper: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_PROFILE: rules-engine EDGEX_SECURITY_SECRET_STORE: "true" @@ -358,52 +381,56 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59701 - published: "59701" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59701 + published: "59701" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /tmp/edgex/secrets/app-rules-engine - target: /tmp/edgex/secrets/app-rules-engine - read_only: true - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/app-rules-engine + target: /tmp/edgex/secrets/app-rules-engine + read_only: true + bind: + selinux: z + create_host_path: true app-sample: command: - - /app-service-configurable - - -cp=consul.http://edgex-core-consul:8500 - - --registry + - /app-service-configurable + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-app-sample depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-metadata: condition: service_started + required: true security-bootstrapper: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: CLIENTS_CORE_COMMAND_HOST: edgex-core-command CLIENTS_CORE_DATA_HOST: edgex-core-data @@ -431,52 +458,56 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59700 - published: "59700" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59700 + published: "59700" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /tmp/edgex/secrets/app-sample - target: /tmp/edgex/secrets/app-sample - read_only: true - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/app-sample + target: /tmp/edgex/secrets/app-sample + read_only: true + bind: + selinux: z + create_host_path: true app-scalability-test-mqtt-export: command: - - /app-service-configurable - - -cp=consul.http://edgex-core-consul:8500 - - --registry + - /app-service-configurable + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-app-scalability-test-mqtt-export depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-metadata: condition: service_started + required: true security-bootstrapper: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_PROFILE: mqtt-export EDGEX_SECURITY_SECRET_STORE: "true" @@ -509,49 +540,51 @@ services: networks: edgex-network: null ports: - - mode: ingress - target: 59703 - published: "59710" - protocol: tcp + - mode: ingress + target: 59703 + published: "59710" + protocol: tcp read_only: true security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /tmp/edgex/secrets/app-scalability-test-mqtt-export - target: /tmp/edgex/secrets/app-scalability-test-mqtt-export - read_only: true - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/app-scalability-test-mqtt-export + target: /tmp/edgex/secrets/app-scalability-test-mqtt-export + read_only: true + bind: + selinux: z + create_host_path: true consul: command: - - agent - - -ui - - -bootstrap - - -server - - -client - - 0.0.0.0 + - agent + - -ui + - -bootstrap + - -server + - -client + - 0.0.0.0 container_name: edgex-core-consul depends_on: security-bootstrapper: condition: service_started + required: true vault: condition: service_started + required: true entrypoint: - - /edgex-init/consul_wait_install.sh + - /edgex-init/consul_wait_install.sh environment: EDGEX_ADD_REGISTRY_ACL_ROLES: app-http-export,app-mqtt-export,app-functional-tests,app-scalability-test-mqtt-export,app-sample,device-modbus,app-external-mqtt-trigger,device-onvif-camera EDGEX_GROUP: "2001" @@ -580,62 +613,68 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 8500 - published: "8500" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 8500 + published: "8500" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: root:root volumes: - - type: volume - source: consul-config - target: /consul/config - volume: {} - - type: volume - source: consul-data - target: /consul/data - volume: {} - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: volume - source: consul-acl-token - target: /tmp/edgex/secrets/consul-acl-token - volume: {} - - type: bind - source: /tmp/edgex/secrets/edgex-consul - target: /tmp/edgex/secrets/edgex-consul - read_only: true - bind: - selinux: z - create_host_path: true + - type: volume + source: consul-config + target: /consul/config + volume: {} + - type: volume + source: consul-data + target: /consul/data + volume: {} + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/edgex-consul + target: /tmp/edgex/secrets/edgex-consul + read_only: true + bind: + selinux: z + create_host_path: true + - type: volume + source: consul-acl-token + target: /tmp/edgex/secrets/consul-acl-token + volume: {} core-command: command: - - /core-command - - -cp=consul.http://edgex-core-consul:8500 - - --registry + - /core-command + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-core-command depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-metadata: condition: service_started + required: true database: condition: service_started + required: true security-bootstrapper: condition: service_started + required: true security-secretstore-setup: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" EXTERNALMQTT_URL: tcp://edgex-mqtt-broker:1883 @@ -660,50 +699,54 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59882 - published: "59882" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59882 + published: "59882" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /tmp/edgex/secrets/core-command - target: /tmp/edgex/secrets/core-command - read_only: true - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/core-command + target: /tmp/edgex/secrets/core-command + read_only: true + bind: + selinux: z + create_host_path: true core-common-config-bootstrapper: command: - - /entrypoint.sh - - /core-common-config-bootstrapper - - -cp=consul.http://edgex-core-consul:8500 + - /entrypoint.sh + - /core-common-config-bootstrapper + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-core-common-config-bootstrapper depends_on: consul: condition: service_started + required: true security-bootstrapper: condition: service_started + required: true security-secretstore-setup: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: ALL_SERVICES_DATABASE_HOST: edgex-redis ALL_SERVICES_MESSAGEBUS_AUTHMODE: usernamepassword @@ -713,6 +756,8 @@ services: ALL_SERVICES_MESSAGEBUS_SECRETNAME: message-bus ALL_SERVICES_MESSAGEBUS_TYPE: mqtt ALL_SERVICES_REGISTRY_HOST: edgex-core-consul + ALL_SERVICES_REGISTRY_PORT: "8500" + ALL_SERVICES_REGISTRY_TYPE: consul APP_SERVICES_CLIENTS_CORE_METADATA_HOST: edgex-core-metadata DEVICE_SERVICES_CLIENTS_CORE_METADATA_HOST: edgex-core-metadata EDGEX_SECURITY_SECRET_STORE: "true" @@ -737,46 +782,51 @@ services: edgex-network: null read_only: true security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /tmp/edgex/secrets/core-common-config-bootstrapper - target: /tmp/edgex/secrets/core-common-config-bootstrapper - read_only: true - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/core-common-config-bootstrapper + target: /tmp/edgex/secrets/core-common-config-bootstrapper + read_only: true + bind: + selinux: z + create_host_path: true core-data: command: - - /core-data - - -cp=consul.http://edgex-core-consul:8500 - - --registry + - /core-data + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-core-data depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true database: condition: service_started + required: true security-bootstrapper: condition: service_started + required: true security-secretstore-setup: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" PROXY_SETUP_HOST: edgex-security-proxy-setup @@ -800,52 +850,56 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59880 - published: "59880" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59880 + published: "59880" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /tmp/edgex/secrets/core-data - target: /tmp/edgex/secrets/core-data - read_only: true - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/core-data + target: /tmp/edgex/secrets/core-data + read_only: true + bind: + selinux: z + create_host_path: true core-metadata: command: - - /core-metadata - - -cp=consul.http://edgex-core-consul:8500 - - --registry + - /core-metadata + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-core-metadata depends_on: consul: condition: service_started + required: true database: condition: service_started + required: true security-bootstrapper: condition: service_started + required: true security-secretstore-setup: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" PROXY_SETUP_HOST: edgex-security-proxy-setup @@ -869,44 +923,46 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59881 - published: "59881" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59881 + published: "59881" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /tmp/edgex/secrets/core-metadata - target: /tmp/edgex/secrets/core-metadata - read_only: true - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/core-metadata + target: /tmp/edgex/secrets/core-metadata + read_only: true + bind: + selinux: z + create_host_path: true database: container_name: edgex-redis depends_on: security-bootstrapper: condition: service_started + required: true security-secretstore-setup: condition: service_started + required: true entrypoint: - - /edgex-init/redis_wait_install.sh + - /edgex-init/redis_wait_install.sh environment: DATABASECONFIG_NAME: redis.conf DATABASECONFIG_PATH: /run/redis/conf @@ -931,61 +987,67 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 6379 - published: "6379" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 6379 + published: "6379" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true tmpfs: - - /run + - /run user: root:root volumes: - - type: volume - source: db-data - target: /data - volume: {} - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: volume - source: redis-config - target: /run/redis/conf - volume: {} - - type: bind - source: /tmp/edgex/secrets/security-bootstrapper-redis - target: /tmp/edgex/secrets/security-bootstrapper-redis - read_only: true - bind: - selinux: z - create_host_path: true + - type: volume + source: db-data + target: /data + volume: {} + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: volume + source: redis-config + target: /run/redis/conf + volume: {} + - type: bind + source: /tmp/edgex/secrets/security-bootstrapper-redis + target: /tmp/edgex/secrets/security-bootstrapper-redis + read_only: true + bind: + selinux: z + create_host_path: true device-modbus: command: - - /device-modbus - - -cp=consul.http://edgex-core-consul:8500 - - --registry - - --configDir=CONFIG_DIR_PLACE_HOLDER + - /device-modbus + - --registry + - -cp=consul.http://edgex-core-consul:8500 + - --configDir=CONFIG_DIR_PLACE_HOLDER container_name: edgex-device-modbus depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-data: condition: service_started + required: true core-metadata: condition: service_started + required: true modbus-simulator: condition: service_started + required: true security-bootstrapper: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" PROXY_SETUP_HOST: edgex-security-proxy-setup @@ -1009,60 +1071,65 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59901 - published: "59901" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59901 + published: "59901" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /tmp/edgex/secrets/device-modbus - target: /tmp/edgex/secrets/device-modbus - read_only: true - bind: - selinux: z - create_host_path: true - - type: bind - source: /PROFILE_VOLUME_PLACE_HOLDER - target: CONFIG_DIR_PLACE_HOLDER - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: bind + source: /PROFILE_VOLUME_PLACE_HOLDER + target: CONFIG_DIR_PLACE_HOLDER + bind: + selinux: z + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/device-modbus + target: /tmp/edgex/secrets/device-modbus + read_only: true + bind: + selinux: z + create_host_path: true device-onvif-camera: command: - - /device-onvif-camera - - -cp=consul.http://edgex-core-consul:8500 - - --registry + - /device-onvif-camera + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-device-onvif-camera depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-data: condition: service_started + required: true core-metadata: condition: service_started + required: true security-bootstrapper: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" PROXY_SETUP_HOST: edgex-security-proxy-setup @@ -1086,54 +1153,59 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59984 - published: "59984" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59984 + published: "59984" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /tmp/edgex/secrets/device-onvif-camera - target: /tmp/edgex/secrets/device-onvif-camera - read_only: true - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/device-onvif-camera + target: /tmp/edgex/secrets/device-onvif-camera + read_only: true + bind: + selinux: z + create_host_path: true device-rest: command: - - /device-rest - - -cp=consul.http://edgex-core-consul:8500 - - --registry + - /device-rest + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-device-rest depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-data: condition: service_started + required: true core-metadata: condition: service_started + required: true security-bootstrapper: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" PROXY_SETUP_HOST: edgex-security-proxy-setup @@ -1157,55 +1229,60 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59986 - published: "59986" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59986 + published: "59986" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /tmp/edgex/secrets/device-rest - target: /tmp/edgex/secrets/device-rest - read_only: true - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/device-rest + target: /tmp/edgex/secrets/device-rest + read_only: true + bind: + selinux: z + create_host_path: true device-virtual: command: - - /device-virtual - - -cp=consul.http://edgex-core-consul:8500 - - --registry - - --configDir=CONFIG_DIR_PLACE_HOLDER + - /device-virtual + - --registry + - -cp=consul.http://edgex-core-consul:8500 + - --configDir=CONFIG_DIR_PLACE_HOLDER container_name: edgex-device-virtual depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-data: condition: service_started + required: true core-metadata: condition: service_started + required: true security-bootstrapper: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" PROXY_SETUP_HOST: edgex-security-proxy-setup @@ -1229,41 +1306,41 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59900 - published: "59900" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59900 + published: "59900" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /tmp/edgex/secrets/device-virtual - target: /tmp/edgex/secrets/device-virtual - read_only: true - bind: - selinux: z - create_host_path: true - - type: bind - source: /PROFILE_VOLUME_PLACE_HOLDER - target: CONFIG_DIR_PLACE_HOLDER - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: bind + source: /PROFILE_VOLUME_PLACE_HOLDER + target: CONFIG_DIR_PLACE_HOLDER + bind: + selinux: z + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/device-virtual + target: /tmp/edgex/secrets/device-virtual + read_only: true + bind: + selinux: z + create_host_path: true modbus-simulator: container_name: edgex-modbus-simulator hostname: edgex-modbus-simulator @@ -1271,37 +1348,39 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 1502 - published: "1502" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 1502 + published: "1502" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true mqtt-broker: command: - - /usr/sbin/mosquitto - - -v - - -c - - /mosquitto/config/mosquitto.conf + - /usr/sbin/mosquitto + - -v + - -c + - /mosquitto/config/mosquitto.conf container_name: edgex-mqtt-broker depends_on: security-bootstrapper: condition: service_started + required: true security-secretstore-setup: condition: service_started + required: true entrypoint: - - /edgex-init/messagebus_wait_install.sh + - /edgex-init/messagebus_wait_install.sh environment: BROKER_TYPE: mosquitto CONF_DIR: /edgex-init/bootstrap-mosquitto/res @@ -1327,67 +1406,68 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 1883 - published: "1883" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 1883 + published: "1883" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: root:root volumes: - - type: volume - source: mqtt - target: /mosquitto - volume: {} - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /tmp/edgex/secrets/security-bootstrapper-messagebus - target: /tmp/edgex/secrets/security-bootstrapper-messagebus - read_only: true - bind: - selinux: z - create_host_path: true + - type: volume + source: mqtt + target: /mosquitto + volume: {} + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/security-bootstrapper-messagebus + target: /tmp/edgex/secrets/security-bootstrapper-messagebus + read_only: true + bind: + selinux: z + create_host_path: true mqtt-taf-broker: command: - - /usr/sbin/mosquitto - - -c - - /mosquitto-no-auth.conf + - /usr/sbin/mosquitto + - -c + - /mosquitto-no-auth.conf container_name: edgex-taf-mqtt-broker hostname: edgex-taf-mqtt-broker image: eclipse-mosquitto:2.0 networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 1883 - published: "1884" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 1883 + published: "1884" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 nginx: command: - - /docker-entrypoint.sh - - nginx - - -g - - daemon off; + - /docker-entrypoint.sh + - nginx + - -g + - daemon off; container_name: edgex-nginx depends_on: security-secretstore-setup: condition: service_started + required: true entrypoint: - - /bin/sh - - /edgex-init/nginx_wait_install.sh + - /bin/sh + - /edgex-init/nginx_wait_install.sh environment: PROXY_SETUP_HOST: edgex-security-proxy-setup STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper @@ -1408,46 +1488,50 @@ services: networks: edgex-network: null ports: - - mode: ingress - target: 8443 - published: "8443" - protocol: tcp + - mode: ingress + target: 8443 + published: "8443" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true tmpfs: - - /etc/nginx/conf.d - - /var/cache/nginx - - /var/log/nginx - - /var/run + - /etc/nginx/conf.d + - /var/cache/nginx + - /var/log/nginx + - /var/run volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: volume - source: nginx-templates - target: /etc/nginx/templates - volume: {} - - type: volume - source: nginx-tls - target: /etc/ssl/nginx - volume: {} + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: volume + source: nginx-templates + target: /etc/nginx/templates + volume: {} + - type: volume + source: nginx-tls + target: /etc/ssl/nginx + volume: {} rules-engine: container_name: edgex-kuiper depends_on: database: condition: service_started + required: true mqtt-broker: condition: service_started + required: true security-bootstrapper: condition: service_started + required: true security-secretstore-setup: condition: service_started + required: true entrypoint: - - /edgex-init/kuiper_wait_install.sh + - /edgex-init/kuiper_wait_install.sh environment: CONNECTION__EDGEX__MQTTMSGBUS__OPTIONAL__CLIENTID: kuiper-rules-engine CONNECTION__EDGEX__MQTTMSGBUS__OPTIONAL__KEEPALIVE: "500" @@ -1467,6 +1551,7 @@ services: EDGEX__DEFAULT__TOPIC: edgex/rules-events EDGEX__DEFAULT__TYPE: mqtt KUIPER__BASIC__CONSOLELOG: "true" + KUIPER__BASIC__ENABLEOPENZITI: "false" KUIPER__BASIC__RESTPORT: "59720" PROXY_SETUP_HOST: edgex-security-proxy-setup STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper @@ -1483,56 +1568,56 @@ services: STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" STAGEGATE_WAITFOR_TIMEOUT: 60s hostname: edgex-kuiper - image: lfedge/ekuiper:1.12-alpine + image: lfedge/ekuiper:v1.14.0-alpha.2 networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59720 - published: "59720" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59720 + published: "59720" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: kuiper:kuiper volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: volume - source: kuiper-data - target: /kuiper/data - volume: {} - - type: volume - source: kuiper-etc - target: /kuiper/etc - volume: {} - - type: volume - source: kuiper-connections - target: /kuiper/etc/connections - volume: {} - - type: volume - source: kuiper-sources - target: /kuiper/etc/sources - volume: {} - - type: volume - source: kuiper-log - target: /kuiper/log - volume: {} - - type: volume - source: kuiper-plugins - target: /kuiper/plugins - volume: {} + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: kuiper-data + target: /kuiper/data + volume: {} + - type: volume + source: kuiper-etc + target: /kuiper/etc + volume: {} + - type: volume + source: kuiper-log + target: /kuiper/log + volume: {} + - type: volume + source: kuiper-plugins + target: /kuiper/plugins + volume: {} + - type: volume + source: kuiper-sources + target: /kuiper/etc/sources + volume: {} + - type: volume + source: kuiper-connections + target: /kuiper/etc/connections + volume: {} + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} security-bootstrapper: container_name: edgex-security-bootstrapper environment: @@ -1559,34 +1644,36 @@ services: read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: root:root volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: volume - source: edgex-init - target: /edgex-init - volume: {} + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + volume: {} security-proxy-auth: command: - - entrypoint.sh - - /security-proxy-auth - - -cp=consul.http://edgex-core-consul:8500 - - --registry + - entrypoint.sh + - /security-proxy-auth + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-proxy-auth depends_on: core-common-config-bootstrapper: condition: service_started + required: true security-secretstore-setup: condition: service_started + required: true entrypoint: - - /bin/sh - - /edgex-init/ready_to_run_wait_install.sh + - /bin/sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" PROXY_SETUP_HOST: edgex-security-proxy-setup @@ -1610,43 +1697,45 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59842 - published: "59842" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59842 + published: "59842" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /tmp/edgex/secrets/security-proxy-auth - target: /tmp/edgex/secrets/security-proxy-auth - read_only: true - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/security-proxy-auth + target: /tmp/edgex/secrets/security-proxy-auth + read_only: true + bind: + selinux: z + create_host_path: true security-proxy-setup: container_name: edgex-security-proxy-setup depends_on: security-bootstrapper: condition: service_started + required: true security-secretstore-setup: condition: service_started + required: true entrypoint: - - /edgex-init/proxy_setup_wait_install.sh + - /edgex-init/proxy_setup_wait_install.sh environment: EDGEX_ADD_PROXY_ROUTE: device-modbus.http://edgex-device-modbus:59901 EDGEX_SECURITY_SECRET_STORE: "true" @@ -1681,51 +1770,53 @@ services: read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: root:root volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: volume - source: nginx-templates - target: /etc/nginx/templates - volume: {} - - type: volume - source: nginx-tls - target: /etc/ssl/nginx - volume: {} - - type: volume - source: consul-acl-token - target: /tmp/edgex/secrets/consul-acl-token - read_only: true - volume: {} - - type: bind - source: /tmp/edgex/secrets/security-proxy-setup - target: /tmp/edgex/secrets/security-proxy-setup - read_only: true - bind: - selinux: z - create_host_path: true - - type: volume - source: vault-config - target: /vault/config - volume: {} + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: volume + source: vault-config + target: /vault/config + volume: {} + - type: volume + source: nginx-templates + target: /etc/nginx/templates + volume: {} + - type: volume + source: nginx-tls + target: /etc/ssl/nginx + volume: {} + - type: bind + source: /tmp/edgex/secrets/security-proxy-setup + target: /tmp/edgex/secrets/security-proxy-setup + read_only: true + bind: + selinux: z + create_host_path: true + - type: volume + source: consul-acl-token + target: /tmp/edgex/secrets/consul-acl-token + read_only: true + volume: {} security-secretstore-setup: container_name: edgex-security-secretstore-setup depends_on: security-bootstrapper: condition: service_started + required: true vault: condition: service_started + required: true environment: EDGEX_ADD_KNOWN_SECRETS: redisdb[app-rules-engine],redisdb[app-http-export],redisdb[app-mqtt-export],redisdb[app-scalability-test-mqtt-export],redisdb[app-sample],redisdb[device-modbus],redisdb[device-rest],redisdb[device-virtual],redisdb[device-onvif-camera],message-bus[app-rules-engine],message-bus[app-http-export],message-bus[app-mqtt-export],message-bus[app-external-mqtt-trigger],message-bus[app-scalability-test-mqtt-export],message-bus[app-sample],message-bus[device-modbus],message-bus[device-rest],message-bus[device-virtual],message-bus[device-onvif-camera] EDGEX_ADD_SECRETSTORE_TOKENS: app-http-export,app-mqtt-export,app-functional-tests,app-scalability-test-mqtt-export,app-sample,device-modbus,app-external-mqtt-trigger,device-onvif-camera @@ -1755,55 +1846,59 @@ services: read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true tmpfs: - - /run - - /vault + - /run + - /vault user: root:root volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /tmp/edgex/secrets - target: /tmp/edgex/secrets - bind: - selinux: z - create_host_path: true - - type: volume - source: kuiper-sources - target: /tmp/kuiper - volume: {} - - type: volume - source: kuiper-connections - target: /tmp/kuiper-connections - volume: {} - - type: volume - source: vault-config - target: /vault/config - volume: {} + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: volume + source: vault-config + target: /vault/config + volume: {} + - type: bind + source: /tmp/edgex/secrets + target: /tmp/edgex/secrets + bind: + selinux: z + create_host_path: true + - type: volume + source: kuiper-sources + target: /tmp/kuiper + volume: {} + - type: volume + source: kuiper-connections + target: /tmp/kuiper-connections + volume: {} security-spiffe-token-provider: command: - - /security-spiffe-token-provider - - -cp=consul.http://edgex-core-consul:8500 + - /security-spiffe-token-provider + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-security-spiffe-token-provider depends_on: consul: condition: service_started + required: true security-bootstrapper: condition: service_started + required: true security-spire-agent: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" PROXY_SETUP_HOST: edgex-security-proxy-setup @@ -1827,50 +1922,51 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59841 - published: "59841" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59841 + published: "59841" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true tmpfs: - - /run + - /run user: root:root volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: volume - source: edgex-init - target: /edgex-init - volume: {} - - type: bind - source: /tmp/edgex/secrets/spiffe - target: /tmp/edgex/secrets/spiffe - bind: - selinux: z - create_host_path: true - - type: bind - source: /tmp/edgex/secrets/security-spiffe-token-provider - target: /tmp/edgex/secrets/security-spiffe-token-provider - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + volume: {} + - type: bind + source: /tmp/edgex/secrets/spiffe + target: /tmp/edgex/secrets/spiffe + bind: + selinux: z + create_host_path: true + - type: bind + source: /tmp/edgex/secrets/security-spiffe-token-provider + target: /tmp/edgex/secrets/security-spiffe-token-provider + bind: + selinux: z + create_host_path: true security-spire-agent: command: - - docker-entrypoint.sh + - docker-entrypoint.sh container_name: edgex-security-spire-agent depends_on: security-spire-server: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" PROXY_SETUP_HOST: edgex-security-proxy-setup @@ -1897,49 +1993,50 @@ services: read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true tmpfs: - - /run + - /run user: root:root volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: volume - source: edgex-init - target: /edgex-init - volume: {} - - type: volume - source: spire-ca - target: /srv/spiffe/ca - volume: {} - - type: volume - source: spire-agent - target: /srv/spiffe/agent - volume: {} - - type: bind - source: /tmp/edgex/secrets/spiffe - target: /tmp/edgex/secrets/spiffe - bind: - selinux: z - create_host_path: true - - type: bind - source: /var/run/docker.sock - target: /var/run/docker.sock - bind: - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + volume: {} + - type: volume + source: spire-ca + target: /srv/spiffe/ca + volume: {} + - type: volume + source: spire-agent + target: /srv/spiffe/agent + volume: {} + - type: bind + source: /tmp/edgex/secrets/spiffe + target: /tmp/edgex/secrets/spiffe + bind: + selinux: z + create_host_path: true + - type: bind + source: /var/run/docker.sock + target: /var/run/docker.sock + bind: + create_host_path: true security-spire-config: command: - - docker-entrypoint.sh + - docker-entrypoint.sh container_name: edgex-security-spire-config depends_on: security-spire-agent: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" PROXY_SETUP_HOST: edgex-security-proxy-setup @@ -1964,36 +2061,37 @@ services: read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true tmpfs: - - /run + - /run user: root:root volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: volume - source: edgex-init - target: /edgex-init - volume: {} - - type: bind - source: /tmp/edgex/secrets/spiffe - target: /tmp/edgex/secrets/spiffe - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + volume: {} + - type: bind + source: /tmp/edgex/secrets/spiffe + target: /tmp/edgex/secrets/spiffe + bind: + selinux: z + create_host_path: true security-spire-server: command: - - docker-entrypoint.sh + - docker-entrypoint.sh container_name: edgex-security-spire-server depends_on: security-bootstrapper: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" PROXY_SETUP_HOST: edgex-security-proxy-setup @@ -2017,62 +2115,67 @@ services: edgex-network: null pid: host ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59840 - published: "59840" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59840 + published: "59840" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true tmpfs: - - /run + - /run user: root:root volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: volume - source: edgex-init - target: /edgex-init - volume: {} - - type: volume - source: spire-ca - target: /srv/spiffe/ca - volume: {} - - type: volume - source: spire-server - target: /srv/spiffe/server - volume: {} - - type: bind - source: /tmp/edgex/secrets/spiffe - target: /tmp/edgex/secrets/spiffe - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + volume: {} + - type: volume + source: spire-ca + target: /srv/spiffe/ca + volume: {} + - type: volume + source: spire-server + target: /srv/spiffe/server + volume: {} + - type: bind + source: /tmp/edgex/secrets/spiffe + target: /tmp/edgex/secrets/spiffe + bind: + selinux: z + create_host_path: true support-notifications: command: - - /support-notifications - - -cp=consul.http://edgex-core-consul:8500 - - --registry + - /support-notifications + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-support-notifications depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true database: condition: service_started + required: true security-bootstrapper: condition: service_started + required: true security-secretstore-setup: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" PROXY_SETUP_HOST: edgex-security-proxy-setup @@ -2096,54 +2199,59 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59860 - published: "59860" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59860 + published: "59860" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /tmp/edgex/secrets/support-notifications - target: /tmp/edgex/secrets/support-notifications - read_only: true - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/support-notifications + target: /tmp/edgex/secrets/support-notifications + read_only: true + bind: + selinux: z + create_host_path: true support-scheduler: command: - - /support-scheduler - - -cp=consul.http://edgex-core-consul:8500 - - --registry + - /support-scheduler + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-support-scheduler depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true database: condition: service_started + required: true security-bootstrapper: condition: service_started + required: true security-secretstore-setup: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" INTERVALACTIONS_SCRUBAGED_HOST: edgex-core-data @@ -2169,35 +2277,35 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59861 - published: "59861" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59861 + published: "59861" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /tmp/edgex/secrets/support-scheduler - target: /tmp/edgex/secrets/support-scheduler - read_only: true - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/support-scheduler + target: /tmp/edgex/secrets/support-scheduler + read_only: true + bind: + selinux: z + create_host_path: true ui: container_name: edgex-ui-go environment: @@ -2208,33 +2316,34 @@ services: networks: edgex-network: null ports: - - mode: ingress - target: 4000 - published: "4000" - protocol: tcp + - mode: ingress + target: 4000 + published: "4000" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true vault: cap_add: - - IPC_LOCK + - IPC_LOCK command: - - server + - server container_name: edgex-vault depends_on: security-bootstrapper: condition: service_started + required: true entrypoint: - - /edgex-init/vault_wait_install.sh + - /edgex-init/vault_wait_install.sh environment: PROXY_SETUP_HOST: edgex-security-proxy-setup STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper @@ -2258,29 +2367,29 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 8200 - published: "8200" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 8200 + published: "8200" + protocol: tcp restart: always tmpfs: - - /vault/config + - /vault/config user: root:root volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: volume - source: vault-file - target: /vault/file - volume: {} - - type: volume - source: vault-logs - target: /vault/logs - volume: {} + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: volume + source: vault-file + target: /vault/file + volume: {} + - type: volume + source: vault-logs + target: /vault/logs + volume: {} networks: edgex-network: name: edgex_edgex-network diff --git a/taf/docker-compose-taf-mqtt-bus-keeper-arm64.yml b/taf/docker-compose-taf-mqtt-bus-keeper-arm64.yml new file mode 100644 index 00000000..23c542d6 --- /dev/null +++ b/taf/docker-compose-taf-mqtt-bus-keeper-arm64.yml @@ -0,0 +1,2422 @@ +# * Copyright 2024 Intel Corporation. +# * +# * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except +# * in compliance with the License. You may obtain a copy of the License at +# * +# * http://www.apache.org/licenses/LICENSE-2.0 +# * +# * Unless required by applicable law or agreed to in writing, software distributed under the License +# * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express +# * or implied. See the License for the specific language governing permissions and limitations under +# * the License. +# * +# * EdgeX Foundry, Odessa WIP release +# *******************************************************************************/ +# +# +# +# ************************ This is a generated compose file **************************** +# +# DO NOT MAKE CHANGES that are intended to be permanent to EdgeX edgex-compose repo. +# +# Permanent changes can be made to the source compose files located in the compose-builder folder +# at the top level of the edgex-compose repo. +# +# From the compose-builder folder use `make build` to regenerate all standard compose files variations +# +# Generated with: Docker Compose version v2.25.0 +name: edgex +services: + app-external-mqtt-trigger: + command: + - /app-service-configurable + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-app-external-mqtt-trigger + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + core-data: + condition: service_started + required: true + core-metadata: + condition: service_started + required: true + keeper: + condition: service_started + required: true + security-bootstrapper: + condition: service_started + required: true + entrypoint: + - /edgex-init/ready_to_run_wait_install.sh + environment: + EDGEX_PROFILE: external-mqtt-trigger + EDGEX_SECURITY_SECRET_STORE: "true" + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + SERVICE_HOST: edgex-app-external-mqtt-trigger + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + TRIGGER_EXTERNALMQTT_URL: MQTT_BROKER_ADDRESS_PLACE_HOLDER + WRITABLE_LOGLEVEL: INFO + WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_BROKERADDRESS: MQTT_BROKER_ADDRESS_PLACE_HOLDER + WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_TOPIC: edgex-export + hostname: edgex-app-external-mqtt-trigger + image: nexus3.edgexfoundry.org:10004/app-service-configurable-arm64:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59706 + published: "59706" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/app-external-mqtt-trigger + target: /tmp/edgex/secrets/app-external-mqtt-trigger + read_only: true + bind: + selinux: z + create_host_path: true + app-functional-tests: + command: + - /app-service-configurable + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-app-functional-tests + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + core-metadata: + condition: service_started + required: true + keeper: + condition: service_started + required: true + security-bootstrapper: + condition: service_started + required: true + entrypoint: + - /edgex-init/ready_to_run_wait_install.sh + environment: + EDGEX_PROFILE: functional-tests + EDGEX_SECURITY_SECRET_STORE: "true" + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + SERVICE_HOST: edgex-app-functional-tests + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-app-functional-tests + image: nexus3.edgexfoundry.org:10004/app-service-configurable-arm64:latest + networks: + edgex-network: null + ports: + - mode: ingress + target: 59705 + published: "59705" + protocol: tcp + read_only: true + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/app-functional-tests + target: /tmp/edgex/secrets/app-functional-tests + read_only: true + bind: + selinux: z + create_host_path: true + app-http-export: + command: + - /app-service-configurable + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-app-http-export + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + core-data: + condition: service_started + required: true + core-metadata: + condition: service_started + required: true + keeper: + condition: service_started + required: true + security-bootstrapper: + condition: service_started + required: true + entrypoint: + - /edgex-init/ready_to_run_wait_install.sh + environment: + EDGEX_PROFILE: http-export + EDGEX_SECURITY_SECRET_STORE: "true" + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + SERVICE_HOST: edgex-app-http-export + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + WRITABLE_LOGLEVEL: INFO + WRITABLE_PIPELINE_FUNCTIONS_HTTPEXPORT_PARAMETERS_URL: http://EXPORT_HOST_PLACE_HOLDER:7770 + hostname: edgex-app-http-export + image: nexus3.edgexfoundry.org:10004/app-service-configurable-arm64:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59704 + published: "59704" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/app-http-export + target: /tmp/edgex/secrets/app-http-export + read_only: true + bind: + selinux: z + create_host_path: true + app-mqtt-export: + command: + - /app-service-configurable + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-app-mqtt-export + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + core-metadata: + condition: service_started + required: true + keeper: + condition: service_started + required: true + security-bootstrapper: + condition: service_started + required: true + entrypoint: + - /edgex-init/ready_to_run_wait_install.sh + environment: + EDGEX_PROFILE: mqtt-export + EDGEX_SECURITY_SECRET_STORE: "true" + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + SERVICE_HOST: edgex-app-mqtt-export + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + WRITABLE_LOGLEVEL: INFO + WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_BROKERADDRESS: MQTT_BROKER_ADDRESS_PLACE_HOLDER + WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_TOPIC: edgex-events + hostname: edgex-app-mqtt-export + image: nexus3.edgexfoundry.org:10004/app-service-configurable-arm64:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59703 + published: "59703" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/app-mqtt-export + target: /tmp/edgex/secrets/app-mqtt-export + read_only: true + bind: + selinux: z + create_host_path: true + app-rules-engine: + command: + - /app-service-configurable + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-app-rules-engine + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + core-metadata: + condition: service_started + required: true + keeper: + condition: service_started + required: true + security-bootstrapper: + condition: service_started + required: true + entrypoint: + - /edgex-init/ready_to_run_wait_install.sh + environment: + EDGEX_PROFILE: rules-engine + EDGEX_SECURITY_SECRET_STORE: "true" + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + SERVICE_HOST: edgex-app-rules-engine + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-app-rules-engine + image: nexus3.edgexfoundry.org:10004/app-service-configurable-arm64:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59701 + published: "59701" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/app-rules-engine + target: /tmp/edgex/secrets/app-rules-engine + read_only: true + bind: + selinux: z + create_host_path: true + app-sample: + command: + - /app-service-configurable + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-app-sample + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + core-metadata: + condition: service_started + required: true + keeper: + condition: service_started + required: true + security-bootstrapper: + condition: service_started + required: true + entrypoint: + - /edgex-init/ready_to_run_wait_install.sh + environment: + CLIENTS_CORE_COMMAND_HOST: edgex-core-command + CLIENTS_CORE_DATA_HOST: edgex-core-data + CLIENTS_SUPPORT-NOTIFICATIONS_HOST: edgex-support-notifications + EDGEX_PROFILE: sample + EDGEX_SECURITY_SECRET_STORE: "true" + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + SERVICE_HOST: edgex-app-sample + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-app-sample + image: nexus3.edgexfoundry.org:10004/app-service-configurable-arm64:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59700 + published: "59700" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/app-sample + target: /tmp/edgex/secrets/app-sample + read_only: true + bind: + selinux: z + create_host_path: true + app-scalability-test-mqtt-export: + command: + - /app-service-configurable + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-app-scalability-test-mqtt-export + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + core-metadata: + condition: service_started + required: true + keeper: + condition: service_started + required: true + security-bootstrapper: + condition: service_started + required: true + entrypoint: + - /edgex-init/ready_to_run_wait_install.sh + environment: + EDGEX_PROFILE: mqtt-export + EDGEX_SECURITY_SECRET_STORE: "true" + EDGEX_SERVICE_KEY: app-scalability-test-mqtt-export + MESSAGEBUS_OPTIONAL_CLIENTID: app-scalability-test-mqtt-export + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + SERVICE_HOST: edgex-app-scalability-test-mqtt-export + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + WRITABLE_INSECURESECRETS_MQTT_SECRETS_PASSWORD: PASSWORD_PLACE_HOLDER + WRITABLE_INSECURESECRETS_MQTT_SECRETS_USERNAME: USERNAME_PLACEH_OLDER + WRITABLE_LOGLEVEL: DEBUG + WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_BROKERADDRESS: MQTT_BROKER_ADDRESS_PLACE_HOLDER + WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_CLIENTID: app-scalability-test-mqtt-export + WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_TOPIC: edgex-events + hostname: edgex-app-scalability-test-mqtt-export + image: nexus3.edgexfoundry.org:10004/app-service-configurable-arm64:latest + networks: + edgex-network: null + ports: + - mode: ingress + target: 59703 + published: "59710" + protocol: tcp + read_only: true + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/app-scalability-test-mqtt-export + target: /tmp/edgex/secrets/app-scalability-test-mqtt-export + read_only: true + bind: + selinux: z + create_host_path: true + core-command: + command: + - /core-command + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-core-command + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + core-metadata: + condition: service_started + required: true + database: + condition: service_started + required: true + keeper: + condition: service_started + required: true + security-bootstrapper: + condition: service_started + required: true + security-secretstore-setup: + condition: service_started + required: true + entrypoint: + - /edgex-init/ready_to_run_wait_install.sh + environment: + EDGEX_SECURITY_SECRET_STORE: "true" + EXTERNALMQTT_URL: tcp://edgex-mqtt-broker:1883 + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + SERVICE_HOST: edgex-core-command + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-core-command + image: nexus3.edgexfoundry.org:10004/core-command-arm64:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59882 + published: "59882" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/core-command + target: /tmp/edgex/secrets/core-command + read_only: true + bind: + selinux: z + create_host_path: true + core-common-config-bootstrapper: + command: + - /entrypoint.sh + - /core-common-config-bootstrapper + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-core-common-config-bootstrapper + depends_on: + keeper: + condition: service_started + required: true + security-bootstrapper: + condition: service_started + required: true + security-secretstore-setup: + condition: service_started + required: true + entrypoint: + - /edgex-init/ready_to_run_wait_install.sh + environment: + ALL_SERVICES_DATABASE_HOST: edgex-redis + ALL_SERVICES_MESSAGEBUS_AUTHMODE: usernamepassword + ALL_SERVICES_MESSAGEBUS_HOST: edgex-mqtt-broker + ALL_SERVICES_MESSAGEBUS_PORT: "1883" + ALL_SERVICES_MESSAGEBUS_PROTOCOL: tcp + ALL_SERVICES_MESSAGEBUS_SECRETNAME: message-bus + ALL_SERVICES_MESSAGEBUS_TYPE: mqtt + ALL_SERVICES_REGISTRY_HOST: edgex-core-keeper + ALL_SERVICES_REGISTRY_PORT: "59890" + ALL_SERVICES_REGISTRY_TYPE: keeper + APP_SERVICES_CLIENTS_CORE_METADATA_HOST: edgex-core-metadata + DEVICE_SERVICES_CLIENTS_CORE_METADATA_HOST: edgex-core-metadata + EDGEX_SECURITY_SECRET_STORE: "true" + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-core-common-config-bootstrapper + image: nexus3.edgexfoundry.org:10004/core-common-config-bootstrapper-arm64:latest + networks: + edgex-network: null + read_only: true + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/core-common-config-bootstrapper + target: /tmp/edgex/secrets/core-common-config-bootstrapper + read_only: true + bind: + selinux: z + create_host_path: true + core-data: + command: + - /core-data + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-core-data + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + database: + condition: service_started + required: true + keeper: + condition: service_started + required: true + security-bootstrapper: + condition: service_started + required: true + security-secretstore-setup: + condition: service_started + required: true + entrypoint: + - /edgex-init/ready_to_run_wait_install.sh + environment: + EDGEX_SECURITY_SECRET_STORE: "true" + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + SERVICE_HOST: edgex-core-data + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-core-data + image: nexus3.edgexfoundry.org:10004/core-data-arm64:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59880 + published: "59880" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/core-data + target: /tmp/edgex/secrets/core-data + read_only: true + bind: + selinux: z + create_host_path: true + core-metadata: + command: + - /core-metadata + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-core-metadata + depends_on: + database: + condition: service_started + required: true + keeper: + condition: service_started + required: true + security-bootstrapper: + condition: service_started + required: true + security-secretstore-setup: + condition: service_started + required: true + entrypoint: + - /edgex-init/ready_to_run_wait_install.sh + environment: + EDGEX_SECURITY_SECRET_STORE: "true" + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + SERVICE_HOST: edgex-core-metadata + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-core-metadata + image: nexus3.edgexfoundry.org:10004/core-metadata-arm64:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59881 + published: "59881" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/core-metadata + target: /tmp/edgex/secrets/core-metadata + read_only: true + bind: + selinux: z + create_host_path: true + database: + container_name: edgex-redis + depends_on: + security-bootstrapper: + condition: service_started + required: true + security-secretstore-setup: + condition: service_started + required: true + entrypoint: + - /edgex-init/redis_wait_install.sh + environment: + DATABASECONFIG_NAME: redis.conf + DATABASECONFIG_PATH: /run/redis/conf + EDGEX_SECURITY_SECRET_STORE: "true" + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-redis + image: redis:7.0-alpine + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 6379 + published: "6379" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + tmpfs: + - /run + user: root:root + volumes: + - type: volume + source: db-data + target: /data + volume: {} + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: volume + source: redis-config + target: /run/redis/conf + volume: {} + - type: bind + source: /tmp/edgex/secrets/security-bootstrapper-redis + target: /tmp/edgex/secrets/security-bootstrapper-redis + read_only: true + bind: + selinux: z + create_host_path: true + device-modbus: + command: + - /device-modbus + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + - --configDir=CONFIG_DIR_PLACE_HOLDER + container_name: edgex-device-modbus + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + core-data: + condition: service_started + required: true + core-metadata: + condition: service_started + required: true + keeper: + condition: service_started + required: true + modbus-simulator: + condition: service_started + required: true + security-bootstrapper: + condition: service_started + required: true + entrypoint: + - /edgex-init/ready_to_run_wait_install.sh + environment: + EDGEX_SECURITY_SECRET_STORE: "true" + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + SERVICE_HOST: edgex-device-modbus + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-device-modbus + image: nexus3.edgexfoundry.org:10004/device-modbus-arm64:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59901 + published: "59901" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: bind + source: /PROFILE_VOLUME_PLACE_HOLDER + target: CONFIG_DIR_PLACE_HOLDER + bind: + selinux: z + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/device-modbus + target: /tmp/edgex/secrets/device-modbus + read_only: true + bind: + selinux: z + create_host_path: true + device-onvif-camera: + command: + - /device-onvif-camera + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-device-onvif-camera + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + core-data: + condition: service_started + required: true + core-metadata: + condition: service_started + required: true + keeper: + condition: service_started + required: true + security-bootstrapper: + condition: service_started + required: true + entrypoint: + - /edgex-init/ready_to_run_wait_install.sh + environment: + EDGEX_SECURITY_SECRET_STORE: "true" + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + SERVICE_HOST: edgex-device-onvif-camera + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-device-onvif-camera + image: nexus3.edgexfoundry.org:10004/device-onvif-camera-arm64:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59984 + published: "59984" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/device-onvif-camera + target: /tmp/edgex/secrets/device-onvif-camera + read_only: true + bind: + selinux: z + create_host_path: true + device-rest: + command: + - /device-rest + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-device-rest + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + core-data: + condition: service_started + required: true + core-metadata: + condition: service_started + required: true + keeper: + condition: service_started + required: true + security-bootstrapper: + condition: service_started + required: true + entrypoint: + - /edgex-init/ready_to_run_wait_install.sh + environment: + EDGEX_SECURITY_SECRET_STORE: "true" + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + SERVICE_HOST: edgex-device-rest + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-device-rest + image: nexus3.edgexfoundry.org:10004/device-rest-arm64:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59986 + published: "59986" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/device-rest + target: /tmp/edgex/secrets/device-rest + read_only: true + bind: + selinux: z + create_host_path: true + device-virtual: + command: + - /device-virtual + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + - --configDir=CONFIG_DIR_PLACE_HOLDER + container_name: edgex-device-virtual + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + core-data: + condition: service_started + required: true + core-metadata: + condition: service_started + required: true + keeper: + condition: service_started + required: true + security-bootstrapper: + condition: service_started + required: true + entrypoint: + - /edgex-init/ready_to_run_wait_install.sh + environment: + EDGEX_SECURITY_SECRET_STORE: "true" + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + SERVICE_HOST: edgex-device-virtual + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-device-virtual + image: nexus3.edgexfoundry.org:10004/device-virtual-arm64:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59900 + published: "59900" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: bind + source: /PROFILE_VOLUME_PLACE_HOLDER + target: CONFIG_DIR_PLACE_HOLDER + bind: + selinux: z + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/device-virtual + target: /tmp/edgex/secrets/device-virtual + read_only: true + bind: + selinux: z + create_host_path: true + keeper: + command: + - /core-keeper + container_name: edgex-core-keeper + depends_on: + database: + condition: service_started + required: true + security-bootstrapper: + condition: service_started + required: true + security-secretstore-setup: + condition: service_started + required: true + environment: + DATABASE_HOST: edgex-redis + EDGEX_SECURITY_SECRET_STORE: "true" + MESSAGEBUS_HOST: edgex-redis + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + SERVICE_HOST: edgex-core-keeper + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-core-keeper + image: nexus3.edgexfoundry.org:10004/core-keeper-arm64:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59890 + published: "59890" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/core-keeper + target: /tmp/edgex/secrets/core-keeper + read_only: true + bind: + selinux: z + create_host_path: true + modbus-simulator: + container_name: edgex-modbus-simulator + hostname: edgex-modbus-simulator + image: nexus3.edgexfoundry.org:10003/edgex-devops/edgex-modbus-simulator-arm64:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 1502 + published: "1502" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + mqtt-broker: + command: + - /usr/sbin/mosquitto + - -v + - -c + - /mosquitto/config/mosquitto.conf + container_name: edgex-mqtt-broker + depends_on: + security-bootstrapper: + condition: service_started + required: true + security-secretstore-setup: + condition: service_started + required: true + entrypoint: + - /edgex-init/messagebus_wait_install.sh + environment: + BROKER_TYPE: mosquitto + CONF_DIR: /edgex-init/bootstrap-mosquitto/res + EDGEX_SECURITY_SECRET_STORE: "true" + ENTRYPOINT: /docker-entrypoint.sh /usr/sbin/mosquitto -v -c /mosquitto/config/mosquitto.conf + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-mqtt-broker + image: eclipse-mosquitto:2.0 + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 1883 + published: "1883" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: root:root + volumes: + - type: volume + source: mqtt + target: /mosquitto + volume: {} + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/security-bootstrapper-messagebus + target: /tmp/edgex/secrets/security-bootstrapper-messagebus + read_only: true + bind: + selinux: z + create_host_path: true + mqtt-taf-broker: + command: + - /usr/sbin/mosquitto + - -c + - /mosquitto-no-auth.conf + container_name: edgex-taf-mqtt-broker + hostname: edgex-taf-mqtt-broker + image: eclipse-mosquitto:2.0 + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 1883 + published: "1884" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + nginx: + command: + - /docker-entrypoint.sh + - nginx + - -g + - daemon off; + container_name: edgex-nginx + depends_on: + security-secretstore-setup: + condition: service_started + required: true + entrypoint: + - /bin/sh + - /edgex-init/nginx_wait_install.sh + environment: + PROXY_SETUP_HOST: edgex-security-proxy-setup + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-nginx + image: nginx:1.25-alpine-slim + networks: + edgex-network: null + ports: + - mode: ingress + target: 8443 + published: "8443" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + tmpfs: + - /etc/nginx/conf.d + - /var/cache/nginx + - /var/log/nginx + - /var/run + volumes: + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: volume + source: nginx-templates + target: /etc/nginx/templates + volume: {} + - type: volume + source: nginx-tls + target: /etc/ssl/nginx + volume: {} + rules-engine: + container_name: edgex-kuiper + depends_on: + database: + condition: service_started + required: true + mqtt-broker: + condition: service_started + required: true + security-bootstrapper: + condition: service_started + required: true + security-secretstore-setup: + condition: service_started + required: true + entrypoint: + - /edgex-init/kuiper_wait_install.sh + environment: + CONNECTION__EDGEX__MQTTMSGBUS__OPTIONAL__CLIENTID: kuiper-rules-engine + CONNECTION__EDGEX__MQTTMSGBUS__OPTIONAL__KEEPALIVE: "500" + CONNECTION__EDGEX__MQTTMSGBUS__PORT: "1883" + CONNECTION__EDGEX__MQTTMSGBUS__PROTOCOL: tcp + CONNECTION__EDGEX__MQTTMSGBUS__SERVER: edgex-mqtt-broker + CONNECTION__EDGEX__MQTTMSGBUS__TYPE: mqtt + CONNECTION__EDGEX__REDISMSGBUS__PORT: "6379" + CONNECTION__EDGEX__REDISMSGBUS__PROTOCOL: redis + CONNECTION__EDGEX__REDISMSGBUS__SERVER: edgex-redis + CONNECTION__EDGEX__REDISMSGBUS__TYPE: redis + EDGEX__DEFAULT__OPTIONAL__CLIENTID: kuiper-rules-engine + EDGEX__DEFAULT__OPTIONAL__KEEPALIVE: "500" + EDGEX__DEFAULT__PORT: "1883" + EDGEX__DEFAULT__PROTOCOL: tcp + EDGEX__DEFAULT__SERVER: edgex-mqtt-broker + EDGEX__DEFAULT__TOPIC: edgex/rules-events + EDGEX__DEFAULT__TYPE: mqtt + KUIPER__BASIC__CONSOLELOG: "true" + KUIPER__BASIC__ENABLEOPENZITI: "false" + KUIPER__BASIC__RESTPORT: "59720" + PROXY_SETUP_HOST: edgex-security-proxy-setup + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-kuiper + image: lfedge/ekuiper:v1.14.0-alpha.2 + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59720 + published: "59720" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: kuiper:kuiper + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: kuiper-data + target: /kuiper/data + volume: {} + - type: volume + source: kuiper-etc + target: /kuiper/etc + volume: {} + - type: volume + source: kuiper-log + target: /kuiper/log + volume: {} + - type: volume + source: kuiper-plugins + target: /kuiper/plugins + volume: {} + - type: volume + source: kuiper-sources + target: /kuiper/etc/sources + volume: {} + - type: volume + source: kuiper-connections + target: /kuiper/etc/connections + volume: {} + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + security-bootstrapper: + container_name: edgex-security-bootstrapper + environment: + EDGEX_GROUP: "2001" + EDGEX_USER: "2002" + PROXY_SETUP_HOST: edgex-security-proxy-setup + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-security-bootstrapper + image: nexus3.edgexfoundry.org:10004/security-bootstrapper-arm64:latest + networks: + edgex-network: null + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: root:root + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + volume: {} + security-proxy-auth: + command: + - entrypoint.sh + - /security-proxy-auth + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-proxy-auth + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + security-secretstore-setup: + condition: service_started + required: true + entrypoint: + - /bin/sh + - /edgex-init/ready_to_run_wait_install.sh + environment: + EDGEX_SECURITY_SECRET_STORE: "true" + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + SERVICE_HOST: edgex-proxy-auth + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-proxy-auth + image: nexus3.edgexfoundry.org:10004/security-proxy-auth-arm64:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59842 + published: "59842" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/security-proxy-auth + target: /tmp/edgex/secrets/security-proxy-auth + read_only: true + bind: + selinux: z + create_host_path: true + security-proxy-setup: + container_name: edgex-security-proxy-setup + depends_on: + security-bootstrapper: + condition: service_started + required: true + security-secretstore-setup: + condition: service_started + required: true + entrypoint: + - /edgex-init/proxy_setup_wait_install.sh + environment: + EDGEX_ADD_PROXY_ROUTE: device-modbus.http://edgex-device-modbus:59901 + EDGEX_SECURITY_SECRET_STORE: "true" + PROXY_SETUP_HOST: edgex-security-proxy-setup + ROUTES_CORE_COMMAND_HOST: edgex-core-command + ROUTES_CORE_CONSUL_HOST: edgex-core-consul + ROUTES_CORE_DATA_HOST: edgex-core-data + ROUTES_CORE_METADATA_HOST: edgex-core-metadata + ROUTES_DEVICE_VIRTUAL_HOST: device-virtual + ROUTES_RULES_ENGINE_HOST: edgex-kuiper + ROUTES_SUPPORT_NOTIFICATIONS_HOST: edgex-support-notifications + ROUTES_SUPPORT_SCHEDULER_HOST: edgex-support-scheduler + ROUTES_SYS_MGMT_AGENT_HOST: edgex-sys-mgmt-agent + SECRETSTORE_HOST: edgex-vault + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-security-proxy-setup + image: nexus3.edgexfoundry.org:10004/security-proxy-setup-arm64:latest + networks: + edgex-network: null + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: root:root + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: volume + source: vault-config + target: /vault/config + volume: {} + - type: volume + source: nginx-templates + target: /etc/nginx/templates + volume: {} + - type: volume + source: nginx-tls + target: /etc/ssl/nginx + volume: {} + - type: bind + source: /tmp/edgex/secrets/security-proxy-setup + target: /tmp/edgex/secrets/security-proxy-setup + read_only: true + bind: + selinux: z + create_host_path: true + - type: volume + source: consul-acl-token + target: /tmp/edgex/secrets/consul-acl-token + read_only: true + volume: {} + security-secretstore-setup: + container_name: edgex-security-secretstore-setup + depends_on: + security-bootstrapper: + condition: service_started + required: true + vault: + condition: service_started + required: true + environment: + EDGEX_ADD_KNOWN_SECRETS: redisdb[app-rules-engine],redisdb[app-http-export],redisdb[app-mqtt-export],redisdb[app-scalability-test-mqtt-export],redisdb[app-sample],redisdb[device-modbus],redisdb[device-rest],redisdb[device-virtual],redisdb[device-onvif-camera],message-bus[app-rules-engine],message-bus[app-http-export],message-bus[app-mqtt-export],message-bus[app-external-mqtt-trigger],message-bus[app-scalability-test-mqtt-export],message-bus[app-sample],message-bus[device-modbus],message-bus[device-rest],message-bus[device-virtual],message-bus[device-onvif-camera] + EDGEX_ADD_SECRETSTORE_TOKENS: app-http-export,app-mqtt-export,app-functional-tests,app-scalability-test-mqtt-export,app-sample,device-modbus,app-external-mqtt-trigger,device-onvif-camera + EDGEX_GROUP: "2001" + EDGEX_SECURITY_SECRET_STORE: "true" + EDGEX_USER: "2002" + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + SECUREMESSAGEBUS_TYPE: mqtt + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-security-secretstore-setup + image: nexus3.edgexfoundry.org:10004/security-secretstore-setup-arm64:latest + networks: + edgex-network: null + read_only: true + restart: always + security_opt: + - no-new-privileges:true + tmpfs: + - /run + - /vault + user: root:root + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: volume + source: vault-config + target: /vault/config + volume: {} + - type: bind + source: /tmp/edgex/secrets + target: /tmp/edgex/secrets + bind: + selinux: z + create_host_path: true + - type: volume + source: kuiper-sources + target: /tmp/kuiper + volume: {} + - type: volume + source: kuiper-connections + target: /tmp/kuiper-connections + volume: {} + security-spiffe-token-provider: + command: + - /security-spiffe-token-provider + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-security-spiffe-token-provider + depends_on: + keeper: + condition: service_started + required: true + security-bootstrapper: + condition: service_started + required: true + security-spire-agent: + condition: service_started + required: true + entrypoint: + - /edgex-init/ready_to_run_wait_install.sh + environment: + EDGEX_SECURITY_SECRET_STORE: "true" + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + SERVICE_HOST: edgex-security-spiffe-token-provider + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-security-spiffe-token-provider + image: nexus3.edgexfoundry.org:10004/security-spiffe-token-provider-arm64:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59841 + published: "59841" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + tmpfs: + - /run + user: root:root + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + volume: {} + - type: bind + source: /tmp/edgex/secrets/spiffe + target: /tmp/edgex/secrets/spiffe + bind: + selinux: z + create_host_path: true + - type: bind + source: /tmp/edgex/secrets/security-spiffe-token-provider + target: /tmp/edgex/secrets/security-spiffe-token-provider + bind: + selinux: z + create_host_path: true + security-spire-agent: + command: + - docker-entrypoint.sh + container_name: edgex-security-spire-agent + depends_on: + security-spire-server: + condition: service_started + required: true + entrypoint: + - /edgex-init/ready_to_run_wait_install.sh + environment: + EDGEX_SECURITY_SECRET_STORE: "true" + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-security-spire-agent + image: nexus3.edgexfoundry.org:10004/security-spire-agent-arm64:latest + networks: + edgex-network: null + pid: host + privileged: true + read_only: true + restart: always + security_opt: + - no-new-privileges:true + tmpfs: + - /run + user: root:root + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + volume: {} + - type: volume + source: spire-ca + target: /srv/spiffe/ca + volume: {} + - type: volume + source: spire-agent + target: /srv/spiffe/agent + volume: {} + - type: bind + source: /tmp/edgex/secrets/spiffe + target: /tmp/edgex/secrets/spiffe + bind: + selinux: z + create_host_path: true + - type: bind + source: /var/run/docker.sock + target: /var/run/docker.sock + bind: + create_host_path: true + security-spire-config: + command: + - docker-entrypoint.sh + container_name: edgex-security-spire-config + depends_on: + security-spire-agent: + condition: service_started + required: true + entrypoint: + - /edgex-init/ready_to_run_wait_install.sh + environment: + EDGEX_SECURITY_SECRET_STORE: "true" + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-security-spire-config + image: nexus3.edgexfoundry.org:10004/security-spire-config-arm64:latest + networks: + edgex-network: null + read_only: true + restart: always + security_opt: + - no-new-privileges:true + tmpfs: + - /run + user: root:root + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + volume: {} + - type: bind + source: /tmp/edgex/secrets/spiffe + target: /tmp/edgex/secrets/spiffe + bind: + selinux: z + create_host_path: true + security-spire-server: + command: + - docker-entrypoint.sh + container_name: edgex-security-spire-server + depends_on: + security-bootstrapper: + condition: service_started + required: true + entrypoint: + - /edgex-init/ready_to_run_wait_install.sh + environment: + EDGEX_SECURITY_SECRET_STORE: "true" + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-security-spire-server + image: nexus3.edgexfoundry.org:10004/security-spire-server-arm64:latest + networks: + edgex-network: null + pid: host + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59840 + published: "59840" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + tmpfs: + - /run + user: root:root + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + volume: {} + - type: volume + source: spire-ca + target: /srv/spiffe/ca + volume: {} + - type: volume + source: spire-server + target: /srv/spiffe/server + volume: {} + - type: bind + source: /tmp/edgex/secrets/spiffe + target: /tmp/edgex/secrets/spiffe + bind: + selinux: z + create_host_path: true + support-notifications: + command: + - /support-notifications + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-support-notifications + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + database: + condition: service_started + required: true + keeper: + condition: service_started + required: true + security-bootstrapper: + condition: service_started + required: true + security-secretstore-setup: + condition: service_started + required: true + entrypoint: + - /edgex-init/ready_to_run_wait_install.sh + environment: + EDGEX_SECURITY_SECRET_STORE: "true" + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + SERVICE_HOST: edgex-support-notifications + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-support-notifications + image: nexus3.edgexfoundry.org:10004/support-notifications-arm64:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59860 + published: "59860" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/support-notifications + target: /tmp/edgex/secrets/support-notifications + read_only: true + bind: + selinux: z + create_host_path: true + support-scheduler: + command: + - /support-scheduler + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-support-scheduler + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + database: + condition: service_started + required: true + keeper: + condition: service_started + required: true + security-bootstrapper: + condition: service_started + required: true + security-secretstore-setup: + condition: service_started + required: true + entrypoint: + - /edgex-init/ready_to_run_wait_install.sh + environment: + EDGEX_SECURITY_SECRET_STORE: "true" + INTERVALACTIONS_SCRUBAGED_HOST: edgex-core-data + INTERVALACTIONS_SCRUBPUSHED_HOST: edgex-core-data + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + SERVICE_HOST: edgex-support-scheduler + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-support-scheduler + image: nexus3.edgexfoundry.org:10004/support-scheduler-arm64:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59861 + published: "59861" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/support-scheduler + target: /tmp/edgex/secrets/support-scheduler + read_only: true + bind: + selinux: z + create_host_path: true + ui: + container_name: edgex-ui-go + environment: + EDGEX_SECURITY_SECRET_STORE: "true" + SERVICE_HOST: edgex-ui-go + hostname: edgex-ui-go + image: nexus3.edgexfoundry.org:10004/edgex-ui-arm64:latest + networks: + edgex-network: null + ports: + - mode: ingress + target: 4000 + published: "4000" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + vault: + cap_add: + - IPC_LOCK + command: + - server + container_name: edgex-vault + depends_on: + security-bootstrapper: + condition: service_started + required: true + entrypoint: + - /edgex-init/vault_wait_install.sh + environment: + PROXY_SETUP_HOST: edgex-security-proxy-setup + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + VAULT_ADDR: http://edgex-vault:8200 + VAULT_CONFIG_DIR: /vault/config + VAULT_UI: "true" + hostname: edgex-vault + image: hashicorp/vault:1.14 + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 8200 + published: "8200" + protocol: tcp + restart: always + tmpfs: + - /vault/config + user: root:root + volumes: + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: volume + source: vault-file + target: /vault/file + volume: {} + - type: volume + source: vault-logs + target: /vault/logs + volume: {} +networks: + edgex-network: + name: edgex_edgex-network + driver: bridge +volumes: + consul-acl-token: + name: edgex_consul-acl-token + db-data: + name: edgex_db-data + edgex-init: + name: edgex_edgex-init + kuiper-connections: + name: edgex_kuiper-connections + kuiper-data: + name: edgex_kuiper-data + kuiper-etc: + name: edgex_kuiper-etc + kuiper-log: + name: edgex_kuiper-log + kuiper-plugins: + name: edgex_kuiper-plugins + kuiper-sources: + name: edgex_kuiper-sources + mqtt: + name: edgex_mqtt + nginx-templates: + name: edgex_nginx-templates + nginx-tls: + name: edgex_nginx-tls + redis-config: + name: edgex_redis-config + spire-agent: + name: edgex_spire-agent + spire-ca: + name: edgex_spire-ca + spire-server: + name: edgex_spire-server + vault-config: + name: edgex_vault-config + vault-file: + name: edgex_vault-file + vault-logs: + name: edgex_vault-logs diff --git a/taf/docker-compose-taf-mqtt-bus-keeper.yml b/taf/docker-compose-taf-mqtt-bus-keeper.yml new file mode 100644 index 00000000..fa26207d --- /dev/null +++ b/taf/docker-compose-taf-mqtt-bus-keeper.yml @@ -0,0 +1,2422 @@ +# * Copyright 2024 Intel Corporation. +# * +# * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except +# * in compliance with the License. You may obtain a copy of the License at +# * +# * http://www.apache.org/licenses/LICENSE-2.0 +# * +# * Unless required by applicable law or agreed to in writing, software distributed under the License +# * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express +# * or implied. See the License for the specific language governing permissions and limitations under +# * the License. +# * +# * EdgeX Foundry, Odessa WIP release +# *******************************************************************************/ +# +# +# +# ************************ This is a generated compose file **************************** +# +# DO NOT MAKE CHANGES that are intended to be permanent to EdgeX edgex-compose repo. +# +# Permanent changes can be made to the source compose files located in the compose-builder folder +# at the top level of the edgex-compose repo. +# +# From the compose-builder folder use `make build` to regenerate all standard compose files variations +# +# Generated with: Docker Compose version v2.25.0 +name: edgex +services: + app-external-mqtt-trigger: + command: + - /app-service-configurable + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-app-external-mqtt-trigger + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + core-data: + condition: service_started + required: true + core-metadata: + condition: service_started + required: true + keeper: + condition: service_started + required: true + security-bootstrapper: + condition: service_started + required: true + entrypoint: + - /edgex-init/ready_to_run_wait_install.sh + environment: + EDGEX_PROFILE: external-mqtt-trigger + EDGEX_SECURITY_SECRET_STORE: "true" + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + SERVICE_HOST: edgex-app-external-mqtt-trigger + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + TRIGGER_EXTERNALMQTT_URL: MQTT_BROKER_ADDRESS_PLACE_HOLDER + WRITABLE_LOGLEVEL: INFO + WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_BROKERADDRESS: MQTT_BROKER_ADDRESS_PLACE_HOLDER + WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_TOPIC: edgex-export + hostname: edgex-app-external-mqtt-trigger + image: nexus3.edgexfoundry.org:10004/app-service-configurable:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59706 + published: "59706" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/app-external-mqtt-trigger + target: /tmp/edgex/secrets/app-external-mqtt-trigger + read_only: true + bind: + selinux: z + create_host_path: true + app-functional-tests: + command: + - /app-service-configurable + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-app-functional-tests + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + core-metadata: + condition: service_started + required: true + keeper: + condition: service_started + required: true + security-bootstrapper: + condition: service_started + required: true + entrypoint: + - /edgex-init/ready_to_run_wait_install.sh + environment: + EDGEX_PROFILE: functional-tests + EDGEX_SECURITY_SECRET_STORE: "true" + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + SERVICE_HOST: edgex-app-functional-tests + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-app-functional-tests + image: nexus3.edgexfoundry.org:10004/app-service-configurable:latest + networks: + edgex-network: null + ports: + - mode: ingress + target: 59705 + published: "59705" + protocol: tcp + read_only: true + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/app-functional-tests + target: /tmp/edgex/secrets/app-functional-tests + read_only: true + bind: + selinux: z + create_host_path: true + app-http-export: + command: + - /app-service-configurable + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-app-http-export + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + core-data: + condition: service_started + required: true + core-metadata: + condition: service_started + required: true + keeper: + condition: service_started + required: true + security-bootstrapper: + condition: service_started + required: true + entrypoint: + - /edgex-init/ready_to_run_wait_install.sh + environment: + EDGEX_PROFILE: http-export + EDGEX_SECURITY_SECRET_STORE: "true" + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + SERVICE_HOST: edgex-app-http-export + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + WRITABLE_LOGLEVEL: INFO + WRITABLE_PIPELINE_FUNCTIONS_HTTPEXPORT_PARAMETERS_URL: http://EXPORT_HOST_PLACE_HOLDER:7770 + hostname: edgex-app-http-export + image: nexus3.edgexfoundry.org:10004/app-service-configurable:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59704 + published: "59704" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/app-http-export + target: /tmp/edgex/secrets/app-http-export + read_only: true + bind: + selinux: z + create_host_path: true + app-mqtt-export: + command: + - /app-service-configurable + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-app-mqtt-export + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + core-metadata: + condition: service_started + required: true + keeper: + condition: service_started + required: true + security-bootstrapper: + condition: service_started + required: true + entrypoint: + - /edgex-init/ready_to_run_wait_install.sh + environment: + EDGEX_PROFILE: mqtt-export + EDGEX_SECURITY_SECRET_STORE: "true" + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + SERVICE_HOST: edgex-app-mqtt-export + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + WRITABLE_LOGLEVEL: INFO + WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_BROKERADDRESS: MQTT_BROKER_ADDRESS_PLACE_HOLDER + WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_TOPIC: edgex-events + hostname: edgex-app-mqtt-export + image: nexus3.edgexfoundry.org:10004/app-service-configurable:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59703 + published: "59703" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/app-mqtt-export + target: /tmp/edgex/secrets/app-mqtt-export + read_only: true + bind: + selinux: z + create_host_path: true + app-rules-engine: + command: + - /app-service-configurable + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-app-rules-engine + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + core-metadata: + condition: service_started + required: true + keeper: + condition: service_started + required: true + security-bootstrapper: + condition: service_started + required: true + entrypoint: + - /edgex-init/ready_to_run_wait_install.sh + environment: + EDGEX_PROFILE: rules-engine + EDGEX_SECURITY_SECRET_STORE: "true" + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + SERVICE_HOST: edgex-app-rules-engine + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-app-rules-engine + image: nexus3.edgexfoundry.org:10004/app-service-configurable:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59701 + published: "59701" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/app-rules-engine + target: /tmp/edgex/secrets/app-rules-engine + read_only: true + bind: + selinux: z + create_host_path: true + app-sample: + command: + - /app-service-configurable + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-app-sample + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + core-metadata: + condition: service_started + required: true + keeper: + condition: service_started + required: true + security-bootstrapper: + condition: service_started + required: true + entrypoint: + - /edgex-init/ready_to_run_wait_install.sh + environment: + CLIENTS_CORE_COMMAND_HOST: edgex-core-command + CLIENTS_CORE_DATA_HOST: edgex-core-data + CLIENTS_SUPPORT-NOTIFICATIONS_HOST: edgex-support-notifications + EDGEX_PROFILE: sample + EDGEX_SECURITY_SECRET_STORE: "true" + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + SERVICE_HOST: edgex-app-sample + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-app-sample + image: nexus3.edgexfoundry.org:10004/app-service-configurable:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59700 + published: "59700" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/app-sample + target: /tmp/edgex/secrets/app-sample + read_only: true + bind: + selinux: z + create_host_path: true + app-scalability-test-mqtt-export: + command: + - /app-service-configurable + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-app-scalability-test-mqtt-export + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + core-metadata: + condition: service_started + required: true + keeper: + condition: service_started + required: true + security-bootstrapper: + condition: service_started + required: true + entrypoint: + - /edgex-init/ready_to_run_wait_install.sh + environment: + EDGEX_PROFILE: mqtt-export + EDGEX_SECURITY_SECRET_STORE: "true" + EDGEX_SERVICE_KEY: app-scalability-test-mqtt-export + MESSAGEBUS_OPTIONAL_CLIENTID: app-scalability-test-mqtt-export + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + SERVICE_HOST: edgex-app-scalability-test-mqtt-export + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + WRITABLE_INSECURESECRETS_MQTT_SECRETS_PASSWORD: PASSWORD_PLACE_HOLDER + WRITABLE_INSECURESECRETS_MQTT_SECRETS_USERNAME: USERNAME_PLACEH_OLDER + WRITABLE_LOGLEVEL: DEBUG + WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_BROKERADDRESS: MQTT_BROKER_ADDRESS_PLACE_HOLDER + WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_CLIENTID: app-scalability-test-mqtt-export + WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_TOPIC: edgex-events + hostname: edgex-app-scalability-test-mqtt-export + image: nexus3.edgexfoundry.org:10004/app-service-configurable:latest + networks: + edgex-network: null + ports: + - mode: ingress + target: 59703 + published: "59710" + protocol: tcp + read_only: true + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/app-scalability-test-mqtt-export + target: /tmp/edgex/secrets/app-scalability-test-mqtt-export + read_only: true + bind: + selinux: z + create_host_path: true + core-command: + command: + - /core-command + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-core-command + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + core-metadata: + condition: service_started + required: true + database: + condition: service_started + required: true + keeper: + condition: service_started + required: true + security-bootstrapper: + condition: service_started + required: true + security-secretstore-setup: + condition: service_started + required: true + entrypoint: + - /edgex-init/ready_to_run_wait_install.sh + environment: + EDGEX_SECURITY_SECRET_STORE: "true" + EXTERNALMQTT_URL: tcp://edgex-mqtt-broker:1883 + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + SERVICE_HOST: edgex-core-command + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-core-command + image: nexus3.edgexfoundry.org:10004/core-command:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59882 + published: "59882" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/core-command + target: /tmp/edgex/secrets/core-command + read_only: true + bind: + selinux: z + create_host_path: true + core-common-config-bootstrapper: + command: + - /entrypoint.sh + - /core-common-config-bootstrapper + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-core-common-config-bootstrapper + depends_on: + keeper: + condition: service_started + required: true + security-bootstrapper: + condition: service_started + required: true + security-secretstore-setup: + condition: service_started + required: true + entrypoint: + - /edgex-init/ready_to_run_wait_install.sh + environment: + ALL_SERVICES_DATABASE_HOST: edgex-redis + ALL_SERVICES_MESSAGEBUS_AUTHMODE: usernamepassword + ALL_SERVICES_MESSAGEBUS_HOST: edgex-mqtt-broker + ALL_SERVICES_MESSAGEBUS_PORT: "1883" + ALL_SERVICES_MESSAGEBUS_PROTOCOL: tcp + ALL_SERVICES_MESSAGEBUS_SECRETNAME: message-bus + ALL_SERVICES_MESSAGEBUS_TYPE: mqtt + ALL_SERVICES_REGISTRY_HOST: edgex-core-keeper + ALL_SERVICES_REGISTRY_PORT: "59890" + ALL_SERVICES_REGISTRY_TYPE: keeper + APP_SERVICES_CLIENTS_CORE_METADATA_HOST: edgex-core-metadata + DEVICE_SERVICES_CLIENTS_CORE_METADATA_HOST: edgex-core-metadata + EDGEX_SECURITY_SECRET_STORE: "true" + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-core-common-config-bootstrapper + image: nexus3.edgexfoundry.org:10004/core-common-config-bootstrapper:latest + networks: + edgex-network: null + read_only: true + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/core-common-config-bootstrapper + target: /tmp/edgex/secrets/core-common-config-bootstrapper + read_only: true + bind: + selinux: z + create_host_path: true + core-data: + command: + - /core-data + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-core-data + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + database: + condition: service_started + required: true + keeper: + condition: service_started + required: true + security-bootstrapper: + condition: service_started + required: true + security-secretstore-setup: + condition: service_started + required: true + entrypoint: + - /edgex-init/ready_to_run_wait_install.sh + environment: + EDGEX_SECURITY_SECRET_STORE: "true" + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + SERVICE_HOST: edgex-core-data + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-core-data + image: nexus3.edgexfoundry.org:10004/core-data:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59880 + published: "59880" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/core-data + target: /tmp/edgex/secrets/core-data + read_only: true + bind: + selinux: z + create_host_path: true + core-metadata: + command: + - /core-metadata + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-core-metadata + depends_on: + database: + condition: service_started + required: true + keeper: + condition: service_started + required: true + security-bootstrapper: + condition: service_started + required: true + security-secretstore-setup: + condition: service_started + required: true + entrypoint: + - /edgex-init/ready_to_run_wait_install.sh + environment: + EDGEX_SECURITY_SECRET_STORE: "true" + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + SERVICE_HOST: edgex-core-metadata + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-core-metadata + image: nexus3.edgexfoundry.org:10004/core-metadata:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59881 + published: "59881" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/core-metadata + target: /tmp/edgex/secrets/core-metadata + read_only: true + bind: + selinux: z + create_host_path: true + database: + container_name: edgex-redis + depends_on: + security-bootstrapper: + condition: service_started + required: true + security-secretstore-setup: + condition: service_started + required: true + entrypoint: + - /edgex-init/redis_wait_install.sh + environment: + DATABASECONFIG_NAME: redis.conf + DATABASECONFIG_PATH: /run/redis/conf + EDGEX_SECURITY_SECRET_STORE: "true" + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-redis + image: redis:7.0-alpine + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 6379 + published: "6379" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + tmpfs: + - /run + user: root:root + volumes: + - type: volume + source: db-data + target: /data + volume: {} + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: volume + source: redis-config + target: /run/redis/conf + volume: {} + - type: bind + source: /tmp/edgex/secrets/security-bootstrapper-redis + target: /tmp/edgex/secrets/security-bootstrapper-redis + read_only: true + bind: + selinux: z + create_host_path: true + device-modbus: + command: + - /device-modbus + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + - --configDir=CONFIG_DIR_PLACE_HOLDER + container_name: edgex-device-modbus + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + core-data: + condition: service_started + required: true + core-metadata: + condition: service_started + required: true + keeper: + condition: service_started + required: true + modbus-simulator: + condition: service_started + required: true + security-bootstrapper: + condition: service_started + required: true + entrypoint: + - /edgex-init/ready_to_run_wait_install.sh + environment: + EDGEX_SECURITY_SECRET_STORE: "true" + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + SERVICE_HOST: edgex-device-modbus + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-device-modbus + image: nexus3.edgexfoundry.org:10004/device-modbus:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59901 + published: "59901" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: bind + source: /PROFILE_VOLUME_PLACE_HOLDER + target: CONFIG_DIR_PLACE_HOLDER + bind: + selinux: z + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/device-modbus + target: /tmp/edgex/secrets/device-modbus + read_only: true + bind: + selinux: z + create_host_path: true + device-onvif-camera: + command: + - /device-onvif-camera + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-device-onvif-camera + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + core-data: + condition: service_started + required: true + core-metadata: + condition: service_started + required: true + keeper: + condition: service_started + required: true + security-bootstrapper: + condition: service_started + required: true + entrypoint: + - /edgex-init/ready_to_run_wait_install.sh + environment: + EDGEX_SECURITY_SECRET_STORE: "true" + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + SERVICE_HOST: edgex-device-onvif-camera + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-device-onvif-camera + image: nexus3.edgexfoundry.org:10004/device-onvif-camera:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59984 + published: "59984" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/device-onvif-camera + target: /tmp/edgex/secrets/device-onvif-camera + read_only: true + bind: + selinux: z + create_host_path: true + device-rest: + command: + - /device-rest + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-device-rest + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + core-data: + condition: service_started + required: true + core-metadata: + condition: service_started + required: true + keeper: + condition: service_started + required: true + security-bootstrapper: + condition: service_started + required: true + entrypoint: + - /edgex-init/ready_to_run_wait_install.sh + environment: + EDGEX_SECURITY_SECRET_STORE: "true" + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + SERVICE_HOST: edgex-device-rest + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-device-rest + image: nexus3.edgexfoundry.org:10004/device-rest:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59986 + published: "59986" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/device-rest + target: /tmp/edgex/secrets/device-rest + read_only: true + bind: + selinux: z + create_host_path: true + device-virtual: + command: + - /device-virtual + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + - --configDir=CONFIG_DIR_PLACE_HOLDER + container_name: edgex-device-virtual + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + core-data: + condition: service_started + required: true + core-metadata: + condition: service_started + required: true + keeper: + condition: service_started + required: true + security-bootstrapper: + condition: service_started + required: true + entrypoint: + - /edgex-init/ready_to_run_wait_install.sh + environment: + EDGEX_SECURITY_SECRET_STORE: "true" + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + SERVICE_HOST: edgex-device-virtual + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-device-virtual + image: nexus3.edgexfoundry.org:10004/device-virtual:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59900 + published: "59900" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: bind + source: /PROFILE_VOLUME_PLACE_HOLDER + target: CONFIG_DIR_PLACE_HOLDER + bind: + selinux: z + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/device-virtual + target: /tmp/edgex/secrets/device-virtual + read_only: true + bind: + selinux: z + create_host_path: true + keeper: + command: + - /core-keeper + container_name: edgex-core-keeper + depends_on: + database: + condition: service_started + required: true + security-bootstrapper: + condition: service_started + required: true + security-secretstore-setup: + condition: service_started + required: true + environment: + DATABASE_HOST: edgex-redis + EDGEX_SECURITY_SECRET_STORE: "true" + MESSAGEBUS_HOST: edgex-redis + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + SERVICE_HOST: edgex-core-keeper + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-core-keeper + image: nexus3.edgexfoundry.org:10004/core-keeper:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59890 + published: "59890" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/core-keeper + target: /tmp/edgex/secrets/core-keeper + read_only: true + bind: + selinux: z + create_host_path: true + modbus-simulator: + container_name: edgex-modbus-simulator + hostname: edgex-modbus-simulator + image: nexus3.edgexfoundry.org:10003/edgex-devops/edgex-modbus-simulator:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 1502 + published: "1502" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + mqtt-broker: + command: + - /usr/sbin/mosquitto + - -v + - -c + - /mosquitto/config/mosquitto.conf + container_name: edgex-mqtt-broker + depends_on: + security-bootstrapper: + condition: service_started + required: true + security-secretstore-setup: + condition: service_started + required: true + entrypoint: + - /edgex-init/messagebus_wait_install.sh + environment: + BROKER_TYPE: mosquitto + CONF_DIR: /edgex-init/bootstrap-mosquitto/res + EDGEX_SECURITY_SECRET_STORE: "true" + ENTRYPOINT: /docker-entrypoint.sh /usr/sbin/mosquitto -v -c /mosquitto/config/mosquitto.conf + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-mqtt-broker + image: eclipse-mosquitto:2.0 + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 1883 + published: "1883" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: root:root + volumes: + - type: volume + source: mqtt + target: /mosquitto + volume: {} + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/security-bootstrapper-messagebus + target: /tmp/edgex/secrets/security-bootstrapper-messagebus + read_only: true + bind: + selinux: z + create_host_path: true + mqtt-taf-broker: + command: + - /usr/sbin/mosquitto + - -c + - /mosquitto-no-auth.conf + container_name: edgex-taf-mqtt-broker + hostname: edgex-taf-mqtt-broker + image: eclipse-mosquitto:2.0 + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 1883 + published: "1884" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + nginx: + command: + - /docker-entrypoint.sh + - nginx + - -g + - daemon off; + container_name: edgex-nginx + depends_on: + security-secretstore-setup: + condition: service_started + required: true + entrypoint: + - /bin/sh + - /edgex-init/nginx_wait_install.sh + environment: + PROXY_SETUP_HOST: edgex-security-proxy-setup + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-nginx + image: nginx:1.25-alpine-slim + networks: + edgex-network: null + ports: + - mode: ingress + target: 8443 + published: "8443" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + tmpfs: + - /etc/nginx/conf.d + - /var/cache/nginx + - /var/log/nginx + - /var/run + volumes: + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: volume + source: nginx-templates + target: /etc/nginx/templates + volume: {} + - type: volume + source: nginx-tls + target: /etc/ssl/nginx + volume: {} + rules-engine: + container_name: edgex-kuiper + depends_on: + database: + condition: service_started + required: true + mqtt-broker: + condition: service_started + required: true + security-bootstrapper: + condition: service_started + required: true + security-secretstore-setup: + condition: service_started + required: true + entrypoint: + - /edgex-init/kuiper_wait_install.sh + environment: + CONNECTION__EDGEX__MQTTMSGBUS__OPTIONAL__CLIENTID: kuiper-rules-engine + CONNECTION__EDGEX__MQTTMSGBUS__OPTIONAL__KEEPALIVE: "500" + CONNECTION__EDGEX__MQTTMSGBUS__PORT: "1883" + CONNECTION__EDGEX__MQTTMSGBUS__PROTOCOL: tcp + CONNECTION__EDGEX__MQTTMSGBUS__SERVER: edgex-mqtt-broker + CONNECTION__EDGEX__MQTTMSGBUS__TYPE: mqtt + CONNECTION__EDGEX__REDISMSGBUS__PORT: "6379" + CONNECTION__EDGEX__REDISMSGBUS__PROTOCOL: redis + CONNECTION__EDGEX__REDISMSGBUS__SERVER: edgex-redis + CONNECTION__EDGEX__REDISMSGBUS__TYPE: redis + EDGEX__DEFAULT__OPTIONAL__CLIENTID: kuiper-rules-engine + EDGEX__DEFAULT__OPTIONAL__KEEPALIVE: "500" + EDGEX__DEFAULT__PORT: "1883" + EDGEX__DEFAULT__PROTOCOL: tcp + EDGEX__DEFAULT__SERVER: edgex-mqtt-broker + EDGEX__DEFAULT__TOPIC: edgex/rules-events + EDGEX__DEFAULT__TYPE: mqtt + KUIPER__BASIC__CONSOLELOG: "true" + KUIPER__BASIC__ENABLEOPENZITI: "false" + KUIPER__BASIC__RESTPORT: "59720" + PROXY_SETUP_HOST: edgex-security-proxy-setup + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-kuiper + image: lfedge/ekuiper:v1.14.0-alpha.2 + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59720 + published: "59720" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: kuiper:kuiper + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: kuiper-data + target: /kuiper/data + volume: {} + - type: volume + source: kuiper-etc + target: /kuiper/etc + volume: {} + - type: volume + source: kuiper-log + target: /kuiper/log + volume: {} + - type: volume + source: kuiper-plugins + target: /kuiper/plugins + volume: {} + - type: volume + source: kuiper-sources + target: /kuiper/etc/sources + volume: {} + - type: volume + source: kuiper-connections + target: /kuiper/etc/connections + volume: {} + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + security-bootstrapper: + container_name: edgex-security-bootstrapper + environment: + EDGEX_GROUP: "2001" + EDGEX_USER: "2002" + PROXY_SETUP_HOST: edgex-security-proxy-setup + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-security-bootstrapper + image: nexus3.edgexfoundry.org:10004/security-bootstrapper:latest + networks: + edgex-network: null + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: root:root + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + volume: {} + security-proxy-auth: + command: + - entrypoint.sh + - /security-proxy-auth + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-proxy-auth + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + security-secretstore-setup: + condition: service_started + required: true + entrypoint: + - /bin/sh + - /edgex-init/ready_to_run_wait_install.sh + environment: + EDGEX_SECURITY_SECRET_STORE: "true" + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + SERVICE_HOST: edgex-proxy-auth + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-proxy-auth + image: nexus3.edgexfoundry.org:10004/security-proxy-auth:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59842 + published: "59842" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/security-proxy-auth + target: /tmp/edgex/secrets/security-proxy-auth + read_only: true + bind: + selinux: z + create_host_path: true + security-proxy-setup: + container_name: edgex-security-proxy-setup + depends_on: + security-bootstrapper: + condition: service_started + required: true + security-secretstore-setup: + condition: service_started + required: true + entrypoint: + - /edgex-init/proxy_setup_wait_install.sh + environment: + EDGEX_ADD_PROXY_ROUTE: device-modbus.http://edgex-device-modbus:59901 + EDGEX_SECURITY_SECRET_STORE: "true" + PROXY_SETUP_HOST: edgex-security-proxy-setup + ROUTES_CORE_COMMAND_HOST: edgex-core-command + ROUTES_CORE_CONSUL_HOST: edgex-core-consul + ROUTES_CORE_DATA_HOST: edgex-core-data + ROUTES_CORE_METADATA_HOST: edgex-core-metadata + ROUTES_DEVICE_VIRTUAL_HOST: device-virtual + ROUTES_RULES_ENGINE_HOST: edgex-kuiper + ROUTES_SUPPORT_NOTIFICATIONS_HOST: edgex-support-notifications + ROUTES_SUPPORT_SCHEDULER_HOST: edgex-support-scheduler + ROUTES_SYS_MGMT_AGENT_HOST: edgex-sys-mgmt-agent + SECRETSTORE_HOST: edgex-vault + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-security-proxy-setup + image: nexus3.edgexfoundry.org:10004/security-proxy-setup:latest + networks: + edgex-network: null + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: root:root + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: volume + source: vault-config + target: /vault/config + volume: {} + - type: volume + source: nginx-templates + target: /etc/nginx/templates + volume: {} + - type: volume + source: nginx-tls + target: /etc/ssl/nginx + volume: {} + - type: bind + source: /tmp/edgex/secrets/security-proxy-setup + target: /tmp/edgex/secrets/security-proxy-setup + read_only: true + bind: + selinux: z + create_host_path: true + - type: volume + source: consul-acl-token + target: /tmp/edgex/secrets/consul-acl-token + read_only: true + volume: {} + security-secretstore-setup: + container_name: edgex-security-secretstore-setup + depends_on: + security-bootstrapper: + condition: service_started + required: true + vault: + condition: service_started + required: true + environment: + EDGEX_ADD_KNOWN_SECRETS: redisdb[app-rules-engine],redisdb[app-http-export],redisdb[app-mqtt-export],redisdb[app-scalability-test-mqtt-export],redisdb[app-sample],redisdb[device-modbus],redisdb[device-rest],redisdb[device-virtual],redisdb[device-onvif-camera],message-bus[app-rules-engine],message-bus[app-http-export],message-bus[app-mqtt-export],message-bus[app-external-mqtt-trigger],message-bus[app-scalability-test-mqtt-export],message-bus[app-sample],message-bus[device-modbus],message-bus[device-rest],message-bus[device-virtual],message-bus[device-onvif-camera] + EDGEX_ADD_SECRETSTORE_TOKENS: app-http-export,app-mqtt-export,app-functional-tests,app-scalability-test-mqtt-export,app-sample,device-modbus,app-external-mqtt-trigger,device-onvif-camera + EDGEX_GROUP: "2001" + EDGEX_SECURITY_SECRET_STORE: "true" + EDGEX_USER: "2002" + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + SECUREMESSAGEBUS_TYPE: mqtt + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-security-secretstore-setup + image: nexus3.edgexfoundry.org:10004/security-secretstore-setup:latest + networks: + edgex-network: null + read_only: true + restart: always + security_opt: + - no-new-privileges:true + tmpfs: + - /run + - /vault + user: root:root + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: volume + source: vault-config + target: /vault/config + volume: {} + - type: bind + source: /tmp/edgex/secrets + target: /tmp/edgex/secrets + bind: + selinux: z + create_host_path: true + - type: volume + source: kuiper-sources + target: /tmp/kuiper + volume: {} + - type: volume + source: kuiper-connections + target: /tmp/kuiper-connections + volume: {} + security-spiffe-token-provider: + command: + - /security-spiffe-token-provider + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-security-spiffe-token-provider + depends_on: + keeper: + condition: service_started + required: true + security-bootstrapper: + condition: service_started + required: true + security-spire-agent: + condition: service_started + required: true + entrypoint: + - /edgex-init/ready_to_run_wait_install.sh + environment: + EDGEX_SECURITY_SECRET_STORE: "true" + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + SERVICE_HOST: edgex-security-spiffe-token-provider + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-security-spiffe-token-provider + image: nexus3.edgexfoundry.org:10004/security-spiffe-token-provider:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59841 + published: "59841" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + tmpfs: + - /run + user: root:root + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + volume: {} + - type: bind + source: /tmp/edgex/secrets/spiffe + target: /tmp/edgex/secrets/spiffe + bind: + selinux: z + create_host_path: true + - type: bind + source: /tmp/edgex/secrets/security-spiffe-token-provider + target: /tmp/edgex/secrets/security-spiffe-token-provider + bind: + selinux: z + create_host_path: true + security-spire-agent: + command: + - docker-entrypoint.sh + container_name: edgex-security-spire-agent + depends_on: + security-spire-server: + condition: service_started + required: true + entrypoint: + - /edgex-init/ready_to_run_wait_install.sh + environment: + EDGEX_SECURITY_SECRET_STORE: "true" + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-security-spire-agent + image: nexus3.edgexfoundry.org:10004/security-spire-agent:latest + networks: + edgex-network: null + pid: host + privileged: true + read_only: true + restart: always + security_opt: + - no-new-privileges:true + tmpfs: + - /run + user: root:root + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + volume: {} + - type: volume + source: spire-ca + target: /srv/spiffe/ca + volume: {} + - type: volume + source: spire-agent + target: /srv/spiffe/agent + volume: {} + - type: bind + source: /tmp/edgex/secrets/spiffe + target: /tmp/edgex/secrets/spiffe + bind: + selinux: z + create_host_path: true + - type: bind + source: /var/run/docker.sock + target: /var/run/docker.sock + bind: + create_host_path: true + security-spire-config: + command: + - docker-entrypoint.sh + container_name: edgex-security-spire-config + depends_on: + security-spire-agent: + condition: service_started + required: true + entrypoint: + - /edgex-init/ready_to_run_wait_install.sh + environment: + EDGEX_SECURITY_SECRET_STORE: "true" + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-security-spire-config + image: nexus3.edgexfoundry.org:10004/security-spire-config:latest + networks: + edgex-network: null + read_only: true + restart: always + security_opt: + - no-new-privileges:true + tmpfs: + - /run + user: root:root + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + volume: {} + - type: bind + source: /tmp/edgex/secrets/spiffe + target: /tmp/edgex/secrets/spiffe + bind: + selinux: z + create_host_path: true + security-spire-server: + command: + - docker-entrypoint.sh + container_name: edgex-security-spire-server + depends_on: + security-bootstrapper: + condition: service_started + required: true + entrypoint: + - /edgex-init/ready_to_run_wait_install.sh + environment: + EDGEX_SECURITY_SECRET_STORE: "true" + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-security-spire-server + image: nexus3.edgexfoundry.org:10004/security-spire-server:latest + networks: + edgex-network: null + pid: host + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59840 + published: "59840" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + tmpfs: + - /run + user: root:root + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + volume: {} + - type: volume + source: spire-ca + target: /srv/spiffe/ca + volume: {} + - type: volume + source: spire-server + target: /srv/spiffe/server + volume: {} + - type: bind + source: /tmp/edgex/secrets/spiffe + target: /tmp/edgex/secrets/spiffe + bind: + selinux: z + create_host_path: true + support-notifications: + command: + - /support-notifications + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-support-notifications + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + database: + condition: service_started + required: true + keeper: + condition: service_started + required: true + security-bootstrapper: + condition: service_started + required: true + security-secretstore-setup: + condition: service_started + required: true + entrypoint: + - /edgex-init/ready_to_run_wait_install.sh + environment: + EDGEX_SECURITY_SECRET_STORE: "true" + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + SERVICE_HOST: edgex-support-notifications + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-support-notifications + image: nexus3.edgexfoundry.org:10004/support-notifications:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59860 + published: "59860" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/support-notifications + target: /tmp/edgex/secrets/support-notifications + read_only: true + bind: + selinux: z + create_host_path: true + support-scheduler: + command: + - /support-scheduler + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-support-scheduler + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + database: + condition: service_started + required: true + keeper: + condition: service_started + required: true + security-bootstrapper: + condition: service_started + required: true + security-secretstore-setup: + condition: service_started + required: true + entrypoint: + - /edgex-init/ready_to_run_wait_install.sh + environment: + EDGEX_SECURITY_SECRET_STORE: "true" + INTERVALACTIONS_SCRUBAGED_HOST: edgex-core-data + INTERVALACTIONS_SCRUBPUSHED_HOST: edgex-core-data + PROXY_SETUP_HOST: edgex-security-proxy-setup + SECRETSTORE_HOST: edgex-vault + SERVICE_HOST: edgex-support-scheduler + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + hostname: edgex-support-scheduler + image: nexus3.edgexfoundry.org:10004/support-scheduler:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59861 + published: "59861" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/support-scheduler + target: /tmp/edgex/secrets/support-scheduler + read_only: true + bind: + selinux: z + create_host_path: true + ui: + container_name: edgex-ui-go + environment: + EDGEX_SECURITY_SECRET_STORE: "true" + SERVICE_HOST: edgex-ui-go + hostname: edgex-ui-go + image: nexus3.edgexfoundry.org:10004/edgex-ui:latest + networks: + edgex-network: null + ports: + - mode: ingress + target: 4000 + published: "4000" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + vault: + cap_add: + - IPC_LOCK + command: + - server + container_name: edgex-vault + depends_on: + security-bootstrapper: + condition: service_started + required: true + entrypoint: + - /edgex-init/vault_wait_install.sh + environment: + PROXY_SETUP_HOST: edgex-security-proxy-setup + STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper + STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" + STAGEGATE_DATABASE_HOST: edgex-redis + STAGEGATE_DATABASE_PORT: "6379" + STAGEGATE_DATABASE_READYPORT: "6379" + STAGEGATE_PROXYSETUP_READYPORT: "54325" + STAGEGATE_READY_TORUNPORT: "54329" + STAGEGATE_REGISTRY_HOST: edgex-core-keeper + STAGEGATE_REGISTRY_PORT: "59890" + STAGEGATE_REGISTRY_READYPORT: "54324" + STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup + STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" + STAGEGATE_WAITFOR_TIMEOUT: 60s + VAULT_ADDR: http://edgex-vault:8200 + VAULT_CONFIG_DIR: /vault/config + VAULT_UI: "true" + hostname: edgex-vault + image: hashicorp/vault:1.14 + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 8200 + published: "8200" + protocol: tcp + restart: always + tmpfs: + - /vault/config + user: root:root + volumes: + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: volume + source: vault-file + target: /vault/file + volume: {} + - type: volume + source: vault-logs + target: /vault/logs + volume: {} +networks: + edgex-network: + name: edgex_edgex-network + driver: bridge +volumes: + consul-acl-token: + name: edgex_consul-acl-token + db-data: + name: edgex_db-data + edgex-init: + name: edgex_edgex-init + kuiper-connections: + name: edgex_kuiper-connections + kuiper-data: + name: edgex_kuiper-data + kuiper-etc: + name: edgex_kuiper-etc + kuiper-log: + name: edgex_kuiper-log + kuiper-plugins: + name: edgex_kuiper-plugins + kuiper-sources: + name: edgex_kuiper-sources + mqtt: + name: edgex_mqtt + nginx-templates: + name: edgex_nginx-templates + nginx-tls: + name: edgex_nginx-tls + redis-config: + name: edgex_redis-config + spire-agent: + name: edgex_spire-agent + spire-ca: + name: edgex_spire-ca + spire-server: + name: edgex_spire-server + vault-config: + name: edgex_vault-config + vault-file: + name: edgex_vault-file + vault-logs: + name: edgex_vault-logs diff --git a/taf/docker-compose-taf-mqtt-bus.yml b/taf/docker-compose-taf-mqtt-bus.yml index 6a6deaca..cf2f75ea 100644 --- a/taf/docker-compose-taf-mqtt-bus.yml +++ b/taf/docker-compose-taf-mqtt-bus.yml @@ -24,27 +24,33 @@ # # From the compose-builder folder use `make build` to regenerate all standard compose files variations # +# Generated with: Docker Compose version v2.25.0 name: edgex services: app-external-mqtt-trigger: command: - - /app-service-configurable - - -cp=consul.http://edgex-core-consul:8500 - - --registry + - /app-service-configurable + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-app-external-mqtt-trigger depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-data: condition: service_started + required: true core-metadata: condition: service_started + required: true security-bootstrapper: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_PROFILE: external-mqtt-trigger EDGEX_SECURITY_SECRET_STORE: "true" @@ -73,52 +79,56 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59706 - published: "59706" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59706 + published: "59706" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /tmp/edgex/secrets/app-external-mqtt-trigger - target: /tmp/edgex/secrets/app-external-mqtt-trigger - read_only: true - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/app-external-mqtt-trigger + target: /tmp/edgex/secrets/app-external-mqtt-trigger + read_only: true + bind: + selinux: z + create_host_path: true app-functional-tests: command: - - /app-service-configurable - - -cp=consul.http://edgex-core-consul:8500 - - --registry + - /app-service-configurable + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-app-functional-tests depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-metadata: condition: service_started + required: true security-bootstrapper: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_PROFILE: functional-tests EDGEX_SECURITY_SECRET_STORE: "true" @@ -143,52 +153,57 @@ services: networks: edgex-network: null ports: - - mode: ingress - target: 59705 - published: "59705" - protocol: tcp + - mode: ingress + target: 59705 + published: "59705" + protocol: tcp read_only: true security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /tmp/edgex/secrets/app-functional-tests - target: /tmp/edgex/secrets/app-functional-tests - read_only: true - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/app-functional-tests + target: /tmp/edgex/secrets/app-functional-tests + read_only: true + bind: + selinux: z + create_host_path: true app-http-export: command: - - /app-service-configurable - - -cp=consul.http://edgex-core-consul:8500 - - --registry + - /app-service-configurable + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-app-http-export depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-data: condition: service_started + required: true core-metadata: condition: service_started + required: true security-bootstrapper: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_PROFILE: http-export EDGEX_SECURITY_SECRET_STORE: "true" @@ -215,52 +230,56 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59704 - published: "59704" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59704 + published: "59704" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /tmp/edgex/secrets/app-http-export - target: /tmp/edgex/secrets/app-http-export - read_only: true - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/app-http-export + target: /tmp/edgex/secrets/app-http-export + read_only: true + bind: + selinux: z + create_host_path: true app-mqtt-export: command: - - /app-service-configurable - - -cp=consul.http://edgex-core-consul:8500 - - --registry + - /app-service-configurable + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-app-mqtt-export depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-metadata: condition: service_started + required: true security-bootstrapper: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_PROFILE: mqtt-export EDGEX_SECURITY_SECRET_STORE: "true" @@ -288,52 +307,56 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59703 - published: "59703" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59703 + published: "59703" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /tmp/edgex/secrets/app-mqtt-export - target: /tmp/edgex/secrets/app-mqtt-export - read_only: true - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/app-mqtt-export + target: /tmp/edgex/secrets/app-mqtt-export + read_only: true + bind: + selinux: z + create_host_path: true app-rules-engine: command: - - /app-service-configurable - - -cp=consul.http://edgex-core-consul:8500 - - --registry + - /app-service-configurable + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-app-rules-engine depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-metadata: condition: service_started + required: true security-bootstrapper: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_PROFILE: rules-engine EDGEX_SECURITY_SECRET_STORE: "true" @@ -358,52 +381,56 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59701 - published: "59701" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59701 + published: "59701" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /tmp/edgex/secrets/app-rules-engine - target: /tmp/edgex/secrets/app-rules-engine - read_only: true - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/app-rules-engine + target: /tmp/edgex/secrets/app-rules-engine + read_only: true + bind: + selinux: z + create_host_path: true app-sample: command: - - /app-service-configurable - - -cp=consul.http://edgex-core-consul:8500 - - --registry + - /app-service-configurable + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-app-sample depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-metadata: condition: service_started + required: true security-bootstrapper: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: CLIENTS_CORE_COMMAND_HOST: edgex-core-command CLIENTS_CORE_DATA_HOST: edgex-core-data @@ -431,52 +458,56 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59700 - published: "59700" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59700 + published: "59700" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /tmp/edgex/secrets/app-sample - target: /tmp/edgex/secrets/app-sample - read_only: true - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/app-sample + target: /tmp/edgex/secrets/app-sample + read_only: true + bind: + selinux: z + create_host_path: true app-scalability-test-mqtt-export: command: - - /app-service-configurable - - -cp=consul.http://edgex-core-consul:8500 - - --registry + - /app-service-configurable + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-app-scalability-test-mqtt-export depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-metadata: condition: service_started + required: true security-bootstrapper: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_PROFILE: mqtt-export EDGEX_SECURITY_SECRET_STORE: "true" @@ -509,49 +540,51 @@ services: networks: edgex-network: null ports: - - mode: ingress - target: 59703 - published: "59710" - protocol: tcp + - mode: ingress + target: 59703 + published: "59710" + protocol: tcp read_only: true security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /tmp/edgex/secrets/app-scalability-test-mqtt-export - target: /tmp/edgex/secrets/app-scalability-test-mqtt-export - read_only: true - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/app-scalability-test-mqtt-export + target: /tmp/edgex/secrets/app-scalability-test-mqtt-export + read_only: true + bind: + selinux: z + create_host_path: true consul: command: - - agent - - -ui - - -bootstrap - - -server - - -client - - 0.0.0.0 + - agent + - -ui + - -bootstrap + - -server + - -client + - 0.0.0.0 container_name: edgex-core-consul depends_on: security-bootstrapper: condition: service_started + required: true vault: condition: service_started + required: true entrypoint: - - /edgex-init/consul_wait_install.sh + - /edgex-init/consul_wait_install.sh environment: EDGEX_ADD_REGISTRY_ACL_ROLES: app-http-export,app-mqtt-export,app-functional-tests,app-scalability-test-mqtt-export,app-sample,device-modbus,app-external-mqtt-trigger,device-onvif-camera EDGEX_GROUP: "2001" @@ -580,62 +613,68 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 8500 - published: "8500" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 8500 + published: "8500" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: root:root volumes: - - type: volume - source: consul-config - target: /consul/config - volume: {} - - type: volume - source: consul-data - target: /consul/data - volume: {} - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: volume - source: consul-acl-token - target: /tmp/edgex/secrets/consul-acl-token - volume: {} - - type: bind - source: /tmp/edgex/secrets/edgex-consul - target: /tmp/edgex/secrets/edgex-consul - read_only: true - bind: - selinux: z - create_host_path: true + - type: volume + source: consul-config + target: /consul/config + volume: {} + - type: volume + source: consul-data + target: /consul/data + volume: {} + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/edgex-consul + target: /tmp/edgex/secrets/edgex-consul + read_only: true + bind: + selinux: z + create_host_path: true + - type: volume + source: consul-acl-token + target: /tmp/edgex/secrets/consul-acl-token + volume: {} core-command: command: - - /core-command - - -cp=consul.http://edgex-core-consul:8500 - - --registry + - /core-command + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-core-command depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-metadata: condition: service_started + required: true database: condition: service_started + required: true security-bootstrapper: condition: service_started + required: true security-secretstore-setup: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" EXTERNALMQTT_URL: tcp://edgex-mqtt-broker:1883 @@ -660,50 +699,54 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59882 - published: "59882" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59882 + published: "59882" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /tmp/edgex/secrets/core-command - target: /tmp/edgex/secrets/core-command - read_only: true - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/core-command + target: /tmp/edgex/secrets/core-command + read_only: true + bind: + selinux: z + create_host_path: true core-common-config-bootstrapper: command: - - /entrypoint.sh - - /core-common-config-bootstrapper - - -cp=consul.http://edgex-core-consul:8500 + - /entrypoint.sh + - /core-common-config-bootstrapper + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-core-common-config-bootstrapper depends_on: consul: condition: service_started + required: true security-bootstrapper: condition: service_started + required: true security-secretstore-setup: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: ALL_SERVICES_DATABASE_HOST: edgex-redis ALL_SERVICES_MESSAGEBUS_AUTHMODE: usernamepassword @@ -713,6 +756,8 @@ services: ALL_SERVICES_MESSAGEBUS_SECRETNAME: message-bus ALL_SERVICES_MESSAGEBUS_TYPE: mqtt ALL_SERVICES_REGISTRY_HOST: edgex-core-consul + ALL_SERVICES_REGISTRY_PORT: "8500" + ALL_SERVICES_REGISTRY_TYPE: consul APP_SERVICES_CLIENTS_CORE_METADATA_HOST: edgex-core-metadata DEVICE_SERVICES_CLIENTS_CORE_METADATA_HOST: edgex-core-metadata EDGEX_SECURITY_SECRET_STORE: "true" @@ -737,46 +782,51 @@ services: edgex-network: null read_only: true security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /tmp/edgex/secrets/core-common-config-bootstrapper - target: /tmp/edgex/secrets/core-common-config-bootstrapper - read_only: true - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/core-common-config-bootstrapper + target: /tmp/edgex/secrets/core-common-config-bootstrapper + read_only: true + bind: + selinux: z + create_host_path: true core-data: command: - - /core-data - - -cp=consul.http://edgex-core-consul:8500 - - --registry + - /core-data + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-core-data depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true database: condition: service_started + required: true security-bootstrapper: condition: service_started + required: true security-secretstore-setup: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" PROXY_SETUP_HOST: edgex-security-proxy-setup @@ -800,52 +850,56 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59880 - published: "59880" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59880 + published: "59880" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /tmp/edgex/secrets/core-data - target: /tmp/edgex/secrets/core-data - read_only: true - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/core-data + target: /tmp/edgex/secrets/core-data + read_only: true + bind: + selinux: z + create_host_path: true core-metadata: command: - - /core-metadata - - -cp=consul.http://edgex-core-consul:8500 - - --registry + - /core-metadata + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-core-metadata depends_on: consul: condition: service_started + required: true database: condition: service_started + required: true security-bootstrapper: condition: service_started + required: true security-secretstore-setup: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" PROXY_SETUP_HOST: edgex-security-proxy-setup @@ -869,44 +923,46 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59881 - published: "59881" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59881 + published: "59881" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /tmp/edgex/secrets/core-metadata - target: /tmp/edgex/secrets/core-metadata - read_only: true - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/core-metadata + target: /tmp/edgex/secrets/core-metadata + read_only: true + bind: + selinux: z + create_host_path: true database: container_name: edgex-redis depends_on: security-bootstrapper: condition: service_started + required: true security-secretstore-setup: condition: service_started + required: true entrypoint: - - /edgex-init/redis_wait_install.sh + - /edgex-init/redis_wait_install.sh environment: DATABASECONFIG_NAME: redis.conf DATABASECONFIG_PATH: /run/redis/conf @@ -931,61 +987,67 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 6379 - published: "6379" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 6379 + published: "6379" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true tmpfs: - - /run + - /run user: root:root volumes: - - type: volume - source: db-data - target: /data - volume: {} - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: volume - source: redis-config - target: /run/redis/conf - volume: {} - - type: bind - source: /tmp/edgex/secrets/security-bootstrapper-redis - target: /tmp/edgex/secrets/security-bootstrapper-redis - read_only: true - bind: - selinux: z - create_host_path: true + - type: volume + source: db-data + target: /data + volume: {} + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: volume + source: redis-config + target: /run/redis/conf + volume: {} + - type: bind + source: /tmp/edgex/secrets/security-bootstrapper-redis + target: /tmp/edgex/secrets/security-bootstrapper-redis + read_only: true + bind: + selinux: z + create_host_path: true device-modbus: command: - - /device-modbus - - -cp=consul.http://edgex-core-consul:8500 - - --registry - - --configDir=CONFIG_DIR_PLACE_HOLDER + - /device-modbus + - --registry + - -cp=consul.http://edgex-core-consul:8500 + - --configDir=CONFIG_DIR_PLACE_HOLDER container_name: edgex-device-modbus depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-data: condition: service_started + required: true core-metadata: condition: service_started + required: true modbus-simulator: condition: service_started + required: true security-bootstrapper: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" PROXY_SETUP_HOST: edgex-security-proxy-setup @@ -1009,60 +1071,65 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59901 - published: "59901" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59901 + published: "59901" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /tmp/edgex/secrets/device-modbus - target: /tmp/edgex/secrets/device-modbus - read_only: true - bind: - selinux: z - create_host_path: true - - type: bind - source: /PROFILE_VOLUME_PLACE_HOLDER - target: CONFIG_DIR_PLACE_HOLDER - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: bind + source: /PROFILE_VOLUME_PLACE_HOLDER + target: CONFIG_DIR_PLACE_HOLDER + bind: + selinux: z + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/device-modbus + target: /tmp/edgex/secrets/device-modbus + read_only: true + bind: + selinux: z + create_host_path: true device-onvif-camera: command: - - /device-onvif-camera - - -cp=consul.http://edgex-core-consul:8500 - - --registry + - /device-onvif-camera + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-device-onvif-camera depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-data: condition: service_started + required: true core-metadata: condition: service_started + required: true security-bootstrapper: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" PROXY_SETUP_HOST: edgex-security-proxy-setup @@ -1086,54 +1153,59 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59984 - published: "59984" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59984 + published: "59984" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /tmp/edgex/secrets/device-onvif-camera - target: /tmp/edgex/secrets/device-onvif-camera - read_only: true - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/device-onvif-camera + target: /tmp/edgex/secrets/device-onvif-camera + read_only: true + bind: + selinux: z + create_host_path: true device-rest: command: - - /device-rest - - -cp=consul.http://edgex-core-consul:8500 - - --registry + - /device-rest + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-device-rest depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-data: condition: service_started + required: true core-metadata: condition: service_started + required: true security-bootstrapper: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" PROXY_SETUP_HOST: edgex-security-proxy-setup @@ -1157,55 +1229,60 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59986 - published: "59986" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59986 + published: "59986" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /tmp/edgex/secrets/device-rest - target: /tmp/edgex/secrets/device-rest - read_only: true - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/device-rest + target: /tmp/edgex/secrets/device-rest + read_only: true + bind: + selinux: z + create_host_path: true device-virtual: command: - - /device-virtual - - -cp=consul.http://edgex-core-consul:8500 - - --registry - - --configDir=CONFIG_DIR_PLACE_HOLDER + - /device-virtual + - --registry + - -cp=consul.http://edgex-core-consul:8500 + - --configDir=CONFIG_DIR_PLACE_HOLDER container_name: edgex-device-virtual depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-data: condition: service_started + required: true core-metadata: condition: service_started + required: true security-bootstrapper: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" PROXY_SETUP_HOST: edgex-security-proxy-setup @@ -1229,41 +1306,41 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59900 - published: "59900" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59900 + published: "59900" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /tmp/edgex/secrets/device-virtual - target: /tmp/edgex/secrets/device-virtual - read_only: true - bind: - selinux: z - create_host_path: true - - type: bind - source: /PROFILE_VOLUME_PLACE_HOLDER - target: CONFIG_DIR_PLACE_HOLDER - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: bind + source: /PROFILE_VOLUME_PLACE_HOLDER + target: CONFIG_DIR_PLACE_HOLDER + bind: + selinux: z + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/device-virtual + target: /tmp/edgex/secrets/device-virtual + read_only: true + bind: + selinux: z + create_host_path: true modbus-simulator: container_name: edgex-modbus-simulator hostname: edgex-modbus-simulator @@ -1271,37 +1348,39 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 1502 - published: "1502" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 1502 + published: "1502" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true mqtt-broker: command: - - /usr/sbin/mosquitto - - -v - - -c - - /mosquitto/config/mosquitto.conf + - /usr/sbin/mosquitto + - -v + - -c + - /mosquitto/config/mosquitto.conf container_name: edgex-mqtt-broker depends_on: security-bootstrapper: condition: service_started + required: true security-secretstore-setup: condition: service_started + required: true entrypoint: - - /edgex-init/messagebus_wait_install.sh + - /edgex-init/messagebus_wait_install.sh environment: BROKER_TYPE: mosquitto CONF_DIR: /edgex-init/bootstrap-mosquitto/res @@ -1327,67 +1406,68 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 1883 - published: "1883" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 1883 + published: "1883" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: root:root volumes: - - type: volume - source: mqtt - target: /mosquitto - volume: {} - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /tmp/edgex/secrets/security-bootstrapper-messagebus - target: /tmp/edgex/secrets/security-bootstrapper-messagebus - read_only: true - bind: - selinux: z - create_host_path: true + - type: volume + source: mqtt + target: /mosquitto + volume: {} + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/security-bootstrapper-messagebus + target: /tmp/edgex/secrets/security-bootstrapper-messagebus + read_only: true + bind: + selinux: z + create_host_path: true mqtt-taf-broker: command: - - /usr/sbin/mosquitto - - -c - - /mosquitto-no-auth.conf + - /usr/sbin/mosquitto + - -c + - /mosquitto-no-auth.conf container_name: edgex-taf-mqtt-broker hostname: edgex-taf-mqtt-broker image: eclipse-mosquitto:2.0 networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 1883 - published: "1884" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 1883 + published: "1884" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 nginx: command: - - /docker-entrypoint.sh - - nginx - - -g - - daemon off; + - /docker-entrypoint.sh + - nginx + - -g + - daemon off; container_name: edgex-nginx depends_on: security-secretstore-setup: condition: service_started + required: true entrypoint: - - /bin/sh - - /edgex-init/nginx_wait_install.sh + - /bin/sh + - /edgex-init/nginx_wait_install.sh environment: PROXY_SETUP_HOST: edgex-security-proxy-setup STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper @@ -1408,46 +1488,50 @@ services: networks: edgex-network: null ports: - - mode: ingress - target: 8443 - published: "8443" - protocol: tcp + - mode: ingress + target: 8443 + published: "8443" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true tmpfs: - - /etc/nginx/conf.d - - /var/cache/nginx - - /var/log/nginx - - /var/run + - /etc/nginx/conf.d + - /var/cache/nginx + - /var/log/nginx + - /var/run volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: volume - source: nginx-templates - target: /etc/nginx/templates - volume: {} - - type: volume - source: nginx-tls - target: /etc/ssl/nginx - volume: {} + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: volume + source: nginx-templates + target: /etc/nginx/templates + volume: {} + - type: volume + source: nginx-tls + target: /etc/ssl/nginx + volume: {} rules-engine: container_name: edgex-kuiper depends_on: database: condition: service_started + required: true mqtt-broker: condition: service_started + required: true security-bootstrapper: condition: service_started + required: true security-secretstore-setup: condition: service_started + required: true entrypoint: - - /edgex-init/kuiper_wait_install.sh + - /edgex-init/kuiper_wait_install.sh environment: CONNECTION__EDGEX__MQTTMSGBUS__OPTIONAL__CLIENTID: kuiper-rules-engine CONNECTION__EDGEX__MQTTMSGBUS__OPTIONAL__KEEPALIVE: "500" @@ -1467,6 +1551,7 @@ services: EDGEX__DEFAULT__TOPIC: edgex/rules-events EDGEX__DEFAULT__TYPE: mqtt KUIPER__BASIC__CONSOLELOG: "true" + KUIPER__BASIC__ENABLEOPENZITI: "false" KUIPER__BASIC__RESTPORT: "59720" PROXY_SETUP_HOST: edgex-security-proxy-setup STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper @@ -1483,56 +1568,56 @@ services: STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" STAGEGATE_WAITFOR_TIMEOUT: 60s hostname: edgex-kuiper - image: lfedge/ekuiper:1.12-alpine + image: lfedge/ekuiper:v1.14.0-alpha.2 networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59720 - published: "59720" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59720 + published: "59720" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: kuiper:kuiper volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: volume - source: kuiper-data - target: /kuiper/data - volume: {} - - type: volume - source: kuiper-etc - target: /kuiper/etc - volume: {} - - type: volume - source: kuiper-connections - target: /kuiper/etc/connections - volume: {} - - type: volume - source: kuiper-sources - target: /kuiper/etc/sources - volume: {} - - type: volume - source: kuiper-log - target: /kuiper/log - volume: {} - - type: volume - source: kuiper-plugins - target: /kuiper/plugins - volume: {} + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: kuiper-data + target: /kuiper/data + volume: {} + - type: volume + source: kuiper-etc + target: /kuiper/etc + volume: {} + - type: volume + source: kuiper-log + target: /kuiper/log + volume: {} + - type: volume + source: kuiper-plugins + target: /kuiper/plugins + volume: {} + - type: volume + source: kuiper-sources + target: /kuiper/etc/sources + volume: {} + - type: volume + source: kuiper-connections + target: /kuiper/etc/connections + volume: {} + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} security-bootstrapper: container_name: edgex-security-bootstrapper environment: @@ -1559,34 +1644,36 @@ services: read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: root:root volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: volume - source: edgex-init - target: /edgex-init - volume: {} + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + volume: {} security-proxy-auth: command: - - entrypoint.sh - - /security-proxy-auth - - -cp=consul.http://edgex-core-consul:8500 - - --registry + - entrypoint.sh + - /security-proxy-auth + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-proxy-auth depends_on: core-common-config-bootstrapper: condition: service_started + required: true security-secretstore-setup: condition: service_started + required: true entrypoint: - - /bin/sh - - /edgex-init/ready_to_run_wait_install.sh + - /bin/sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" PROXY_SETUP_HOST: edgex-security-proxy-setup @@ -1610,43 +1697,45 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59842 - published: "59842" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59842 + published: "59842" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /tmp/edgex/secrets/security-proxy-auth - target: /tmp/edgex/secrets/security-proxy-auth - read_only: true - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/security-proxy-auth + target: /tmp/edgex/secrets/security-proxy-auth + read_only: true + bind: + selinux: z + create_host_path: true security-proxy-setup: container_name: edgex-security-proxy-setup depends_on: security-bootstrapper: condition: service_started + required: true security-secretstore-setup: condition: service_started + required: true entrypoint: - - /edgex-init/proxy_setup_wait_install.sh + - /edgex-init/proxy_setup_wait_install.sh environment: EDGEX_ADD_PROXY_ROUTE: device-modbus.http://edgex-device-modbus:59901 EDGEX_SECURITY_SECRET_STORE: "true" @@ -1681,51 +1770,53 @@ services: read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: root:root volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: volume - source: nginx-templates - target: /etc/nginx/templates - volume: {} - - type: volume - source: nginx-tls - target: /etc/ssl/nginx - volume: {} - - type: volume - source: consul-acl-token - target: /tmp/edgex/secrets/consul-acl-token - read_only: true - volume: {} - - type: bind - source: /tmp/edgex/secrets/security-proxy-setup - target: /tmp/edgex/secrets/security-proxy-setup - read_only: true - bind: - selinux: z - create_host_path: true - - type: volume - source: vault-config - target: /vault/config - volume: {} + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: volume + source: vault-config + target: /vault/config + volume: {} + - type: volume + source: nginx-templates + target: /etc/nginx/templates + volume: {} + - type: volume + source: nginx-tls + target: /etc/ssl/nginx + volume: {} + - type: bind + source: /tmp/edgex/secrets/security-proxy-setup + target: /tmp/edgex/secrets/security-proxy-setup + read_only: true + bind: + selinux: z + create_host_path: true + - type: volume + source: consul-acl-token + target: /tmp/edgex/secrets/consul-acl-token + read_only: true + volume: {} security-secretstore-setup: container_name: edgex-security-secretstore-setup depends_on: security-bootstrapper: condition: service_started + required: true vault: condition: service_started + required: true environment: EDGEX_ADD_KNOWN_SECRETS: redisdb[app-rules-engine],redisdb[app-http-export],redisdb[app-mqtt-export],redisdb[app-scalability-test-mqtt-export],redisdb[app-sample],redisdb[device-modbus],redisdb[device-rest],redisdb[device-virtual],redisdb[device-onvif-camera],message-bus[app-rules-engine],message-bus[app-http-export],message-bus[app-mqtt-export],message-bus[app-external-mqtt-trigger],message-bus[app-scalability-test-mqtt-export],message-bus[app-sample],message-bus[device-modbus],message-bus[device-rest],message-bus[device-virtual],message-bus[device-onvif-camera] EDGEX_ADD_SECRETSTORE_TOKENS: app-http-export,app-mqtt-export,app-functional-tests,app-scalability-test-mqtt-export,app-sample,device-modbus,app-external-mqtt-trigger,device-onvif-camera @@ -1755,55 +1846,59 @@ services: read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true tmpfs: - - /run - - /vault + - /run + - /vault user: root:root volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /tmp/edgex/secrets - target: /tmp/edgex/secrets - bind: - selinux: z - create_host_path: true - - type: volume - source: kuiper-sources - target: /tmp/kuiper - volume: {} - - type: volume - source: kuiper-connections - target: /tmp/kuiper-connections - volume: {} - - type: volume - source: vault-config - target: /vault/config - volume: {} + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: volume + source: vault-config + target: /vault/config + volume: {} + - type: bind + source: /tmp/edgex/secrets + target: /tmp/edgex/secrets + bind: + selinux: z + create_host_path: true + - type: volume + source: kuiper-sources + target: /tmp/kuiper + volume: {} + - type: volume + source: kuiper-connections + target: /tmp/kuiper-connections + volume: {} security-spiffe-token-provider: command: - - /security-spiffe-token-provider - - -cp=consul.http://edgex-core-consul:8500 + - /security-spiffe-token-provider + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-security-spiffe-token-provider depends_on: consul: condition: service_started + required: true security-bootstrapper: condition: service_started + required: true security-spire-agent: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" PROXY_SETUP_HOST: edgex-security-proxy-setup @@ -1827,50 +1922,51 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59841 - published: "59841" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59841 + published: "59841" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true tmpfs: - - /run + - /run user: root:root volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: volume - source: edgex-init - target: /edgex-init - volume: {} - - type: bind - source: /tmp/edgex/secrets/spiffe - target: /tmp/edgex/secrets/spiffe - bind: - selinux: z - create_host_path: true - - type: bind - source: /tmp/edgex/secrets/security-spiffe-token-provider - target: /tmp/edgex/secrets/security-spiffe-token-provider - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + volume: {} + - type: bind + source: /tmp/edgex/secrets/spiffe + target: /tmp/edgex/secrets/spiffe + bind: + selinux: z + create_host_path: true + - type: bind + source: /tmp/edgex/secrets/security-spiffe-token-provider + target: /tmp/edgex/secrets/security-spiffe-token-provider + bind: + selinux: z + create_host_path: true security-spire-agent: command: - - docker-entrypoint.sh + - docker-entrypoint.sh container_name: edgex-security-spire-agent depends_on: security-spire-server: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" PROXY_SETUP_HOST: edgex-security-proxy-setup @@ -1897,49 +1993,50 @@ services: read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true tmpfs: - - /run + - /run user: root:root volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: volume - source: edgex-init - target: /edgex-init - volume: {} - - type: volume - source: spire-ca - target: /srv/spiffe/ca - volume: {} - - type: volume - source: spire-agent - target: /srv/spiffe/agent - volume: {} - - type: bind - source: /tmp/edgex/secrets/spiffe - target: /tmp/edgex/secrets/spiffe - bind: - selinux: z - create_host_path: true - - type: bind - source: /var/run/docker.sock - target: /var/run/docker.sock - bind: - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + volume: {} + - type: volume + source: spire-ca + target: /srv/spiffe/ca + volume: {} + - type: volume + source: spire-agent + target: /srv/spiffe/agent + volume: {} + - type: bind + source: /tmp/edgex/secrets/spiffe + target: /tmp/edgex/secrets/spiffe + bind: + selinux: z + create_host_path: true + - type: bind + source: /var/run/docker.sock + target: /var/run/docker.sock + bind: + create_host_path: true security-spire-config: command: - - docker-entrypoint.sh + - docker-entrypoint.sh container_name: edgex-security-spire-config depends_on: security-spire-agent: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" PROXY_SETUP_HOST: edgex-security-proxy-setup @@ -1964,36 +2061,37 @@ services: read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true tmpfs: - - /run + - /run user: root:root volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: volume - source: edgex-init - target: /edgex-init - volume: {} - - type: bind - source: /tmp/edgex/secrets/spiffe - target: /tmp/edgex/secrets/spiffe - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + volume: {} + - type: bind + source: /tmp/edgex/secrets/spiffe + target: /tmp/edgex/secrets/spiffe + bind: + selinux: z + create_host_path: true security-spire-server: command: - - docker-entrypoint.sh + - docker-entrypoint.sh container_name: edgex-security-spire-server depends_on: security-bootstrapper: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" PROXY_SETUP_HOST: edgex-security-proxy-setup @@ -2017,62 +2115,67 @@ services: edgex-network: null pid: host ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59840 - published: "59840" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59840 + published: "59840" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true tmpfs: - - /run + - /run user: root:root volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: volume - source: edgex-init - target: /edgex-init - volume: {} - - type: volume - source: spire-ca - target: /srv/spiffe/ca - volume: {} - - type: volume - source: spire-server - target: /srv/spiffe/server - volume: {} - - type: bind - source: /tmp/edgex/secrets/spiffe - target: /tmp/edgex/secrets/spiffe - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + volume: {} + - type: volume + source: spire-ca + target: /srv/spiffe/ca + volume: {} + - type: volume + source: spire-server + target: /srv/spiffe/server + volume: {} + - type: bind + source: /tmp/edgex/secrets/spiffe + target: /tmp/edgex/secrets/spiffe + bind: + selinux: z + create_host_path: true support-notifications: command: - - /support-notifications - - -cp=consul.http://edgex-core-consul:8500 - - --registry + - /support-notifications + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-support-notifications depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true database: condition: service_started + required: true security-bootstrapper: condition: service_started + required: true security-secretstore-setup: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" PROXY_SETUP_HOST: edgex-security-proxy-setup @@ -2096,54 +2199,59 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59860 - published: "59860" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59860 + published: "59860" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /tmp/edgex/secrets/support-notifications - target: /tmp/edgex/secrets/support-notifications - read_only: true - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/support-notifications + target: /tmp/edgex/secrets/support-notifications + read_only: true + bind: + selinux: z + create_host_path: true support-scheduler: command: - - /support-scheduler - - -cp=consul.http://edgex-core-consul:8500 - - --registry + - /support-scheduler + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-support-scheduler depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true database: condition: service_started + required: true security-bootstrapper: condition: service_started + required: true security-secretstore-setup: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" INTERVALACTIONS_SCRUBAGED_HOST: edgex-core-data @@ -2169,35 +2277,35 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59861 - published: "59861" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59861 + published: "59861" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /tmp/edgex/secrets/support-scheduler - target: /tmp/edgex/secrets/support-scheduler - read_only: true - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/support-scheduler + target: /tmp/edgex/secrets/support-scheduler + read_only: true + bind: + selinux: z + create_host_path: true ui: container_name: edgex-ui-go environment: @@ -2208,33 +2316,34 @@ services: networks: edgex-network: null ports: - - mode: ingress - target: 4000 - published: "4000" - protocol: tcp + - mode: ingress + target: 4000 + published: "4000" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true vault: cap_add: - - IPC_LOCK + - IPC_LOCK command: - - server + - server container_name: edgex-vault depends_on: security-bootstrapper: condition: service_started + required: true entrypoint: - - /edgex-init/vault_wait_install.sh + - /edgex-init/vault_wait_install.sh environment: PROXY_SETUP_HOST: edgex-security-proxy-setup STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper @@ -2258,29 +2367,29 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 8200 - published: "8200" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 8200 + published: "8200" + protocol: tcp restart: always tmpfs: - - /vault/config + - /vault/config user: root:root volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: volume - source: vault-file - target: /vault/file - volume: {} - - type: volume - source: vault-logs - target: /vault/logs - volume: {} + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: volume + source: vault-file + target: /vault/file + volume: {} + - type: volume + source: vault-logs + target: /vault/logs + volume: {} networks: edgex-network: name: edgex_edgex-network diff --git a/taf/docker-compose-taf-no-secty-arm64.yml b/taf/docker-compose-taf-no-secty-arm64.yml index 593df397..65a7b1ae 100644 --- a/taf/docker-compose-taf-no-secty-arm64.yml +++ b/taf/docker-compose-taf-no-secty-arm64.yml @@ -24,19 +24,27 @@ # # From the compose-builder folder use `make build` to regenerate all standard compose files variations # +# Generated with: Docker Compose version v2.25.0 name: edgex services: app-external-mqtt-trigger: + command: + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-app-external-mqtt-trigger depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-data: condition: service_started + required: true core-metadata: condition: service_started + required: true environment: EDGEX_PROFILE: external-mqtt-trigger EDGEX_SECURITY_SECRET_STORE: "false" @@ -50,32 +58,38 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59706 - published: "59706" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59706 + published: "59706" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true app-functional-tests: + command: + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-app-functional-tests depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-metadata: condition: service_started + required: true environment: EDGEX_PROFILE: functional-tests EDGEX_SECURITY_SECRET_STORE: "false" @@ -85,32 +99,39 @@ services: networks: edgex-network: null ports: - - mode: ingress - target: 59705 - published: "59705" - protocol: tcp + - mode: ingress + target: 59705 + published: "59705" + protocol: tcp read_only: true security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true app-http-export: + command: + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-app-http-export depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-data: condition: service_started + required: true core-metadata: condition: service_started + required: true environment: EDGEX_PROFILE: http-export EDGEX_SECURITY_SECRET_STORE: "false" @@ -122,32 +143,38 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59704 - published: "59704" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59704 + published: "59704" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true app-mqtt-export: + command: + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-app-mqtt-export depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-metadata: condition: service_started + required: true environment: EDGEX_PROFILE: mqtt-export EDGEX_SECURITY_SECRET_STORE: "false" @@ -160,32 +187,38 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59703 - published: "59703" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59703 + published: "59703" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true app-rules-engine: + command: + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-app-rules-engine depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-metadata: condition: service_started + required: true environment: EDGEX_PROFILE: rules-engine EDGEX_SECURITY_SECRET_STORE: "false" @@ -195,32 +228,38 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59701 - published: "59701" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59701 + published: "59701" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true app-sample: + command: + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-app-sample depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-metadata: condition: service_started + required: true environment: CLIENTS_CORE_COMMAND_HOST: edgex-core-command CLIENTS_CORE_DATA_HOST: edgex-core-data @@ -233,32 +272,38 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59700 - published: "59700" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59700 + published: "59700" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true app-scalability-test-mqtt-export: + command: + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-app-scalability-test-mqtt-export depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-metadata: condition: service_started + required: true environment: EDGEX_PROFILE: mqtt-export EDGEX_SECURITY_SECRET_STORE: "false" @@ -274,65 +319,72 @@ services: networks: edgex-network: null ports: - - mode: ingress - target: 59703 - published: "59710" - protocol: tcp + - mode: ingress + target: 59703 + published: "59710" + protocol: tcp read_only: true security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true consul: command: - - agent - - -ui - - -bootstrap - - -server - - -client - - 0.0.0.0 + - agent + - -ui + - -bootstrap + - -server + - -client + - 0.0.0.0 container_name: edgex-core-consul hostname: edgex-core-consul image: hashicorp/consul:1.16 networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 8500 - published: "8500" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 8500 + published: "8500" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: root:root volumes: - - type: volume - source: consul-config - target: /consul/config - volume: {} - - type: volume - source: consul-data - target: /consul/data - volume: {} + - type: volume + source: consul-config + target: /consul/config + volume: {} + - type: volume + source: consul-data + target: /consul/data + volume: {} core-command: + command: + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-core-command depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-metadata: condition: service_started + required: true database: condition: service_started + required: true environment: EDGEX_SECURITY_SECRET_STORE: "false" EXTERNALMQTT_URL: tcp://edgex-mqtt-broker:1883 @@ -342,32 +394,39 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59882 - published: "59882" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59882 + published: "59882" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true core-common-config-bootstrapper: + command: + - /core-common-config-bootstrapper + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-core-common-config-bootstrapper depends_on: consul: condition: service_started + required: true environment: ALL_SERVICES_DATABASE_HOST: edgex-redis ALL_SERVICES_MESSAGEBUS_HOST: edgex-redis ALL_SERVICES_REGISTRY_HOST: edgex-core-consul + ALL_SERVICES_REGISTRY_PORT: "8500" + ALL_SERVICES_REGISTRY_TYPE: consul APP_SERVICES_CLIENTS_CORE_METADATA_HOST: edgex-core-metadata DEVICE_SERVICES_CLIENTS_CORE_METADATA_HOST: edgex-core-metadata EDGEX_SECURITY_SECRET_STORE: "false" @@ -377,24 +436,30 @@ services: edgex-network: null read_only: true security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true core-data: + command: + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-core-data depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true database: condition: service_started + required: true environment: EDGEX_SECURITY_SECRET_STORE: "false" SERVICE_HOST: edgex-core-data @@ -403,30 +468,35 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59880 - published: "59880" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59880 + published: "59880" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true core-metadata: + command: + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-core-metadata depends_on: consul: condition: service_started + required: true database: condition: service_started + required: true environment: EDGEX_SECURITY_SECRET_STORE: "false" SERVICE_HOST: edgex-core-metadata @@ -435,23 +505,23 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59881 - published: "59881" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59881 + published: "59881" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true database: container_name: edgex-redis hostname: edgex-redis @@ -459,38 +529,43 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 6379 - published: "6379" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 6379 + published: "6379" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: root:root volumes: - - type: volume - source: db-data - target: /data - volume: {} + - type: volume + source: db-data + target: /data + volume: {} device-modbus: command: - - -cp=consul.http://edgex-core-consul:8500 - - --registry - - --configDir=CONFIG_DIR_PLACE_HOLDER + - -cp=consul.http://edgex-core-consul:8500 + - --registry + - --configDir=CONFIG_DIR_PLACE_HOLDER container_name: edgex-device-modbus depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-data: condition: service_started + required: true core-metadata: condition: service_started + required: true modbus-simulator: condition: service_started + required: true environment: EDGEX_SECURITY_SECRET_STORE: "false" SERVICE_HOST: edgex-device-modbus @@ -499,40 +574,47 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59901 - published: "59901" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59901 + published: "59901" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /PROFILE_VOLUME_PLACE_HOLDER - target: CONFIG_DIR_PLACE_HOLDER - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: bind + source: /PROFILE_VOLUME_PLACE_HOLDER + target: CONFIG_DIR_PLACE_HOLDER + bind: + selinux: z + create_host_path: true device-onvif-camera: + command: + - -cp=consul.http://edgex-core-consul:8500 + - --registry container_name: edgex-device-onvif-camera depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-data: condition: service_started + required: true core-metadata: condition: service_started + required: true environment: EDGEX_SECURITY_SECRET_STORE: "false" SERVICE_HOST: edgex-device-onvif-camera @@ -541,34 +623,41 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59984 - published: "59984" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59984 + published: "59984" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true device-rest: + command: + - -cp=consul.http://edgex-core-consul:8500 + - --registry container_name: edgex-device-rest depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-data: condition: service_started + required: true core-metadata: condition: service_started + required: true environment: EDGEX_SECURITY_SECRET_STORE: "false" SERVICE_HOST: edgex-device-rest @@ -577,38 +666,42 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59986 - published: "59986" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59986 + published: "59986" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true device-virtual: command: - - -cp=consul.http://edgex-core-consul:8500 - - --registry - - --configDir=CONFIG_DIR_PLACE_HOLDER + - -cp=consul.http://edgex-core-consul:8500 + - --registry + - --configDir=CONFIG_DIR_PLACE_HOLDER container_name: edgex-device-virtual depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-data: condition: service_started + required: true core-metadata: condition: service_started + required: true environment: EDGEX_SECURITY_SECRET_STORE: "false" SERVICE_HOST: edgex-device-virtual @@ -617,29 +710,29 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59900 - published: "59900" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59900 + published: "59900" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /PROFILE_VOLUME_PLACE_HOLDER - target: CONFIG_DIR_PLACE_HOLDER - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: bind + source: /PROFILE_VOLUME_PLACE_HOLDER + target: CONFIG_DIR_PLACE_HOLDER + bind: + selinux: z + create_host_path: true modbus-simulator: container_name: edgex-modbus-simulator hostname: edgex-modbus-simulator @@ -647,70 +740,71 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 1502 - published: "1502" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 1502 + published: "1502" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true mqtt-broker: command: - - /usr/sbin/mosquitto - - -c - - /mosquitto-no-auth.conf + - /usr/sbin/mosquitto + - -c + - /mosquitto-no-auth.conf container_name: edgex-mqtt-broker hostname: edgex-mqtt-broker image: eclipse-mosquitto:2.0 networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 1883 - published: "1883" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 1883 + published: "1883" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 mqtt-taf-broker: command: - - /usr/sbin/mosquitto - - -c - - /mosquitto-no-auth.conf + - /usr/sbin/mosquitto + - -c + - /mosquitto-no-auth.conf container_name: edgex-taf-mqtt-broker hostname: edgex-taf-mqtt-broker image: eclipse-mosquitto:2.0 networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 1883 - published: "1884" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 1883 + published: "1884" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 rules-engine: container_name: edgex-kuiper depends_on: database: condition: service_started + required: true environment: CONNECTION__EDGEX__REDISMSGBUS__PORT: "6379" CONNECTION__EDGEX__REDISMSGBUS__PROTOCOL: redis @@ -722,54 +816,61 @@ services: EDGEX__DEFAULT__TOPIC: edgex/rules-events EDGEX__DEFAULT__TYPE: redis KUIPER__BASIC__CONSOLELOG: "true" + KUIPER__BASIC__ENABLEOPENZITI: "false" KUIPER__BASIC__RESTPORT: "59720" hostname: edgex-kuiper - image: lfedge/ekuiper:1.12-alpine + image: lfedge/ekuiper:v1.14.0-alpha.2 networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59720 - published: "59720" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59720 + published: "59720" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: kuiper:kuiper volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: volume - source: kuiper-data - target: /kuiper/data - volume: {} - - type: volume - source: kuiper-etc - target: /kuiper/etc - volume: {} - - type: volume - source: kuiper-log - target: /kuiper/log - volume: {} - - type: volume - source: kuiper-plugins - target: /kuiper/plugins - volume: {} + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: kuiper-data + target: /kuiper/data + volume: {} + - type: volume + source: kuiper-etc + target: /kuiper/etc + volume: {} + - type: volume + source: kuiper-log + target: /kuiper/log + volume: {} + - type: volume + source: kuiper-plugins + target: /kuiper/plugins + volume: {} support-notifications: + command: + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-support-notifications depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true database: condition: service_started + required: true environment: EDGEX_SECURITY_SECRET_STORE: "false" SERVICE_HOST: edgex-support-notifications @@ -778,32 +879,38 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59860 - published: "59860" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59860 + published: "59860" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true support-scheduler: + command: + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-support-scheduler depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true database: condition: service_started + required: true environment: EDGEX_SECURITY_SECRET_STORE: "false" INTERVALACTIONS_SCRUBAGED_HOST: edgex-core-data @@ -814,23 +921,23 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59861 - published: "59861" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59861 + published: "59861" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true ui: container_name: edgex-ui-go environment: @@ -841,22 +948,22 @@ services: networks: edgex-network: null ports: - - mode: ingress - target: 4000 - published: "4000" - protocol: tcp + - mode: ingress + target: 4000 + published: "4000" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true networks: edgex-network: name: edgex_edgex-network diff --git a/taf/docker-compose-taf-no-secty-keeper-arm64.yml b/taf/docker-compose-taf-no-secty-keeper-arm64.yml new file mode 100644 index 00000000..17bf2a4c --- /dev/null +++ b/taf/docker-compose-taf-no-secty-keeper-arm64.yml @@ -0,0 +1,977 @@ +# * Copyright 2024 Intel Corporation. +# * +# * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except +# * in compliance with the License. You may obtain a copy of the License at +# * +# * http://www.apache.org/licenses/LICENSE-2.0 +# * +# * Unless required by applicable law or agreed to in writing, software distributed under the License +# * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express +# * or implied. See the License for the specific language governing permissions and limitations under +# * the License. +# * +# * EdgeX Foundry, Odessa WIP release +# *******************************************************************************/ +# +# +# +# ************************ This is a generated compose file **************************** +# +# DO NOT MAKE CHANGES that are intended to be permanent to EdgeX edgex-compose repo. +# +# Permanent changes can be made to the source compose files located in the compose-builder folder +# at the top level of the edgex-compose repo. +# +# From the compose-builder folder use `make build` to regenerate all standard compose files variations +# +# Generated with: Docker Compose version v2.25.0 +name: edgex +services: + app-external-mqtt-trigger: + command: + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-app-external-mqtt-trigger + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + core-data: + condition: service_started + required: true + core-metadata: + condition: service_started + required: true + keeper: + condition: service_started + required: true + environment: + EDGEX_PROFILE: external-mqtt-trigger + EDGEX_SECURITY_SECRET_STORE: "false" + SERVICE_HOST: edgex-app-external-mqtt-trigger + TRIGGER_EXTERNALMQTT_URL: MQTT_BROKER_ADDRESS_PLACE_HOLDER + WRITABLE_LOGLEVEL: INFO + WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_BROKERADDRESS: MQTT_BROKER_ADDRESS_PLACE_HOLDER + WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_TOPIC: edgex-export + hostname: edgex-app-external-mqtt-trigger + image: nexus3.edgexfoundry.org:10004/app-service-configurable-arm64:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59706 + published: "59706" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + app-functional-tests: + command: + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-app-functional-tests + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + core-metadata: + condition: service_started + required: true + keeper: + condition: service_started + required: true + environment: + EDGEX_PROFILE: functional-tests + EDGEX_SECURITY_SECRET_STORE: "false" + SERVICE_HOST: edgex-app-functional-tests + hostname: edgex-app-functional-tests + image: nexus3.edgexfoundry.org:10004/app-service-configurable-arm64:latest + networks: + edgex-network: null + ports: + - mode: ingress + target: 59705 + published: "59705" + protocol: tcp + read_only: true + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + app-http-export: + command: + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-app-http-export + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + core-data: + condition: service_started + required: true + core-metadata: + condition: service_started + required: true + keeper: + condition: service_started + required: true + environment: + EDGEX_PROFILE: http-export + EDGEX_SECURITY_SECRET_STORE: "false" + SERVICE_HOST: edgex-app-http-export + WRITABLE_LOGLEVEL: INFO + WRITABLE_PIPELINE_FUNCTIONS_HTTPEXPORT_PARAMETERS_URL: http://EXPORT_HOST_PLACE_HOLDER:7770 + hostname: edgex-app-http-export + image: nexus3.edgexfoundry.org:10004/app-service-configurable-arm64:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59704 + published: "59704" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + app-mqtt-export: + command: + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-app-mqtt-export + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + core-metadata: + condition: service_started + required: true + keeper: + condition: service_started + required: true + environment: + EDGEX_PROFILE: mqtt-export + EDGEX_SECURITY_SECRET_STORE: "false" + SERVICE_HOST: edgex-app-mqtt-export + WRITABLE_LOGLEVEL: INFO + WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_BROKERADDRESS: MQTT_BROKER_ADDRESS_PLACE_HOLDER + WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_TOPIC: edgex-events + hostname: edgex-app-mqtt-export + image: nexus3.edgexfoundry.org:10004/app-service-configurable-arm64:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59703 + published: "59703" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + app-rules-engine: + command: + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-app-rules-engine + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + core-metadata: + condition: service_started + required: true + keeper: + condition: service_started + required: true + environment: + EDGEX_PROFILE: rules-engine + EDGEX_SECURITY_SECRET_STORE: "false" + SERVICE_HOST: edgex-app-rules-engine + hostname: edgex-app-rules-engine + image: nexus3.edgexfoundry.org:10004/app-service-configurable-arm64:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59701 + published: "59701" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + app-sample: + command: + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-app-sample + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + core-metadata: + condition: service_started + required: true + keeper: + condition: service_started + required: true + environment: + CLIENTS_CORE_COMMAND_HOST: edgex-core-command + CLIENTS_CORE_DATA_HOST: edgex-core-data + CLIENTS_SUPPORT-NOTIFICATIONS_HOST: edgex-support-notifications + EDGEX_PROFILE: sample + EDGEX_SECURITY_SECRET_STORE: "false" + SERVICE_HOST: edgex-app-sample + hostname: edgex-app-sample + image: nexus3.edgexfoundry.org:10004/app-service-configurable-arm64:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59700 + published: "59700" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + app-scalability-test-mqtt-export: + command: + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-app-scalability-test-mqtt-export + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + core-metadata: + condition: service_started + required: true + keeper: + condition: service_started + required: true + environment: + EDGEX_PROFILE: mqtt-export + EDGEX_SECURITY_SECRET_STORE: "false" + EDGEX_SERVICE_KEY: app-scalability-test-mqtt-export + MESSAGEBUS_OPTIONAL_CLIENTID: app-scalability-test-mqtt-export + SERVICE_HOST: edgex-app-scalability-test-mqtt-export + WRITABLE_LOGLEVEL: DEBUG + WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_BROKERADDRESS: MQTT_BROKER_ADDRESS_PLACE_HOLDER + WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_CLIENTID: app-scalability-test-mqtt-export + WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_TOPIC: edgex-events + hostname: edgex-app-scalability-test-mqtt-export + image: nexus3.edgexfoundry.org:10004/app-service-configurable-arm64:latest + networks: + edgex-network: null + ports: + - mode: ingress + target: 59703 + published: "59710" + protocol: tcp + read_only: true + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + core-command: + command: + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-core-command + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + core-metadata: + condition: service_started + required: true + database: + condition: service_started + required: true + keeper: + condition: service_started + required: true + environment: + EDGEX_SECURITY_SECRET_STORE: "false" + EXTERNALMQTT_URL: tcp://edgex-mqtt-broker:1883 + SERVICE_HOST: edgex-core-command + hostname: edgex-core-command + image: nexus3.edgexfoundry.org:10004/core-command-arm64:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59882 + published: "59882" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + core-common-config-bootstrapper: + command: + - /core-common-config-bootstrapper + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-core-common-config-bootstrapper + depends_on: + keeper: + condition: service_started + required: true + environment: + ALL_SERVICES_DATABASE_HOST: edgex-redis + ALL_SERVICES_MESSAGEBUS_HOST: edgex-redis + ALL_SERVICES_REGISTRY_HOST: edgex-core-keeper + ALL_SERVICES_REGISTRY_PORT: "59890" + ALL_SERVICES_REGISTRY_TYPE: keeper + APP_SERVICES_CLIENTS_CORE_METADATA_HOST: edgex-core-metadata + DEVICE_SERVICES_CLIENTS_CORE_METADATA_HOST: edgex-core-metadata + EDGEX_SECURITY_SECRET_STORE: "false" + hostname: edgex-core-common-config-bootstrapper + image: nexus3.edgexfoundry.org:10004/core-common-config-bootstrapper-arm64:latest + networks: + edgex-network: null + read_only: true + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + core-data: + command: + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-core-data + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + database: + condition: service_started + required: true + keeper: + condition: service_started + required: true + environment: + EDGEX_SECURITY_SECRET_STORE: "false" + SERVICE_HOST: edgex-core-data + hostname: edgex-core-data + image: nexus3.edgexfoundry.org:10004/core-data-arm64:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59880 + published: "59880" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + core-metadata: + command: + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-core-metadata + depends_on: + database: + condition: service_started + required: true + keeper: + condition: service_started + required: true + environment: + EDGEX_SECURITY_SECRET_STORE: "false" + SERVICE_HOST: edgex-core-metadata + hostname: edgex-core-metadata + image: nexus3.edgexfoundry.org:10004/core-metadata-arm64:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59881 + published: "59881" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + database: + container_name: edgex-redis + hostname: edgex-redis + image: redis:7.0-alpine + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 6379 + published: "6379" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: root:root + volumes: + - type: volume + source: db-data + target: /data + volume: {} + device-modbus: + command: + - -cp=keeper.http://edgex-core-keeper:59890 + - --registry + - --configDir=CONFIG_DIR_PLACE_HOLDER + container_name: edgex-device-modbus + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + core-data: + condition: service_started + required: true + core-metadata: + condition: service_started + required: true + keeper: + condition: service_started + required: true + modbus-simulator: + condition: service_started + required: true + environment: + EDGEX_SECURITY_SECRET_STORE: "false" + SERVICE_HOST: edgex-device-modbus + hostname: edgex-device-modbus + image: nexus3.edgexfoundry.org:10004/device-modbus-arm64:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59901 + published: "59901" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: bind + source: /PROFILE_VOLUME_PLACE_HOLDER + target: CONFIG_DIR_PLACE_HOLDER + bind: + selinux: z + create_host_path: true + device-onvif-camera: + command: + - -cp=keeper.http://edgex-core-keeper:59890 + - --registry + container_name: edgex-device-onvif-camera + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + core-data: + condition: service_started + required: true + core-metadata: + condition: service_started + required: true + keeper: + condition: service_started + required: true + environment: + EDGEX_SECURITY_SECRET_STORE: "false" + SERVICE_HOST: edgex-device-onvif-camera + hostname: edgex-device-onvif-camera + image: nexus3.edgexfoundry.org:10004/device-onvif-camera-arm64:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59984 + published: "59984" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + device-rest: + command: + - -cp=keeper.http://edgex-core-keeper:59890 + - --registry + container_name: edgex-device-rest + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + core-data: + condition: service_started + required: true + core-metadata: + condition: service_started + required: true + keeper: + condition: service_started + required: true + environment: + EDGEX_SECURITY_SECRET_STORE: "false" + SERVICE_HOST: edgex-device-rest + hostname: edgex-device-rest + image: nexus3.edgexfoundry.org:10004/device-rest-arm64:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59986 + published: "59986" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + device-virtual: + command: + - -cp=keeper.http://edgex-core-keeper:59890 + - --registry + - --configDir=CONFIG_DIR_PLACE_HOLDER + container_name: edgex-device-virtual + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + core-data: + condition: service_started + required: true + core-metadata: + condition: service_started + required: true + keeper: + condition: service_started + required: true + environment: + EDGEX_SECURITY_SECRET_STORE: "false" + SERVICE_HOST: edgex-device-virtual + hostname: edgex-device-virtual + image: nexus3.edgexfoundry.org:10004/device-virtual-arm64:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59900 + published: "59900" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: bind + source: /PROFILE_VOLUME_PLACE_HOLDER + target: CONFIG_DIR_PLACE_HOLDER + bind: + selinux: z + create_host_path: true + keeper: + container_name: edgex-core-keeper + environment: + DATABASE_HOST: edgex-redis + EDGEX_SECURITY_SECRET_STORE: "false" + MESSAGEBUS_HOST: edgex-redis + SERVICE_HOST: edgex-core-keeper + hostname: edgex-core-keeper + image: nexus3.edgexfoundry.org:10004/core-keeper-arm64:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59890 + published: "59890" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + modbus-simulator: + container_name: edgex-modbus-simulator + hostname: edgex-modbus-simulator + image: nexus3.edgexfoundry.org:10003/edgex-devops/edgex-modbus-simulator-arm64:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 1502 + published: "1502" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + mqtt-broker: + command: + - /usr/sbin/mosquitto + - -c + - /mosquitto-no-auth.conf + container_name: edgex-mqtt-broker + hostname: edgex-mqtt-broker + image: eclipse-mosquitto:2.0 + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 1883 + published: "1883" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + mqtt-taf-broker: + command: + - /usr/sbin/mosquitto + - -c + - /mosquitto-no-auth.conf + container_name: edgex-taf-mqtt-broker + hostname: edgex-taf-mqtt-broker + image: eclipse-mosquitto:2.0 + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 1883 + published: "1884" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + rules-engine: + container_name: edgex-kuiper + depends_on: + database: + condition: service_started + required: true + environment: + CONNECTION__EDGEX__REDISMSGBUS__PORT: "6379" + CONNECTION__EDGEX__REDISMSGBUS__PROTOCOL: redis + CONNECTION__EDGEX__REDISMSGBUS__SERVER: edgex-redis + CONNECTION__EDGEX__REDISMSGBUS__TYPE: redis + EDGEX__DEFAULT__PORT: "6379" + EDGEX__DEFAULT__PROTOCOL: redis + EDGEX__DEFAULT__SERVER: edgex-redis + EDGEX__DEFAULT__TOPIC: edgex/rules-events + EDGEX__DEFAULT__TYPE: redis + KUIPER__BASIC__CONSOLELOG: "true" + KUIPER__BASIC__ENABLEOPENZITI: "false" + KUIPER__BASIC__RESTPORT: "59720" + hostname: edgex-kuiper + image: lfedge/ekuiper:v1.14.0-alpha.2 + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59720 + published: "59720" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: kuiper:kuiper + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: kuiper-data + target: /kuiper/data + volume: {} + - type: volume + source: kuiper-etc + target: /kuiper/etc + volume: {} + - type: volume + source: kuiper-log + target: /kuiper/log + volume: {} + - type: volume + source: kuiper-plugins + target: /kuiper/plugins + volume: {} + support-notifications: + command: + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-support-notifications + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + database: + condition: service_started + required: true + keeper: + condition: service_started + required: true + environment: + EDGEX_SECURITY_SECRET_STORE: "false" + SERVICE_HOST: edgex-support-notifications + hostname: edgex-support-notifications + image: nexus3.edgexfoundry.org:10004/support-notifications-arm64:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59860 + published: "59860" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + support-scheduler: + command: + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-support-scheduler + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + database: + condition: service_started + required: true + keeper: + condition: service_started + required: true + environment: + EDGEX_SECURITY_SECRET_STORE: "false" + INTERVALACTIONS_SCRUBAGED_HOST: edgex-core-data + INTERVALACTIONS_SCRUBPUSHED_HOST: edgex-core-data + SERVICE_HOST: edgex-support-scheduler + hostname: edgex-support-scheduler + image: nexus3.edgexfoundry.org:10004/support-scheduler-arm64:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59861 + published: "59861" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + ui: + container_name: edgex-ui-go + environment: + EDGEX_SECURITY_SECRET_STORE: "false" + SERVICE_HOST: edgex-ui-go + hostname: edgex-ui-go + image: nexus3.edgexfoundry.org:10004/edgex-ui-arm64:latest + networks: + edgex-network: null + ports: + - mode: ingress + target: 4000 + published: "4000" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true +networks: + edgex-network: + name: edgex_edgex-network + driver: bridge +volumes: + db-data: + name: edgex_db-data + kuiper-data: + name: edgex_kuiper-data + kuiper-etc: + name: edgex_kuiper-etc + kuiper-log: + name: edgex_kuiper-log + kuiper-plugins: + name: edgex_kuiper-plugins diff --git a/taf/docker-compose-taf-no-secty-keeper.yml b/taf/docker-compose-taf-no-secty-keeper.yml new file mode 100644 index 00000000..552a1063 --- /dev/null +++ b/taf/docker-compose-taf-no-secty-keeper.yml @@ -0,0 +1,977 @@ +# * Copyright 2024 Intel Corporation. +# * +# * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except +# * in compliance with the License. You may obtain a copy of the License at +# * +# * http://www.apache.org/licenses/LICENSE-2.0 +# * +# * Unless required by applicable law or agreed to in writing, software distributed under the License +# * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express +# * or implied. See the License for the specific language governing permissions and limitations under +# * the License. +# * +# * EdgeX Foundry, Odessa WIP release +# *******************************************************************************/ +# +# +# +# ************************ This is a generated compose file **************************** +# +# DO NOT MAKE CHANGES that are intended to be permanent to EdgeX edgex-compose repo. +# +# Permanent changes can be made to the source compose files located in the compose-builder folder +# at the top level of the edgex-compose repo. +# +# From the compose-builder folder use `make build` to regenerate all standard compose files variations +# +# Generated with: Docker Compose version v2.25.0 +name: edgex +services: + app-external-mqtt-trigger: + command: + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-app-external-mqtt-trigger + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + core-data: + condition: service_started + required: true + core-metadata: + condition: service_started + required: true + keeper: + condition: service_started + required: true + environment: + EDGEX_PROFILE: external-mqtt-trigger + EDGEX_SECURITY_SECRET_STORE: "false" + SERVICE_HOST: edgex-app-external-mqtt-trigger + TRIGGER_EXTERNALMQTT_URL: MQTT_BROKER_ADDRESS_PLACE_HOLDER + WRITABLE_LOGLEVEL: INFO + WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_BROKERADDRESS: MQTT_BROKER_ADDRESS_PLACE_HOLDER + WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_TOPIC: edgex-export + hostname: edgex-app-external-mqtt-trigger + image: nexus3.edgexfoundry.org:10004/app-service-configurable:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59706 + published: "59706" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + app-functional-tests: + command: + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-app-functional-tests + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + core-metadata: + condition: service_started + required: true + keeper: + condition: service_started + required: true + environment: + EDGEX_PROFILE: functional-tests + EDGEX_SECURITY_SECRET_STORE: "false" + SERVICE_HOST: edgex-app-functional-tests + hostname: edgex-app-functional-tests + image: nexus3.edgexfoundry.org:10004/app-service-configurable:latest + networks: + edgex-network: null + ports: + - mode: ingress + target: 59705 + published: "59705" + protocol: tcp + read_only: true + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + app-http-export: + command: + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-app-http-export + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + core-data: + condition: service_started + required: true + core-metadata: + condition: service_started + required: true + keeper: + condition: service_started + required: true + environment: + EDGEX_PROFILE: http-export + EDGEX_SECURITY_SECRET_STORE: "false" + SERVICE_HOST: edgex-app-http-export + WRITABLE_LOGLEVEL: INFO + WRITABLE_PIPELINE_FUNCTIONS_HTTPEXPORT_PARAMETERS_URL: http://EXPORT_HOST_PLACE_HOLDER:7770 + hostname: edgex-app-http-export + image: nexus3.edgexfoundry.org:10004/app-service-configurable:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59704 + published: "59704" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + app-mqtt-export: + command: + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-app-mqtt-export + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + core-metadata: + condition: service_started + required: true + keeper: + condition: service_started + required: true + environment: + EDGEX_PROFILE: mqtt-export + EDGEX_SECURITY_SECRET_STORE: "false" + SERVICE_HOST: edgex-app-mqtt-export + WRITABLE_LOGLEVEL: INFO + WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_BROKERADDRESS: MQTT_BROKER_ADDRESS_PLACE_HOLDER + WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_TOPIC: edgex-events + hostname: edgex-app-mqtt-export + image: nexus3.edgexfoundry.org:10004/app-service-configurable:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59703 + published: "59703" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + app-rules-engine: + command: + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-app-rules-engine + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + core-metadata: + condition: service_started + required: true + keeper: + condition: service_started + required: true + environment: + EDGEX_PROFILE: rules-engine + EDGEX_SECURITY_SECRET_STORE: "false" + SERVICE_HOST: edgex-app-rules-engine + hostname: edgex-app-rules-engine + image: nexus3.edgexfoundry.org:10004/app-service-configurable:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59701 + published: "59701" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + app-sample: + command: + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-app-sample + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + core-metadata: + condition: service_started + required: true + keeper: + condition: service_started + required: true + environment: + CLIENTS_CORE_COMMAND_HOST: edgex-core-command + CLIENTS_CORE_DATA_HOST: edgex-core-data + CLIENTS_SUPPORT-NOTIFICATIONS_HOST: edgex-support-notifications + EDGEX_PROFILE: sample + EDGEX_SECURITY_SECRET_STORE: "false" + SERVICE_HOST: edgex-app-sample + hostname: edgex-app-sample + image: nexus3.edgexfoundry.org:10004/app-service-configurable:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59700 + published: "59700" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + app-scalability-test-mqtt-export: + command: + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-app-scalability-test-mqtt-export + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + core-metadata: + condition: service_started + required: true + keeper: + condition: service_started + required: true + environment: + EDGEX_PROFILE: mqtt-export + EDGEX_SECURITY_SECRET_STORE: "false" + EDGEX_SERVICE_KEY: app-scalability-test-mqtt-export + MESSAGEBUS_OPTIONAL_CLIENTID: app-scalability-test-mqtt-export + SERVICE_HOST: edgex-app-scalability-test-mqtt-export + WRITABLE_LOGLEVEL: DEBUG + WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_BROKERADDRESS: MQTT_BROKER_ADDRESS_PLACE_HOLDER + WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_CLIENTID: app-scalability-test-mqtt-export + WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_TOPIC: edgex-events + hostname: edgex-app-scalability-test-mqtt-export + image: nexus3.edgexfoundry.org:10004/app-service-configurable:latest + networks: + edgex-network: null + ports: + - mode: ingress + target: 59703 + published: "59710" + protocol: tcp + read_only: true + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + core-command: + command: + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-core-command + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + core-metadata: + condition: service_started + required: true + database: + condition: service_started + required: true + keeper: + condition: service_started + required: true + environment: + EDGEX_SECURITY_SECRET_STORE: "false" + EXTERNALMQTT_URL: tcp://edgex-mqtt-broker:1883 + SERVICE_HOST: edgex-core-command + hostname: edgex-core-command + image: nexus3.edgexfoundry.org:10004/core-command:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59882 + published: "59882" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + core-common-config-bootstrapper: + command: + - /core-common-config-bootstrapper + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-core-common-config-bootstrapper + depends_on: + keeper: + condition: service_started + required: true + environment: + ALL_SERVICES_DATABASE_HOST: edgex-redis + ALL_SERVICES_MESSAGEBUS_HOST: edgex-redis + ALL_SERVICES_REGISTRY_HOST: edgex-core-keeper + ALL_SERVICES_REGISTRY_PORT: "59890" + ALL_SERVICES_REGISTRY_TYPE: keeper + APP_SERVICES_CLIENTS_CORE_METADATA_HOST: edgex-core-metadata + DEVICE_SERVICES_CLIENTS_CORE_METADATA_HOST: edgex-core-metadata + EDGEX_SECURITY_SECRET_STORE: "false" + hostname: edgex-core-common-config-bootstrapper + image: nexus3.edgexfoundry.org:10004/core-common-config-bootstrapper:latest + networks: + edgex-network: null + read_only: true + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + core-data: + command: + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-core-data + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + database: + condition: service_started + required: true + keeper: + condition: service_started + required: true + environment: + EDGEX_SECURITY_SECRET_STORE: "false" + SERVICE_HOST: edgex-core-data + hostname: edgex-core-data + image: nexus3.edgexfoundry.org:10004/core-data:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59880 + published: "59880" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + core-metadata: + command: + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-core-metadata + depends_on: + database: + condition: service_started + required: true + keeper: + condition: service_started + required: true + environment: + EDGEX_SECURITY_SECRET_STORE: "false" + SERVICE_HOST: edgex-core-metadata + hostname: edgex-core-metadata + image: nexus3.edgexfoundry.org:10004/core-metadata:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59881 + published: "59881" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + database: + container_name: edgex-redis + hostname: edgex-redis + image: redis:7.0-alpine + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 6379 + published: "6379" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: root:root + volumes: + - type: volume + source: db-data + target: /data + volume: {} + device-modbus: + command: + - -cp=keeper.http://edgex-core-keeper:59890 + - --registry + - --configDir=CONFIG_DIR_PLACE_HOLDER + container_name: edgex-device-modbus + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + core-data: + condition: service_started + required: true + core-metadata: + condition: service_started + required: true + keeper: + condition: service_started + required: true + modbus-simulator: + condition: service_started + required: true + environment: + EDGEX_SECURITY_SECRET_STORE: "false" + SERVICE_HOST: edgex-device-modbus + hostname: edgex-device-modbus + image: nexus3.edgexfoundry.org:10004/device-modbus:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59901 + published: "59901" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: bind + source: /PROFILE_VOLUME_PLACE_HOLDER + target: CONFIG_DIR_PLACE_HOLDER + bind: + selinux: z + create_host_path: true + device-onvif-camera: + command: + - -cp=keeper.http://edgex-core-keeper:59890 + - --registry + container_name: edgex-device-onvif-camera + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + core-data: + condition: service_started + required: true + core-metadata: + condition: service_started + required: true + keeper: + condition: service_started + required: true + environment: + EDGEX_SECURITY_SECRET_STORE: "false" + SERVICE_HOST: edgex-device-onvif-camera + hostname: edgex-device-onvif-camera + image: nexus3.edgexfoundry.org:10004/device-onvif-camera:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59984 + published: "59984" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + device-rest: + command: + - -cp=keeper.http://edgex-core-keeper:59890 + - --registry + container_name: edgex-device-rest + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + core-data: + condition: service_started + required: true + core-metadata: + condition: service_started + required: true + keeper: + condition: service_started + required: true + environment: + EDGEX_SECURITY_SECRET_STORE: "false" + SERVICE_HOST: edgex-device-rest + hostname: edgex-device-rest + image: nexus3.edgexfoundry.org:10004/device-rest:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59986 + published: "59986" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + device-virtual: + command: + - -cp=keeper.http://edgex-core-keeper:59890 + - --registry + - --configDir=CONFIG_DIR_PLACE_HOLDER + container_name: edgex-device-virtual + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + core-data: + condition: service_started + required: true + core-metadata: + condition: service_started + required: true + keeper: + condition: service_started + required: true + environment: + EDGEX_SECURITY_SECRET_STORE: "false" + SERVICE_HOST: edgex-device-virtual + hostname: edgex-device-virtual + image: nexus3.edgexfoundry.org:10004/device-virtual:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59900 + published: "59900" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: bind + source: /PROFILE_VOLUME_PLACE_HOLDER + target: CONFIG_DIR_PLACE_HOLDER + bind: + selinux: z + create_host_path: true + keeper: + container_name: edgex-core-keeper + environment: + DATABASE_HOST: edgex-redis + EDGEX_SECURITY_SECRET_STORE: "false" + MESSAGEBUS_HOST: edgex-redis + SERVICE_HOST: edgex-core-keeper + hostname: edgex-core-keeper + image: nexus3.edgexfoundry.org:10004/core-keeper:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59890 + published: "59890" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + modbus-simulator: + container_name: edgex-modbus-simulator + hostname: edgex-modbus-simulator + image: nexus3.edgexfoundry.org:10003/edgex-devops/edgex-modbus-simulator:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 1502 + published: "1502" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + mqtt-broker: + command: + - /usr/sbin/mosquitto + - -c + - /mosquitto-no-auth.conf + container_name: edgex-mqtt-broker + hostname: edgex-mqtt-broker + image: eclipse-mosquitto:2.0 + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 1883 + published: "1883" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + mqtt-taf-broker: + command: + - /usr/sbin/mosquitto + - -c + - /mosquitto-no-auth.conf + container_name: edgex-taf-mqtt-broker + hostname: edgex-taf-mqtt-broker + image: eclipse-mosquitto:2.0 + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 1883 + published: "1884" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + rules-engine: + container_name: edgex-kuiper + depends_on: + database: + condition: service_started + required: true + environment: + CONNECTION__EDGEX__REDISMSGBUS__PORT: "6379" + CONNECTION__EDGEX__REDISMSGBUS__PROTOCOL: redis + CONNECTION__EDGEX__REDISMSGBUS__SERVER: edgex-redis + CONNECTION__EDGEX__REDISMSGBUS__TYPE: redis + EDGEX__DEFAULT__PORT: "6379" + EDGEX__DEFAULT__PROTOCOL: redis + EDGEX__DEFAULT__SERVER: edgex-redis + EDGEX__DEFAULT__TOPIC: edgex/rules-events + EDGEX__DEFAULT__TYPE: redis + KUIPER__BASIC__CONSOLELOG: "true" + KUIPER__BASIC__ENABLEOPENZITI: "false" + KUIPER__BASIC__RESTPORT: "59720" + hostname: edgex-kuiper + image: lfedge/ekuiper:v1.14.0-alpha.2 + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59720 + published: "59720" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: kuiper:kuiper + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: kuiper-data + target: /kuiper/data + volume: {} + - type: volume + source: kuiper-etc + target: /kuiper/etc + volume: {} + - type: volume + source: kuiper-log + target: /kuiper/log + volume: {} + - type: volume + source: kuiper-plugins + target: /kuiper/plugins + volume: {} + support-notifications: + command: + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-support-notifications + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + database: + condition: service_started + required: true + keeper: + condition: service_started + required: true + environment: + EDGEX_SECURITY_SECRET_STORE: "false" + SERVICE_HOST: edgex-support-notifications + hostname: edgex-support-notifications + image: nexus3.edgexfoundry.org:10004/support-notifications:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59860 + published: "59860" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + support-scheduler: + command: + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-support-scheduler + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + database: + condition: service_started + required: true + keeper: + condition: service_started + required: true + environment: + EDGEX_SECURITY_SECRET_STORE: "false" + INTERVALACTIONS_SCRUBAGED_HOST: edgex-core-data + INTERVALACTIONS_SCRUBPUSHED_HOST: edgex-core-data + SERVICE_HOST: edgex-support-scheduler + hostname: edgex-support-scheduler + image: nexus3.edgexfoundry.org:10004/support-scheduler:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59861 + published: "59861" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + ui: + container_name: edgex-ui-go + environment: + EDGEX_SECURITY_SECRET_STORE: "false" + SERVICE_HOST: edgex-ui-go + hostname: edgex-ui-go + image: nexus3.edgexfoundry.org:10004/edgex-ui:latest + networks: + edgex-network: null + ports: + - mode: ingress + target: 4000 + published: "4000" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true +networks: + edgex-network: + name: edgex_edgex-network + driver: bridge +volumes: + db-data: + name: edgex_db-data + kuiper-data: + name: edgex_kuiper-data + kuiper-etc: + name: edgex_kuiper-etc + kuiper-log: + name: edgex_kuiper-log + kuiper-plugins: + name: edgex_kuiper-plugins diff --git a/taf/docker-compose-taf-no-secty-mqtt-bus-arm64.yml b/taf/docker-compose-taf-no-secty-mqtt-bus-arm64.yml index 377f179a..23a7ad78 100644 --- a/taf/docker-compose-taf-no-secty-mqtt-bus-arm64.yml +++ b/taf/docker-compose-taf-no-secty-mqtt-bus-arm64.yml @@ -24,19 +24,27 @@ # # From the compose-builder folder use `make build` to regenerate all standard compose files variations # +# Generated with: Docker Compose version v2.25.0 name: edgex services: app-external-mqtt-trigger: + command: + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-app-external-mqtt-trigger depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-data: condition: service_started + required: true core-metadata: condition: service_started + required: true environment: EDGEX_PROFILE: external-mqtt-trigger EDGEX_SECURITY_SECRET_STORE: "false" @@ -50,32 +58,38 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59706 - published: "59706" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59706 + published: "59706" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true app-functional-tests: + command: + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-app-functional-tests depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-metadata: condition: service_started + required: true environment: EDGEX_PROFILE: functional-tests EDGEX_SECURITY_SECRET_STORE: "false" @@ -85,32 +99,39 @@ services: networks: edgex-network: null ports: - - mode: ingress - target: 59705 - published: "59705" - protocol: tcp + - mode: ingress + target: 59705 + published: "59705" + protocol: tcp read_only: true security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true app-http-export: + command: + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-app-http-export depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-data: condition: service_started + required: true core-metadata: condition: service_started + required: true environment: EDGEX_PROFILE: http-export EDGEX_SECURITY_SECRET_STORE: "false" @@ -122,32 +143,38 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59704 - published: "59704" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59704 + published: "59704" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true app-mqtt-export: + command: + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-app-mqtt-export depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-metadata: condition: service_started + required: true environment: EDGEX_PROFILE: mqtt-export EDGEX_SECURITY_SECRET_STORE: "false" @@ -160,32 +187,38 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59703 - published: "59703" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59703 + published: "59703" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true app-rules-engine: + command: + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-app-rules-engine depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-metadata: condition: service_started + required: true environment: EDGEX_PROFILE: rules-engine EDGEX_SECURITY_SECRET_STORE: "false" @@ -195,32 +228,38 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59701 - published: "59701" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59701 + published: "59701" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true app-sample: + command: + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-app-sample depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-metadata: condition: service_started + required: true environment: CLIENTS_CORE_COMMAND_HOST: edgex-core-command CLIENTS_CORE_DATA_HOST: edgex-core-data @@ -233,32 +272,38 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59700 - published: "59700" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59700 + published: "59700" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true app-scalability-test-mqtt-export: + command: + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-app-scalability-test-mqtt-export depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-metadata: condition: service_started + required: true environment: EDGEX_PROFILE: mqtt-export EDGEX_SECURITY_SECRET_STORE: "false" @@ -274,65 +319,72 @@ services: networks: edgex-network: null ports: - - mode: ingress - target: 59703 - published: "59710" - protocol: tcp + - mode: ingress + target: 59703 + published: "59710" + protocol: tcp read_only: true security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true consul: command: - - agent - - -ui - - -bootstrap - - -server - - -client - - 0.0.0.0 + - agent + - -ui + - -bootstrap + - -server + - -client + - 0.0.0.0 container_name: edgex-core-consul hostname: edgex-core-consul image: hashicorp/consul:1.16 networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 8500 - published: "8500" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 8500 + published: "8500" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: root:root volumes: - - type: volume - source: consul-config - target: /consul/config - volume: {} - - type: volume - source: consul-data - target: /consul/data - volume: {} + - type: volume + source: consul-config + target: /consul/config + volume: {} + - type: volume + source: consul-data + target: /consul/data + volume: {} core-command: + command: + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-core-command depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-metadata: condition: service_started + required: true database: condition: service_started + required: true environment: EDGEX_SECURITY_SECRET_STORE: "false" EXTERNALMQTT_URL: tcp://edgex-mqtt-broker:1883 @@ -342,28 +394,33 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59882 - published: "59882" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59882 + published: "59882" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true core-common-config-bootstrapper: + command: + - /core-common-config-bootstrapper + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-core-common-config-bootstrapper depends_on: consul: condition: service_started + required: true environment: ALL_SERVICES_DATABASE_HOST: edgex-redis ALL_SERVICES_MESSAGEBUS_AUTHMODE: none @@ -372,6 +429,8 @@ services: ALL_SERVICES_MESSAGEBUS_PROTOCOL: tcp ALL_SERVICES_MESSAGEBUS_TYPE: mqtt ALL_SERVICES_REGISTRY_HOST: edgex-core-consul + ALL_SERVICES_REGISTRY_PORT: "8500" + ALL_SERVICES_REGISTRY_TYPE: consul APP_SERVICES_CLIENTS_CORE_METADATA_HOST: edgex-core-metadata DEVICE_SERVICES_CLIENTS_CORE_METADATA_HOST: edgex-core-metadata EDGEX_SECURITY_SECRET_STORE: "false" @@ -381,24 +440,30 @@ services: edgex-network: null read_only: true security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true core-data: + command: + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-core-data depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true database: condition: service_started + required: true environment: EDGEX_SECURITY_SECRET_STORE: "false" SERVICE_HOST: edgex-core-data @@ -407,30 +472,35 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59880 - published: "59880" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59880 + published: "59880" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true core-metadata: + command: + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-core-metadata depends_on: consul: condition: service_started + required: true database: condition: service_started + required: true environment: EDGEX_SECURITY_SECRET_STORE: "false" SERVICE_HOST: edgex-core-metadata @@ -439,23 +509,23 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59881 - published: "59881" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59881 + published: "59881" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true database: container_name: edgex-redis hostname: edgex-redis @@ -463,38 +533,43 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 6379 - published: "6379" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 6379 + published: "6379" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: root:root volumes: - - type: volume - source: db-data - target: /data - volume: {} + - type: volume + source: db-data + target: /data + volume: {} device-modbus: command: - - -cp=consul.http://edgex-core-consul:8500 - - --registry - - --configDir=CONFIG_DIR_PLACE_HOLDER + - -cp=consul.http://edgex-core-consul:8500 + - --registry + - --configDir=CONFIG_DIR_PLACE_HOLDER container_name: edgex-device-modbus depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-data: condition: service_started + required: true core-metadata: condition: service_started + required: true modbus-simulator: condition: service_started + required: true environment: EDGEX_SECURITY_SECRET_STORE: "false" SERVICE_HOST: edgex-device-modbus @@ -503,40 +578,47 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59901 - published: "59901" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59901 + published: "59901" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /PROFILE_VOLUME_PLACE_HOLDER - target: CONFIG_DIR_PLACE_HOLDER - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: bind + source: /PROFILE_VOLUME_PLACE_HOLDER + target: CONFIG_DIR_PLACE_HOLDER + bind: + selinux: z + create_host_path: true device-onvif-camera: + command: + - -cp=consul.http://edgex-core-consul:8500 + - --registry container_name: edgex-device-onvif-camera depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-data: condition: service_started + required: true core-metadata: condition: service_started + required: true environment: EDGEX_SECURITY_SECRET_STORE: "false" SERVICE_HOST: edgex-device-onvif-camera @@ -545,34 +627,41 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59984 - published: "59984" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59984 + published: "59984" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true device-rest: + command: + - -cp=consul.http://edgex-core-consul:8500 + - --registry container_name: edgex-device-rest depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-data: condition: service_started + required: true core-metadata: condition: service_started + required: true environment: EDGEX_SECURITY_SECRET_STORE: "false" SERVICE_HOST: edgex-device-rest @@ -581,38 +670,42 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59986 - published: "59986" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59986 + published: "59986" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true device-virtual: command: - - -cp=consul.http://edgex-core-consul:8500 - - --registry - - --configDir=CONFIG_DIR_PLACE_HOLDER + - -cp=consul.http://edgex-core-consul:8500 + - --registry + - --configDir=CONFIG_DIR_PLACE_HOLDER container_name: edgex-device-virtual depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-data: condition: service_started + required: true core-metadata: condition: service_started + required: true environment: EDGEX_SECURITY_SECRET_STORE: "false" SERVICE_HOST: edgex-device-virtual @@ -621,29 +714,29 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59900 - published: "59900" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59900 + published: "59900" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /PROFILE_VOLUME_PLACE_HOLDER - target: CONFIG_DIR_PLACE_HOLDER - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: bind + source: /PROFILE_VOLUME_PLACE_HOLDER + target: CONFIG_DIR_PLACE_HOLDER + bind: + selinux: z + create_host_path: true modbus-simulator: container_name: edgex-modbus-simulator hostname: edgex-modbus-simulator @@ -651,73 +744,75 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 1502 - published: "1502" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 1502 + published: "1502" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true mqtt-broker: command: - - /usr/sbin/mosquitto - - -v - - -c - - /mosquitto-no-auth.conf + - /usr/sbin/mosquitto + - -v + - -c + - /mosquitto-no-auth.conf container_name: edgex-mqtt-broker hostname: edgex-mqtt-broker image: eclipse-mosquitto:2.0 networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 1883 - published: "1883" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 1883 + published: "1883" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 mqtt-taf-broker: command: - - /usr/sbin/mosquitto - - -c - - /mosquitto-no-auth.conf + - /usr/sbin/mosquitto + - -c + - /mosquitto-no-auth.conf container_name: edgex-taf-mqtt-broker hostname: edgex-taf-mqtt-broker image: eclipse-mosquitto:2.0 networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 1883 - published: "1884" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 1883 + published: "1884" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 rules-engine: container_name: edgex-kuiper depends_on: database: condition: service_started + required: true mqtt-broker: condition: service_started + required: true environment: CONNECTION__EDGEX__MQTTMSGBUS__OPTIONAL__CLIENTID: kuiper-rules-engine CONNECTION__EDGEX__MQTTMSGBUS__OPTIONAL__KEEPALIVE: "500" @@ -737,54 +832,61 @@ services: EDGEX__DEFAULT__TOPIC: edgex/rules-events EDGEX__DEFAULT__TYPE: mqtt KUIPER__BASIC__CONSOLELOG: "true" + KUIPER__BASIC__ENABLEOPENZITI: "false" KUIPER__BASIC__RESTPORT: "59720" hostname: edgex-kuiper - image: lfedge/ekuiper:1.12-alpine + image: lfedge/ekuiper:v1.14.0-alpha.2 networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59720 - published: "59720" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59720 + published: "59720" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: kuiper:kuiper volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: volume - source: kuiper-data - target: /kuiper/data - volume: {} - - type: volume - source: kuiper-etc - target: /kuiper/etc - volume: {} - - type: volume - source: kuiper-log - target: /kuiper/log - volume: {} - - type: volume - source: kuiper-plugins - target: /kuiper/plugins - volume: {} + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: kuiper-data + target: /kuiper/data + volume: {} + - type: volume + source: kuiper-etc + target: /kuiper/etc + volume: {} + - type: volume + source: kuiper-log + target: /kuiper/log + volume: {} + - type: volume + source: kuiper-plugins + target: /kuiper/plugins + volume: {} support-notifications: + command: + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-support-notifications depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true database: condition: service_started + required: true environment: EDGEX_SECURITY_SECRET_STORE: "false" SERVICE_HOST: edgex-support-notifications @@ -793,32 +895,38 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59860 - published: "59860" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59860 + published: "59860" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true support-scheduler: + command: + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-support-scheduler depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true database: condition: service_started + required: true environment: EDGEX_SECURITY_SECRET_STORE: "false" INTERVALACTIONS_SCRUBAGED_HOST: edgex-core-data @@ -829,23 +937,23 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59861 - published: "59861" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59861 + published: "59861" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true ui: container_name: edgex-ui-go environment: @@ -856,22 +964,22 @@ services: networks: edgex-network: null ports: - - mode: ingress - target: 4000 - published: "4000" - protocol: tcp + - mode: ingress + target: 4000 + published: "4000" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true networks: edgex-network: name: edgex_edgex-network diff --git a/taf/docker-compose-taf-no-secty-mqtt-bus-keeper-arm64.yml b/taf/docker-compose-taf-no-secty-mqtt-bus-keeper-arm64.yml new file mode 100644 index 00000000..d5397acf --- /dev/null +++ b/taf/docker-compose-taf-no-secty-mqtt-bus-keeper-arm64.yml @@ -0,0 +1,993 @@ +# * Copyright 2024 Intel Corporation. +# * +# * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except +# * in compliance with the License. You may obtain a copy of the License at +# * +# * http://www.apache.org/licenses/LICENSE-2.0 +# * +# * Unless required by applicable law or agreed to in writing, software distributed under the License +# * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express +# * or implied. See the License for the specific language governing permissions and limitations under +# * the License. +# * +# * EdgeX Foundry, Odessa WIP release +# *******************************************************************************/ +# +# +# +# ************************ This is a generated compose file **************************** +# +# DO NOT MAKE CHANGES that are intended to be permanent to EdgeX edgex-compose repo. +# +# Permanent changes can be made to the source compose files located in the compose-builder folder +# at the top level of the edgex-compose repo. +# +# From the compose-builder folder use `make build` to regenerate all standard compose files variations +# +# Generated with: Docker Compose version v2.25.0 +name: edgex +services: + app-external-mqtt-trigger: + command: + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-app-external-mqtt-trigger + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + core-data: + condition: service_started + required: true + core-metadata: + condition: service_started + required: true + keeper: + condition: service_started + required: true + environment: + EDGEX_PROFILE: external-mqtt-trigger + EDGEX_SECURITY_SECRET_STORE: "false" + SERVICE_HOST: edgex-app-external-mqtt-trigger + TRIGGER_EXTERNALMQTT_URL: MQTT_BROKER_ADDRESS_PLACE_HOLDER + WRITABLE_LOGLEVEL: INFO + WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_BROKERADDRESS: MQTT_BROKER_ADDRESS_PLACE_HOLDER + WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_TOPIC: edgex-export + hostname: edgex-app-external-mqtt-trigger + image: nexus3.edgexfoundry.org:10004/app-service-configurable-arm64:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59706 + published: "59706" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + app-functional-tests: + command: + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-app-functional-tests + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + core-metadata: + condition: service_started + required: true + keeper: + condition: service_started + required: true + environment: + EDGEX_PROFILE: functional-tests + EDGEX_SECURITY_SECRET_STORE: "false" + SERVICE_HOST: edgex-app-functional-tests + hostname: edgex-app-functional-tests + image: nexus3.edgexfoundry.org:10004/app-service-configurable-arm64:latest + networks: + edgex-network: null + ports: + - mode: ingress + target: 59705 + published: "59705" + protocol: tcp + read_only: true + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + app-http-export: + command: + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-app-http-export + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + core-data: + condition: service_started + required: true + core-metadata: + condition: service_started + required: true + keeper: + condition: service_started + required: true + environment: + EDGEX_PROFILE: http-export + EDGEX_SECURITY_SECRET_STORE: "false" + SERVICE_HOST: edgex-app-http-export + WRITABLE_LOGLEVEL: INFO + WRITABLE_PIPELINE_FUNCTIONS_HTTPEXPORT_PARAMETERS_URL: http://EXPORT_HOST_PLACE_HOLDER:7770 + hostname: edgex-app-http-export + image: nexus3.edgexfoundry.org:10004/app-service-configurable-arm64:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59704 + published: "59704" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + app-mqtt-export: + command: + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-app-mqtt-export + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + core-metadata: + condition: service_started + required: true + keeper: + condition: service_started + required: true + environment: + EDGEX_PROFILE: mqtt-export + EDGEX_SECURITY_SECRET_STORE: "false" + SERVICE_HOST: edgex-app-mqtt-export + WRITABLE_LOGLEVEL: INFO + WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_BROKERADDRESS: MQTT_BROKER_ADDRESS_PLACE_HOLDER + WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_TOPIC: edgex-events + hostname: edgex-app-mqtt-export + image: nexus3.edgexfoundry.org:10004/app-service-configurable-arm64:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59703 + published: "59703" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + app-rules-engine: + command: + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-app-rules-engine + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + core-metadata: + condition: service_started + required: true + keeper: + condition: service_started + required: true + environment: + EDGEX_PROFILE: rules-engine + EDGEX_SECURITY_SECRET_STORE: "false" + SERVICE_HOST: edgex-app-rules-engine + hostname: edgex-app-rules-engine + image: nexus3.edgexfoundry.org:10004/app-service-configurable-arm64:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59701 + published: "59701" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + app-sample: + command: + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-app-sample + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + core-metadata: + condition: service_started + required: true + keeper: + condition: service_started + required: true + environment: + CLIENTS_CORE_COMMAND_HOST: edgex-core-command + CLIENTS_CORE_DATA_HOST: edgex-core-data + CLIENTS_SUPPORT-NOTIFICATIONS_HOST: edgex-support-notifications + EDGEX_PROFILE: sample + EDGEX_SECURITY_SECRET_STORE: "false" + SERVICE_HOST: edgex-app-sample + hostname: edgex-app-sample + image: nexus3.edgexfoundry.org:10004/app-service-configurable-arm64:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59700 + published: "59700" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + app-scalability-test-mqtt-export: + command: + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-app-scalability-test-mqtt-export + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + core-metadata: + condition: service_started + required: true + keeper: + condition: service_started + required: true + environment: + EDGEX_PROFILE: mqtt-export + EDGEX_SECURITY_SECRET_STORE: "false" + EDGEX_SERVICE_KEY: app-scalability-test-mqtt-export + MESSAGEBUS_OPTIONAL_CLIENTID: app-scalability-test-mqtt-export + SERVICE_HOST: edgex-app-scalability-test-mqtt-export + WRITABLE_LOGLEVEL: DEBUG + WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_BROKERADDRESS: MQTT_BROKER_ADDRESS_PLACE_HOLDER + WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_CLIENTID: app-scalability-test-mqtt-export + WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_TOPIC: edgex-events + hostname: edgex-app-scalability-test-mqtt-export + image: nexus3.edgexfoundry.org:10004/app-service-configurable-arm64:latest + networks: + edgex-network: null + ports: + - mode: ingress + target: 59703 + published: "59710" + protocol: tcp + read_only: true + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + core-command: + command: + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-core-command + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + core-metadata: + condition: service_started + required: true + database: + condition: service_started + required: true + keeper: + condition: service_started + required: true + environment: + EDGEX_SECURITY_SECRET_STORE: "false" + EXTERNALMQTT_URL: tcp://edgex-mqtt-broker:1883 + SERVICE_HOST: edgex-core-command + hostname: edgex-core-command + image: nexus3.edgexfoundry.org:10004/core-command-arm64:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59882 + published: "59882" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + core-common-config-bootstrapper: + command: + - /core-common-config-bootstrapper + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-core-common-config-bootstrapper + depends_on: + keeper: + condition: service_started + required: true + environment: + ALL_SERVICES_DATABASE_HOST: edgex-redis + ALL_SERVICES_MESSAGEBUS_AUTHMODE: none + ALL_SERVICES_MESSAGEBUS_HOST: edgex-mqtt-broker + ALL_SERVICES_MESSAGEBUS_PORT: "1883" + ALL_SERVICES_MESSAGEBUS_PROTOCOL: tcp + ALL_SERVICES_MESSAGEBUS_TYPE: mqtt + ALL_SERVICES_REGISTRY_HOST: edgex-core-keeper + ALL_SERVICES_REGISTRY_PORT: "59890" + ALL_SERVICES_REGISTRY_TYPE: keeper + APP_SERVICES_CLIENTS_CORE_METADATA_HOST: edgex-core-metadata + DEVICE_SERVICES_CLIENTS_CORE_METADATA_HOST: edgex-core-metadata + EDGEX_SECURITY_SECRET_STORE: "false" + hostname: edgex-core-common-config-bootstrapper + image: nexus3.edgexfoundry.org:10004/core-common-config-bootstrapper-arm64:latest + networks: + edgex-network: null + read_only: true + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + core-data: + command: + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-core-data + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + database: + condition: service_started + required: true + keeper: + condition: service_started + required: true + environment: + EDGEX_SECURITY_SECRET_STORE: "false" + SERVICE_HOST: edgex-core-data + hostname: edgex-core-data + image: nexus3.edgexfoundry.org:10004/core-data-arm64:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59880 + published: "59880" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + core-metadata: + command: + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-core-metadata + depends_on: + database: + condition: service_started + required: true + keeper: + condition: service_started + required: true + environment: + EDGEX_SECURITY_SECRET_STORE: "false" + SERVICE_HOST: edgex-core-metadata + hostname: edgex-core-metadata + image: nexus3.edgexfoundry.org:10004/core-metadata-arm64:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59881 + published: "59881" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + database: + container_name: edgex-redis + hostname: edgex-redis + image: redis:7.0-alpine + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 6379 + published: "6379" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: root:root + volumes: + - type: volume + source: db-data + target: /data + volume: {} + device-modbus: + command: + - -cp=keeper.http://edgex-core-keeper:59890 + - --registry + - --configDir=CONFIG_DIR_PLACE_HOLDER + container_name: edgex-device-modbus + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + core-data: + condition: service_started + required: true + core-metadata: + condition: service_started + required: true + keeper: + condition: service_started + required: true + modbus-simulator: + condition: service_started + required: true + environment: + EDGEX_SECURITY_SECRET_STORE: "false" + SERVICE_HOST: edgex-device-modbus + hostname: edgex-device-modbus + image: nexus3.edgexfoundry.org:10004/device-modbus-arm64:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59901 + published: "59901" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: bind + source: /PROFILE_VOLUME_PLACE_HOLDER + target: CONFIG_DIR_PLACE_HOLDER + bind: + selinux: z + create_host_path: true + device-onvif-camera: + command: + - -cp=keeper.http://edgex-core-keeper:59890 + - --registry + container_name: edgex-device-onvif-camera + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + core-data: + condition: service_started + required: true + core-metadata: + condition: service_started + required: true + keeper: + condition: service_started + required: true + environment: + EDGEX_SECURITY_SECRET_STORE: "false" + SERVICE_HOST: edgex-device-onvif-camera + hostname: edgex-device-onvif-camera + image: nexus3.edgexfoundry.org:10004/device-onvif-camera-arm64:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59984 + published: "59984" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + device-rest: + command: + - -cp=keeper.http://edgex-core-keeper:59890 + - --registry + container_name: edgex-device-rest + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + core-data: + condition: service_started + required: true + core-metadata: + condition: service_started + required: true + keeper: + condition: service_started + required: true + environment: + EDGEX_SECURITY_SECRET_STORE: "false" + SERVICE_HOST: edgex-device-rest + hostname: edgex-device-rest + image: nexus3.edgexfoundry.org:10004/device-rest-arm64:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59986 + published: "59986" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + device-virtual: + command: + - -cp=keeper.http://edgex-core-keeper:59890 + - --registry + - --configDir=CONFIG_DIR_PLACE_HOLDER + container_name: edgex-device-virtual + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + core-data: + condition: service_started + required: true + core-metadata: + condition: service_started + required: true + keeper: + condition: service_started + required: true + environment: + EDGEX_SECURITY_SECRET_STORE: "false" + SERVICE_HOST: edgex-device-virtual + hostname: edgex-device-virtual + image: nexus3.edgexfoundry.org:10004/device-virtual-arm64:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59900 + published: "59900" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: bind + source: /PROFILE_VOLUME_PLACE_HOLDER + target: CONFIG_DIR_PLACE_HOLDER + bind: + selinux: z + create_host_path: true + keeper: + container_name: edgex-core-keeper + environment: + DATABASE_HOST: edgex-redis + EDGEX_SECURITY_SECRET_STORE: "false" + MESSAGEBUS_HOST: edgex-redis + SERVICE_HOST: edgex-core-keeper + hostname: edgex-core-keeper + image: nexus3.edgexfoundry.org:10004/core-keeper-arm64:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59890 + published: "59890" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + modbus-simulator: + container_name: edgex-modbus-simulator + hostname: edgex-modbus-simulator + image: nexus3.edgexfoundry.org:10003/edgex-devops/edgex-modbus-simulator-arm64:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 1502 + published: "1502" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + mqtt-broker: + command: + - /usr/sbin/mosquitto + - -v + - -c + - /mosquitto-no-auth.conf + container_name: edgex-mqtt-broker + hostname: edgex-mqtt-broker + image: eclipse-mosquitto:2.0 + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 1883 + published: "1883" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + mqtt-taf-broker: + command: + - /usr/sbin/mosquitto + - -c + - /mosquitto-no-auth.conf + container_name: edgex-taf-mqtt-broker + hostname: edgex-taf-mqtt-broker + image: eclipse-mosquitto:2.0 + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 1883 + published: "1884" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + rules-engine: + container_name: edgex-kuiper + depends_on: + database: + condition: service_started + required: true + mqtt-broker: + condition: service_started + required: true + environment: + CONNECTION__EDGEX__MQTTMSGBUS__OPTIONAL__CLIENTID: kuiper-rules-engine + CONNECTION__EDGEX__MQTTMSGBUS__OPTIONAL__KEEPALIVE: "500" + CONNECTION__EDGEX__MQTTMSGBUS__PORT: "1883" + CONNECTION__EDGEX__MQTTMSGBUS__PROTOCOL: tcp + CONNECTION__EDGEX__MQTTMSGBUS__SERVER: edgex-mqtt-broker + CONNECTION__EDGEX__MQTTMSGBUS__TYPE: mqtt + CONNECTION__EDGEX__REDISMSGBUS__PORT: "6379" + CONNECTION__EDGEX__REDISMSGBUS__PROTOCOL: redis + CONNECTION__EDGEX__REDISMSGBUS__SERVER: edgex-redis + CONNECTION__EDGEX__REDISMSGBUS__TYPE: redis + EDGEX__DEFAULT__OPTIONAL__CLIENTID: kuiper-rules-engine + EDGEX__DEFAULT__OPTIONAL__KEEPALIVE: "500" + EDGEX__DEFAULT__PORT: "1883" + EDGEX__DEFAULT__PROTOCOL: tcp + EDGEX__DEFAULT__SERVER: edgex-mqtt-broker + EDGEX__DEFAULT__TOPIC: edgex/rules-events + EDGEX__DEFAULT__TYPE: mqtt + KUIPER__BASIC__CONSOLELOG: "true" + KUIPER__BASIC__ENABLEOPENZITI: "false" + KUIPER__BASIC__RESTPORT: "59720" + hostname: edgex-kuiper + image: lfedge/ekuiper:v1.14.0-alpha.2 + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59720 + published: "59720" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: kuiper:kuiper + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: kuiper-data + target: /kuiper/data + volume: {} + - type: volume + source: kuiper-etc + target: /kuiper/etc + volume: {} + - type: volume + source: kuiper-log + target: /kuiper/log + volume: {} + - type: volume + source: kuiper-plugins + target: /kuiper/plugins + volume: {} + support-notifications: + command: + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-support-notifications + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + database: + condition: service_started + required: true + keeper: + condition: service_started + required: true + environment: + EDGEX_SECURITY_SECRET_STORE: "false" + SERVICE_HOST: edgex-support-notifications + hostname: edgex-support-notifications + image: nexus3.edgexfoundry.org:10004/support-notifications-arm64:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59860 + published: "59860" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + support-scheduler: + command: + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-support-scheduler + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + database: + condition: service_started + required: true + keeper: + condition: service_started + required: true + environment: + EDGEX_SECURITY_SECRET_STORE: "false" + INTERVALACTIONS_SCRUBAGED_HOST: edgex-core-data + INTERVALACTIONS_SCRUBPUSHED_HOST: edgex-core-data + SERVICE_HOST: edgex-support-scheduler + hostname: edgex-support-scheduler + image: nexus3.edgexfoundry.org:10004/support-scheduler-arm64:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59861 + published: "59861" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + ui: + container_name: edgex-ui-go + environment: + EDGEX_SECURITY_SECRET_STORE: "false" + SERVICE_HOST: edgex-ui-go + hostname: edgex-ui-go + image: nexus3.edgexfoundry.org:10004/edgex-ui-arm64:latest + networks: + edgex-network: null + ports: + - mode: ingress + target: 4000 + published: "4000" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true +networks: + edgex-network: + name: edgex_edgex-network + driver: bridge +volumes: + db-data: + name: edgex_db-data + kuiper-data: + name: edgex_kuiper-data + kuiper-etc: + name: edgex_kuiper-etc + kuiper-log: + name: edgex_kuiper-log + kuiper-plugins: + name: edgex_kuiper-plugins diff --git a/taf/docker-compose-taf-no-secty-mqtt-bus-keeper.yml b/taf/docker-compose-taf-no-secty-mqtt-bus-keeper.yml new file mode 100644 index 00000000..a395cbc9 --- /dev/null +++ b/taf/docker-compose-taf-no-secty-mqtt-bus-keeper.yml @@ -0,0 +1,993 @@ +# * Copyright 2024 Intel Corporation. +# * +# * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except +# * in compliance with the License. You may obtain a copy of the License at +# * +# * http://www.apache.org/licenses/LICENSE-2.0 +# * +# * Unless required by applicable law or agreed to in writing, software distributed under the License +# * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express +# * or implied. See the License for the specific language governing permissions and limitations under +# * the License. +# * +# * EdgeX Foundry, Odessa WIP release +# *******************************************************************************/ +# +# +# +# ************************ This is a generated compose file **************************** +# +# DO NOT MAKE CHANGES that are intended to be permanent to EdgeX edgex-compose repo. +# +# Permanent changes can be made to the source compose files located in the compose-builder folder +# at the top level of the edgex-compose repo. +# +# From the compose-builder folder use `make build` to regenerate all standard compose files variations +# +# Generated with: Docker Compose version v2.25.0 +name: edgex +services: + app-external-mqtt-trigger: + command: + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-app-external-mqtt-trigger + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + core-data: + condition: service_started + required: true + core-metadata: + condition: service_started + required: true + keeper: + condition: service_started + required: true + environment: + EDGEX_PROFILE: external-mqtt-trigger + EDGEX_SECURITY_SECRET_STORE: "false" + SERVICE_HOST: edgex-app-external-mqtt-trigger + TRIGGER_EXTERNALMQTT_URL: MQTT_BROKER_ADDRESS_PLACE_HOLDER + WRITABLE_LOGLEVEL: INFO + WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_BROKERADDRESS: MQTT_BROKER_ADDRESS_PLACE_HOLDER + WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_TOPIC: edgex-export + hostname: edgex-app-external-mqtt-trigger + image: nexus3.edgexfoundry.org:10004/app-service-configurable:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59706 + published: "59706" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + app-functional-tests: + command: + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-app-functional-tests + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + core-metadata: + condition: service_started + required: true + keeper: + condition: service_started + required: true + environment: + EDGEX_PROFILE: functional-tests + EDGEX_SECURITY_SECRET_STORE: "false" + SERVICE_HOST: edgex-app-functional-tests + hostname: edgex-app-functional-tests + image: nexus3.edgexfoundry.org:10004/app-service-configurable:latest + networks: + edgex-network: null + ports: + - mode: ingress + target: 59705 + published: "59705" + protocol: tcp + read_only: true + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + app-http-export: + command: + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-app-http-export + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + core-data: + condition: service_started + required: true + core-metadata: + condition: service_started + required: true + keeper: + condition: service_started + required: true + environment: + EDGEX_PROFILE: http-export + EDGEX_SECURITY_SECRET_STORE: "false" + SERVICE_HOST: edgex-app-http-export + WRITABLE_LOGLEVEL: INFO + WRITABLE_PIPELINE_FUNCTIONS_HTTPEXPORT_PARAMETERS_URL: http://EXPORT_HOST_PLACE_HOLDER:7770 + hostname: edgex-app-http-export + image: nexus3.edgexfoundry.org:10004/app-service-configurable:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59704 + published: "59704" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + app-mqtt-export: + command: + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-app-mqtt-export + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + core-metadata: + condition: service_started + required: true + keeper: + condition: service_started + required: true + environment: + EDGEX_PROFILE: mqtt-export + EDGEX_SECURITY_SECRET_STORE: "false" + SERVICE_HOST: edgex-app-mqtt-export + WRITABLE_LOGLEVEL: INFO + WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_BROKERADDRESS: MQTT_BROKER_ADDRESS_PLACE_HOLDER + WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_TOPIC: edgex-events + hostname: edgex-app-mqtt-export + image: nexus3.edgexfoundry.org:10004/app-service-configurable:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59703 + published: "59703" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + app-rules-engine: + command: + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-app-rules-engine + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + core-metadata: + condition: service_started + required: true + keeper: + condition: service_started + required: true + environment: + EDGEX_PROFILE: rules-engine + EDGEX_SECURITY_SECRET_STORE: "false" + SERVICE_HOST: edgex-app-rules-engine + hostname: edgex-app-rules-engine + image: nexus3.edgexfoundry.org:10004/app-service-configurable:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59701 + published: "59701" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + app-sample: + command: + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-app-sample + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + core-metadata: + condition: service_started + required: true + keeper: + condition: service_started + required: true + environment: + CLIENTS_CORE_COMMAND_HOST: edgex-core-command + CLIENTS_CORE_DATA_HOST: edgex-core-data + CLIENTS_SUPPORT-NOTIFICATIONS_HOST: edgex-support-notifications + EDGEX_PROFILE: sample + EDGEX_SECURITY_SECRET_STORE: "false" + SERVICE_HOST: edgex-app-sample + hostname: edgex-app-sample + image: nexus3.edgexfoundry.org:10004/app-service-configurable:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59700 + published: "59700" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + app-scalability-test-mqtt-export: + command: + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-app-scalability-test-mqtt-export + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + core-metadata: + condition: service_started + required: true + keeper: + condition: service_started + required: true + environment: + EDGEX_PROFILE: mqtt-export + EDGEX_SECURITY_SECRET_STORE: "false" + EDGEX_SERVICE_KEY: app-scalability-test-mqtt-export + MESSAGEBUS_OPTIONAL_CLIENTID: app-scalability-test-mqtt-export + SERVICE_HOST: edgex-app-scalability-test-mqtt-export + WRITABLE_LOGLEVEL: DEBUG + WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_BROKERADDRESS: MQTT_BROKER_ADDRESS_PLACE_HOLDER + WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_CLIENTID: app-scalability-test-mqtt-export + WRITABLE_PIPELINE_FUNCTIONS_MQTTEXPORT_PARAMETERS_TOPIC: edgex-events + hostname: edgex-app-scalability-test-mqtt-export + image: nexus3.edgexfoundry.org:10004/app-service-configurable:latest + networks: + edgex-network: null + ports: + - mode: ingress + target: 59703 + published: "59710" + protocol: tcp + read_only: true + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + core-command: + command: + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-core-command + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + core-metadata: + condition: service_started + required: true + database: + condition: service_started + required: true + keeper: + condition: service_started + required: true + environment: + EDGEX_SECURITY_SECRET_STORE: "false" + EXTERNALMQTT_URL: tcp://edgex-mqtt-broker:1883 + SERVICE_HOST: edgex-core-command + hostname: edgex-core-command + image: nexus3.edgexfoundry.org:10004/core-command:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59882 + published: "59882" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + core-common-config-bootstrapper: + command: + - /core-common-config-bootstrapper + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-core-common-config-bootstrapper + depends_on: + keeper: + condition: service_started + required: true + environment: + ALL_SERVICES_DATABASE_HOST: edgex-redis + ALL_SERVICES_MESSAGEBUS_AUTHMODE: none + ALL_SERVICES_MESSAGEBUS_HOST: edgex-mqtt-broker + ALL_SERVICES_MESSAGEBUS_PORT: "1883" + ALL_SERVICES_MESSAGEBUS_PROTOCOL: tcp + ALL_SERVICES_MESSAGEBUS_TYPE: mqtt + ALL_SERVICES_REGISTRY_HOST: edgex-core-keeper + ALL_SERVICES_REGISTRY_PORT: "59890" + ALL_SERVICES_REGISTRY_TYPE: keeper + APP_SERVICES_CLIENTS_CORE_METADATA_HOST: edgex-core-metadata + DEVICE_SERVICES_CLIENTS_CORE_METADATA_HOST: edgex-core-metadata + EDGEX_SECURITY_SECRET_STORE: "false" + hostname: edgex-core-common-config-bootstrapper + image: nexus3.edgexfoundry.org:10004/core-common-config-bootstrapper:latest + networks: + edgex-network: null + read_only: true + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + core-data: + command: + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-core-data + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + database: + condition: service_started + required: true + keeper: + condition: service_started + required: true + environment: + EDGEX_SECURITY_SECRET_STORE: "false" + SERVICE_HOST: edgex-core-data + hostname: edgex-core-data + image: nexus3.edgexfoundry.org:10004/core-data:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59880 + published: "59880" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + core-metadata: + command: + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-core-metadata + depends_on: + database: + condition: service_started + required: true + keeper: + condition: service_started + required: true + environment: + EDGEX_SECURITY_SECRET_STORE: "false" + SERVICE_HOST: edgex-core-metadata + hostname: edgex-core-metadata + image: nexus3.edgexfoundry.org:10004/core-metadata:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59881 + published: "59881" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + database: + container_name: edgex-redis + hostname: edgex-redis + image: redis:7.0-alpine + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 6379 + published: "6379" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: root:root + volumes: + - type: volume + source: db-data + target: /data + volume: {} + device-modbus: + command: + - -cp=keeper.http://edgex-core-keeper:59890 + - --registry + - --configDir=CONFIG_DIR_PLACE_HOLDER + container_name: edgex-device-modbus + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + core-data: + condition: service_started + required: true + core-metadata: + condition: service_started + required: true + keeper: + condition: service_started + required: true + modbus-simulator: + condition: service_started + required: true + environment: + EDGEX_SECURITY_SECRET_STORE: "false" + SERVICE_HOST: edgex-device-modbus + hostname: edgex-device-modbus + image: nexus3.edgexfoundry.org:10004/device-modbus:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59901 + published: "59901" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: bind + source: /PROFILE_VOLUME_PLACE_HOLDER + target: CONFIG_DIR_PLACE_HOLDER + bind: + selinux: z + create_host_path: true + device-onvif-camera: + command: + - -cp=keeper.http://edgex-core-keeper:59890 + - --registry + container_name: edgex-device-onvif-camera + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + core-data: + condition: service_started + required: true + core-metadata: + condition: service_started + required: true + keeper: + condition: service_started + required: true + environment: + EDGEX_SECURITY_SECRET_STORE: "false" + SERVICE_HOST: edgex-device-onvif-camera + hostname: edgex-device-onvif-camera + image: nexus3.edgexfoundry.org:10004/device-onvif-camera:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59984 + published: "59984" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + device-rest: + command: + - -cp=keeper.http://edgex-core-keeper:59890 + - --registry + container_name: edgex-device-rest + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + core-data: + condition: service_started + required: true + core-metadata: + condition: service_started + required: true + keeper: + condition: service_started + required: true + environment: + EDGEX_SECURITY_SECRET_STORE: "false" + SERVICE_HOST: edgex-device-rest + hostname: edgex-device-rest + image: nexus3.edgexfoundry.org:10004/device-rest:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59986 + published: "59986" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + device-virtual: + command: + - -cp=keeper.http://edgex-core-keeper:59890 + - --registry + - --configDir=CONFIG_DIR_PLACE_HOLDER + container_name: edgex-device-virtual + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + core-data: + condition: service_started + required: true + core-metadata: + condition: service_started + required: true + keeper: + condition: service_started + required: true + environment: + EDGEX_SECURITY_SECRET_STORE: "false" + SERVICE_HOST: edgex-device-virtual + hostname: edgex-device-virtual + image: nexus3.edgexfoundry.org:10004/device-virtual:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59900 + published: "59900" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: bind + source: /PROFILE_VOLUME_PLACE_HOLDER + target: CONFIG_DIR_PLACE_HOLDER + bind: + selinux: z + create_host_path: true + keeper: + container_name: edgex-core-keeper + environment: + DATABASE_HOST: edgex-redis + EDGEX_SECURITY_SECRET_STORE: "false" + MESSAGEBUS_HOST: edgex-redis + SERVICE_HOST: edgex-core-keeper + hostname: edgex-core-keeper + image: nexus3.edgexfoundry.org:10004/core-keeper:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59890 + published: "59890" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + modbus-simulator: + container_name: edgex-modbus-simulator + hostname: edgex-modbus-simulator + image: nexus3.edgexfoundry.org:10003/edgex-devops/edgex-modbus-simulator:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 1502 + published: "1502" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + mqtt-broker: + command: + - /usr/sbin/mosquitto + - -v + - -c + - /mosquitto-no-auth.conf + container_name: edgex-mqtt-broker + hostname: edgex-mqtt-broker + image: eclipse-mosquitto:2.0 + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 1883 + published: "1883" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + mqtt-taf-broker: + command: + - /usr/sbin/mosquitto + - -c + - /mosquitto-no-auth.conf + container_name: edgex-taf-mqtt-broker + hostname: edgex-taf-mqtt-broker + image: eclipse-mosquitto:2.0 + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 1883 + published: "1884" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + rules-engine: + container_name: edgex-kuiper + depends_on: + database: + condition: service_started + required: true + mqtt-broker: + condition: service_started + required: true + environment: + CONNECTION__EDGEX__MQTTMSGBUS__OPTIONAL__CLIENTID: kuiper-rules-engine + CONNECTION__EDGEX__MQTTMSGBUS__OPTIONAL__KEEPALIVE: "500" + CONNECTION__EDGEX__MQTTMSGBUS__PORT: "1883" + CONNECTION__EDGEX__MQTTMSGBUS__PROTOCOL: tcp + CONNECTION__EDGEX__MQTTMSGBUS__SERVER: edgex-mqtt-broker + CONNECTION__EDGEX__MQTTMSGBUS__TYPE: mqtt + CONNECTION__EDGEX__REDISMSGBUS__PORT: "6379" + CONNECTION__EDGEX__REDISMSGBUS__PROTOCOL: redis + CONNECTION__EDGEX__REDISMSGBUS__SERVER: edgex-redis + CONNECTION__EDGEX__REDISMSGBUS__TYPE: redis + EDGEX__DEFAULT__OPTIONAL__CLIENTID: kuiper-rules-engine + EDGEX__DEFAULT__OPTIONAL__KEEPALIVE: "500" + EDGEX__DEFAULT__PORT: "1883" + EDGEX__DEFAULT__PROTOCOL: tcp + EDGEX__DEFAULT__SERVER: edgex-mqtt-broker + EDGEX__DEFAULT__TOPIC: edgex/rules-events + EDGEX__DEFAULT__TYPE: mqtt + KUIPER__BASIC__CONSOLELOG: "true" + KUIPER__BASIC__ENABLEOPENZITI: "false" + KUIPER__BASIC__RESTPORT: "59720" + hostname: edgex-kuiper + image: lfedge/ekuiper:v1.14.0-alpha.2 + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59720 + published: "59720" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: kuiper:kuiper + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: kuiper-data + target: /kuiper/data + volume: {} + - type: volume + source: kuiper-etc + target: /kuiper/etc + volume: {} + - type: volume + source: kuiper-log + target: /kuiper/log + volume: {} + - type: volume + source: kuiper-plugins + target: /kuiper/plugins + volume: {} + support-notifications: + command: + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-support-notifications + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + database: + condition: service_started + required: true + keeper: + condition: service_started + required: true + environment: + EDGEX_SECURITY_SECRET_STORE: "false" + SERVICE_HOST: edgex-support-notifications + hostname: edgex-support-notifications + image: nexus3.edgexfoundry.org:10004/support-notifications:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59860 + published: "59860" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + support-scheduler: + command: + - --registry + - -cp=keeper.http://edgex-core-keeper:59890 + container_name: edgex-support-scheduler + depends_on: + core-common-config-bootstrapper: + condition: service_started + required: true + database: + condition: service_started + required: true + keeper: + condition: service_started + required: true + environment: + EDGEX_SECURITY_SECRET_STORE: "false" + INTERVALACTIONS_SCRUBAGED_HOST: edgex-core-data + INTERVALACTIONS_SCRUBPUSHED_HOST: edgex-core-data + SERVICE_HOST: edgex-support-scheduler + hostname: edgex-support-scheduler + image: nexus3.edgexfoundry.org:10004/support-scheduler:latest + networks: + edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 59861 + published: "59861" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + ui: + container_name: edgex-ui-go + environment: + EDGEX_SECURITY_SECRET_STORE: "false" + SERVICE_HOST: edgex-ui-go + hostname: edgex-ui-go + image: nexus3.edgexfoundry.org:10004/edgex-ui:latest + networks: + edgex-network: null + ports: + - mode: ingress + target: 4000 + published: "4000" + protocol: tcp + read_only: true + restart: always + security_opt: + - no-new-privileges:true + user: 2002:2001 + volumes: + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true +networks: + edgex-network: + name: edgex_edgex-network + driver: bridge +volumes: + db-data: + name: edgex_db-data + kuiper-data: + name: edgex_kuiper-data + kuiper-etc: + name: edgex_kuiper-etc + kuiper-log: + name: edgex_kuiper-log + kuiper-plugins: + name: edgex_kuiper-plugins diff --git a/taf/docker-compose-taf-no-secty-mqtt-bus.yml b/taf/docker-compose-taf-no-secty-mqtt-bus.yml index e70efb53..79e4c846 100644 --- a/taf/docker-compose-taf-no-secty-mqtt-bus.yml +++ b/taf/docker-compose-taf-no-secty-mqtt-bus.yml @@ -24,19 +24,27 @@ # # From the compose-builder folder use `make build` to regenerate all standard compose files variations # +# Generated with: Docker Compose version v2.25.0 name: edgex services: app-external-mqtt-trigger: + command: + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-app-external-mqtt-trigger depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-data: condition: service_started + required: true core-metadata: condition: service_started + required: true environment: EDGEX_PROFILE: external-mqtt-trigger EDGEX_SECURITY_SECRET_STORE: "false" @@ -50,32 +58,38 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59706 - published: "59706" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59706 + published: "59706" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true app-functional-tests: + command: + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-app-functional-tests depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-metadata: condition: service_started + required: true environment: EDGEX_PROFILE: functional-tests EDGEX_SECURITY_SECRET_STORE: "false" @@ -85,32 +99,39 @@ services: networks: edgex-network: null ports: - - mode: ingress - target: 59705 - published: "59705" - protocol: tcp + - mode: ingress + target: 59705 + published: "59705" + protocol: tcp read_only: true security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true app-http-export: + command: + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-app-http-export depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-data: condition: service_started + required: true core-metadata: condition: service_started + required: true environment: EDGEX_PROFILE: http-export EDGEX_SECURITY_SECRET_STORE: "false" @@ -122,32 +143,38 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59704 - published: "59704" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59704 + published: "59704" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true app-mqtt-export: + command: + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-app-mqtt-export depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-metadata: condition: service_started + required: true environment: EDGEX_PROFILE: mqtt-export EDGEX_SECURITY_SECRET_STORE: "false" @@ -160,32 +187,38 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59703 - published: "59703" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59703 + published: "59703" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true app-rules-engine: + command: + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-app-rules-engine depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-metadata: condition: service_started + required: true environment: EDGEX_PROFILE: rules-engine EDGEX_SECURITY_SECRET_STORE: "false" @@ -195,32 +228,38 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59701 - published: "59701" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59701 + published: "59701" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true app-sample: + command: + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-app-sample depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-metadata: condition: service_started + required: true environment: CLIENTS_CORE_COMMAND_HOST: edgex-core-command CLIENTS_CORE_DATA_HOST: edgex-core-data @@ -233,32 +272,38 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59700 - published: "59700" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59700 + published: "59700" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true app-scalability-test-mqtt-export: + command: + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-app-scalability-test-mqtt-export depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-metadata: condition: service_started + required: true environment: EDGEX_PROFILE: mqtt-export EDGEX_SECURITY_SECRET_STORE: "false" @@ -274,65 +319,72 @@ services: networks: edgex-network: null ports: - - mode: ingress - target: 59703 - published: "59710" - protocol: tcp + - mode: ingress + target: 59703 + published: "59710" + protocol: tcp read_only: true security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true consul: command: - - agent - - -ui - - -bootstrap - - -server - - -client - - 0.0.0.0 + - agent + - -ui + - -bootstrap + - -server + - -client + - 0.0.0.0 container_name: edgex-core-consul hostname: edgex-core-consul image: hashicorp/consul:1.16 networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 8500 - published: "8500" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 8500 + published: "8500" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: root:root volumes: - - type: volume - source: consul-config - target: /consul/config - volume: {} - - type: volume - source: consul-data - target: /consul/data - volume: {} + - type: volume + source: consul-config + target: /consul/config + volume: {} + - type: volume + source: consul-data + target: /consul/data + volume: {} core-command: + command: + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-core-command depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-metadata: condition: service_started + required: true database: condition: service_started + required: true environment: EDGEX_SECURITY_SECRET_STORE: "false" EXTERNALMQTT_URL: tcp://edgex-mqtt-broker:1883 @@ -342,28 +394,33 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59882 - published: "59882" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59882 + published: "59882" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true core-common-config-bootstrapper: + command: + - /core-common-config-bootstrapper + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-core-common-config-bootstrapper depends_on: consul: condition: service_started + required: true environment: ALL_SERVICES_DATABASE_HOST: edgex-redis ALL_SERVICES_MESSAGEBUS_AUTHMODE: none @@ -372,6 +429,8 @@ services: ALL_SERVICES_MESSAGEBUS_PROTOCOL: tcp ALL_SERVICES_MESSAGEBUS_TYPE: mqtt ALL_SERVICES_REGISTRY_HOST: edgex-core-consul + ALL_SERVICES_REGISTRY_PORT: "8500" + ALL_SERVICES_REGISTRY_TYPE: consul APP_SERVICES_CLIENTS_CORE_METADATA_HOST: edgex-core-metadata DEVICE_SERVICES_CLIENTS_CORE_METADATA_HOST: edgex-core-metadata EDGEX_SECURITY_SECRET_STORE: "false" @@ -381,24 +440,30 @@ services: edgex-network: null read_only: true security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true core-data: + command: + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-core-data depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true database: condition: service_started + required: true environment: EDGEX_SECURITY_SECRET_STORE: "false" SERVICE_HOST: edgex-core-data @@ -407,30 +472,35 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59880 - published: "59880" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59880 + published: "59880" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true core-metadata: + command: + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-core-metadata depends_on: consul: condition: service_started + required: true database: condition: service_started + required: true environment: EDGEX_SECURITY_SECRET_STORE: "false" SERVICE_HOST: edgex-core-metadata @@ -439,23 +509,23 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59881 - published: "59881" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59881 + published: "59881" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true database: container_name: edgex-redis hostname: edgex-redis @@ -463,38 +533,43 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 6379 - published: "6379" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 6379 + published: "6379" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: root:root volumes: - - type: volume - source: db-data - target: /data - volume: {} + - type: volume + source: db-data + target: /data + volume: {} device-modbus: command: - - -cp=consul.http://edgex-core-consul:8500 - - --registry - - --configDir=CONFIG_DIR_PLACE_HOLDER + - -cp=consul.http://edgex-core-consul:8500 + - --registry + - --configDir=CONFIG_DIR_PLACE_HOLDER container_name: edgex-device-modbus depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-data: condition: service_started + required: true core-metadata: condition: service_started + required: true modbus-simulator: condition: service_started + required: true environment: EDGEX_SECURITY_SECRET_STORE: "false" SERVICE_HOST: edgex-device-modbus @@ -503,40 +578,47 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59901 - published: "59901" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59901 + published: "59901" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /PROFILE_VOLUME_PLACE_HOLDER - target: CONFIG_DIR_PLACE_HOLDER - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: bind + source: /PROFILE_VOLUME_PLACE_HOLDER + target: CONFIG_DIR_PLACE_HOLDER + bind: + selinux: z + create_host_path: true device-onvif-camera: + command: + - -cp=consul.http://edgex-core-consul:8500 + - --registry container_name: edgex-device-onvif-camera depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-data: condition: service_started + required: true core-metadata: condition: service_started + required: true environment: EDGEX_SECURITY_SECRET_STORE: "false" SERVICE_HOST: edgex-device-onvif-camera @@ -545,34 +627,41 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59984 - published: "59984" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59984 + published: "59984" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true device-rest: + command: + - -cp=consul.http://edgex-core-consul:8500 + - --registry container_name: edgex-device-rest depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-data: condition: service_started + required: true core-metadata: condition: service_started + required: true environment: EDGEX_SECURITY_SECRET_STORE: "false" SERVICE_HOST: edgex-device-rest @@ -581,38 +670,42 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59986 - published: "59986" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59986 + published: "59986" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true device-virtual: command: - - -cp=consul.http://edgex-core-consul:8500 - - --registry - - --configDir=CONFIG_DIR_PLACE_HOLDER + - -cp=consul.http://edgex-core-consul:8500 + - --registry + - --configDir=CONFIG_DIR_PLACE_HOLDER container_name: edgex-device-virtual depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-data: condition: service_started + required: true core-metadata: condition: service_started + required: true environment: EDGEX_SECURITY_SECRET_STORE: "false" SERVICE_HOST: edgex-device-virtual @@ -621,29 +714,29 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59900 - published: "59900" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59900 + published: "59900" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /PROFILE_VOLUME_PLACE_HOLDER - target: CONFIG_DIR_PLACE_HOLDER - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: bind + source: /PROFILE_VOLUME_PLACE_HOLDER + target: CONFIG_DIR_PLACE_HOLDER + bind: + selinux: z + create_host_path: true modbus-simulator: container_name: edgex-modbus-simulator hostname: edgex-modbus-simulator @@ -651,73 +744,75 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 1502 - published: "1502" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 1502 + published: "1502" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true mqtt-broker: command: - - /usr/sbin/mosquitto - - -v - - -c - - /mosquitto-no-auth.conf + - /usr/sbin/mosquitto + - -v + - -c + - /mosquitto-no-auth.conf container_name: edgex-mqtt-broker hostname: edgex-mqtt-broker image: eclipse-mosquitto:2.0 networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 1883 - published: "1883" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 1883 + published: "1883" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 mqtt-taf-broker: command: - - /usr/sbin/mosquitto - - -c - - /mosquitto-no-auth.conf + - /usr/sbin/mosquitto + - -c + - /mosquitto-no-auth.conf container_name: edgex-taf-mqtt-broker hostname: edgex-taf-mqtt-broker image: eclipse-mosquitto:2.0 networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 1883 - published: "1884" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 1883 + published: "1884" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 rules-engine: container_name: edgex-kuiper depends_on: database: condition: service_started + required: true mqtt-broker: condition: service_started + required: true environment: CONNECTION__EDGEX__MQTTMSGBUS__OPTIONAL__CLIENTID: kuiper-rules-engine CONNECTION__EDGEX__MQTTMSGBUS__OPTIONAL__KEEPALIVE: "500" @@ -737,54 +832,61 @@ services: EDGEX__DEFAULT__TOPIC: edgex/rules-events EDGEX__DEFAULT__TYPE: mqtt KUIPER__BASIC__CONSOLELOG: "true" + KUIPER__BASIC__ENABLEOPENZITI: "false" KUIPER__BASIC__RESTPORT: "59720" hostname: edgex-kuiper - image: lfedge/ekuiper:1.12-alpine + image: lfedge/ekuiper:v1.14.0-alpha.2 networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59720 - published: "59720" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59720 + published: "59720" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: kuiper:kuiper volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: volume - source: kuiper-data - target: /kuiper/data - volume: {} - - type: volume - source: kuiper-etc - target: /kuiper/etc - volume: {} - - type: volume - source: kuiper-log - target: /kuiper/log - volume: {} - - type: volume - source: kuiper-plugins - target: /kuiper/plugins - volume: {} + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: kuiper-data + target: /kuiper/data + volume: {} + - type: volume + source: kuiper-etc + target: /kuiper/etc + volume: {} + - type: volume + source: kuiper-log + target: /kuiper/log + volume: {} + - type: volume + source: kuiper-plugins + target: /kuiper/plugins + volume: {} support-notifications: + command: + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-support-notifications depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true database: condition: service_started + required: true environment: EDGEX_SECURITY_SECRET_STORE: "false" SERVICE_HOST: edgex-support-notifications @@ -793,32 +895,38 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59860 - published: "59860" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59860 + published: "59860" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true support-scheduler: + command: + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-support-scheduler depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true database: condition: service_started + required: true environment: EDGEX_SECURITY_SECRET_STORE: "false" INTERVALACTIONS_SCRUBAGED_HOST: edgex-core-data @@ -829,23 +937,23 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59861 - published: "59861" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59861 + published: "59861" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true ui: container_name: edgex-ui-go environment: @@ -856,22 +964,22 @@ services: networks: edgex-network: null ports: - - mode: ingress - target: 4000 - published: "4000" - protocol: tcp + - mode: ingress + target: 4000 + published: "4000" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true networks: edgex-network: name: edgex_edgex-network diff --git a/taf/docker-compose-taf-no-secty.yml b/taf/docker-compose-taf-no-secty.yml index c90bcfa3..afe3047e 100644 --- a/taf/docker-compose-taf-no-secty.yml +++ b/taf/docker-compose-taf-no-secty.yml @@ -24,19 +24,27 @@ # # From the compose-builder folder use `make build` to regenerate all standard compose files variations # +# Generated with: Docker Compose version v2.25.0 name: edgex services: app-external-mqtt-trigger: + command: + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-app-external-mqtt-trigger depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-data: condition: service_started + required: true core-metadata: condition: service_started + required: true environment: EDGEX_PROFILE: external-mqtt-trigger EDGEX_SECURITY_SECRET_STORE: "false" @@ -50,32 +58,38 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59706 - published: "59706" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59706 + published: "59706" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true app-functional-tests: + command: + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-app-functional-tests depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-metadata: condition: service_started + required: true environment: EDGEX_PROFILE: functional-tests EDGEX_SECURITY_SECRET_STORE: "false" @@ -85,32 +99,39 @@ services: networks: edgex-network: null ports: - - mode: ingress - target: 59705 - published: "59705" - protocol: tcp + - mode: ingress + target: 59705 + published: "59705" + protocol: tcp read_only: true security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true app-http-export: + command: + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-app-http-export depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-data: condition: service_started + required: true core-metadata: condition: service_started + required: true environment: EDGEX_PROFILE: http-export EDGEX_SECURITY_SECRET_STORE: "false" @@ -122,32 +143,38 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59704 - published: "59704" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59704 + published: "59704" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true app-mqtt-export: + command: + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-app-mqtt-export depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-metadata: condition: service_started + required: true environment: EDGEX_PROFILE: mqtt-export EDGEX_SECURITY_SECRET_STORE: "false" @@ -160,32 +187,38 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59703 - published: "59703" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59703 + published: "59703" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true app-rules-engine: + command: + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-app-rules-engine depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-metadata: condition: service_started + required: true environment: EDGEX_PROFILE: rules-engine EDGEX_SECURITY_SECRET_STORE: "false" @@ -195,32 +228,38 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59701 - published: "59701" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59701 + published: "59701" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true app-sample: + command: + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-app-sample depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-metadata: condition: service_started + required: true environment: CLIENTS_CORE_COMMAND_HOST: edgex-core-command CLIENTS_CORE_DATA_HOST: edgex-core-data @@ -233,32 +272,38 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59700 - published: "59700" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59700 + published: "59700" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true app-scalability-test-mqtt-export: + command: + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-app-scalability-test-mqtt-export depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-metadata: condition: service_started + required: true environment: EDGEX_PROFILE: mqtt-export EDGEX_SECURITY_SECRET_STORE: "false" @@ -274,65 +319,72 @@ services: networks: edgex-network: null ports: - - mode: ingress - target: 59703 - published: "59710" - protocol: tcp + - mode: ingress + target: 59703 + published: "59710" + protocol: tcp read_only: true security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true consul: command: - - agent - - -ui - - -bootstrap - - -server - - -client - - 0.0.0.0 + - agent + - -ui + - -bootstrap + - -server + - -client + - 0.0.0.0 container_name: edgex-core-consul hostname: edgex-core-consul image: hashicorp/consul:1.16 networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 8500 - published: "8500" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 8500 + published: "8500" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: root:root volumes: - - type: volume - source: consul-config - target: /consul/config - volume: {} - - type: volume - source: consul-data - target: /consul/data - volume: {} + - type: volume + source: consul-config + target: /consul/config + volume: {} + - type: volume + source: consul-data + target: /consul/data + volume: {} core-command: + command: + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-core-command depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-metadata: condition: service_started + required: true database: condition: service_started + required: true environment: EDGEX_SECURITY_SECRET_STORE: "false" EXTERNALMQTT_URL: tcp://edgex-mqtt-broker:1883 @@ -342,32 +394,39 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59882 - published: "59882" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59882 + published: "59882" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true core-common-config-bootstrapper: + command: + - /core-common-config-bootstrapper + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-core-common-config-bootstrapper depends_on: consul: condition: service_started + required: true environment: ALL_SERVICES_DATABASE_HOST: edgex-redis ALL_SERVICES_MESSAGEBUS_HOST: edgex-redis ALL_SERVICES_REGISTRY_HOST: edgex-core-consul + ALL_SERVICES_REGISTRY_PORT: "8500" + ALL_SERVICES_REGISTRY_TYPE: consul APP_SERVICES_CLIENTS_CORE_METADATA_HOST: edgex-core-metadata DEVICE_SERVICES_CLIENTS_CORE_METADATA_HOST: edgex-core-metadata EDGEX_SECURITY_SECRET_STORE: "false" @@ -377,24 +436,30 @@ services: edgex-network: null read_only: true security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true core-data: + command: + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-core-data depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true database: condition: service_started + required: true environment: EDGEX_SECURITY_SECRET_STORE: "false" SERVICE_HOST: edgex-core-data @@ -403,30 +468,35 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59880 - published: "59880" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59880 + published: "59880" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true core-metadata: + command: + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-core-metadata depends_on: consul: condition: service_started + required: true database: condition: service_started + required: true environment: EDGEX_SECURITY_SECRET_STORE: "false" SERVICE_HOST: edgex-core-metadata @@ -435,23 +505,23 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59881 - published: "59881" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59881 + published: "59881" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true database: container_name: edgex-redis hostname: edgex-redis @@ -459,38 +529,43 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 6379 - published: "6379" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 6379 + published: "6379" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: root:root volumes: - - type: volume - source: db-data - target: /data - volume: {} + - type: volume + source: db-data + target: /data + volume: {} device-modbus: command: - - -cp=consul.http://edgex-core-consul:8500 - - --registry - - --configDir=CONFIG_DIR_PLACE_HOLDER + - -cp=consul.http://edgex-core-consul:8500 + - --registry + - --configDir=CONFIG_DIR_PLACE_HOLDER container_name: edgex-device-modbus depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-data: condition: service_started + required: true core-metadata: condition: service_started + required: true modbus-simulator: condition: service_started + required: true environment: EDGEX_SECURITY_SECRET_STORE: "false" SERVICE_HOST: edgex-device-modbus @@ -499,40 +574,47 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59901 - published: "59901" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59901 + published: "59901" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /PROFILE_VOLUME_PLACE_HOLDER - target: CONFIG_DIR_PLACE_HOLDER - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: bind + source: /PROFILE_VOLUME_PLACE_HOLDER + target: CONFIG_DIR_PLACE_HOLDER + bind: + selinux: z + create_host_path: true device-onvif-camera: + command: + - -cp=consul.http://edgex-core-consul:8500 + - --registry container_name: edgex-device-onvif-camera depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-data: condition: service_started + required: true core-metadata: condition: service_started + required: true environment: EDGEX_SECURITY_SECRET_STORE: "false" SERVICE_HOST: edgex-device-onvif-camera @@ -541,34 +623,41 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59984 - published: "59984" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59984 + published: "59984" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true device-rest: + command: + - -cp=consul.http://edgex-core-consul:8500 + - --registry container_name: edgex-device-rest depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-data: condition: service_started + required: true core-metadata: condition: service_started + required: true environment: EDGEX_SECURITY_SECRET_STORE: "false" SERVICE_HOST: edgex-device-rest @@ -577,38 +666,42 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59986 - published: "59986" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59986 + published: "59986" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true device-virtual: command: - - -cp=consul.http://edgex-core-consul:8500 - - --registry - - --configDir=CONFIG_DIR_PLACE_HOLDER + - -cp=consul.http://edgex-core-consul:8500 + - --registry + - --configDir=CONFIG_DIR_PLACE_HOLDER container_name: edgex-device-virtual depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-data: condition: service_started + required: true core-metadata: condition: service_started + required: true environment: EDGEX_SECURITY_SECRET_STORE: "false" SERVICE_HOST: edgex-device-virtual @@ -617,29 +710,29 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59900 - published: "59900" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59900 + published: "59900" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /PROFILE_VOLUME_PLACE_HOLDER - target: CONFIG_DIR_PLACE_HOLDER - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: bind + source: /PROFILE_VOLUME_PLACE_HOLDER + target: CONFIG_DIR_PLACE_HOLDER + bind: + selinux: z + create_host_path: true modbus-simulator: container_name: edgex-modbus-simulator hostname: edgex-modbus-simulator @@ -647,70 +740,71 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 1502 - published: "1502" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 1502 + published: "1502" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true mqtt-broker: command: - - /usr/sbin/mosquitto - - -c - - /mosquitto-no-auth.conf + - /usr/sbin/mosquitto + - -c + - /mosquitto-no-auth.conf container_name: edgex-mqtt-broker hostname: edgex-mqtt-broker image: eclipse-mosquitto:2.0 networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 1883 - published: "1883" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 1883 + published: "1883" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 mqtt-taf-broker: command: - - /usr/sbin/mosquitto - - -c - - /mosquitto-no-auth.conf + - /usr/sbin/mosquitto + - -c + - /mosquitto-no-auth.conf container_name: edgex-taf-mqtt-broker hostname: edgex-taf-mqtt-broker image: eclipse-mosquitto:2.0 networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 1883 - published: "1884" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 1883 + published: "1884" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 rules-engine: container_name: edgex-kuiper depends_on: database: condition: service_started + required: true environment: CONNECTION__EDGEX__REDISMSGBUS__PORT: "6379" CONNECTION__EDGEX__REDISMSGBUS__PROTOCOL: redis @@ -722,54 +816,61 @@ services: EDGEX__DEFAULT__TOPIC: edgex/rules-events EDGEX__DEFAULT__TYPE: redis KUIPER__BASIC__CONSOLELOG: "true" + KUIPER__BASIC__ENABLEOPENZITI: "false" KUIPER__BASIC__RESTPORT: "59720" hostname: edgex-kuiper - image: lfedge/ekuiper:1.12-alpine + image: lfedge/ekuiper:v1.14.0-alpha.2 networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59720 - published: "59720" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59720 + published: "59720" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: kuiper:kuiper volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: volume - source: kuiper-data - target: /kuiper/data - volume: {} - - type: volume - source: kuiper-etc - target: /kuiper/etc - volume: {} - - type: volume - source: kuiper-log - target: /kuiper/log - volume: {} - - type: volume - source: kuiper-plugins - target: /kuiper/plugins - volume: {} + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: kuiper-data + target: /kuiper/data + volume: {} + - type: volume + source: kuiper-etc + target: /kuiper/etc + volume: {} + - type: volume + source: kuiper-log + target: /kuiper/log + volume: {} + - type: volume + source: kuiper-plugins + target: /kuiper/plugins + volume: {} support-notifications: + command: + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-support-notifications depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true database: condition: service_started + required: true environment: EDGEX_SECURITY_SECRET_STORE: "false" SERVICE_HOST: edgex-support-notifications @@ -778,32 +879,38 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59860 - published: "59860" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59860 + published: "59860" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true support-scheduler: + command: + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-support-scheduler depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true database: condition: service_started + required: true environment: EDGEX_SECURITY_SECRET_STORE: "false" INTERVALACTIONS_SCRUBAGED_HOST: edgex-core-data @@ -814,23 +921,23 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59861 - published: "59861" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59861 + published: "59861" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true ui: container_name: edgex-ui-go environment: @@ -841,22 +948,22 @@ services: networks: edgex-network: null ports: - - mode: ingress - target: 4000 - published: "4000" - protocol: tcp + - mode: ingress + target: 4000 + published: "4000" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true networks: edgex-network: name: edgex_edgex-network diff --git a/taf/docker-compose-taf-perf-arm64.yml b/taf/docker-compose-taf-perf-arm64.yml index 222169cf..2b3c7251 100644 --- a/taf/docker-compose-taf-perf-arm64.yml +++ b/taf/docker-compose-taf-perf-arm64.yml @@ -24,25 +24,30 @@ # # From the compose-builder folder use `make build` to regenerate all standard compose files variations # +# Generated with: Docker Compose version v2.25.0 name: edgex services: app-mqtt-export: command: - - /app-service-configurable - - -cp=consul.http://edgex-core-consul:8500 - - --registry + - /app-service-configurable + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-app-mqtt-export depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-metadata: condition: service_started + required: true security-bootstrapper: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_PROFILE: mqtt-export EDGEX_SECURITY_SECRET_STORE: "true" @@ -70,52 +75,56 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59703 - published: "59703" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59703 + published: "59703" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /tmp/edgex/secrets/app-mqtt-export - target: /tmp/edgex/secrets/app-mqtt-export - read_only: true - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/app-mqtt-export + target: /tmp/edgex/secrets/app-mqtt-export + read_only: true + bind: + selinux: z + create_host_path: true app-rules-engine: command: - - /app-service-configurable - - -cp=consul.http://edgex-core-consul:8500 - - --registry + - /app-service-configurable + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-app-rules-engine depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-metadata: condition: service_started + required: true security-bootstrapper: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_PROFILE: rules-engine EDGEX_SECURITY_SECRET_STORE: "true" @@ -140,51 +149,53 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59701 - published: "59701" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59701 + published: "59701" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /tmp/edgex/secrets/app-rules-engine - target: /tmp/edgex/secrets/app-rules-engine - read_only: true - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/app-rules-engine + target: /tmp/edgex/secrets/app-rules-engine + read_only: true + bind: + selinux: z + create_host_path: true consul: command: - - agent - - -ui - - -bootstrap - - -server - - -client - - 0.0.0.0 + - agent + - -ui + - -bootstrap + - -server + - -client + - 0.0.0.0 container_name: edgex-core-consul depends_on: security-bootstrapper: condition: service_started + required: true vault: condition: service_started + required: true entrypoint: - - /edgex-init/consul_wait_install.sh + - /edgex-init/consul_wait_install.sh environment: EDGEX_ADD_REGISTRY_ACL_ROLES: app-http-export,app-mqtt-export,app-functional-tests,app-scalability-test-mqtt-export EDGEX_GROUP: "2001" @@ -213,62 +224,68 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 8500 - published: "8500" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 8500 + published: "8500" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: root:root volumes: - - type: volume - source: consul-config - target: /consul/config - volume: {} - - type: volume - source: consul-data - target: /consul/data - volume: {} - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: volume - source: consul-acl-token - target: /tmp/edgex/secrets/consul-acl-token - volume: {} - - type: bind - source: /tmp/edgex/secrets/edgex-consul - target: /tmp/edgex/secrets/edgex-consul - read_only: true - bind: - selinux: z - create_host_path: true + - type: volume + source: consul-config + target: /consul/config + volume: {} + - type: volume + source: consul-data + target: /consul/data + volume: {} + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/edgex-consul + target: /tmp/edgex/secrets/edgex-consul + read_only: true + bind: + selinux: z + create_host_path: true + - type: volume + source: consul-acl-token + target: /tmp/edgex/secrets/consul-acl-token + volume: {} core-command: command: - - /core-command - - -cp=consul.http://edgex-core-consul:8500 - - --registry + - /core-command + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-core-command depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-metadata: condition: service_started + required: true database: condition: service_started + required: true security-bootstrapper: condition: service_started + required: true security-secretstore-setup: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" EXTERNALMQTT_URL: tcp://edgex-mqtt-broker:1883 @@ -293,54 +310,60 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59882 - published: "59882" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59882 + published: "59882" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /tmp/edgex/secrets/core-command - target: /tmp/edgex/secrets/core-command - read_only: true - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/core-command + target: /tmp/edgex/secrets/core-command + read_only: true + bind: + selinux: z + create_host_path: true core-common-config-bootstrapper: command: - - /entrypoint.sh - - /core-common-config-bootstrapper - - -cp=consul.http://edgex-core-consul:8500 + - /entrypoint.sh + - /core-common-config-bootstrapper + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-core-common-config-bootstrapper depends_on: consul: condition: service_started + required: true security-bootstrapper: condition: service_started + required: true security-secretstore-setup: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: ALL_SERVICES_DATABASE_HOST: edgex-redis ALL_SERVICES_MESSAGEBUS_HOST: edgex-redis ALL_SERVICES_REGISTRY_HOST: edgex-core-consul + ALL_SERVICES_REGISTRY_PORT: "8500" + ALL_SERVICES_REGISTRY_TYPE: consul APP_SERVICES_CLIENTS_CORE_METADATA_HOST: edgex-core-metadata DEVICE_SERVICES_CLIENTS_CORE_METADATA_HOST: edgex-core-metadata EDGEX_SECURITY_SECRET_STORE: "true" @@ -365,46 +388,51 @@ services: edgex-network: null read_only: true security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /tmp/edgex/secrets/core-common-config-bootstrapper - target: /tmp/edgex/secrets/core-common-config-bootstrapper - read_only: true - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/core-common-config-bootstrapper + target: /tmp/edgex/secrets/core-common-config-bootstrapper + read_only: true + bind: + selinux: z + create_host_path: true core-data: command: - - /core-data - - -cp=consul.http://edgex-core-consul:8500 - - --registry + - /core-data + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-core-data depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true database: condition: service_started + required: true security-bootstrapper: condition: service_started + required: true security-secretstore-setup: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" PROXY_SETUP_HOST: edgex-security-proxy-setup @@ -428,52 +456,56 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59880 - published: "59880" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59880 + published: "59880" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /tmp/edgex/secrets/core-data - target: /tmp/edgex/secrets/core-data - read_only: true - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/core-data + target: /tmp/edgex/secrets/core-data + read_only: true + bind: + selinux: z + create_host_path: true core-metadata: command: - - /core-metadata - - -cp=consul.http://edgex-core-consul:8500 - - --registry + - /core-metadata + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-core-metadata depends_on: consul: condition: service_started + required: true database: condition: service_started + required: true security-bootstrapper: condition: service_started + required: true security-secretstore-setup: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" PROXY_SETUP_HOST: edgex-security-proxy-setup @@ -497,44 +529,46 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59881 - published: "59881" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59881 + published: "59881" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /tmp/edgex/secrets/core-metadata - target: /tmp/edgex/secrets/core-metadata - read_only: true - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/core-metadata + target: /tmp/edgex/secrets/core-metadata + read_only: true + bind: + selinux: z + create_host_path: true database: container_name: edgex-redis depends_on: security-bootstrapper: condition: service_started + required: true security-secretstore-setup: condition: service_started + required: true entrypoint: - - /edgex-init/redis_wait_install.sh + - /edgex-init/redis_wait_install.sh environment: DATABASECONFIG_NAME: redis.conf DATABASECONFIG_PATH: /run/redis/conf @@ -559,58 +593,63 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 6379 - published: "6379" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 6379 + published: "6379" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true tmpfs: - - /run + - /run user: root:root volumes: - - type: volume - source: db-data - target: /data - volume: {} - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: volume - source: redis-config - target: /run/redis/conf - volume: {} - - type: bind - source: /tmp/edgex/secrets/security-bootstrapper-redis - target: /tmp/edgex/secrets/security-bootstrapper-redis - read_only: true - bind: - selinux: z - create_host_path: true + - type: volume + source: db-data + target: /data + volume: {} + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: volume + source: redis-config + target: /run/redis/conf + volume: {} + - type: bind + source: /tmp/edgex/secrets/security-bootstrapper-redis + target: /tmp/edgex/secrets/security-bootstrapper-redis + read_only: true + bind: + selinux: z + create_host_path: true device-rest: command: - - /device-rest - - -cp=consul.http://edgex-core-consul:8500 - - --registry + - /device-rest + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-device-rest depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-data: condition: service_started + required: true core-metadata: condition: service_started + required: true security-bootstrapper: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" PROXY_SETUP_HOST: edgex-security-proxy-setup @@ -634,54 +673,59 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59986 - published: "59986" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59986 + published: "59986" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /tmp/edgex/secrets/device-rest - target: /tmp/edgex/secrets/device-rest - read_only: true - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/device-rest + target: /tmp/edgex/secrets/device-rest + read_only: true + bind: + selinux: z + create_host_path: true device-virtual: command: - - /device-virtual - - -cp=consul.http://edgex-core-consul:8500 - - --registry + - /device-virtual + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-device-virtual depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-data: condition: service_started + required: true core-metadata: condition: service_started + required: true security-bootstrapper: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" PROXY_SETUP_HOST: edgex-security-proxy-setup @@ -705,90 +749,91 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59900 - published: "59900" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59900 + published: "59900" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /tmp/edgex/secrets/device-virtual - target: /tmp/edgex/secrets/device-virtual - read_only: true - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/device-virtual + target: /tmp/edgex/secrets/device-virtual + read_only: true + bind: + selinux: z + create_host_path: true mqtt-broker: command: - - /usr/sbin/mosquitto - - -c - - /mosquitto-no-auth.conf + - /usr/sbin/mosquitto + - -c + - /mosquitto-no-auth.conf container_name: edgex-mqtt-broker hostname: edgex-mqtt-broker image: eclipse-mosquitto:2.0 networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 1883 - published: "1883" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 1883 + published: "1883" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 mqtt-taf-broker: command: - - /usr/sbin/mosquitto - - -c - - /mosquitto-no-auth.conf + - /usr/sbin/mosquitto + - -c + - /mosquitto-no-auth.conf container_name: edgex-taf-mqtt-broker hostname: edgex-taf-mqtt-broker image: eclipse-mosquitto:2.0 networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 1883 - published: "1884" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 1883 + published: "1884" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 nginx: command: - - /docker-entrypoint.sh - - nginx - - -g - - daemon off; + - /docker-entrypoint.sh + - nginx + - -g + - daemon off; container_name: edgex-nginx depends_on: security-secretstore-setup: condition: service_started + required: true entrypoint: - - /bin/sh - - /edgex-init/nginx_wait_install.sh + - /bin/sh + - /edgex-init/nginx_wait_install.sh environment: PROXY_SETUP_HOST: edgex-security-proxy-setup STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper @@ -809,44 +854,47 @@ services: networks: edgex-network: null ports: - - mode: ingress - target: 8443 - published: "8443" - protocol: tcp + - mode: ingress + target: 8443 + published: "8443" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true tmpfs: - - /etc/nginx/conf.d - - /var/cache/nginx - - /var/log/nginx - - /var/run + - /etc/nginx/conf.d + - /var/cache/nginx + - /var/log/nginx + - /var/run volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: volume - source: nginx-templates - target: /etc/nginx/templates - volume: {} - - type: volume - source: nginx-tls - target: /etc/ssl/nginx - volume: {} + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: volume + source: nginx-templates + target: /etc/nginx/templates + volume: {} + - type: volume + source: nginx-tls + target: /etc/ssl/nginx + volume: {} rules-engine: container_name: edgex-kuiper depends_on: database: condition: service_started + required: true security-bootstrapper: condition: service_started + required: true security-secretstore-setup: condition: service_started + required: true entrypoint: - - /edgex-init/kuiper_wait_install.sh + - /edgex-init/kuiper_wait_install.sh environment: CONNECTION__EDGEX__REDISMSGBUS__PORT: "6379" CONNECTION__EDGEX__REDISMSGBUS__PROTOCOL: redis @@ -858,6 +906,7 @@ services: EDGEX__DEFAULT__TOPIC: edgex/rules-events EDGEX__DEFAULT__TYPE: redis KUIPER__BASIC__CONSOLELOG: "true" + KUIPER__BASIC__ENABLEOPENZITI: "false" KUIPER__BASIC__RESTPORT: "59720" PROXY_SETUP_HOST: edgex-security-proxy-setup STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper @@ -874,56 +923,56 @@ services: STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" STAGEGATE_WAITFOR_TIMEOUT: 60s hostname: edgex-kuiper - image: lfedge/ekuiper:1.12-alpine + image: lfedge/ekuiper:v1.14.0-alpha.2 networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59720 - published: "59720" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59720 + published: "59720" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: kuiper:kuiper volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: volume - source: kuiper-data - target: /kuiper/data - volume: {} - - type: volume - source: kuiper-etc - target: /kuiper/etc - volume: {} - - type: volume - source: kuiper-connections - target: /kuiper/etc/connections - volume: {} - - type: volume - source: kuiper-sources - target: /kuiper/etc/sources - volume: {} - - type: volume - source: kuiper-log - target: /kuiper/log - volume: {} - - type: volume - source: kuiper-plugins - target: /kuiper/plugins - volume: {} + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: kuiper-data + target: /kuiper/data + volume: {} + - type: volume + source: kuiper-etc + target: /kuiper/etc + volume: {} + - type: volume + source: kuiper-log + target: /kuiper/log + volume: {} + - type: volume + source: kuiper-plugins + target: /kuiper/plugins + volume: {} + - type: volume + source: kuiper-sources + target: /kuiper/etc/sources + volume: {} + - type: volume + source: kuiper-connections + target: /kuiper/etc/connections + volume: {} + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} security-bootstrapper: container_name: edgex-security-bootstrapper environment: @@ -950,34 +999,36 @@ services: read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: root:root volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: volume - source: edgex-init - target: /edgex-init - volume: {} + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + volume: {} security-proxy-auth: command: - - entrypoint.sh - - /security-proxy-auth - - -cp=consul.http://edgex-core-consul:8500 - - --registry + - entrypoint.sh + - /security-proxy-auth + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-proxy-auth depends_on: core-common-config-bootstrapper: condition: service_started + required: true security-secretstore-setup: condition: service_started + required: true entrypoint: - - /bin/sh - - /edgex-init/ready_to_run_wait_install.sh + - /bin/sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" PROXY_SETUP_HOST: edgex-security-proxy-setup @@ -1001,43 +1052,45 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59842 - published: "59842" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59842 + published: "59842" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /tmp/edgex/secrets/security-proxy-auth - target: /tmp/edgex/secrets/security-proxy-auth - read_only: true - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/security-proxy-auth + target: /tmp/edgex/secrets/security-proxy-auth + read_only: true + bind: + selinux: z + create_host_path: true security-proxy-setup: container_name: edgex-security-proxy-setup depends_on: security-bootstrapper: condition: service_started + required: true security-secretstore-setup: condition: service_started + required: true entrypoint: - - /edgex-init/proxy_setup_wait_install.sh + - /edgex-init/proxy_setup_wait_install.sh environment: EDGEX_ADD_PROXY_ROUTE: device-modbus.http://edgex-device-modbus:59901 EDGEX_SECURITY_SECRET_STORE: "true" @@ -1072,51 +1125,53 @@ services: read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: root:root volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: volume - source: nginx-templates - target: /etc/nginx/templates - volume: {} - - type: volume - source: nginx-tls - target: /etc/ssl/nginx - volume: {} - - type: volume - source: consul-acl-token - target: /tmp/edgex/secrets/consul-acl-token - read_only: true - volume: {} - - type: bind - source: /tmp/edgex/secrets/security-proxy-setup - target: /tmp/edgex/secrets/security-proxy-setup - read_only: true - bind: - selinux: z - create_host_path: true - - type: volume - source: vault-config - target: /vault/config - volume: {} + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: volume + source: vault-config + target: /vault/config + volume: {} + - type: volume + source: nginx-templates + target: /etc/nginx/templates + volume: {} + - type: volume + source: nginx-tls + target: /etc/ssl/nginx + volume: {} + - type: bind + source: /tmp/edgex/secrets/security-proxy-setup + target: /tmp/edgex/secrets/security-proxy-setup + read_only: true + bind: + selinux: z + create_host_path: true + - type: volume + source: consul-acl-token + target: /tmp/edgex/secrets/consul-acl-token + read_only: true + volume: {} security-secretstore-setup: container_name: edgex-security-secretstore-setup depends_on: security-bootstrapper: condition: service_started + required: true vault: condition: service_started + required: true environment: EDGEX_ADD_KNOWN_SECRETS: redisdb[app-rules-engine],redisdb[app-http-export],redisdb[app-mqtt-export],redisdb[app-scalability-test-mqtt-export],redisdb[device-rest],redisdb[device-virtual] EDGEX_ADD_SECRETSTORE_TOKENS: app-http-export,app-mqtt-export,app-functional-tests,app-scalability-test-mqtt-export @@ -1146,55 +1201,59 @@ services: read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true tmpfs: - - /run - - /vault + - /run + - /vault user: root:root volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /tmp/edgex/secrets - target: /tmp/edgex/secrets - bind: - selinux: z - create_host_path: true - - type: volume - source: kuiper-sources - target: /tmp/kuiper - volume: {} - - type: volume - source: kuiper-connections - target: /tmp/kuiper-connections - volume: {} - - type: volume - source: vault-config - target: /vault/config - volume: {} + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: volume + source: vault-config + target: /vault/config + volume: {} + - type: bind + source: /tmp/edgex/secrets + target: /tmp/edgex/secrets + bind: + selinux: z + create_host_path: true + - type: volume + source: kuiper-sources + target: /tmp/kuiper + volume: {} + - type: volume + source: kuiper-connections + target: /tmp/kuiper-connections + volume: {} security-spiffe-token-provider: command: - - /security-spiffe-token-provider - - -cp=consul.http://edgex-core-consul:8500 + - /security-spiffe-token-provider + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-security-spiffe-token-provider depends_on: consul: condition: service_started + required: true security-bootstrapper: condition: service_started + required: true security-spire-agent: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" PROXY_SETUP_HOST: edgex-security-proxy-setup @@ -1218,50 +1277,51 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59841 - published: "59841" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59841 + published: "59841" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true tmpfs: - - /run + - /run user: root:root volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: volume - source: edgex-init - target: /edgex-init - volume: {} - - type: bind - source: /tmp/edgex/secrets/spiffe - target: /tmp/edgex/secrets/spiffe - bind: - selinux: z - create_host_path: true - - type: bind - source: /tmp/edgex/secrets/security-spiffe-token-provider - target: /tmp/edgex/secrets/security-spiffe-token-provider - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + volume: {} + - type: bind + source: /tmp/edgex/secrets/spiffe + target: /tmp/edgex/secrets/spiffe + bind: + selinux: z + create_host_path: true + - type: bind + source: /tmp/edgex/secrets/security-spiffe-token-provider + target: /tmp/edgex/secrets/security-spiffe-token-provider + bind: + selinux: z + create_host_path: true security-spire-agent: command: - - docker-entrypoint.sh + - docker-entrypoint.sh container_name: edgex-security-spire-agent depends_on: security-spire-server: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" PROXY_SETUP_HOST: edgex-security-proxy-setup @@ -1288,49 +1348,50 @@ services: read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true tmpfs: - - /run + - /run user: root:root volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: volume - source: edgex-init - target: /edgex-init - volume: {} - - type: volume - source: spire-ca - target: /srv/spiffe/ca - volume: {} - - type: volume - source: spire-agent - target: /srv/spiffe/agent - volume: {} - - type: bind - source: /tmp/edgex/secrets/spiffe - target: /tmp/edgex/secrets/spiffe - bind: - selinux: z - create_host_path: true - - type: bind - source: /var/run/docker.sock - target: /var/run/docker.sock - bind: - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + volume: {} + - type: volume + source: spire-ca + target: /srv/spiffe/ca + volume: {} + - type: volume + source: spire-agent + target: /srv/spiffe/agent + volume: {} + - type: bind + source: /tmp/edgex/secrets/spiffe + target: /tmp/edgex/secrets/spiffe + bind: + selinux: z + create_host_path: true + - type: bind + source: /var/run/docker.sock + target: /var/run/docker.sock + bind: + create_host_path: true security-spire-config: command: - - docker-entrypoint.sh + - docker-entrypoint.sh container_name: edgex-security-spire-config depends_on: security-spire-agent: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" PROXY_SETUP_HOST: edgex-security-proxy-setup @@ -1355,36 +1416,37 @@ services: read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true tmpfs: - - /run + - /run user: root:root volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: volume - source: edgex-init - target: /edgex-init - volume: {} - - type: bind - source: /tmp/edgex/secrets/spiffe - target: /tmp/edgex/secrets/spiffe - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + volume: {} + - type: bind + source: /tmp/edgex/secrets/spiffe + target: /tmp/edgex/secrets/spiffe + bind: + selinux: z + create_host_path: true security-spire-server: command: - - docker-entrypoint.sh + - docker-entrypoint.sh container_name: edgex-security-spire-server depends_on: security-bootstrapper: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" PROXY_SETUP_HOST: edgex-security-proxy-setup @@ -1408,62 +1470,67 @@ services: edgex-network: null pid: host ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59840 - published: "59840" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59840 + published: "59840" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true tmpfs: - - /run + - /run user: root:root volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: volume - source: edgex-init - target: /edgex-init - volume: {} - - type: volume - source: spire-ca - target: /srv/spiffe/ca - volume: {} - - type: volume - source: spire-server - target: /srv/spiffe/server - volume: {} - - type: bind - source: /tmp/edgex/secrets/spiffe - target: /tmp/edgex/secrets/spiffe - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + volume: {} + - type: volume + source: spire-ca + target: /srv/spiffe/ca + volume: {} + - type: volume + source: spire-server + target: /srv/spiffe/server + volume: {} + - type: bind + source: /tmp/edgex/secrets/spiffe + target: /tmp/edgex/secrets/spiffe + bind: + selinux: z + create_host_path: true support-notifications: command: - - /support-notifications - - -cp=consul.http://edgex-core-consul:8500 - - --registry + - /support-notifications + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-support-notifications depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true database: condition: service_started + required: true security-bootstrapper: condition: service_started + required: true security-secretstore-setup: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" PROXY_SETUP_HOST: edgex-security-proxy-setup @@ -1487,54 +1554,59 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59860 - published: "59860" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59860 + published: "59860" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /tmp/edgex/secrets/support-notifications - target: /tmp/edgex/secrets/support-notifications - read_only: true - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/support-notifications + target: /tmp/edgex/secrets/support-notifications + read_only: true + bind: + selinux: z + create_host_path: true support-scheduler: command: - - /support-scheduler - - -cp=consul.http://edgex-core-consul:8500 - - --registry + - /support-scheduler + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-support-scheduler depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true database: condition: service_started + required: true security-bootstrapper: condition: service_started + required: true security-secretstore-setup: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" INTERVALACTIONS_SCRUBAGED_HOST: edgex-core-data @@ -1560,35 +1632,35 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59861 - published: "59861" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59861 + published: "59861" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /tmp/edgex/secrets/support-scheduler - target: /tmp/edgex/secrets/support-scheduler - read_only: true - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/support-scheduler + target: /tmp/edgex/secrets/support-scheduler + read_only: true + bind: + selinux: z + create_host_path: true ui: container_name: edgex-ui-go environment: @@ -1599,33 +1671,34 @@ services: networks: edgex-network: null ports: - - mode: ingress - target: 4000 - published: "4000" - protocol: tcp + - mode: ingress + target: 4000 + published: "4000" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true vault: cap_add: - - IPC_LOCK + - IPC_LOCK command: - - server + - server container_name: edgex-vault depends_on: security-bootstrapper: condition: service_started + required: true entrypoint: - - /edgex-init/vault_wait_install.sh + - /edgex-init/vault_wait_install.sh environment: PROXY_SETUP_HOST: edgex-security-proxy-setup STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper @@ -1649,29 +1722,29 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 8200 - published: "8200" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 8200 + published: "8200" + protocol: tcp restart: always tmpfs: - - /vault/config + - /vault/config user: root:root volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: volume - source: vault-file - target: /vault/file - volume: {} - - type: volume - source: vault-logs - target: /vault/logs - volume: {} + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: volume + source: vault-file + target: /vault/file + volume: {} + - type: volume + source: vault-logs + target: /vault/logs + volume: {} networks: edgex-network: name: edgex_edgex-network diff --git a/taf/docker-compose-taf-perf-no-secty-arm64.yml b/taf/docker-compose-taf-perf-no-secty-arm64.yml index 10fc4d66..152af820 100644 --- a/taf/docker-compose-taf-perf-no-secty-arm64.yml +++ b/taf/docker-compose-taf-perf-no-secty-arm64.yml @@ -24,17 +24,24 @@ # # From the compose-builder folder use `make build` to regenerate all standard compose files variations # +# Generated with: Docker Compose version v2.25.0 name: edgex services: app-mqtt-export: + command: + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-app-mqtt-export depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-metadata: condition: service_started + required: true environment: EDGEX_PROFILE: mqtt-export EDGEX_SECURITY_SECRET_STORE: "false" @@ -47,32 +54,38 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59703 - published: "59703" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59703 + published: "59703" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true app-rules-engine: + command: + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-app-rules-engine depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-metadata: condition: service_started + required: true environment: EDGEX_PROFILE: rules-engine EDGEX_SECURITY_SECRET_STORE: "false" @@ -82,67 +95,74 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59701 - published: "59701" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59701 + published: "59701" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true consul: command: - - agent - - -ui - - -bootstrap - - -server - - -client - - 0.0.0.0 + - agent + - -ui + - -bootstrap + - -server + - -client + - 0.0.0.0 container_name: edgex-core-consul hostname: edgex-core-consul image: hashicorp/consul:1.16 networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 8500 - published: "8500" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 8500 + published: "8500" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: root:root volumes: - - type: volume - source: consul-config - target: /consul/config - volume: {} - - type: volume - source: consul-data - target: /consul/data - volume: {} + - type: volume + source: consul-config + target: /consul/config + volume: {} + - type: volume + source: consul-data + target: /consul/data + volume: {} core-command: + command: + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-core-command depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-metadata: condition: service_started + required: true database: condition: service_started + required: true environment: EDGEX_SECURITY_SECRET_STORE: "false" EXTERNALMQTT_URL: tcp://edgex-mqtt-broker:1883 @@ -152,32 +172,39 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59882 - published: "59882" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59882 + published: "59882" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true core-common-config-bootstrapper: + command: + - /core-common-config-bootstrapper + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-core-common-config-bootstrapper depends_on: consul: condition: service_started + required: true environment: ALL_SERVICES_DATABASE_HOST: edgex-redis ALL_SERVICES_MESSAGEBUS_HOST: edgex-redis ALL_SERVICES_REGISTRY_HOST: edgex-core-consul + ALL_SERVICES_REGISTRY_PORT: "8500" + ALL_SERVICES_REGISTRY_TYPE: consul APP_SERVICES_CLIENTS_CORE_METADATA_HOST: edgex-core-metadata DEVICE_SERVICES_CLIENTS_CORE_METADATA_HOST: edgex-core-metadata EDGEX_SECURITY_SECRET_STORE: "false" @@ -187,24 +214,30 @@ services: edgex-network: null read_only: true security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true core-data: + command: + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-core-data depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true database: condition: service_started + required: true environment: EDGEX_SECURITY_SECRET_STORE: "false" SERVICE_HOST: edgex-core-data @@ -213,30 +246,35 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59880 - published: "59880" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59880 + published: "59880" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true core-metadata: + command: + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-core-metadata depends_on: consul: condition: service_started + required: true database: condition: service_started + required: true environment: EDGEX_SECURITY_SECRET_STORE: "false" SERVICE_HOST: edgex-core-metadata @@ -245,23 +283,23 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59881 - published: "59881" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59881 + published: "59881" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true database: container_name: edgex-redis hostname: edgex-redis @@ -269,32 +307,39 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 6379 - published: "6379" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 6379 + published: "6379" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: root:root volumes: - - type: volume - source: db-data - target: /data - volume: {} + - type: volume + source: db-data + target: /data + volume: {} device-rest: + command: + - -cp=consul.http://edgex-core-consul:8500 + - --registry container_name: edgex-device-rest depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-data: condition: service_started + required: true core-metadata: condition: service_started + required: true environment: EDGEX_SECURITY_SECRET_STORE: "false" SERVICE_HOST: edgex-device-rest @@ -303,34 +348,41 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59986 - published: "59986" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59986 + published: "59986" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true device-virtual: + command: + - -cp=consul.http://edgex-core-consul:8500 + - --registry container_name: edgex-device-virtual depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-data: condition: service_started + required: true core-metadata: condition: service_started + required: true environment: EDGEX_SECURITY_SECRET_STORE: "false" SERVICE_HOST: edgex-device-virtual @@ -339,70 +391,71 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59900 - published: "59900" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59900 + published: "59900" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true mqtt-broker: command: - - /usr/sbin/mosquitto - - -c - - /mosquitto-no-auth.conf + - /usr/sbin/mosquitto + - -c + - /mosquitto-no-auth.conf container_name: edgex-mqtt-broker hostname: edgex-mqtt-broker image: eclipse-mosquitto:2.0 networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 1883 - published: "1883" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 1883 + published: "1883" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 mqtt-taf-broker: command: - - /usr/sbin/mosquitto - - -c - - /mosquitto-no-auth.conf + - /usr/sbin/mosquitto + - -c + - /mosquitto-no-auth.conf container_name: edgex-taf-mqtt-broker hostname: edgex-taf-mqtt-broker image: eclipse-mosquitto:2.0 networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 1883 - published: "1884" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 1883 + published: "1884" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 rules-engine: container_name: edgex-kuiper depends_on: database: condition: service_started + required: true environment: CONNECTION__EDGEX__REDISMSGBUS__PORT: "6379" CONNECTION__EDGEX__REDISMSGBUS__PROTOCOL: redis @@ -414,54 +467,61 @@ services: EDGEX__DEFAULT__TOPIC: edgex/rules-events EDGEX__DEFAULT__TYPE: redis KUIPER__BASIC__CONSOLELOG: "true" + KUIPER__BASIC__ENABLEOPENZITI: "false" KUIPER__BASIC__RESTPORT: "59720" hostname: edgex-kuiper - image: lfedge/ekuiper:1.12-alpine + image: lfedge/ekuiper:v1.14.0-alpha.2 networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59720 - published: "59720" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59720 + published: "59720" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: kuiper:kuiper volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: volume - source: kuiper-data - target: /kuiper/data - volume: {} - - type: volume - source: kuiper-etc - target: /kuiper/etc - volume: {} - - type: volume - source: kuiper-log - target: /kuiper/log - volume: {} - - type: volume - source: kuiper-plugins - target: /kuiper/plugins - volume: {} + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: kuiper-data + target: /kuiper/data + volume: {} + - type: volume + source: kuiper-etc + target: /kuiper/etc + volume: {} + - type: volume + source: kuiper-log + target: /kuiper/log + volume: {} + - type: volume + source: kuiper-plugins + target: /kuiper/plugins + volume: {} support-notifications: + command: + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-support-notifications depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true database: condition: service_started + required: true environment: EDGEX_SECURITY_SECRET_STORE: "false" SERVICE_HOST: edgex-support-notifications @@ -470,32 +530,38 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59860 - published: "59860" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59860 + published: "59860" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true support-scheduler: + command: + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-support-scheduler depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true database: condition: service_started + required: true environment: EDGEX_SECURITY_SECRET_STORE: "false" INTERVALACTIONS_SCRUBAGED_HOST: edgex-core-data @@ -506,23 +572,23 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59861 - published: "59861" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59861 + published: "59861" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true ui: container_name: edgex-ui-go environment: @@ -533,22 +599,22 @@ services: networks: edgex-network: null ports: - - mode: ingress - target: 4000 - published: "4000" - protocol: tcp + - mode: ingress + target: 4000 + published: "4000" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true networks: edgex-network: name: edgex_edgex-network diff --git a/taf/docker-compose-taf-perf-no-secty.yml b/taf/docker-compose-taf-perf-no-secty.yml index 78298d8f..6606af27 100644 --- a/taf/docker-compose-taf-perf-no-secty.yml +++ b/taf/docker-compose-taf-perf-no-secty.yml @@ -24,17 +24,24 @@ # # From the compose-builder folder use `make build` to regenerate all standard compose files variations # +# Generated with: Docker Compose version v2.25.0 name: edgex services: app-mqtt-export: + command: + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-app-mqtt-export depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-metadata: condition: service_started + required: true environment: EDGEX_PROFILE: mqtt-export EDGEX_SECURITY_SECRET_STORE: "false" @@ -47,32 +54,38 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59703 - published: "59703" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59703 + published: "59703" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true app-rules-engine: + command: + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-app-rules-engine depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-metadata: condition: service_started + required: true environment: EDGEX_PROFILE: rules-engine EDGEX_SECURITY_SECRET_STORE: "false" @@ -82,67 +95,74 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59701 - published: "59701" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59701 + published: "59701" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true consul: command: - - agent - - -ui - - -bootstrap - - -server - - -client - - 0.0.0.0 + - agent + - -ui + - -bootstrap + - -server + - -client + - 0.0.0.0 container_name: edgex-core-consul hostname: edgex-core-consul image: hashicorp/consul:1.16 networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 8500 - published: "8500" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 8500 + published: "8500" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: root:root volumes: - - type: volume - source: consul-config - target: /consul/config - volume: {} - - type: volume - source: consul-data - target: /consul/data - volume: {} + - type: volume + source: consul-config + target: /consul/config + volume: {} + - type: volume + source: consul-data + target: /consul/data + volume: {} core-command: + command: + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-core-command depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-metadata: condition: service_started + required: true database: condition: service_started + required: true environment: EDGEX_SECURITY_SECRET_STORE: "false" EXTERNALMQTT_URL: tcp://edgex-mqtt-broker:1883 @@ -152,32 +172,39 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59882 - published: "59882" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59882 + published: "59882" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true core-common-config-bootstrapper: + command: + - /core-common-config-bootstrapper + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-core-common-config-bootstrapper depends_on: consul: condition: service_started + required: true environment: ALL_SERVICES_DATABASE_HOST: edgex-redis ALL_SERVICES_MESSAGEBUS_HOST: edgex-redis ALL_SERVICES_REGISTRY_HOST: edgex-core-consul + ALL_SERVICES_REGISTRY_PORT: "8500" + ALL_SERVICES_REGISTRY_TYPE: consul APP_SERVICES_CLIENTS_CORE_METADATA_HOST: edgex-core-metadata DEVICE_SERVICES_CLIENTS_CORE_METADATA_HOST: edgex-core-metadata EDGEX_SECURITY_SECRET_STORE: "false" @@ -187,24 +214,30 @@ services: edgex-network: null read_only: true security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true core-data: + command: + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-core-data depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true database: condition: service_started + required: true environment: EDGEX_SECURITY_SECRET_STORE: "false" SERVICE_HOST: edgex-core-data @@ -213,30 +246,35 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59880 - published: "59880" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59880 + published: "59880" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true core-metadata: + command: + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-core-metadata depends_on: consul: condition: service_started + required: true database: condition: service_started + required: true environment: EDGEX_SECURITY_SECRET_STORE: "false" SERVICE_HOST: edgex-core-metadata @@ -245,23 +283,23 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59881 - published: "59881" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59881 + published: "59881" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true database: container_name: edgex-redis hostname: edgex-redis @@ -269,32 +307,39 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 6379 - published: "6379" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 6379 + published: "6379" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: root:root volumes: - - type: volume - source: db-data - target: /data - volume: {} + - type: volume + source: db-data + target: /data + volume: {} device-rest: + command: + - -cp=consul.http://edgex-core-consul:8500 + - --registry container_name: edgex-device-rest depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-data: condition: service_started + required: true core-metadata: condition: service_started + required: true environment: EDGEX_SECURITY_SECRET_STORE: "false" SERVICE_HOST: edgex-device-rest @@ -303,34 +348,41 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59986 - published: "59986" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59986 + published: "59986" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true device-virtual: + command: + - -cp=consul.http://edgex-core-consul:8500 + - --registry container_name: edgex-device-virtual depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-data: condition: service_started + required: true core-metadata: condition: service_started + required: true environment: EDGEX_SECURITY_SECRET_STORE: "false" SERVICE_HOST: edgex-device-virtual @@ -339,70 +391,71 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59900 - published: "59900" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59900 + published: "59900" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true mqtt-broker: command: - - /usr/sbin/mosquitto - - -c - - /mosquitto-no-auth.conf + - /usr/sbin/mosquitto + - -c + - /mosquitto-no-auth.conf container_name: edgex-mqtt-broker hostname: edgex-mqtt-broker image: eclipse-mosquitto:2.0 networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 1883 - published: "1883" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 1883 + published: "1883" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 mqtt-taf-broker: command: - - /usr/sbin/mosquitto - - -c - - /mosquitto-no-auth.conf + - /usr/sbin/mosquitto + - -c + - /mosquitto-no-auth.conf container_name: edgex-taf-mqtt-broker hostname: edgex-taf-mqtt-broker image: eclipse-mosquitto:2.0 networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 1883 - published: "1884" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 1883 + published: "1884" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 rules-engine: container_name: edgex-kuiper depends_on: database: condition: service_started + required: true environment: CONNECTION__EDGEX__REDISMSGBUS__PORT: "6379" CONNECTION__EDGEX__REDISMSGBUS__PROTOCOL: redis @@ -414,54 +467,61 @@ services: EDGEX__DEFAULT__TOPIC: edgex/rules-events EDGEX__DEFAULT__TYPE: redis KUIPER__BASIC__CONSOLELOG: "true" + KUIPER__BASIC__ENABLEOPENZITI: "false" KUIPER__BASIC__RESTPORT: "59720" hostname: edgex-kuiper - image: lfedge/ekuiper:1.12-alpine + image: lfedge/ekuiper:v1.14.0-alpha.2 networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59720 - published: "59720" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59720 + published: "59720" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: kuiper:kuiper volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: volume - source: kuiper-data - target: /kuiper/data - volume: {} - - type: volume - source: kuiper-etc - target: /kuiper/etc - volume: {} - - type: volume - source: kuiper-log - target: /kuiper/log - volume: {} - - type: volume - source: kuiper-plugins - target: /kuiper/plugins - volume: {} + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: kuiper-data + target: /kuiper/data + volume: {} + - type: volume + source: kuiper-etc + target: /kuiper/etc + volume: {} + - type: volume + source: kuiper-log + target: /kuiper/log + volume: {} + - type: volume + source: kuiper-plugins + target: /kuiper/plugins + volume: {} support-notifications: + command: + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-support-notifications depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true database: condition: service_started + required: true environment: EDGEX_SECURITY_SECRET_STORE: "false" SERVICE_HOST: edgex-support-notifications @@ -470,32 +530,38 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59860 - published: "59860" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59860 + published: "59860" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true support-scheduler: + command: + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-support-scheduler depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true database: condition: service_started + required: true environment: EDGEX_SECURITY_SECRET_STORE: "false" INTERVALACTIONS_SCRUBAGED_HOST: edgex-core-data @@ -506,23 +572,23 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59861 - published: "59861" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59861 + published: "59861" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true ui: container_name: edgex-ui-go environment: @@ -533,22 +599,22 @@ services: networks: edgex-network: null ports: - - mode: ingress - target: 4000 - published: "4000" - protocol: tcp + - mode: ingress + target: 4000 + published: "4000" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true networks: edgex-network: name: edgex_edgex-network diff --git a/taf/docker-compose-taf-perf.yml b/taf/docker-compose-taf-perf.yml index 346cc767..118c2bd2 100644 --- a/taf/docker-compose-taf-perf.yml +++ b/taf/docker-compose-taf-perf.yml @@ -24,25 +24,30 @@ # # From the compose-builder folder use `make build` to regenerate all standard compose files variations # +# Generated with: Docker Compose version v2.25.0 name: edgex services: app-mqtt-export: command: - - /app-service-configurable - - -cp=consul.http://edgex-core-consul:8500 - - --registry + - /app-service-configurable + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-app-mqtt-export depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-metadata: condition: service_started + required: true security-bootstrapper: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_PROFILE: mqtt-export EDGEX_SECURITY_SECRET_STORE: "true" @@ -70,52 +75,56 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59703 - published: "59703" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59703 + published: "59703" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /tmp/edgex/secrets/app-mqtt-export - target: /tmp/edgex/secrets/app-mqtt-export - read_only: true - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/app-mqtt-export + target: /tmp/edgex/secrets/app-mqtt-export + read_only: true + bind: + selinux: z + create_host_path: true app-rules-engine: command: - - /app-service-configurable - - -cp=consul.http://edgex-core-consul:8500 - - --registry + - /app-service-configurable + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-app-rules-engine depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-metadata: condition: service_started + required: true security-bootstrapper: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_PROFILE: rules-engine EDGEX_SECURITY_SECRET_STORE: "true" @@ -140,51 +149,53 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59701 - published: "59701" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59701 + published: "59701" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /tmp/edgex/secrets/app-rules-engine - target: /tmp/edgex/secrets/app-rules-engine - read_only: true - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/app-rules-engine + target: /tmp/edgex/secrets/app-rules-engine + read_only: true + bind: + selinux: z + create_host_path: true consul: command: - - agent - - -ui - - -bootstrap - - -server - - -client - - 0.0.0.0 + - agent + - -ui + - -bootstrap + - -server + - -client + - 0.0.0.0 container_name: edgex-core-consul depends_on: security-bootstrapper: condition: service_started + required: true vault: condition: service_started + required: true entrypoint: - - /edgex-init/consul_wait_install.sh + - /edgex-init/consul_wait_install.sh environment: EDGEX_ADD_REGISTRY_ACL_ROLES: app-http-export,app-mqtt-export,app-functional-tests,app-scalability-test-mqtt-export EDGEX_GROUP: "2001" @@ -213,62 +224,68 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 8500 - published: "8500" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 8500 + published: "8500" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: root:root volumes: - - type: volume - source: consul-config - target: /consul/config - volume: {} - - type: volume - source: consul-data - target: /consul/data - volume: {} - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: volume - source: consul-acl-token - target: /tmp/edgex/secrets/consul-acl-token - volume: {} - - type: bind - source: /tmp/edgex/secrets/edgex-consul - target: /tmp/edgex/secrets/edgex-consul - read_only: true - bind: - selinux: z - create_host_path: true + - type: volume + source: consul-config + target: /consul/config + volume: {} + - type: volume + source: consul-data + target: /consul/data + volume: {} + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/edgex-consul + target: /tmp/edgex/secrets/edgex-consul + read_only: true + bind: + selinux: z + create_host_path: true + - type: volume + source: consul-acl-token + target: /tmp/edgex/secrets/consul-acl-token + volume: {} core-command: command: - - /core-command - - -cp=consul.http://edgex-core-consul:8500 - - --registry + - /core-command + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-core-command depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-metadata: condition: service_started + required: true database: condition: service_started + required: true security-bootstrapper: condition: service_started + required: true security-secretstore-setup: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" EXTERNALMQTT_URL: tcp://edgex-mqtt-broker:1883 @@ -293,54 +310,60 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59882 - published: "59882" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59882 + published: "59882" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /tmp/edgex/secrets/core-command - target: /tmp/edgex/secrets/core-command - read_only: true - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/core-command + target: /tmp/edgex/secrets/core-command + read_only: true + bind: + selinux: z + create_host_path: true core-common-config-bootstrapper: command: - - /entrypoint.sh - - /core-common-config-bootstrapper - - -cp=consul.http://edgex-core-consul:8500 + - /entrypoint.sh + - /core-common-config-bootstrapper + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-core-common-config-bootstrapper depends_on: consul: condition: service_started + required: true security-bootstrapper: condition: service_started + required: true security-secretstore-setup: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: ALL_SERVICES_DATABASE_HOST: edgex-redis ALL_SERVICES_MESSAGEBUS_HOST: edgex-redis ALL_SERVICES_REGISTRY_HOST: edgex-core-consul + ALL_SERVICES_REGISTRY_PORT: "8500" + ALL_SERVICES_REGISTRY_TYPE: consul APP_SERVICES_CLIENTS_CORE_METADATA_HOST: edgex-core-metadata DEVICE_SERVICES_CLIENTS_CORE_METADATA_HOST: edgex-core-metadata EDGEX_SECURITY_SECRET_STORE: "true" @@ -365,46 +388,51 @@ services: edgex-network: null read_only: true security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /tmp/edgex/secrets/core-common-config-bootstrapper - target: /tmp/edgex/secrets/core-common-config-bootstrapper - read_only: true - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/core-common-config-bootstrapper + target: /tmp/edgex/secrets/core-common-config-bootstrapper + read_only: true + bind: + selinux: z + create_host_path: true core-data: command: - - /core-data - - -cp=consul.http://edgex-core-consul:8500 - - --registry + - /core-data + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-core-data depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true database: condition: service_started + required: true security-bootstrapper: condition: service_started + required: true security-secretstore-setup: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" PROXY_SETUP_HOST: edgex-security-proxy-setup @@ -428,52 +456,56 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59880 - published: "59880" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59880 + published: "59880" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /tmp/edgex/secrets/core-data - target: /tmp/edgex/secrets/core-data - read_only: true - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/core-data + target: /tmp/edgex/secrets/core-data + read_only: true + bind: + selinux: z + create_host_path: true core-metadata: command: - - /core-metadata - - -cp=consul.http://edgex-core-consul:8500 - - --registry + - /core-metadata + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-core-metadata depends_on: consul: condition: service_started + required: true database: condition: service_started + required: true security-bootstrapper: condition: service_started + required: true security-secretstore-setup: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" PROXY_SETUP_HOST: edgex-security-proxy-setup @@ -497,44 +529,46 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59881 - published: "59881" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59881 + published: "59881" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /tmp/edgex/secrets/core-metadata - target: /tmp/edgex/secrets/core-metadata - read_only: true - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/core-metadata + target: /tmp/edgex/secrets/core-metadata + read_only: true + bind: + selinux: z + create_host_path: true database: container_name: edgex-redis depends_on: security-bootstrapper: condition: service_started + required: true security-secretstore-setup: condition: service_started + required: true entrypoint: - - /edgex-init/redis_wait_install.sh + - /edgex-init/redis_wait_install.sh environment: DATABASECONFIG_NAME: redis.conf DATABASECONFIG_PATH: /run/redis/conf @@ -559,58 +593,63 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 6379 - published: "6379" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 6379 + published: "6379" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true tmpfs: - - /run + - /run user: root:root volumes: - - type: volume - source: db-data - target: /data - volume: {} - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: volume - source: redis-config - target: /run/redis/conf - volume: {} - - type: bind - source: /tmp/edgex/secrets/security-bootstrapper-redis - target: /tmp/edgex/secrets/security-bootstrapper-redis - read_only: true - bind: - selinux: z - create_host_path: true + - type: volume + source: db-data + target: /data + volume: {} + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: volume + source: redis-config + target: /run/redis/conf + volume: {} + - type: bind + source: /tmp/edgex/secrets/security-bootstrapper-redis + target: /tmp/edgex/secrets/security-bootstrapper-redis + read_only: true + bind: + selinux: z + create_host_path: true device-rest: command: - - /device-rest - - -cp=consul.http://edgex-core-consul:8500 - - --registry + - /device-rest + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-device-rest depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-data: condition: service_started + required: true core-metadata: condition: service_started + required: true security-bootstrapper: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" PROXY_SETUP_HOST: edgex-security-proxy-setup @@ -634,54 +673,59 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59986 - published: "59986" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59986 + published: "59986" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /tmp/edgex/secrets/device-rest - target: /tmp/edgex/secrets/device-rest - read_only: true - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/device-rest + target: /tmp/edgex/secrets/device-rest + read_only: true + bind: + selinux: z + create_host_path: true device-virtual: command: - - /device-virtual - - -cp=consul.http://edgex-core-consul:8500 - - --registry + - /device-virtual + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-device-virtual depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-data: condition: service_started + required: true core-metadata: condition: service_started + required: true security-bootstrapper: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" PROXY_SETUP_HOST: edgex-security-proxy-setup @@ -705,90 +749,91 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59900 - published: "59900" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59900 + published: "59900" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /tmp/edgex/secrets/device-virtual - target: /tmp/edgex/secrets/device-virtual - read_only: true - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/device-virtual + target: /tmp/edgex/secrets/device-virtual + read_only: true + bind: + selinux: z + create_host_path: true mqtt-broker: command: - - /usr/sbin/mosquitto - - -c - - /mosquitto-no-auth.conf + - /usr/sbin/mosquitto + - -c + - /mosquitto-no-auth.conf container_name: edgex-mqtt-broker hostname: edgex-mqtt-broker image: eclipse-mosquitto:2.0 networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 1883 - published: "1883" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 1883 + published: "1883" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 mqtt-taf-broker: command: - - /usr/sbin/mosquitto - - -c - - /mosquitto-no-auth.conf + - /usr/sbin/mosquitto + - -c + - /mosquitto-no-auth.conf container_name: edgex-taf-mqtt-broker hostname: edgex-taf-mqtt-broker image: eclipse-mosquitto:2.0 networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 1883 - published: "1884" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 1883 + published: "1884" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 nginx: command: - - /docker-entrypoint.sh - - nginx - - -g - - daemon off; + - /docker-entrypoint.sh + - nginx + - -g + - daemon off; container_name: edgex-nginx depends_on: security-secretstore-setup: condition: service_started + required: true entrypoint: - - /bin/sh - - /edgex-init/nginx_wait_install.sh + - /bin/sh + - /edgex-init/nginx_wait_install.sh environment: PROXY_SETUP_HOST: edgex-security-proxy-setup STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper @@ -809,44 +854,47 @@ services: networks: edgex-network: null ports: - - mode: ingress - target: 8443 - published: "8443" - protocol: tcp + - mode: ingress + target: 8443 + published: "8443" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true tmpfs: - - /etc/nginx/conf.d - - /var/cache/nginx - - /var/log/nginx - - /var/run + - /etc/nginx/conf.d + - /var/cache/nginx + - /var/log/nginx + - /var/run volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: volume - source: nginx-templates - target: /etc/nginx/templates - volume: {} - - type: volume - source: nginx-tls - target: /etc/ssl/nginx - volume: {} + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: volume + source: nginx-templates + target: /etc/nginx/templates + volume: {} + - type: volume + source: nginx-tls + target: /etc/ssl/nginx + volume: {} rules-engine: container_name: edgex-kuiper depends_on: database: condition: service_started + required: true security-bootstrapper: condition: service_started + required: true security-secretstore-setup: condition: service_started + required: true entrypoint: - - /edgex-init/kuiper_wait_install.sh + - /edgex-init/kuiper_wait_install.sh environment: CONNECTION__EDGEX__REDISMSGBUS__PORT: "6379" CONNECTION__EDGEX__REDISMSGBUS__PROTOCOL: redis @@ -858,6 +906,7 @@ services: EDGEX__DEFAULT__TOPIC: edgex/rules-events EDGEX__DEFAULT__TYPE: redis KUIPER__BASIC__CONSOLELOG: "true" + KUIPER__BASIC__ENABLEOPENZITI: "false" KUIPER__BASIC__RESTPORT: "59720" PROXY_SETUP_HOST: edgex-security-proxy-setup STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper @@ -874,56 +923,56 @@ services: STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" STAGEGATE_WAITFOR_TIMEOUT: 60s hostname: edgex-kuiper - image: lfedge/ekuiper:1.12-alpine + image: lfedge/ekuiper:v1.14.0-alpha.2 networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59720 - published: "59720" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59720 + published: "59720" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: kuiper:kuiper volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: volume - source: kuiper-data - target: /kuiper/data - volume: {} - - type: volume - source: kuiper-etc - target: /kuiper/etc - volume: {} - - type: volume - source: kuiper-connections - target: /kuiper/etc/connections - volume: {} - - type: volume - source: kuiper-sources - target: /kuiper/etc/sources - volume: {} - - type: volume - source: kuiper-log - target: /kuiper/log - volume: {} - - type: volume - source: kuiper-plugins - target: /kuiper/plugins - volume: {} + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: kuiper-data + target: /kuiper/data + volume: {} + - type: volume + source: kuiper-etc + target: /kuiper/etc + volume: {} + - type: volume + source: kuiper-log + target: /kuiper/log + volume: {} + - type: volume + source: kuiper-plugins + target: /kuiper/plugins + volume: {} + - type: volume + source: kuiper-sources + target: /kuiper/etc/sources + volume: {} + - type: volume + source: kuiper-connections + target: /kuiper/etc/connections + volume: {} + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} security-bootstrapper: container_name: edgex-security-bootstrapper environment: @@ -950,34 +999,36 @@ services: read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: root:root volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: volume - source: edgex-init - target: /edgex-init - volume: {} + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + volume: {} security-proxy-auth: command: - - entrypoint.sh - - /security-proxy-auth - - -cp=consul.http://edgex-core-consul:8500 - - --registry + - entrypoint.sh + - /security-proxy-auth + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-proxy-auth depends_on: core-common-config-bootstrapper: condition: service_started + required: true security-secretstore-setup: condition: service_started + required: true entrypoint: - - /bin/sh - - /edgex-init/ready_to_run_wait_install.sh + - /bin/sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" PROXY_SETUP_HOST: edgex-security-proxy-setup @@ -1001,43 +1052,45 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59842 - published: "59842" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59842 + published: "59842" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /tmp/edgex/secrets/security-proxy-auth - target: /tmp/edgex/secrets/security-proxy-auth - read_only: true - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/security-proxy-auth + target: /tmp/edgex/secrets/security-proxy-auth + read_only: true + bind: + selinux: z + create_host_path: true security-proxy-setup: container_name: edgex-security-proxy-setup depends_on: security-bootstrapper: condition: service_started + required: true security-secretstore-setup: condition: service_started + required: true entrypoint: - - /edgex-init/proxy_setup_wait_install.sh + - /edgex-init/proxy_setup_wait_install.sh environment: EDGEX_ADD_PROXY_ROUTE: device-modbus.http://edgex-device-modbus:59901 EDGEX_SECURITY_SECRET_STORE: "true" @@ -1072,51 +1125,53 @@ services: read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: root:root volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: volume - source: nginx-templates - target: /etc/nginx/templates - volume: {} - - type: volume - source: nginx-tls - target: /etc/ssl/nginx - volume: {} - - type: volume - source: consul-acl-token - target: /tmp/edgex/secrets/consul-acl-token - read_only: true - volume: {} - - type: bind - source: /tmp/edgex/secrets/security-proxy-setup - target: /tmp/edgex/secrets/security-proxy-setup - read_only: true - bind: - selinux: z - create_host_path: true - - type: volume - source: vault-config - target: /vault/config - volume: {} + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: volume + source: vault-config + target: /vault/config + volume: {} + - type: volume + source: nginx-templates + target: /etc/nginx/templates + volume: {} + - type: volume + source: nginx-tls + target: /etc/ssl/nginx + volume: {} + - type: bind + source: /tmp/edgex/secrets/security-proxy-setup + target: /tmp/edgex/secrets/security-proxy-setup + read_only: true + bind: + selinux: z + create_host_path: true + - type: volume + source: consul-acl-token + target: /tmp/edgex/secrets/consul-acl-token + read_only: true + volume: {} security-secretstore-setup: container_name: edgex-security-secretstore-setup depends_on: security-bootstrapper: condition: service_started + required: true vault: condition: service_started + required: true environment: EDGEX_ADD_KNOWN_SECRETS: redisdb[app-rules-engine],redisdb[app-http-export],redisdb[app-mqtt-export],redisdb[app-scalability-test-mqtt-export],redisdb[device-rest],redisdb[device-virtual] EDGEX_ADD_SECRETSTORE_TOKENS: app-http-export,app-mqtt-export,app-functional-tests,app-scalability-test-mqtt-export @@ -1146,55 +1201,59 @@ services: read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true tmpfs: - - /run - - /vault + - /run + - /vault user: root:root volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /tmp/edgex/secrets - target: /tmp/edgex/secrets - bind: - selinux: z - create_host_path: true - - type: volume - source: kuiper-sources - target: /tmp/kuiper - volume: {} - - type: volume - source: kuiper-connections - target: /tmp/kuiper-connections - volume: {} - - type: volume - source: vault-config - target: /vault/config - volume: {} + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: volume + source: vault-config + target: /vault/config + volume: {} + - type: bind + source: /tmp/edgex/secrets + target: /tmp/edgex/secrets + bind: + selinux: z + create_host_path: true + - type: volume + source: kuiper-sources + target: /tmp/kuiper + volume: {} + - type: volume + source: kuiper-connections + target: /tmp/kuiper-connections + volume: {} security-spiffe-token-provider: command: - - /security-spiffe-token-provider - - -cp=consul.http://edgex-core-consul:8500 + - /security-spiffe-token-provider + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-security-spiffe-token-provider depends_on: consul: condition: service_started + required: true security-bootstrapper: condition: service_started + required: true security-spire-agent: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" PROXY_SETUP_HOST: edgex-security-proxy-setup @@ -1218,50 +1277,51 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59841 - published: "59841" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59841 + published: "59841" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true tmpfs: - - /run + - /run user: root:root volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: volume - source: edgex-init - target: /edgex-init - volume: {} - - type: bind - source: /tmp/edgex/secrets/spiffe - target: /tmp/edgex/secrets/spiffe - bind: - selinux: z - create_host_path: true - - type: bind - source: /tmp/edgex/secrets/security-spiffe-token-provider - target: /tmp/edgex/secrets/security-spiffe-token-provider - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + volume: {} + - type: bind + source: /tmp/edgex/secrets/spiffe + target: /tmp/edgex/secrets/spiffe + bind: + selinux: z + create_host_path: true + - type: bind + source: /tmp/edgex/secrets/security-spiffe-token-provider + target: /tmp/edgex/secrets/security-spiffe-token-provider + bind: + selinux: z + create_host_path: true security-spire-agent: command: - - docker-entrypoint.sh + - docker-entrypoint.sh container_name: edgex-security-spire-agent depends_on: security-spire-server: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" PROXY_SETUP_HOST: edgex-security-proxy-setup @@ -1288,49 +1348,50 @@ services: read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true tmpfs: - - /run + - /run user: root:root volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: volume - source: edgex-init - target: /edgex-init - volume: {} - - type: volume - source: spire-ca - target: /srv/spiffe/ca - volume: {} - - type: volume - source: spire-agent - target: /srv/spiffe/agent - volume: {} - - type: bind - source: /tmp/edgex/secrets/spiffe - target: /tmp/edgex/secrets/spiffe - bind: - selinux: z - create_host_path: true - - type: bind - source: /var/run/docker.sock - target: /var/run/docker.sock - bind: - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + volume: {} + - type: volume + source: spire-ca + target: /srv/spiffe/ca + volume: {} + - type: volume + source: spire-agent + target: /srv/spiffe/agent + volume: {} + - type: bind + source: /tmp/edgex/secrets/spiffe + target: /tmp/edgex/secrets/spiffe + bind: + selinux: z + create_host_path: true + - type: bind + source: /var/run/docker.sock + target: /var/run/docker.sock + bind: + create_host_path: true security-spire-config: command: - - docker-entrypoint.sh + - docker-entrypoint.sh container_name: edgex-security-spire-config depends_on: security-spire-agent: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" PROXY_SETUP_HOST: edgex-security-proxy-setup @@ -1355,36 +1416,37 @@ services: read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true tmpfs: - - /run + - /run user: root:root volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: volume - source: edgex-init - target: /edgex-init - volume: {} - - type: bind - source: /tmp/edgex/secrets/spiffe - target: /tmp/edgex/secrets/spiffe - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + volume: {} + - type: bind + source: /tmp/edgex/secrets/spiffe + target: /tmp/edgex/secrets/spiffe + bind: + selinux: z + create_host_path: true security-spire-server: command: - - docker-entrypoint.sh + - docker-entrypoint.sh container_name: edgex-security-spire-server depends_on: security-bootstrapper: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" PROXY_SETUP_HOST: edgex-security-proxy-setup @@ -1408,62 +1470,67 @@ services: edgex-network: null pid: host ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59840 - published: "59840" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59840 + published: "59840" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true tmpfs: - - /run + - /run user: root:root volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: volume - source: edgex-init - target: /edgex-init - volume: {} - - type: volume - source: spire-ca - target: /srv/spiffe/ca - volume: {} - - type: volume - source: spire-server - target: /srv/spiffe/server - volume: {} - - type: bind - source: /tmp/edgex/secrets/spiffe - target: /tmp/edgex/secrets/spiffe - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + volume: {} + - type: volume + source: spire-ca + target: /srv/spiffe/ca + volume: {} + - type: volume + source: spire-server + target: /srv/spiffe/server + volume: {} + - type: bind + source: /tmp/edgex/secrets/spiffe + target: /tmp/edgex/secrets/spiffe + bind: + selinux: z + create_host_path: true support-notifications: command: - - /support-notifications - - -cp=consul.http://edgex-core-consul:8500 - - --registry + - /support-notifications + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-support-notifications depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true database: condition: service_started + required: true security-bootstrapper: condition: service_started + required: true security-secretstore-setup: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" PROXY_SETUP_HOST: edgex-security-proxy-setup @@ -1487,54 +1554,59 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59860 - published: "59860" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59860 + published: "59860" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /tmp/edgex/secrets/support-notifications - target: /tmp/edgex/secrets/support-notifications - read_only: true - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/support-notifications + target: /tmp/edgex/secrets/support-notifications + read_only: true + bind: + selinux: z + create_host_path: true support-scheduler: command: - - /support-scheduler - - -cp=consul.http://edgex-core-consul:8500 - - --registry + - /support-scheduler + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-support-scheduler depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true database: condition: service_started + required: true security-bootstrapper: condition: service_started + required: true security-secretstore-setup: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" INTERVALACTIONS_SCRUBAGED_HOST: edgex-core-data @@ -1560,35 +1632,35 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59861 - published: "59861" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59861 + published: "59861" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /tmp/edgex/secrets/support-scheduler - target: /tmp/edgex/secrets/support-scheduler - read_only: true - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/support-scheduler + target: /tmp/edgex/secrets/support-scheduler + read_only: true + bind: + selinux: z + create_host_path: true ui: container_name: edgex-ui-go environment: @@ -1599,33 +1671,34 @@ services: networks: edgex-network: null ports: - - mode: ingress - target: 4000 - published: "4000" - protocol: tcp + - mode: ingress + target: 4000 + published: "4000" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true vault: cap_add: - - IPC_LOCK + - IPC_LOCK command: - - server + - server container_name: edgex-vault depends_on: security-bootstrapper: condition: service_started + required: true entrypoint: - - /edgex-init/vault_wait_install.sh + - /edgex-init/vault_wait_install.sh environment: PROXY_SETUP_HOST: edgex-security-proxy-setup STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper @@ -1649,29 +1722,29 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 8200 - published: "8200" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 8200 + published: "8200" + protocol: tcp restart: always tmpfs: - - /vault/config + - /vault/config user: root:root volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: volume - source: vault-file - target: /vault/file - volume: {} - - type: volume - source: vault-logs - target: /vault/logs - volume: {} + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: volume + source: vault-file + target: /vault/file + volume: {} + - type: volume + source: vault-logs + target: /vault/logs + volume: {} networks: edgex-network: name: edgex_edgex-network diff --git a/taf/docker-compose-taf.yml b/taf/docker-compose-taf.yml index e2849978..cef60644 100644 --- a/taf/docker-compose-taf.yml +++ b/taf/docker-compose-taf.yml @@ -24,27 +24,33 @@ # # From the compose-builder folder use `make build` to regenerate all standard compose files variations # +# Generated with: Docker Compose version v2.25.0 name: edgex services: app-external-mqtt-trigger: command: - - /app-service-configurable - - -cp=consul.http://edgex-core-consul:8500 - - --registry + - /app-service-configurable + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-app-external-mqtt-trigger depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-data: condition: service_started + required: true core-metadata: condition: service_started + required: true security-bootstrapper: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_PROFILE: external-mqtt-trigger EDGEX_SECURITY_SECRET_STORE: "true" @@ -73,52 +79,56 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59706 - published: "59706" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59706 + published: "59706" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /tmp/edgex/secrets/app-external-mqtt-trigger - target: /tmp/edgex/secrets/app-external-mqtt-trigger - read_only: true - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/app-external-mqtt-trigger + target: /tmp/edgex/secrets/app-external-mqtt-trigger + read_only: true + bind: + selinux: z + create_host_path: true app-functional-tests: command: - - /app-service-configurable - - -cp=consul.http://edgex-core-consul:8500 - - --registry + - /app-service-configurable + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-app-functional-tests depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-metadata: condition: service_started + required: true security-bootstrapper: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_PROFILE: functional-tests EDGEX_SECURITY_SECRET_STORE: "true" @@ -143,52 +153,57 @@ services: networks: edgex-network: null ports: - - mode: ingress - target: 59705 - published: "59705" - protocol: tcp + - mode: ingress + target: 59705 + published: "59705" + protocol: tcp read_only: true security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /tmp/edgex/secrets/app-functional-tests - target: /tmp/edgex/secrets/app-functional-tests - read_only: true - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/app-functional-tests + target: /tmp/edgex/secrets/app-functional-tests + read_only: true + bind: + selinux: z + create_host_path: true app-http-export: command: - - /app-service-configurable - - -cp=consul.http://edgex-core-consul:8500 - - --registry + - /app-service-configurable + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-app-http-export depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-data: condition: service_started + required: true core-metadata: condition: service_started + required: true security-bootstrapper: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_PROFILE: http-export EDGEX_SECURITY_SECRET_STORE: "true" @@ -215,52 +230,56 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59704 - published: "59704" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59704 + published: "59704" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /tmp/edgex/secrets/app-http-export - target: /tmp/edgex/secrets/app-http-export - read_only: true - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/app-http-export + target: /tmp/edgex/secrets/app-http-export + read_only: true + bind: + selinux: z + create_host_path: true app-mqtt-export: command: - - /app-service-configurable - - -cp=consul.http://edgex-core-consul:8500 - - --registry + - /app-service-configurable + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-app-mqtt-export depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-metadata: condition: service_started + required: true security-bootstrapper: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_PROFILE: mqtt-export EDGEX_SECURITY_SECRET_STORE: "true" @@ -288,52 +307,56 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59703 - published: "59703" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59703 + published: "59703" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /tmp/edgex/secrets/app-mqtt-export - target: /tmp/edgex/secrets/app-mqtt-export - read_only: true - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/app-mqtt-export + target: /tmp/edgex/secrets/app-mqtt-export + read_only: true + bind: + selinux: z + create_host_path: true app-rules-engine: command: - - /app-service-configurable - - -cp=consul.http://edgex-core-consul:8500 - - --registry + - /app-service-configurable + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-app-rules-engine depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-metadata: condition: service_started + required: true security-bootstrapper: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_PROFILE: rules-engine EDGEX_SECURITY_SECRET_STORE: "true" @@ -358,52 +381,56 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59701 - published: "59701" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59701 + published: "59701" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /tmp/edgex/secrets/app-rules-engine - target: /tmp/edgex/secrets/app-rules-engine - read_only: true - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/app-rules-engine + target: /tmp/edgex/secrets/app-rules-engine + read_only: true + bind: + selinux: z + create_host_path: true app-sample: command: - - /app-service-configurable - - -cp=consul.http://edgex-core-consul:8500 - - --registry + - /app-service-configurable + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-app-sample depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-metadata: condition: service_started + required: true security-bootstrapper: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: CLIENTS_CORE_COMMAND_HOST: edgex-core-command CLIENTS_CORE_DATA_HOST: edgex-core-data @@ -431,52 +458,56 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59700 - published: "59700" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59700 + published: "59700" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /tmp/edgex/secrets/app-sample - target: /tmp/edgex/secrets/app-sample - read_only: true - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/app-sample + target: /tmp/edgex/secrets/app-sample + read_only: true + bind: + selinux: z + create_host_path: true app-scalability-test-mqtt-export: command: - - /app-service-configurable - - -cp=consul.http://edgex-core-consul:8500 - - --registry + - /app-service-configurable + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-app-scalability-test-mqtt-export depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-metadata: condition: service_started + required: true security-bootstrapper: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_PROFILE: mqtt-export EDGEX_SECURITY_SECRET_STORE: "true" @@ -507,49 +538,51 @@ services: networks: edgex-network: null ports: - - mode: ingress - target: 59703 - published: "59710" - protocol: tcp + - mode: ingress + target: 59703 + published: "59710" + protocol: tcp read_only: true security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /tmp/edgex/secrets/app-scalability-test-mqtt-export - target: /tmp/edgex/secrets/app-scalability-test-mqtt-export - read_only: true - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/app-scalability-test-mqtt-export + target: /tmp/edgex/secrets/app-scalability-test-mqtt-export + read_only: true + bind: + selinux: z + create_host_path: true consul: command: - - agent - - -ui - - -bootstrap - - -server - - -client - - 0.0.0.0 + - agent + - -ui + - -bootstrap + - -server + - -client + - 0.0.0.0 container_name: edgex-core-consul depends_on: security-bootstrapper: condition: service_started + required: true vault: condition: service_started + required: true entrypoint: - - /edgex-init/consul_wait_install.sh + - /edgex-init/consul_wait_install.sh environment: EDGEX_ADD_REGISTRY_ACL_ROLES: app-http-export,app-mqtt-export,app-functional-tests,app-scalability-test-mqtt-export,app-sample,device-modbus,app-external-mqtt-trigger,device-onvif-camera EDGEX_GROUP: "2001" @@ -578,62 +611,68 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 8500 - published: "8500" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 8500 + published: "8500" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: root:root volumes: - - type: volume - source: consul-config - target: /consul/config - volume: {} - - type: volume - source: consul-data - target: /consul/data - volume: {} - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: volume - source: consul-acl-token - target: /tmp/edgex/secrets/consul-acl-token - volume: {} - - type: bind - source: /tmp/edgex/secrets/edgex-consul - target: /tmp/edgex/secrets/edgex-consul - read_only: true - bind: - selinux: z - create_host_path: true + - type: volume + source: consul-config + target: /consul/config + volume: {} + - type: volume + source: consul-data + target: /consul/data + volume: {} + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/edgex-consul + target: /tmp/edgex/secrets/edgex-consul + read_only: true + bind: + selinux: z + create_host_path: true + - type: volume + source: consul-acl-token + target: /tmp/edgex/secrets/consul-acl-token + volume: {} core-command: command: - - /core-command - - -cp=consul.http://edgex-core-consul:8500 - - --registry + - /core-command + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-core-command depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-metadata: condition: service_started + required: true database: condition: service_started + required: true security-bootstrapper: condition: service_started + required: true security-secretstore-setup: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" EXTERNALMQTT_URL: tcp://edgex-mqtt-broker:1883 @@ -658,54 +697,60 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59882 - published: "59882" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59882 + published: "59882" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /tmp/edgex/secrets/core-command - target: /tmp/edgex/secrets/core-command - read_only: true - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/core-command + target: /tmp/edgex/secrets/core-command + read_only: true + bind: + selinux: z + create_host_path: true core-common-config-bootstrapper: command: - - /entrypoint.sh - - /core-common-config-bootstrapper - - -cp=consul.http://edgex-core-consul:8500 + - /entrypoint.sh + - /core-common-config-bootstrapper + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-core-common-config-bootstrapper depends_on: consul: condition: service_started + required: true security-bootstrapper: condition: service_started + required: true security-secretstore-setup: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: ALL_SERVICES_DATABASE_HOST: edgex-redis ALL_SERVICES_MESSAGEBUS_HOST: edgex-redis ALL_SERVICES_REGISTRY_HOST: edgex-core-consul + ALL_SERVICES_REGISTRY_PORT: "8500" + ALL_SERVICES_REGISTRY_TYPE: consul APP_SERVICES_CLIENTS_CORE_METADATA_HOST: edgex-core-metadata DEVICE_SERVICES_CLIENTS_CORE_METADATA_HOST: edgex-core-metadata EDGEX_SECURITY_SECRET_STORE: "true" @@ -730,46 +775,51 @@ services: edgex-network: null read_only: true security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /tmp/edgex/secrets/core-common-config-bootstrapper - target: /tmp/edgex/secrets/core-common-config-bootstrapper - read_only: true - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/core-common-config-bootstrapper + target: /tmp/edgex/secrets/core-common-config-bootstrapper + read_only: true + bind: + selinux: z + create_host_path: true core-data: command: - - /core-data - - -cp=consul.http://edgex-core-consul:8500 - - --registry + - /core-data + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-core-data depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true database: condition: service_started + required: true security-bootstrapper: condition: service_started + required: true security-secretstore-setup: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" PROXY_SETUP_HOST: edgex-security-proxy-setup @@ -793,52 +843,56 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59880 - published: "59880" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59880 + published: "59880" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /tmp/edgex/secrets/core-data - target: /tmp/edgex/secrets/core-data - read_only: true - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/core-data + target: /tmp/edgex/secrets/core-data + read_only: true + bind: + selinux: z + create_host_path: true core-metadata: command: - - /core-metadata - - -cp=consul.http://edgex-core-consul:8500 - - --registry + - /core-metadata + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-core-metadata depends_on: consul: condition: service_started + required: true database: condition: service_started + required: true security-bootstrapper: condition: service_started + required: true security-secretstore-setup: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" PROXY_SETUP_HOST: edgex-security-proxy-setup @@ -862,44 +916,46 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59881 - published: "59881" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59881 + published: "59881" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /tmp/edgex/secrets/core-metadata - target: /tmp/edgex/secrets/core-metadata - read_only: true - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/core-metadata + target: /tmp/edgex/secrets/core-metadata + read_only: true + bind: + selinux: z + create_host_path: true database: container_name: edgex-redis depends_on: security-bootstrapper: condition: service_started + required: true security-secretstore-setup: condition: service_started + required: true entrypoint: - - /edgex-init/redis_wait_install.sh + - /edgex-init/redis_wait_install.sh environment: DATABASECONFIG_NAME: redis.conf DATABASECONFIG_PATH: /run/redis/conf @@ -924,61 +980,67 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 6379 - published: "6379" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 6379 + published: "6379" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true tmpfs: - - /run + - /run user: root:root volumes: - - type: volume - source: db-data - target: /data - volume: {} - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: volume - source: redis-config - target: /run/redis/conf - volume: {} - - type: bind - source: /tmp/edgex/secrets/security-bootstrapper-redis - target: /tmp/edgex/secrets/security-bootstrapper-redis - read_only: true - bind: - selinux: z - create_host_path: true + - type: volume + source: db-data + target: /data + volume: {} + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: volume + source: redis-config + target: /run/redis/conf + volume: {} + - type: bind + source: /tmp/edgex/secrets/security-bootstrapper-redis + target: /tmp/edgex/secrets/security-bootstrapper-redis + read_only: true + bind: + selinux: z + create_host_path: true device-modbus: command: - - /device-modbus - - -cp=consul.http://edgex-core-consul:8500 - - --registry - - --configDir=CONFIG_DIR_PLACE_HOLDER + - /device-modbus + - --registry + - -cp=consul.http://edgex-core-consul:8500 + - --configDir=CONFIG_DIR_PLACE_HOLDER container_name: edgex-device-modbus depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-data: condition: service_started + required: true core-metadata: condition: service_started + required: true modbus-simulator: condition: service_started + required: true security-bootstrapper: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" PROXY_SETUP_HOST: edgex-security-proxy-setup @@ -1002,60 +1064,65 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59901 - published: "59901" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59901 + published: "59901" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /tmp/edgex/secrets/device-modbus - target: /tmp/edgex/secrets/device-modbus - read_only: true - bind: - selinux: z - create_host_path: true - - type: bind - source: /PROFILE_VOLUME_PLACE_HOLDER - target: CONFIG_DIR_PLACE_HOLDER - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: bind + source: /PROFILE_VOLUME_PLACE_HOLDER + target: CONFIG_DIR_PLACE_HOLDER + bind: + selinux: z + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/device-modbus + target: /tmp/edgex/secrets/device-modbus + read_only: true + bind: + selinux: z + create_host_path: true device-onvif-camera: command: - - /device-onvif-camera - - -cp=consul.http://edgex-core-consul:8500 - - --registry + - /device-onvif-camera + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-device-onvif-camera depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-data: condition: service_started + required: true core-metadata: condition: service_started + required: true security-bootstrapper: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" PROXY_SETUP_HOST: edgex-security-proxy-setup @@ -1079,54 +1146,59 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59984 - published: "59984" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59984 + published: "59984" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /tmp/edgex/secrets/device-onvif-camera - target: /tmp/edgex/secrets/device-onvif-camera - read_only: true - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/device-onvif-camera + target: /tmp/edgex/secrets/device-onvif-camera + read_only: true + bind: + selinux: z + create_host_path: true device-rest: command: - - /device-rest - - -cp=consul.http://edgex-core-consul:8500 - - --registry + - /device-rest + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-device-rest depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-data: condition: service_started + required: true core-metadata: condition: service_started + required: true security-bootstrapper: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" PROXY_SETUP_HOST: edgex-security-proxy-setup @@ -1150,55 +1222,60 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59986 - published: "59986" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59986 + published: "59986" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /tmp/edgex/secrets/device-rest - target: /tmp/edgex/secrets/device-rest - read_only: true - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/device-rest + target: /tmp/edgex/secrets/device-rest + read_only: true + bind: + selinux: z + create_host_path: true device-virtual: command: - - /device-virtual - - -cp=consul.http://edgex-core-consul:8500 - - --registry - - --configDir=CONFIG_DIR_PLACE_HOLDER + - /device-virtual + - --registry + - -cp=consul.http://edgex-core-consul:8500 + - --configDir=CONFIG_DIR_PLACE_HOLDER container_name: edgex-device-virtual depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true core-data: condition: service_started + required: true core-metadata: condition: service_started + required: true security-bootstrapper: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" PROXY_SETUP_HOST: edgex-security-proxy-setup @@ -1222,41 +1299,41 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59900 - published: "59900" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59900 + published: "59900" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /tmp/edgex/secrets/device-virtual - target: /tmp/edgex/secrets/device-virtual - read_only: true - bind: - selinux: z - create_host_path: true - - type: bind - source: /PROFILE_VOLUME_PLACE_HOLDER - target: CONFIG_DIR_PLACE_HOLDER - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: bind + source: /PROFILE_VOLUME_PLACE_HOLDER + target: CONFIG_DIR_PLACE_HOLDER + bind: + selinux: z + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/device-virtual + target: /tmp/edgex/secrets/device-virtual + read_only: true + bind: + selinux: z + create_host_path: true modbus-simulator: container_name: edgex-modbus-simulator hostname: edgex-modbus-simulator @@ -1264,78 +1341,79 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 1502 - published: "1502" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 1502 + published: "1502" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true mqtt-broker: command: - - /usr/sbin/mosquitto - - -c - - /mosquitto-no-auth.conf + - /usr/sbin/mosquitto + - -c + - /mosquitto-no-auth.conf container_name: edgex-mqtt-broker hostname: edgex-mqtt-broker image: eclipse-mosquitto:2.0 networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 1883 - published: "1883" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 1883 + published: "1883" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 mqtt-taf-broker: command: - - /usr/sbin/mosquitto - - -c - - /mosquitto-no-auth.conf + - /usr/sbin/mosquitto + - -c + - /mosquitto-no-auth.conf container_name: edgex-taf-mqtt-broker hostname: edgex-taf-mqtt-broker image: eclipse-mosquitto:2.0 networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 1883 - published: "1884" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 1883 + published: "1884" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 nginx: command: - - /docker-entrypoint.sh - - nginx - - -g - - daemon off; + - /docker-entrypoint.sh + - nginx + - -g + - daemon off; container_name: edgex-nginx depends_on: security-secretstore-setup: condition: service_started + required: true entrypoint: - - /bin/sh - - /edgex-init/nginx_wait_install.sh + - /bin/sh + - /edgex-init/nginx_wait_install.sh environment: PROXY_SETUP_HOST: edgex-security-proxy-setup STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper @@ -1356,44 +1434,47 @@ services: networks: edgex-network: null ports: - - mode: ingress - target: 8443 - published: "8443" - protocol: tcp + - mode: ingress + target: 8443 + published: "8443" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true tmpfs: - - /etc/nginx/conf.d - - /var/cache/nginx - - /var/log/nginx - - /var/run + - /etc/nginx/conf.d + - /var/cache/nginx + - /var/log/nginx + - /var/run volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: volume - source: nginx-templates - target: /etc/nginx/templates - volume: {} - - type: volume - source: nginx-tls - target: /etc/ssl/nginx - volume: {} + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: volume + source: nginx-templates + target: /etc/nginx/templates + volume: {} + - type: volume + source: nginx-tls + target: /etc/ssl/nginx + volume: {} rules-engine: container_name: edgex-kuiper depends_on: database: condition: service_started + required: true security-bootstrapper: condition: service_started + required: true security-secretstore-setup: condition: service_started + required: true entrypoint: - - /edgex-init/kuiper_wait_install.sh + - /edgex-init/kuiper_wait_install.sh environment: CONNECTION__EDGEX__REDISMSGBUS__PORT: "6379" CONNECTION__EDGEX__REDISMSGBUS__PROTOCOL: redis @@ -1405,6 +1486,7 @@ services: EDGEX__DEFAULT__TOPIC: edgex/rules-events EDGEX__DEFAULT__TYPE: redis KUIPER__BASIC__CONSOLELOG: "true" + KUIPER__BASIC__ENABLEOPENZITI: "false" KUIPER__BASIC__RESTPORT: "59720" PROXY_SETUP_HOST: edgex-security-proxy-setup STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper @@ -1421,56 +1503,56 @@ services: STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" STAGEGATE_WAITFOR_TIMEOUT: 60s hostname: edgex-kuiper - image: lfedge/ekuiper:1.12-alpine + image: lfedge/ekuiper:v1.14.0-alpha.2 networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59720 - published: "59720" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59720 + published: "59720" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: kuiper:kuiper volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: volume - source: kuiper-data - target: /kuiper/data - volume: {} - - type: volume - source: kuiper-etc - target: /kuiper/etc - volume: {} - - type: volume - source: kuiper-connections - target: /kuiper/etc/connections - volume: {} - - type: volume - source: kuiper-sources - target: /kuiper/etc/sources - volume: {} - - type: volume - source: kuiper-log - target: /kuiper/log - volume: {} - - type: volume - source: kuiper-plugins - target: /kuiper/plugins - volume: {} + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: kuiper-data + target: /kuiper/data + volume: {} + - type: volume + source: kuiper-etc + target: /kuiper/etc + volume: {} + - type: volume + source: kuiper-log + target: /kuiper/log + volume: {} + - type: volume + source: kuiper-plugins + target: /kuiper/plugins + volume: {} + - type: volume + source: kuiper-sources + target: /kuiper/etc/sources + volume: {} + - type: volume + source: kuiper-connections + target: /kuiper/etc/connections + volume: {} + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} security-bootstrapper: container_name: edgex-security-bootstrapper environment: @@ -1497,34 +1579,36 @@ services: read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: root:root volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: volume - source: edgex-init - target: /edgex-init - volume: {} + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + volume: {} security-proxy-auth: command: - - entrypoint.sh - - /security-proxy-auth - - -cp=consul.http://edgex-core-consul:8500 - - --registry + - entrypoint.sh + - /security-proxy-auth + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-proxy-auth depends_on: core-common-config-bootstrapper: condition: service_started + required: true security-secretstore-setup: condition: service_started + required: true entrypoint: - - /bin/sh - - /edgex-init/ready_to_run_wait_install.sh + - /bin/sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" PROXY_SETUP_HOST: edgex-security-proxy-setup @@ -1548,43 +1632,45 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59842 - published: "59842" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59842 + published: "59842" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /tmp/edgex/secrets/security-proxy-auth - target: /tmp/edgex/secrets/security-proxy-auth - read_only: true - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/security-proxy-auth + target: /tmp/edgex/secrets/security-proxy-auth + read_only: true + bind: + selinux: z + create_host_path: true security-proxy-setup: container_name: edgex-security-proxy-setup depends_on: security-bootstrapper: condition: service_started + required: true security-secretstore-setup: condition: service_started + required: true entrypoint: - - /edgex-init/proxy_setup_wait_install.sh + - /edgex-init/proxy_setup_wait_install.sh environment: EDGEX_ADD_PROXY_ROUTE: device-modbus.http://edgex-device-modbus:59901 EDGEX_SECURITY_SECRET_STORE: "true" @@ -1619,51 +1705,53 @@ services: read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: root:root volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: volume - source: nginx-templates - target: /etc/nginx/templates - volume: {} - - type: volume - source: nginx-tls - target: /etc/ssl/nginx - volume: {} - - type: volume - source: consul-acl-token - target: /tmp/edgex/secrets/consul-acl-token - read_only: true - volume: {} - - type: bind - source: /tmp/edgex/secrets/security-proxy-setup - target: /tmp/edgex/secrets/security-proxy-setup - read_only: true - bind: - selinux: z - create_host_path: true - - type: volume - source: vault-config - target: /vault/config - volume: {} + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: volume + source: vault-config + target: /vault/config + volume: {} + - type: volume + source: nginx-templates + target: /etc/nginx/templates + volume: {} + - type: volume + source: nginx-tls + target: /etc/ssl/nginx + volume: {} + - type: bind + source: /tmp/edgex/secrets/security-proxy-setup + target: /tmp/edgex/secrets/security-proxy-setup + read_only: true + bind: + selinux: z + create_host_path: true + - type: volume + source: consul-acl-token + target: /tmp/edgex/secrets/consul-acl-token + read_only: true + volume: {} security-secretstore-setup: container_name: edgex-security-secretstore-setup depends_on: security-bootstrapper: condition: service_started + required: true vault: condition: service_started + required: true environment: EDGEX_ADD_KNOWN_SECRETS: redisdb[app-rules-engine],redisdb[app-http-export],redisdb[app-mqtt-export],redisdb[app-scalability-test-mqtt-export],redisdb[app-sample],redisdb[device-modbus],redisdb[device-rest],redisdb[device-virtual],redisdb[device-onvif-camera],message-bus[app-rules-engine],message-bus[app-http-export],message-bus[app-mqtt-export],message-bus[app-external-mqtt-trigger],message-bus[app-scalability-test-mqtt-export],message-bus[app-sample],message-bus[device-modbus],message-bus[device-rest],message-bus[device-virtual],message-bus[device-onvif-camera] EDGEX_ADD_SECRETSTORE_TOKENS: app-http-export,app-mqtt-export,app-functional-tests,app-scalability-test-mqtt-export,app-sample,device-modbus,app-external-mqtt-trigger,device-onvif-camera @@ -1693,55 +1781,59 @@ services: read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true tmpfs: - - /run - - /vault + - /run + - /vault user: root:root volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /tmp/edgex/secrets - target: /tmp/edgex/secrets - bind: - selinux: z - create_host_path: true - - type: volume - source: kuiper-sources - target: /tmp/kuiper - volume: {} - - type: volume - source: kuiper-connections - target: /tmp/kuiper-connections - volume: {} - - type: volume - source: vault-config - target: /vault/config - volume: {} + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: volume + source: vault-config + target: /vault/config + volume: {} + - type: bind + source: /tmp/edgex/secrets + target: /tmp/edgex/secrets + bind: + selinux: z + create_host_path: true + - type: volume + source: kuiper-sources + target: /tmp/kuiper + volume: {} + - type: volume + source: kuiper-connections + target: /tmp/kuiper-connections + volume: {} security-spiffe-token-provider: command: - - /security-spiffe-token-provider - - -cp=consul.http://edgex-core-consul:8500 + - /security-spiffe-token-provider + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-security-spiffe-token-provider depends_on: consul: condition: service_started + required: true security-bootstrapper: condition: service_started + required: true security-spire-agent: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" PROXY_SETUP_HOST: edgex-security-proxy-setup @@ -1765,50 +1857,51 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59841 - published: "59841" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59841 + published: "59841" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true tmpfs: - - /run + - /run user: root:root volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: volume - source: edgex-init - target: /edgex-init - volume: {} - - type: bind - source: /tmp/edgex/secrets/spiffe - target: /tmp/edgex/secrets/spiffe - bind: - selinux: z - create_host_path: true - - type: bind - source: /tmp/edgex/secrets/security-spiffe-token-provider - target: /tmp/edgex/secrets/security-spiffe-token-provider - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + volume: {} + - type: bind + source: /tmp/edgex/secrets/spiffe + target: /tmp/edgex/secrets/spiffe + bind: + selinux: z + create_host_path: true + - type: bind + source: /tmp/edgex/secrets/security-spiffe-token-provider + target: /tmp/edgex/secrets/security-spiffe-token-provider + bind: + selinux: z + create_host_path: true security-spire-agent: command: - - docker-entrypoint.sh + - docker-entrypoint.sh container_name: edgex-security-spire-agent depends_on: security-spire-server: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" PROXY_SETUP_HOST: edgex-security-proxy-setup @@ -1835,49 +1928,50 @@ services: read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true tmpfs: - - /run + - /run user: root:root volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: volume - source: edgex-init - target: /edgex-init - volume: {} - - type: volume - source: spire-ca - target: /srv/spiffe/ca - volume: {} - - type: volume - source: spire-agent - target: /srv/spiffe/agent - volume: {} - - type: bind - source: /tmp/edgex/secrets/spiffe - target: /tmp/edgex/secrets/spiffe - bind: - selinux: z - create_host_path: true - - type: bind - source: /var/run/docker.sock - target: /var/run/docker.sock - bind: - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + volume: {} + - type: volume + source: spire-ca + target: /srv/spiffe/ca + volume: {} + - type: volume + source: spire-agent + target: /srv/spiffe/agent + volume: {} + - type: bind + source: /tmp/edgex/secrets/spiffe + target: /tmp/edgex/secrets/spiffe + bind: + selinux: z + create_host_path: true + - type: bind + source: /var/run/docker.sock + target: /var/run/docker.sock + bind: + create_host_path: true security-spire-config: command: - - docker-entrypoint.sh + - docker-entrypoint.sh container_name: edgex-security-spire-config depends_on: security-spire-agent: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" PROXY_SETUP_HOST: edgex-security-proxy-setup @@ -1902,36 +1996,37 @@ services: read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true tmpfs: - - /run + - /run user: root:root volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: volume - source: edgex-init - target: /edgex-init - volume: {} - - type: bind - source: /tmp/edgex/secrets/spiffe - target: /tmp/edgex/secrets/spiffe - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + volume: {} + - type: bind + source: /tmp/edgex/secrets/spiffe + target: /tmp/edgex/secrets/spiffe + bind: + selinux: z + create_host_path: true security-spire-server: command: - - docker-entrypoint.sh + - docker-entrypoint.sh container_name: edgex-security-spire-server depends_on: security-bootstrapper: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" PROXY_SETUP_HOST: edgex-security-proxy-setup @@ -1955,62 +2050,67 @@ services: edgex-network: null pid: host ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59840 - published: "59840" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59840 + published: "59840" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true tmpfs: - - /run + - /run user: root:root volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: volume - source: edgex-init - target: /edgex-init - volume: {} - - type: volume - source: spire-ca - target: /srv/spiffe/ca - volume: {} - - type: volume - source: spire-server - target: /srv/spiffe/server - volume: {} - - type: bind - source: /tmp/edgex/secrets/spiffe - target: /tmp/edgex/secrets/spiffe - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + volume: {} + - type: volume + source: spire-ca + target: /srv/spiffe/ca + volume: {} + - type: volume + source: spire-server + target: /srv/spiffe/server + volume: {} + - type: bind + source: /tmp/edgex/secrets/spiffe + target: /tmp/edgex/secrets/spiffe + bind: + selinux: z + create_host_path: true support-notifications: command: - - /support-notifications - - -cp=consul.http://edgex-core-consul:8500 - - --registry + - /support-notifications + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-support-notifications depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true database: condition: service_started + required: true security-bootstrapper: condition: service_started + required: true security-secretstore-setup: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" PROXY_SETUP_HOST: edgex-security-proxy-setup @@ -2034,54 +2134,59 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59860 - published: "59860" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59860 + published: "59860" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /tmp/edgex/secrets/support-notifications - target: /tmp/edgex/secrets/support-notifications - read_only: true - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/support-notifications + target: /tmp/edgex/secrets/support-notifications + read_only: true + bind: + selinux: z + create_host_path: true support-scheduler: command: - - /support-scheduler - - -cp=consul.http://edgex-core-consul:8500 - - --registry + - /support-scheduler + - --registry + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-support-scheduler depends_on: consul: condition: service_started + required: true core-common-config-bootstrapper: condition: service_started + required: true database: condition: service_started + required: true security-bootstrapper: condition: service_started + required: true security-secretstore-setup: condition: service_started + required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" INTERVALACTIONS_SCRUBAGED_HOST: edgex-core-data @@ -2107,35 +2212,35 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 59861 - published: "59861" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 59861 + published: "59861" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /tmp/edgex/secrets/support-scheduler - target: /tmp/edgex/secrets/support-scheduler - read_only: true - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/support-scheduler + target: /tmp/edgex/secrets/support-scheduler + read_only: true + bind: + selinux: z + create_host_path: true ui: container_name: edgex-ui-go environment: @@ -2146,33 +2251,34 @@ services: networks: edgex-network: null ports: - - mode: ingress - target: 4000 - published: "4000" - protocol: tcp + - mode: ingress + target: 4000 + published: "4000" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true vault: cap_add: - - IPC_LOCK + - IPC_LOCK command: - - server + - server container_name: edgex-vault depends_on: security-bootstrapper: condition: service_started + required: true entrypoint: - - /edgex-init/vault_wait_install.sh + - /edgex-init/vault_wait_install.sh environment: PROXY_SETUP_HOST: edgex-security-proxy-setup STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper @@ -2196,29 +2302,29 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 8200 - published: "8200" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 8200 + published: "8200" + protocol: tcp restart: always tmpfs: - - /vault/config + - /vault/config user: root:root volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: volume - source: vault-file - target: /vault/file - volume: {} - - type: volume - source: vault-logs - target: /vault/logs - volume: {} + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: volume + source: vault-file + target: /vault/file + volume: {} + - type: volume + source: vault-logs + target: /vault/logs + volume: {} networks: edgex-network: name: edgex_edgex-network