diff --git a/security/remote_devices/spiffe_and_ssh/README.md b/security/remote_devices/spiffe_and_ssh/README.md index f500645..f302b50 100644 --- a/security/remote_devices/spiffe_and_ssh/README.md +++ b/security/remote_devices/spiffe_and_ssh/README.md @@ -8,4 +8,4 @@ in order to make authenticated connections to Consul and the EdgeX secret store. ## Build and Run -Please see the detailed steps in "how-to guide" for remote device services in documentation repository here: . +Please see the detailed steps in "how-to guide" for remote device services documentation here: https://docs.edgexfoundry.org/latest/security/Ch-RemoteDeviceServices \ No newline at end of file diff --git a/security/remote_devices/spiffe_and_ssh/local/docker-compose.yml b/security/remote_devices/spiffe_and_ssh/local/docker-compose.yml index 1ce73ec..b0b8e27 100644 --- a/security/remote_devices/spiffe_and_ssh/local/docker-compose.yml +++ b/security/remote_devices/spiffe_and_ssh/local/docker-compose.yml @@ -47,7 +47,7 @@ services: STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" STAGEGATE_WAITFOR_TIMEOUT: 60s hostname: edgex-app-rules-engine - image: nexus3.edgexfoundry.org:10004/app-service-configurable:3.0.0 + image: edgexfoundry/app-service-configurable:3.1.0 networks: edgex-network: null ports: @@ -190,7 +190,7 @@ services: STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" STAGEGATE_WAITFOR_TIMEOUT: 60s hostname: edgex-core-command - image: nexus3.edgexfoundry.org:10004/core-command:3.0.0 + image: edgexfoundry/core-command:3.1.0 networks: edgex-network: null ports: @@ -254,7 +254,7 @@ services: STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" STAGEGATE_WAITFOR_TIMEOUT: 60s hostname: edgex-core-common-config-bootstrapper - image: nexus3.edgexfoundry.org:10004/core-common-config-bootstrapper:3.0.0 + image: edgexfoundry/core-common-config-bootstrapper:3.1.0 networks: edgex-network: null read_only: true @@ -311,7 +311,7 @@ services: STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" STAGEGATE_WAITFOR_TIMEOUT: 60s hostname: edgex-core-data - image: nexus3.edgexfoundry.org:10004/core-data:3.0.0 + image: edgexfoundry/core-data:3.1.0 networks: edgex-network: null ports: @@ -373,7 +373,7 @@ services: STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" STAGEGATE_WAITFOR_TIMEOUT: 60s hostname: edgex-core-metadata - image: nexus3.edgexfoundry.org:10004/core-metadata:3.0.0 + image: edgexfoundry/core-metadata:3.1.0 networks: edgex-network: null ports: @@ -507,7 +507,7 @@ services: # STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" # STAGEGATE_WAITFOR_TIMEOUT: 60s # hostname: edgex-device-virtual - # image: nexus3.edgexfoundry.org:10004/device-virtual:3.0.0 + # image: edgexfoundry/device-virtual:3.1.0 # networks: # edgex-network: null # ports: @@ -705,7 +705,7 @@ services: STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" STAGEGATE_WAITFOR_TIMEOUT: 60s hostname: edgex-security-bootstrapper - image: nexus3.edgexfoundry.org:10004/security-bootstrapper:3.0.0 + image: edgexfoundry/security-bootstrapper:3.1.0 networks: edgex-network: null read_only: true @@ -749,7 +749,7 @@ services: STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" STAGEGATE_WAITFOR_TIMEOUT: 60s hostname: edgex-proxy-auth - image: nexus3.edgexfoundry.org:10004/security-proxy-auth:3.0.0 + image: edgexfoundry/security-proxy-auth:3.1.0 networks: edgex-network: null ports: @@ -811,7 +811,7 @@ services: STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" STAGEGATE_WAITFOR_TIMEOUT: 60s hostname: edgex-security-proxy-setup - image: nexus3.edgexfoundry.org:10004/security-proxy-setup:3.0.0 + image: edgexfoundry/security-proxy-setup:3.1.0 networks: edgex-network: null read_only: true @@ -877,7 +877,7 @@ services: STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" STAGEGATE_WAITFOR_TIMEOUT: 60s hostname: edgex-security-secretstore-setup - image: nexus3.edgexfoundry.org:10004/security-secretstore-setup:3.0.0 + image: edgexfoundry/security-secretstore-setup:3.1.0 networks: edgex-network: null read_only: true @@ -944,7 +944,7 @@ services: STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" STAGEGATE_WAITFOR_TIMEOUT: 60s hostname: edgex-security-spiffe-token-provider - image: nexus3.edgexfoundry.org:10004/security-spiffe-token-provider:3.0.0 + image: edgexfoundry/security-spiffe-token-provider:3.1.0 networks: edgex-network: null ports: @@ -1003,7 +1003,7 @@ services: STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" STAGEGATE_WAITFOR_TIMEOUT: 60s hostname: edgex-security-spire-agent - image: nexus3.edgexfoundry.org:10004/security-spire-agent:3.0.0 + image: edgexfoundry/security-spire-agent:3.1.0 networks: edgex-network: null pid: host @@ -1065,7 +1065,7 @@ services: STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" STAGEGATE_WAITFOR_TIMEOUT: 60s hostname: edgex-security-spire-config - image: nexus3.edgexfoundry.org:10004/security-spire-config:3.0.0 + image: edgexfoundry/security-spire-config:3.1.0 networks: edgex-network: null read_only: true @@ -1112,7 +1112,7 @@ services: STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" STAGEGATE_WAITFOR_TIMEOUT: 60s hostname: edgex-security-spire-server - image: nexus3.edgexfoundry.org:10004/security-spire-server:3.0.0 + image: edgexfoundry/security-spire-server:3.1.0 networks: edgex-network: null pid: host @@ -1187,7 +1187,7 @@ services: STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" STAGEGATE_WAITFOR_TIMEOUT: 60s hostname: edgex-support-notifications - image: nexus3.edgexfoundry.org:10004/support-notifications:3.0.0 + image: edgexfoundry/support-notifications:3.1.0 networks: edgex-network: null ports: @@ -1262,7 +1262,7 @@ services: STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" STAGEGATE_WAITFOR_TIMEOUT: 60s hostname: edgex-support-scheduler - image: nexus3.edgexfoundry.org:10004/support-scheduler:3.0.0 + image: edgexfoundry/support-scheduler:3.1.0 networks: edgex-network: null ports: @@ -1302,7 +1302,7 @@ services: EDGEX_SECURITY_SECRET_STORE: "true" SERVICE_HOST: edgex-ui-go hostname: edgex-ui-go - image: nexus3.edgexfoundry.org:10004/edgex-ui:3.0.0 + image: edgexfoundry/edgex-ui:3.1.0 networks: edgex-network: null ports: diff --git a/security/remote_devices/spiffe_and_ssh/local/docker-compose.yml.2.x b/security/remote_devices/spiffe_and_ssh/local/docker-compose.yml.2.x deleted file mode 100644 index f689191..0000000 --- a/security/remote_devices/spiffe_and_ssh/local/docker-compose.yml.2.x +++ /dev/null @@ -1,1296 +0,0 @@ -networks: - edgex-network: - driver: bridge -services: - app-service-rules: - command: /app-service-configurable -cp=consul.http://edgex-core-consul:8500 --registry - --confdir=/res - container_name: edgex-app-rules-engine - depends_on: - - consul - - data - - security-bootstrapper - entrypoint: - - /edgex-init/ready_to_run_wait_install.sh - environment: - API_GATEWAY_HOST: edgex-kong - API_GATEWAY_STATUS_PORT: '8100' - CLIENTS_CORE_COMMAND_HOST: edgex-core-command - CLIENTS_CORE_DATA_HOST: edgex-core-data - CLIENTS_CORE_METADATA_HOST: edgex-core-metadata - CLIENTS_SUPPORT_NOTIFICATIONS_HOST: edgex-support-notifications - CLIENTS_SUPPORT_SCHEDULER_HOST: edgex-support-scheduler - DATABASES_PRIMARY_HOST: edgex-redis - EDGEX_PROFILE: rules-engine - EDGEX_SECURITY_SECRET_STORE: "true" - PROXY_SETUP_HOST: edgex-security-proxy-setup - REGISTRY_HOST: edgex-core-consul - SECRETSTORE_HOST: edgex-vault - SECRETSTORE_PORT: '8200' - SERVICE_HOST: edgex-app-rules-engine - SPIFFE_ENDPOINTSOCKET: /tmp/edgex/secrets/spiffe/public/api.sock - SPIFFE_TRUSTBUNDLE_PATH: /tmp/edgex/secrets/spiffe/trust/bundle - SPIFFE_TRUSTDOMAIN: edgexfoundry.org - STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper - STAGEGATE_BOOTSTRAPPER_STARTPORT: '54321' - STAGEGATE_DATABASE_HOST: edgex-redis - STAGEGATE_DATABASE_PORT: '6379' - STAGEGATE_DATABASE_READYPORT: '6379' - STAGEGATE_KONGDB_HOST: edgex-kong-db - STAGEGATE_KONGDB_PORT: '5432' - STAGEGATE_KONGDB_READYPORT: '54325' - STAGEGATE_READY_TORUNPORT: '54329' - STAGEGATE_REGISTRY_HOST: edgex-core-consul - STAGEGATE_REGISTRY_PORT: '8500' - STAGEGATE_REGISTRY_READYPORT: '54324' - STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup - STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: '54322' - STAGEGATE_WAITFOR_TIMEOUT: 60s - TRIGGER_EDGEXMESSAGEBUS_PUBLISHHOST_HOST: edgex-redis - TRIGGER_EDGEXMESSAGEBUS_SUBSCRIBEHOST_HOST: edgex-redis - hostname: edgex-app-rules-engine - image: nexus3.edgexfoundry.org:10004/app-service-configurable:latest - networks: - edgex-network: {} - ports: - - 127.0.0.1:59701:59701/tcp - read_only: true - restart: always - security_opt: - - no-new-privileges:true - user: 2002:2001 - volumes: - - edgex-init:/edgex-init:ro,z - - /tmp/edgex/secrets/app-rules-engine:/tmp/edgex/secrets/app-rules-engine:ro,z - command: - command: /core-command -cp=consul.http://edgex-core-consul:8500 --registry --confdir=/res - container_name: edgex-core-command - depends_on: - - consul - - database - - metadata - - secretstore-setup - - security-bootstrapper - entrypoint: - - /edgex-init/ready_to_run_wait_install.sh - environment: - API_GATEWAY_HOST: edgex-kong - API_GATEWAY_STATUS_PORT: '8100' - CLIENTS_CORE_COMMAND_HOST: edgex-core-command - CLIENTS_CORE_DATA_HOST: edgex-core-data - CLIENTS_CORE_METADATA_HOST: edgex-core-metadata - CLIENTS_SUPPORT_NOTIFICATIONS_HOST: edgex-support-notifications - CLIENTS_SUPPORT_SCHEDULER_HOST: edgex-support-scheduler - DATABASES_PRIMARY_HOST: edgex-redis - EDGEX_SECURITY_SECRET_STORE: "true" - PROXY_SETUP_HOST: edgex-security-proxy-setup - REGISTRY_HOST: edgex-core-consul - SECRETSTORE_HOST: edgex-vault - SECRETSTORE_PORT: '8200' - SERVICE_HOST: edgex-core-command - SPIFFE_ENDPOINTSOCKET: /tmp/edgex/secrets/spiffe/public/api.sock - SPIFFE_TRUSTBUNDLE_PATH: /tmp/edgex/secrets/spiffe/trust/bundle - SPIFFE_TRUSTDOMAIN: edgexfoundry.org - STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper - STAGEGATE_BOOTSTRAPPER_STARTPORT: '54321' - STAGEGATE_DATABASE_HOST: edgex-redis - STAGEGATE_DATABASE_PORT: '6379' - STAGEGATE_DATABASE_READYPORT: '6379' - STAGEGATE_KONGDB_HOST: edgex-kong-db - STAGEGATE_KONGDB_PORT: '5432' - STAGEGATE_KONGDB_READYPORT: '54325' - STAGEGATE_READY_TORUNPORT: '54329' - STAGEGATE_REGISTRY_HOST: edgex-core-consul - STAGEGATE_REGISTRY_PORT: '8500' - STAGEGATE_REGISTRY_READYPORT: '54324' - STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup - STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: '54322' - STAGEGATE_WAITFOR_TIMEOUT: 60s - hostname: edgex-core-command - image: nexus3.edgexfoundry.org:10004/core-command:latest - networks: - edgex-network: {} - ports: - - 127.0.0.1:59882:59882/tcp - read_only: true - restart: always - security_opt: - - no-new-privileges:true - user: 2002:2001 - volumes: - - edgex-init:/edgex-init:ro,z - - /tmp/edgex/secrets/core-command:/tmp/edgex/secrets/core-command:ro,z - consul: - command: agent -ui -bootstrap -server -client 0.0.0.0 - container_name: edgex-core-consul - depends_on: - - security-bootstrapper - - vault - entrypoint: - - /edgex-init/consul_wait_install.sh - environment: - ADD_REGISTRY_ACL_ROLES: '' - API_GATEWAY_HOST: edgex-kong - API_GATEWAY_STATUS_PORT: '8100' - EDGEX_GROUP: '2001' - EDGEX_SECURITY_SECRET_STORE: "true" - EDGEX_USER: '2002' - PROXY_SETUP_HOST: edgex-security-proxy-setup - SECRETSTORE_HOST: edgex-vault - SECRETSTORE_PORT: '8200' - SPIFFE_ENDPOINTSOCKET: /tmp/edgex/secrets/spiffe/public/api.sock - SPIFFE_TRUSTBUNDLE_PATH: /tmp/edgex/secrets/spiffe/trust/bundle - SPIFFE_TRUSTDOMAIN: edgexfoundry.org - STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper - STAGEGATE_BOOTSTRAPPER_STARTPORT: '54321' - STAGEGATE_DATABASE_HOST: edgex-redis - STAGEGATE_DATABASE_PORT: '6379' - STAGEGATE_DATABASE_READYPORT: '6379' - STAGEGATE_KONGDB_HOST: edgex-kong-db - STAGEGATE_KONGDB_PORT: '5432' - STAGEGATE_KONGDB_READYPORT: '54325' - STAGEGATE_READY_TORUNPORT: '54329' - STAGEGATE_REGISTRY_ACL_BOOTSTRAPTOKENPATH: /tmp/edgex/secrets/consul-acl-token/bootstrap_token.json - STAGEGATE_REGISTRY_ACL_SENTINELFILEPATH: /consul/config/consul_acl_done - STAGEGATE_REGISTRY_HOST: edgex-core-consul - STAGEGATE_REGISTRY_PORT: '8500' - STAGEGATE_REGISTRY_READYPORT: '54324' - STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup - STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: '54322' - STAGEGATE_WAITFOR_TIMEOUT: 60s - hostname: edgex-core-consul - image: consul:1.10.10 - networks: - edgex-network: {} - ports: - - 127.0.0.1:8500:8500/tcp - read_only: true - restart: always - security_opt: - - no-new-privileges:true - user: root:root - volumes: - - consul-config:/consul/config:z - - consul-data:/consul/data:z - - edgex-init:/edgex-init:ro,z - - consul-acl-token:/tmp/edgex/secrets/consul-acl-token:z - - /tmp/edgex/secrets/edgex-consul:/tmp/edgex/secrets/edgex-consul:ro,z - data: - command: /core-data -cp=consul.http://edgex-core-consul:8500 --registry --confdir=/res - container_name: edgex-core-data - depends_on: - - consul - - database - - metadata - - secretstore-setup - - security-bootstrapper - entrypoint: - - /edgex-init/ready_to_run_wait_install.sh - environment: - API_GATEWAY_HOST: edgex-kong - API_GATEWAY_STATUS_PORT: '8100' - CLIENTS_CORE_COMMAND_HOST: edgex-core-command - CLIENTS_CORE_DATA_HOST: edgex-core-data - CLIENTS_CORE_METADATA_HOST: edgex-core-metadata - CLIENTS_SUPPORT_NOTIFICATIONS_HOST: edgex-support-notifications - CLIENTS_SUPPORT_SCHEDULER_HOST: edgex-support-scheduler - DATABASES_PRIMARY_HOST: edgex-redis - EDGEX_SECURITY_SECRET_STORE: "true" - MESSAGEQUEUE_HOST: edgex-redis - PROXY_SETUP_HOST: edgex-security-proxy-setup - REGISTRY_HOST: edgex-core-consul - SECRETSTORE_HOST: edgex-vault - SECRETSTORE_PORT: '8200' - SECRETSTORE_TOKENFILE: /tmp/edgex/secrets/core-data/secrets-token.json - SERVICE_HOST: edgex-core-data - SPIFFE_ENDPOINTSOCKET: /tmp/edgex/secrets/spiffe/public/api.sock - SPIFFE_TRUSTBUNDLE_PATH: /tmp/edgex/secrets/spiffe/trust/bundle - SPIFFE_TRUSTDOMAIN: edgexfoundry.org - STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper - STAGEGATE_BOOTSTRAPPER_STARTPORT: '54321' - STAGEGATE_DATABASE_HOST: edgex-redis - STAGEGATE_DATABASE_PORT: '6379' - STAGEGATE_DATABASE_READYPORT: '6379' - STAGEGATE_KONGDB_HOST: edgex-kong-db - STAGEGATE_KONGDB_PORT: '5432' - STAGEGATE_KONGDB_READYPORT: '54325' - STAGEGATE_READY_TORUNPORT: '54329' - STAGEGATE_REGISTRY_HOST: edgex-core-consul - STAGEGATE_REGISTRY_PORT: '8500' - STAGEGATE_REGISTRY_READYPORT: '54324' - STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup - STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: '54322' - STAGEGATE_WAITFOR_TIMEOUT: 60s - hostname: edgex-core-data - image: nexus3.edgexfoundry.org:10004/core-data:latest - networks: - edgex-network: {} - ports: - - 127.0.0.1:5563:5563/tcp - - 127.0.0.1:59880:59880/tcp - read_only: true - restart: always - security_opt: - - no-new-privileges:true - user: 2002:2001 - volumes: - - edgex-init:/edgex-init:ro,z - - /tmp/edgex/secrets/core-data:/tmp/edgex/secrets/core-data:ro,z - database: - container_name: edgex-redis - depends_on: - - secretstore-setup - - security-bootstrapper - entrypoint: - - /edgex-init/redis_wait_install.sh - environment: - API_GATEWAY_HOST: edgex-kong - API_GATEWAY_STATUS_PORT: '8100' - CLIENTS_CORE_COMMAND_HOST: edgex-core-command - CLIENTS_CORE_DATA_HOST: edgex-core-data - CLIENTS_CORE_METADATA_HOST: edgex-core-metadata - CLIENTS_SUPPORT_NOTIFICATIONS_HOST: edgex-support-notifications - CLIENTS_SUPPORT_SCHEDULER_HOST: edgex-support-scheduler - DATABASECONFIG_NAME: redis.conf - DATABASECONFIG_PATH: /run/redis/conf - DATABASES_PRIMARY_HOST: edgex-redis - EDGEX_SECURITY_SECRET_STORE: "true" - PROXY_SETUP_HOST: edgex-security-proxy-setup - REGISTRY_HOST: edgex-core-consul - SECRETSTORE_HOST: edgex-vault - SECRETSTORE_PORT: '8200' - SPIFFE_ENDPOINTSOCKET: /tmp/edgex/secrets/spiffe/public/api.sock - SPIFFE_TRUSTBUNDLE_PATH: /tmp/edgex/secrets/spiffe/trust/bundle - SPIFFE_TRUSTDOMAIN: edgexfoundry.org - STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper - STAGEGATE_BOOTSTRAPPER_STARTPORT: '54321' - STAGEGATE_DATABASE_HOST: edgex-redis - STAGEGATE_DATABASE_PORT: '6379' - STAGEGATE_DATABASE_READYPORT: '6379' - STAGEGATE_KONGDB_HOST: edgex-kong-db - STAGEGATE_KONGDB_PORT: '5432' - STAGEGATE_KONGDB_READYPORT: '54325' - STAGEGATE_READY_TORUNPORT: '54329' - STAGEGATE_REGISTRY_HOST: edgex-core-consul - STAGEGATE_REGISTRY_PORT: '8500' - STAGEGATE_REGISTRY_READYPORT: '54324' - STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup - STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: '54322' - STAGEGATE_WAITFOR_TIMEOUT: 60s - hostname: edgex-redis - image: redis:6.2.6-alpine - networks: - edgex-network: {} - ports: - - 127.0.0.1:6379:6379/tcp - read_only: true - restart: always - security_opt: - - no-new-privileges:true - tmpfs: - - /run - user: root:root - volumes: - - db-data:/data:z - - edgex-init:/edgex-init:ro,z - - redis-config:/run/redis/conf:z - - /tmp/edgex/secrets/security-bootstrapper-redis:/tmp/edgex/secrets/security-bootstrapper-redis:ro,z - ### =============== - ### BEGIN REMOVED CONTENT - ### =============== - # device-virtual: - # command: /device-virtual -cp=consul.http://edgex-core-consul:8500 --registry --confdir=/res - # container_name: edgex-device-virtual - # depends_on: - # - consul - # - data - # - metadata - # - security-bootstrapper - # - security-spiffe-token-provider - # entrypoint: - # - /edgex-init/ready_to_run_wait_install.sh - # environment: - # API_GATEWAY_HOST: edgex-kong - # API_GATEWAY_STATUS_PORT: '8100' - # CLIENTS_CORE_COMMAND_HOST: edgex-core-command - # CLIENTS_CORE_DATA_HOST: edgex-core-data - # CLIENTS_CORE_METADATA_HOST: edgex-core-metadata - # CLIENTS_SUPPORT_NOTIFICATIONS_HOST: edgex-support-notifications - # CLIENTS_SUPPORT_SCHEDULER_HOST: edgex-support-scheduler - # DATABASES_PRIMARY_HOST: edgex-redis - # EDGEX_SECURITY_SECRET_STORE: "true" - # MESSAGEQUEUE_HOST: edgex-redis - # PROXY_SETUP_HOST: edgex-security-proxy-setup - # REGISTRY_HOST: edgex-core-consul - # SECRETSTORE_HOST: edgex-vault - # SECRETSTORE_PORT: '8200' - # SECRETSTORE_RUNTIMETOKENPROVIDER_ENABLED: "true" - # SECRETSTORE_RUNTIMETOKENPROVIDER_ENDPOINTSOCKET: /tmp/edgex/secrets/spiffe/public/api.sock - # SECRETSTORE_RUNTIMETOKENPROVIDER_HOST: edgex-security-spiffe-token-provider - # SECRETSTORE_RUNTIMETOKENPROVIDER_PORT: 59841 - # SECRETSTORE_RUNTIMETOKENPROVIDER_PROTOCOL: https - # SECRETSTORE_RUNTIMETOKENPROVIDER_REQUIREDSECRETS: redisdb - # SECRETSTORE_RUNTIMETOKENPROVIDER_TRUSTDOMAIN: edgexfoundry.org - # SERVICE_HOST: edgex-device-virtual - # SPIFFE_ENDPOINTSOCKET: /tmp/edgex/secrets/spiffe/public/api.sock - # SPIFFE_TRUSTBUNDLE_PATH: /tmp/edgex/secrets/spiffe/trust/bundle - # SPIFFE_TRUSTDOMAIN: edgexfoundry.org - # STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper - # STAGEGATE_BOOTSTRAPPER_STARTPORT: '54321' - # STAGEGATE_DATABASE_HOST: edgex-redis - # STAGEGATE_DATABASE_PORT: '6379' - # STAGEGATE_DATABASE_READYPORT: '6379' - # STAGEGATE_KONGDB_HOST: edgex-kong-db - # STAGEGATE_KONGDB_PORT: '5432' - # STAGEGATE_KONGDB_READYPORT: '54325' - # STAGEGATE_READY_TORUNPORT: '54329' - # STAGEGATE_REGISTRY_HOST: edgex-core-consul - # STAGEGATE_REGISTRY_PORT: '8500' - # STAGEGATE_REGISTRY_READYPORT: '54324' - # STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup - # STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: '54322' - # STAGEGATE_WAITFOR_TIMEOUT: 60s - # hostname: edgex-device-virtual - # image: nexus3.edgexfoundry.org:10004/device-virtual:latest - # networks: - # edgex-network: {} - # ports: - # - 127.0.0.1:59900:59900/tcp - # read_only: true - # restart: always - # security_opt: - # - no-new-privileges:true - # user: 2002:2001 - # volumes: - # - edgex-init:/edgex-init:ro,z - # - /tmp/edgex/secrets/device-virtual:/tmp/edgex/secrets/device-virtual:ro,z - # - /tmp/edgex/secrets/spiffe/public:/tmp/edgex/secrets/spiffe/public:ro,z - ### =============== - ### END REMOVED CONTENT - ### =============== - kong: - container_name: edgex-kong - depends_on: - - kong-db - - security-bootstrapper - entrypoint: - - /edgex-init/kong_wait_install.sh - environment: - API_GATEWAY_HOST: edgex-kong - API_GATEWAY_STATUS_PORT: '8100' - KONG_ADMIN_ACCESS_LOG: /dev/stdout - KONG_ADMIN_ERROR_LOG: /dev/stderr - KONG_ADMIN_LISTEN: 127.0.0.1:8001, 127.0.0.1:8444 ssl - KONG_DATABASE: postgres - KONG_DNS_ORDER: LAST,A,CNAME - KONG_DNS_VALID_TTL: '1' - KONG_NGINX_WORKER_PROCESSES: '1' - KONG_PG_HOST: edgex-kong-db - KONG_PG_PASSWORD_FILE: /tmp/postgres-config/.pgpassword - KONG_PROXY_ACCESS_LOG: /dev/stdout - KONG_PROXY_ERROR_LOG: /dev/stderr - KONG_SSL_CIPHER_SUITE: modern - KONG_STATUS_LISTEN: 0.0.0.0:8100 - PROXY_SETUP_HOST: edgex-security-proxy-setup - STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper - STAGEGATE_BOOTSTRAPPER_STARTPORT: '54321' - STAGEGATE_DATABASE_HOST: edgex-redis - STAGEGATE_DATABASE_PORT: '6379' - STAGEGATE_DATABASE_READYPORT: '6379' - STAGEGATE_KONGDB_HOST: edgex-kong-db - STAGEGATE_KONGDB_PORT: '5432' - STAGEGATE_KONGDB_READYPORT: '54325' - STAGEGATE_READY_TORUNPORT: '54329' - STAGEGATE_REGISTRY_HOST: edgex-core-consul - STAGEGATE_REGISTRY_PORT: '8500' - STAGEGATE_REGISTRY_READYPORT: '54324' - STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup - STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: '54322' - STAGEGATE_WAITFOR_TIMEOUT: 60s - hostname: edgex-kong - image: kong:2.6.1 - networks: - edgex-network: {} - ports: - - 8000:8000/tcp - - 127.0.0.1:8100:8100/tcp - - 8443:8443/tcp - read_only: true - restart: always - security_opt: - - no-new-privileges:true - tmpfs: - - /run - - /tmp - tty: true - user: kong:nogroup - volumes: - - edgex-init:/edgex-init:ro,z - - /tmp/edgex/secrets/security-proxy-setup:/tmp/edgex/secrets/security-proxy-setup:ro,z - - postgres-config:/tmp/postgres-config:z - - kong:/usr/local/kong:z - kong-db: - container_name: edgex-kong-db - depends_on: - - security-bootstrapper - entrypoint: - - /edgex-init/postgres_wait_install.sh - environment: - API_GATEWAY_HOST: edgex-kong - API_GATEWAY_STATUS_PORT: '8100' - EDGEX_SECURITY_SECRET_STORE: "true" - POSTGRES_DB: kong - POSTGRES_PASSWORD_FILE: /tmp/postgres-config/.pgpassword - POSTGRES_USER: kong - PROXY_SETUP_HOST: edgex-security-proxy-setup - SECRETSTORE_HOST: edgex-vault - SECRETSTORE_PORT: '8200' - SPIFFE_ENDPOINTSOCKET: /tmp/edgex/secrets/spiffe/public/api.sock - SPIFFE_TRUSTBUNDLE_PATH: /tmp/edgex/secrets/spiffe/trust/bundle - SPIFFE_TRUSTDOMAIN: edgexfoundry.org - STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper - STAGEGATE_BOOTSTRAPPER_STARTPORT: '54321' - STAGEGATE_DATABASE_HOST: edgex-redis - STAGEGATE_DATABASE_PORT: '6379' - STAGEGATE_DATABASE_READYPORT: '6379' - STAGEGATE_KONGDB_HOST: edgex-kong-db - STAGEGATE_KONGDB_PORT: '5432' - STAGEGATE_KONGDB_READYPORT: '54325' - STAGEGATE_READY_TORUNPORT: '54329' - STAGEGATE_REGISTRY_HOST: edgex-core-consul - STAGEGATE_REGISTRY_PORT: '8500' - STAGEGATE_REGISTRY_READYPORT: '54324' - STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup - STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: '54322' - STAGEGATE_WAITFOR_TIMEOUT: 60s - hostname: edgex-kong-db - image: postgres:13.5-alpine - networks: - edgex-network: {} - ports: - - 127.0.0.1:5432:5432/tcp - read_only: true - restart: always - security_opt: - - no-new-privileges:true - tmpfs: - - /var/run - - /tmp - - /run - user: root:root - volumes: - - edgex-init:/edgex-init:ro,z - - postgres-config:/tmp/postgres-config:z - - postgres-data:/var/lib/postgresql/data:z - metadata: - command: /core-metadata -cp=consul.http://edgex-core-consul:8500 --registry --confdir=/res - container_name: edgex-core-metadata - depends_on: - - consul - - database - - notifications - - secretstore-setup - - security-bootstrapper - entrypoint: - - /edgex-init/ready_to_run_wait_install.sh - environment: - API_GATEWAY_HOST: edgex-kong - API_GATEWAY_STATUS_PORT: '8100' - CLIENTS_CORE_COMMAND_HOST: edgex-core-command - CLIENTS_CORE_DATA_HOST: edgex-core-data - CLIENTS_CORE_METADATA_HOST: edgex-core-metadata - CLIENTS_SUPPORT_NOTIFICATIONS_HOST: edgex-support-notifications - CLIENTS_SUPPORT_SCHEDULER_HOST: edgex-support-scheduler - DATABASES_PRIMARY_HOST: edgex-redis - EDGEX_SECURITY_SECRET_STORE: "true" - NOTIFICATIONS_SENDER: edgex-core-metadata - PROXY_SETUP_HOST: edgex-security-proxy-setup - REGISTRY_HOST: edgex-core-consul - SECRETSTORE_HOST: edgex-vault - SECRETSTORE_PORT: '8200' - SERVICE_HOST: edgex-core-metadata - SPIFFE_ENDPOINTSOCKET: /tmp/edgex/secrets/spiffe/public/api.sock - SPIFFE_TRUSTBUNDLE_PATH: /tmp/edgex/secrets/spiffe/trust/bundle - SPIFFE_TRUSTDOMAIN: edgexfoundry.org - STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper - STAGEGATE_BOOTSTRAPPER_STARTPORT: '54321' - STAGEGATE_DATABASE_HOST: edgex-redis - STAGEGATE_DATABASE_PORT: '6379' - STAGEGATE_DATABASE_READYPORT: '6379' - STAGEGATE_KONGDB_HOST: edgex-kong-db - STAGEGATE_KONGDB_PORT: '5432' - STAGEGATE_KONGDB_READYPORT: '54325' - STAGEGATE_READY_TORUNPORT: '54329' - STAGEGATE_REGISTRY_HOST: edgex-core-consul - STAGEGATE_REGISTRY_PORT: '8500' - STAGEGATE_REGISTRY_READYPORT: '54324' - STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup - STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: '54322' - STAGEGATE_WAITFOR_TIMEOUT: 60s - hostname: edgex-core-metadata - image: nexus3.edgexfoundry.org:10004/core-metadata:latest - networks: - edgex-network: {} - ports: - - 127.0.0.1:59881:59881/tcp - read_only: true - restart: always - security_opt: - - no-new-privileges:true - user: 2002:2001 - volumes: - - edgex-init:/edgex-init:ro,z - - /tmp/edgex/secrets/core-metadata:/tmp/edgex/secrets/core-metadata:ro,z - notifications: - command: /support-notifications -cp=consul.http://edgex-core-consul:8500 --registry - --confdir=/res - container_name: edgex-support-notifications - depends_on: - - consul - - database - - secretstore-setup - - security-bootstrapper - entrypoint: - - /edgex-init/ready_to_run_wait_install.sh - environment: - API_GATEWAY_HOST: edgex-kong - API_GATEWAY_STATUS_PORT: '8100' - CLIENTS_CORE_COMMAND_HOST: edgex-core-command - CLIENTS_CORE_DATA_HOST: edgex-core-data - CLIENTS_CORE_METADATA_HOST: edgex-core-metadata - CLIENTS_SUPPORT_NOTIFICATIONS_HOST: edgex-support-notifications - CLIENTS_SUPPORT_SCHEDULER_HOST: edgex-support-scheduler - DATABASES_PRIMARY_HOST: edgex-redis - EDGEX_SECURITY_SECRET_STORE: "true" - PROXY_SETUP_HOST: edgex-security-proxy-setup - REGISTRY_HOST: edgex-core-consul - SECRETSTORE_HOST: edgex-vault - SECRETSTORE_PORT: '8200' - SERVICE_HOST: edgex-support-notifications - SPIFFE_ENDPOINTSOCKET: /tmp/edgex/secrets/spiffe/public/api.sock - SPIFFE_TRUSTBUNDLE_PATH: /tmp/edgex/secrets/spiffe/trust/bundle - SPIFFE_TRUSTDOMAIN: edgexfoundry.org - STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper - STAGEGATE_BOOTSTRAPPER_STARTPORT: '54321' - STAGEGATE_DATABASE_HOST: edgex-redis - STAGEGATE_DATABASE_PORT: '6379' - STAGEGATE_DATABASE_READYPORT: '6379' - STAGEGATE_KONGDB_HOST: edgex-kong-db - STAGEGATE_KONGDB_PORT: '5432' - STAGEGATE_KONGDB_READYPORT: '54325' - STAGEGATE_READY_TORUNPORT: '54329' - STAGEGATE_REGISTRY_HOST: edgex-core-consul - STAGEGATE_REGISTRY_PORT: '8500' - STAGEGATE_REGISTRY_READYPORT: '54324' - STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup - STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: '54322' - STAGEGATE_WAITFOR_TIMEOUT: 60s - hostname: edgex-support-notifications - image: nexus3.edgexfoundry.org:10004/support-notifications:latest - networks: - edgex-network: {} - ports: - - 127.0.0.1:59860:59860/tcp - read_only: true - restart: always - security_opt: - - no-new-privileges:true - user: 2002:2001 - volumes: - - edgex-init:/edgex-init:ro,z - - /tmp/edgex/secrets/support-notifications:/tmp/edgex/secrets/support-notifications:ro,z - proxy-setup: - container_name: edgex-security-proxy-setup - depends_on: - - kong - - secretstore-setup - - security-bootstrapper - entrypoint: - - /edgex-init/proxy_setup_wait_install.sh - environment: - ADD_PROXY_ROUTE: '' - API_GATEWAY_HOST: edgex-kong - API_GATEWAY_STATUS_PORT: '8100' - EDGEX_SECURITY_SECRET_STORE: "true" - KONGURL_SERVER: edgex-kong - PROXY_SETUP_HOST: edgex-security-proxy-setup - ROUTES_CORE_COMMAND_HOST: edgex-core-command - ROUTES_CORE_CONSUL_HOST: edgex-core-consul - ROUTES_CORE_DATA_HOST: edgex-core-data - ROUTES_CORE_METADATA_HOST: edgex-core-metadata - ROUTES_DEVICE_VIRTUAL_HOST: device-virtual - ROUTES_RULES_ENGINE_HOST: edgex-kuiper - ROUTES_SUPPORT_NOTIFICATIONS_HOST: edgex-support-notifications - ROUTES_SUPPORT_SCHEDULER_HOST: edgex-support-scheduler - ROUTES_SYS_MGMT_AGENT_HOST: edgex-sys-mgmt-agent - SECRETSTORE_HOST: edgex-vault - SECRETSTORE_PORT: '8200' - SPIFFE_ENDPOINTSOCKET: /tmp/edgex/secrets/spiffe/public/api.sock - SPIFFE_TRUSTBUNDLE_PATH: /tmp/edgex/secrets/spiffe/trust/bundle - SPIFFE_TRUSTDOMAIN: edgexfoundry.org - STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper - STAGEGATE_BOOTSTRAPPER_STARTPORT: '54321' - STAGEGATE_DATABASE_HOST: edgex-redis - STAGEGATE_DATABASE_PORT: '6379' - STAGEGATE_DATABASE_READYPORT: '6379' - STAGEGATE_KONGDB_HOST: edgex-kong-db - STAGEGATE_KONGDB_PORT: '5432' - STAGEGATE_KONGDB_READYPORT: '54325' - STAGEGATE_READY_TORUNPORT: '54329' - STAGEGATE_REGISTRY_HOST: edgex-core-consul - STAGEGATE_REGISTRY_PORT: '8500' - STAGEGATE_REGISTRY_READYPORT: '54324' - STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup - STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: '54322' - STAGEGATE_WAITFOR_TIMEOUT: 60s - hostname: edgex-security-proxy-setup - image: nexus3.edgexfoundry.org:10004/security-proxy-setup:latest - networks: - edgex-network: {} - read_only: true - security_opt: - - no-new-privileges:true - user: 2002:2001 - volumes: - - edgex-init:/edgex-init:ro,z - - consul-acl-token:/tmp/edgex/secrets/consul-acl-token:ro,z - - /tmp/edgex/secrets/security-proxy-setup:/tmp/edgex/secrets/security-proxy-setup:ro,z - rulesengine: - container_name: edgex-kuiper - depends_on: - - database - - secretstore-setup - - security-bootstrapper - entrypoint: - - /edgex-init/kuiper_wait_install.sh - environment: - API_GATEWAY_HOST: edgex-kong - API_GATEWAY_STATUS_PORT: '8100' - CONNECTION__EDGEX__REDISMSGBUS__PORT: 6379 - CONNECTION__EDGEX__REDISMSGBUS__PROTOCOL: redis - CONNECTION__EDGEX__REDISMSGBUS__SERVER: edgex-redis - CONNECTION__EDGEX__REDISMSGBUS__TYPE: redis - EDGEX__DEFAULT__PORT: 6379 - EDGEX__DEFAULT__PROTOCOL: redis - EDGEX__DEFAULT__SERVER: edgex-redis - EDGEX__DEFAULT__TOPIC: rules-events - EDGEX__DEFAULT__TYPE: redis - KUIPER__BASIC__CONSOLELOG: "true" - KUIPER__BASIC__RESTPORT: 59720 - PROXY_SETUP_HOST: edgex-security-proxy-setup - STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper - STAGEGATE_BOOTSTRAPPER_STARTPORT: '54321' - STAGEGATE_DATABASE_HOST: edgex-redis - STAGEGATE_DATABASE_PORT: '6379' - STAGEGATE_DATABASE_READYPORT: '6379' - STAGEGATE_KONGDB_HOST: edgex-kong-db - STAGEGATE_KONGDB_PORT: '5432' - STAGEGATE_KONGDB_READYPORT: '54325' - STAGEGATE_READY_TORUNPORT: '54329' - STAGEGATE_REGISTRY_HOST: edgex-core-consul - STAGEGATE_REGISTRY_PORT: '8500' - STAGEGATE_REGISTRY_READYPORT: '54324' - STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup - STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: '54322' - STAGEGATE_WAITFOR_TIMEOUT: 60s - hostname: edgex-kuiper - image: lfedge/ekuiper:1.4.4-alpine - networks: - edgex-network: {} - ports: - - 127.0.0.1:59720:59720/tcp - read_only: true - restart: always - security_opt: - - no-new-privileges:true - user: kuiper:kuiper - volumes: - - edgex-init:/edgex-init:ro,z - - kuiper-data:/kuiper/data:z - - kuiper-connections:/kuiper/etc/connections:z - - kuiper-sources:/kuiper/etc/sources:z - scheduler: - command: /support-scheduler -cp=consul.http://edgex-core-consul:8500 --registry - --confdir=/res - container_name: edgex-support-scheduler - depends_on: - - consul - - database - - secretstore-setup - - security-bootstrapper - entrypoint: - - /edgex-init/ready_to_run_wait_install.sh - environment: - API_GATEWAY_HOST: edgex-kong - API_GATEWAY_STATUS_PORT: '8100' - CLIENTS_CORE_COMMAND_HOST: edgex-core-command - CLIENTS_CORE_DATA_HOST: edgex-core-data - CLIENTS_CORE_METADATA_HOST: edgex-core-metadata - CLIENTS_SUPPORT_NOTIFICATIONS_HOST: edgex-support-notifications - CLIENTS_SUPPORT_SCHEDULER_HOST: edgex-support-scheduler - DATABASES_PRIMARY_HOST: edgex-redis - EDGEX_SECURITY_SECRET_STORE: "true" - INTERVALACTIONS_SCRUBAGED_HOST: edgex-core-data - INTERVALACTIONS_SCRUBPUSHED_HOST: edgex-core-data - PROXY_SETUP_HOST: edgex-security-proxy-setup - REGISTRY_HOST: edgex-core-consul - SECRETSTORE_HOST: edgex-vault - SECRETSTORE_PORT: '8200' - SERVICE_HOST: edgex-support-scheduler - SPIFFE_ENDPOINTSOCKET: /tmp/edgex/secrets/spiffe/public/api.sock - SPIFFE_TRUSTBUNDLE_PATH: /tmp/edgex/secrets/spiffe/trust/bundle - SPIFFE_TRUSTDOMAIN: edgexfoundry.org - STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper - STAGEGATE_BOOTSTRAPPER_STARTPORT: '54321' - STAGEGATE_DATABASE_HOST: edgex-redis - STAGEGATE_DATABASE_PORT: '6379' - STAGEGATE_DATABASE_READYPORT: '6379' - STAGEGATE_KONGDB_HOST: edgex-kong-db - STAGEGATE_KONGDB_PORT: '5432' - STAGEGATE_KONGDB_READYPORT: '54325' - STAGEGATE_READY_TORUNPORT: '54329' - STAGEGATE_REGISTRY_HOST: edgex-core-consul - STAGEGATE_REGISTRY_PORT: '8500' - STAGEGATE_REGISTRY_READYPORT: '54324' - STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup - STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: '54322' - STAGEGATE_WAITFOR_TIMEOUT: 60s - hostname: edgex-support-scheduler - image: nexus3.edgexfoundry.org:10004/support-scheduler:latest - networks: - edgex-network: {} - ports: - - 127.0.0.1:59861:59861/tcp - read_only: true - restart: always - security_opt: - - no-new-privileges:true - user: 2002:2001 - volumes: - - edgex-init:/edgex-init:ro,z - - /tmp/edgex/secrets/support-scheduler:/tmp/edgex/secrets/support-scheduler:ro,z - secretstore-setup: - container_name: edgex-security-secretstore-setup - depends_on: - - security-bootstrapper - - vault - environment: - ADD_KNOWN_SECRETS: redisdb[app-rules-engine],redisdb[device-virtual] - ADD_SECRETSTORE_TOKENS: '' - API_GATEWAY_HOST: edgex-kong - API_GATEWAY_STATUS_PORT: '8100' - EDGEX_GROUP: '2001' - EDGEX_SECURITY_SECRET_STORE: "true" - EDGEX_USER: '2002' - PROXY_SETUP_HOST: edgex-security-proxy-setup - SECRETSTORE_HOST: edgex-vault - SECRETSTORE_PORT: '8200' - SECUREMESSAGEBUS_TYPE: redis - SPIFFE_ENDPOINTSOCKET: /tmp/edgex/secrets/spiffe/public/api.sock - SPIFFE_TRUSTBUNDLE_PATH: /tmp/edgex/secrets/spiffe/trust/bundle - SPIFFE_TRUSTDOMAIN: edgexfoundry.org - STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper - STAGEGATE_BOOTSTRAPPER_STARTPORT: '54321' - STAGEGATE_DATABASE_HOST: edgex-redis - STAGEGATE_DATABASE_PORT: '6379' - STAGEGATE_DATABASE_READYPORT: '6379' - STAGEGATE_KONGDB_HOST: edgex-kong-db - STAGEGATE_KONGDB_PORT: '5432' - STAGEGATE_KONGDB_READYPORT: '54325' - STAGEGATE_READY_TORUNPORT: '54329' - STAGEGATE_REGISTRY_HOST: edgex-core-consul - STAGEGATE_REGISTRY_PORT: '8500' - STAGEGATE_REGISTRY_READYPORT: '54324' - STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup - STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: '54322' - STAGEGATE_WAITFOR_TIMEOUT: 60s - hostname: edgex-security-secretstore-setup - image: nexus3.edgexfoundry.org:10004/security-secretstore-setup:latest - networks: - edgex-network: {} - read_only: true - restart: always - security_opt: - - no-new-privileges:true - tmpfs: - - /run - - /vault - user: root:root - volumes: - - edgex-init:/edgex-init:ro,z - - /tmp/edgex/secrets:/tmp/edgex/secrets:z - - kong:/tmp/kong:z - - kuiper-sources:/tmp/kuiper:z - - kuiper-connections:/tmp/kuiper-connections:z - - vault-config:/vault/config:z - security-bootstrapper: - container_name: edgex-security-bootstrapper - environment: - API_GATEWAY_HOST: edgex-kong - API_GATEWAY_STATUS_PORT: '8100' - EDGEX_GROUP: '2001' - EDGEX_USER: '2002' - PROXY_SETUP_HOST: edgex-security-proxy-setup - STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper - STAGEGATE_BOOTSTRAPPER_STARTPORT: '54321' - STAGEGATE_DATABASE_HOST: edgex-redis - STAGEGATE_DATABASE_PORT: '6379' - STAGEGATE_DATABASE_READYPORT: '6379' - STAGEGATE_KONGDB_HOST: edgex-kong-db - STAGEGATE_KONGDB_PORT: '5432' - STAGEGATE_KONGDB_READYPORT: '54325' - STAGEGATE_READY_TORUNPORT: '54329' - STAGEGATE_REGISTRY_HOST: edgex-core-consul - STAGEGATE_REGISTRY_PORT: '8500' - STAGEGATE_REGISTRY_READYPORT: '54324' - STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup - STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: '54322' - STAGEGATE_WAITFOR_TIMEOUT: 60s - hostname: edgex-security-bootstrapper - image: nexus3.edgexfoundry.org:10004/security-bootstrapper:latest - networks: - edgex-network: {} - read_only: true - restart: always - security_opt: - - no-new-privileges:true - user: root:root - volumes: - - edgex-init:/edgex-init:z - security-spiffe-token-provider: - command: /security-spiffe-token-provider -cp=consul.http://edgex-core-consul:8500 - --registry --confdir=/res - container_name: edgex-security-spiffe-token-provider - depends_on: - - consul - - security-bootstrapper - - security-spire-agent - entrypoint: - - /edgex-init/ready_to_run_wait_install.sh - environment: - API_GATEWAY_HOST: edgex-kong - API_GATEWAY_STATUS_PORT: '8100' - CLIENTS_CORE_COMMAND_HOST: edgex-core-command - CLIENTS_CORE_DATA_HOST: edgex-core-data - CLIENTS_CORE_METADATA_HOST: edgex-core-metadata - CLIENTS_SUPPORT_NOTIFICATIONS_HOST: edgex-support-notifications - CLIENTS_SUPPORT_SCHEDULER_HOST: edgex-support-scheduler - DATABASES_PRIMARY_HOST: edgex-redis - EDGEX_SECURITY_SECRET_STORE: "true" - PROXY_SETUP_HOST: edgex-security-proxy-setup - REGISTRY_HOST: edgex-core-consul - SECRETSTORE_HOST: edgex-vault - SECRETSTORE_PORT: '8200' - SERVICE_HOST: edgex-security-spiffe-token-provider - SPIFFE_ENDPOINTSOCKET: /tmp/edgex/secrets/spiffe/public/api.sock - SPIFFE_TRUSTBUNDLE_PATH: /tmp/edgex/secrets/spiffe/trust/bundle - SPIFFE_TRUSTDOMAIN: edgexfoundry.org - STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper - STAGEGATE_BOOTSTRAPPER_STARTPORT: '54321' - STAGEGATE_DATABASE_HOST: edgex-redis - STAGEGATE_DATABASE_PORT: '6379' - STAGEGATE_DATABASE_READYPORT: '6379' - STAGEGATE_KONGDB_HOST: edgex-kong-db - STAGEGATE_KONGDB_PORT: '5432' - STAGEGATE_KONGDB_READYPORT: '54325' - STAGEGATE_READY_TORUNPORT: '54329' - STAGEGATE_REGISTRY_HOST: edgex-core-consul - STAGEGATE_REGISTRY_PORT: '8500' - STAGEGATE_REGISTRY_READYPORT: '54324' - STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup - STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: '54322' - STAGEGATE_WAITFOR_TIMEOUT: 60s - hostname: edgex-security-spiffe-token-provider - image: nexus3.edgexfoundry.org:10004/security-spiffe-token-provider:latest - networks: - edgex-network: {} - ports: - - 127.0.0.1:59841:59841/tcp - read_only: true - restart: always - security_opt: - - no-new-privileges:true - tmpfs: - - /run - user: root:root - volumes: - - edgex-init:/edgex-init:z - - /tmp/edgex/secrets/security-spiffe-token-provider:/tmp/edgex/secrets/security-spiffe-token-provider:z - - /tmp/edgex/secrets/spiffe:/tmp/edgex/secrets/spiffe:z - security-spire-agent: - command: docker-entrypoint.sh - container_name: edgex-security-spire-agent - depends_on: - - security-spire-server - entrypoint: - - /edgex-init/ready_to_run_wait_install.sh - environment: - API_GATEWAY_HOST: edgex-kong - API_GATEWAY_STATUS_PORT: '8100' - CLIENTS_CORE_COMMAND_HOST: edgex-core-command - CLIENTS_CORE_DATA_HOST: edgex-core-data - CLIENTS_CORE_METADATA_HOST: edgex-core-metadata - CLIENTS_SUPPORT_NOTIFICATIONS_HOST: edgex-support-notifications - CLIENTS_SUPPORT_SCHEDULER_HOST: edgex-support-scheduler - DATABASES_PRIMARY_HOST: edgex-redis - EDGEX_SECURITY_SECRET_STORE: "true" - PROXY_SETUP_HOST: edgex-security-proxy-setup - REGISTRY_HOST: edgex-core-consul - SECRETSTORE_HOST: edgex-vault - SECRETSTORE_PORT: '8200' - SPIFFE_ENDPOINTSOCKET: /tmp/edgex/secrets/spiffe/public/api.sock - SPIFFE_TRUSTBUNDLE_PATH: /tmp/edgex/secrets/spiffe/trust/bundle - SPIFFE_TRUSTDOMAIN: edgexfoundry.org - STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper - STAGEGATE_BOOTSTRAPPER_STARTPORT: '54321' - STAGEGATE_DATABASE_HOST: edgex-redis - STAGEGATE_DATABASE_PORT: '6379' - STAGEGATE_DATABASE_READYPORT: '6379' - STAGEGATE_KONGDB_HOST: edgex-kong-db - STAGEGATE_KONGDB_PORT: '5432' - STAGEGATE_KONGDB_READYPORT: '54325' - STAGEGATE_READY_TORUNPORT: '54329' - STAGEGATE_REGISTRY_HOST: edgex-core-consul - STAGEGATE_REGISTRY_PORT: '8500' - STAGEGATE_REGISTRY_READYPORT: '54324' - STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup - STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: '54322' - STAGEGATE_WAITFOR_TIMEOUT: 60s - hostname: edgex-security-spire-agent - image: nexus3.edgexfoundry.org:10004/security-spire-agent:latest - networks: - edgex-network: {} - pid: host - privileged: true - read_only: true - restart: always - security_opt: - - no-new-privileges:true - tmpfs: - - /run - user: root:root - volumes: - - edgex-init:/edgex-init:z - - spire-agent:/srv/spiffe/agent:z - - spire-ca:/srv/spiffe/ca:z - - /tmp/edgex/secrets/spiffe:/tmp/edgex/secrets/spiffe:z - - /var/run/docker.sock:/var/run/docker.sock:rw - security-spire-config: - command: docker-entrypoint.sh - container_name: edgex-security-spire-config - depends_on: - - security-spire-agent - entrypoint: - - /edgex-init/ready_to_run_wait_install.sh - environment: - API_GATEWAY_HOST: edgex-kong - API_GATEWAY_STATUS_PORT: '8100' - CLIENTS_CORE_COMMAND_HOST: edgex-core-command - CLIENTS_CORE_DATA_HOST: edgex-core-data - CLIENTS_CORE_METADATA_HOST: edgex-core-metadata - CLIENTS_SUPPORT_NOTIFICATIONS_HOST: edgex-support-notifications - CLIENTS_SUPPORT_SCHEDULER_HOST: edgex-support-scheduler - DATABASES_PRIMARY_HOST: edgex-redis - EDGEX_SECURITY_SECRET_STORE: "true" - PROXY_SETUP_HOST: edgex-security-proxy-setup - REGISTRY_HOST: edgex-core-consul - SECRETSTORE_HOST: edgex-vault - SECRETSTORE_PORT: '8200' - SPIFFE_ENDPOINTSOCKET: /tmp/edgex/secrets/spiffe/public/api.sock - SPIFFE_TRUSTBUNDLE_PATH: /tmp/edgex/secrets/spiffe/trust/bundle - SPIFFE_TRUSTDOMAIN: edgexfoundry.org - STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper - STAGEGATE_BOOTSTRAPPER_STARTPORT: '54321' - STAGEGATE_DATABASE_HOST: edgex-redis - STAGEGATE_DATABASE_PORT: '6379' - STAGEGATE_DATABASE_READYPORT: '6379' - STAGEGATE_KONGDB_HOST: edgex-kong-db - STAGEGATE_KONGDB_PORT: '5432' - STAGEGATE_KONGDB_READYPORT: '54325' - STAGEGATE_READY_TORUNPORT: '54329' - STAGEGATE_REGISTRY_HOST: edgex-core-consul - STAGEGATE_REGISTRY_PORT: '8500' - STAGEGATE_REGISTRY_READYPORT: '54324' - STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup - STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: '54322' - STAGEGATE_WAITFOR_TIMEOUT: 60s - hostname: edgex-security-spire-config - image: nexus3.edgexfoundry.org:10004/security-spire-config:latest - networks: - edgex-network: {} - read_only: true - restart: always - security_opt: - - no-new-privileges:true - tmpfs: - - /run - user: root:root - volumes: - - edgex-init:/edgex-init:z - - /tmp/edgex/secrets/spiffe:/tmp/edgex/secrets/spiffe:z - security-spire-server: - command: docker-entrypoint.sh - container_name: edgex-security-spire-server - depends_on: - - security-bootstrapper - entrypoint: - - /edgex-init/ready_to_run_wait_install.sh - environment: - API_GATEWAY_HOST: edgex-kong - API_GATEWAY_STATUS_PORT: '8100' - CLIENTS_CORE_COMMAND_HOST: edgex-core-command - CLIENTS_CORE_DATA_HOST: edgex-core-data - CLIENTS_CORE_METADATA_HOST: edgex-core-metadata - CLIENTS_SUPPORT_NOTIFICATIONS_HOST: edgex-support-notifications - CLIENTS_SUPPORT_SCHEDULER_HOST: edgex-support-scheduler - DATABASES_PRIMARY_HOST: edgex-redis - EDGEX_SECURITY_SECRET_STORE: "true" - PROXY_SETUP_HOST: edgex-security-proxy-setup - REGISTRY_HOST: edgex-core-consul - SECRETSTORE_HOST: edgex-vault - SECRETSTORE_PORT: '8200' - SPIFFE_ENDPOINTSOCKET: /tmp/edgex/secrets/spiffe/public/api.sock - SPIFFE_TRUSTBUNDLE_PATH: /tmp/edgex/secrets/spiffe/trust/bundle - SPIFFE_TRUSTDOMAIN: edgexfoundry.org - STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper - STAGEGATE_BOOTSTRAPPER_STARTPORT: '54321' - STAGEGATE_DATABASE_HOST: edgex-redis - STAGEGATE_DATABASE_PORT: '6379' - STAGEGATE_DATABASE_READYPORT: '6379' - STAGEGATE_KONGDB_HOST: edgex-kong-db - STAGEGATE_KONGDB_PORT: '5432' - STAGEGATE_KONGDB_READYPORT: '54325' - STAGEGATE_READY_TORUNPORT: '54329' - STAGEGATE_REGISTRY_HOST: edgex-core-consul - STAGEGATE_REGISTRY_PORT: '8500' - STAGEGATE_REGISTRY_READYPORT: '54324' - STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup - STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: '54322' - STAGEGATE_WAITFOR_TIMEOUT: 60s - hostname: edgex-security-spire-server - image: nexus3.edgexfoundry.org:10004/security-spire-server:latest - networks: - edgex-network: {} - pid: host - ports: - - 127.0.0.1:59840:59840/tcp - read_only: true - restart: always - security_opt: - - no-new-privileges:true - tmpfs: - - /run - user: root:root - volumes: - - edgex-init:/edgex-init:z - - spire-ca:/srv/spiffe/ca:z - - spire-server:/srv/spiffe/server:z - - /tmp/edgex/secrets/spiffe:/tmp/edgex/secrets/spiffe:z - system: - command: /sys-mgmt-agent -cp=consul.http://edgex-core-consul:8500 --registry --confdir=/res - container_name: edgex-sys-mgmt-agent - depends_on: - - command - - consul - - data - - metadata - - notifications - - scheduler - - security-bootstrapper - entrypoint: - - /edgex-init/ready_to_run_wait_install.sh - environment: - API_GATEWAY_HOST: edgex-kong - API_GATEWAY_STATUS_PORT: '8100' - CLIENTS_CORE_COMMAND_HOST: edgex-core-command - CLIENTS_CORE_DATA_HOST: edgex-core-data - CLIENTS_CORE_METADATA_HOST: edgex-core-metadata - CLIENTS_SUPPORT_NOTIFICATIONS_HOST: edgex-support-notifications - CLIENTS_SUPPORT_SCHEDULER_HOST: edgex-support-scheduler - DATABASES_PRIMARY_HOST: edgex-redis - EDGEX_SECURITY_SECRET_STORE: "true" - EXECUTORPATH: /sys-mgmt-executor - METRICSMECHANISM: executor - PROXY_SETUP_HOST: edgex-security-proxy-setup - REGISTRY_HOST: edgex-core-consul - SECRETSTORE_HOST: edgex-vault - SECRETSTORE_PORT: '8200' - SERVICE_HOST: edgex-sys-mgmt-agent - SPIFFE_ENDPOINTSOCKET: /tmp/edgex/secrets/spiffe/public/api.sock - SPIFFE_TRUSTBUNDLE_PATH: /tmp/edgex/secrets/spiffe/trust/bundle - SPIFFE_TRUSTDOMAIN: edgexfoundry.org - STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper - STAGEGATE_BOOTSTRAPPER_STARTPORT: '54321' - STAGEGATE_DATABASE_HOST: edgex-redis - STAGEGATE_DATABASE_PORT: '6379' - STAGEGATE_DATABASE_READYPORT: '6379' - STAGEGATE_KONGDB_HOST: edgex-kong-db - STAGEGATE_KONGDB_PORT: '5432' - STAGEGATE_KONGDB_READYPORT: '54325' - STAGEGATE_READY_TORUNPORT: '54329' - STAGEGATE_REGISTRY_HOST: edgex-core-consul - STAGEGATE_REGISTRY_PORT: '8500' - STAGEGATE_REGISTRY_READYPORT: '54324' - STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup - STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: '54322' - STAGEGATE_WAITFOR_TIMEOUT: 60s - hostname: edgex-sys-mgmt-agent - image: nexus3.edgexfoundry.org:10004/sys-mgmt-agent:latest - networks: - edgex-network: {} - ports: - - 127.0.0.1:58890:58890/tcp - read_only: true - restart: always - security_opt: - - label:disable - - no-new-privileges:true - user: root:root - volumes: - - edgex-init:/edgex-init:ro,z - - /tmp/edgex/secrets/sys-mgmt-agent:/tmp/edgex/secrets/sys-mgmt-agent:ro,z - - /var/run/docker.sock:/var/run/docker.sock:z - ui: - container_name: edgex-ui-go - environment: - EDGEX_SECURITY_SECRET_STORE: "true" - hostname: edgex-ui-go - image: nexus3.edgexfoundry.org:10004/edgex-ui:latest - networks: - edgex-network: {} - ports: - - 4000:4000/tcp - read_only: true - restart: always - security_opt: - - no-new-privileges:true - user: 2002:2001 - vault: - cap_add: - - IPC_LOCK - command: server - container_name: edgex-vault - depends_on: - - security-bootstrapper - entrypoint: - - /edgex-init/vault_wait_install.sh - environment: - API_GATEWAY_HOST: edgex-kong - API_GATEWAY_STATUS_PORT: '8100' - PROXY_SETUP_HOST: edgex-security-proxy-setup - STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper - STAGEGATE_BOOTSTRAPPER_STARTPORT: '54321' - STAGEGATE_DATABASE_HOST: edgex-redis - STAGEGATE_DATABASE_PORT: '6379' - STAGEGATE_DATABASE_READYPORT: '6379' - STAGEGATE_KONGDB_HOST: edgex-kong-db - STAGEGATE_KONGDB_PORT: '5432' - STAGEGATE_KONGDB_READYPORT: '54325' - STAGEGATE_READY_TORUNPORT: '54329' - STAGEGATE_REGISTRY_HOST: edgex-core-consul - STAGEGATE_REGISTRY_PORT: '8500' - STAGEGATE_REGISTRY_READYPORT: '54324' - STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup - STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: '54322' - STAGEGATE_WAITFOR_TIMEOUT: 60s - VAULT_ADDR: http://edgex-vault:8200 - VAULT_CONFIG_DIR: /vault/config - VAULT_UI: "true" - hostname: edgex-vault - image: vault:1.8.9 - networks: - edgex-network: {} - ports: - - 127.0.0.1:8200:8200/tcp - restart: always - tmpfs: - - /vault/config - user: root:root - volumes: - - edgex-init:/edgex-init:ro,z - - vault-file:/vault/file:z - - vault-logs:/vault/logs:z - ### ================= - ### BEGIN NEW CONTENT - ### ================= - device-ssh-proxy: - build: - context: device-ssh-proxy - command: docker-entrypoint.sh - container_name: edgex-device-ssh-proxy - depends_on: - - consul - - security-bootstrapper - entrypoint: - - /edgex-init/ready_to_run_wait_install.sh - environment: - EDGEX_SECURITY_SECRET_STORE: "true" - CLIENTS_CORE_DATA_HOST: edgex-core-data - CLIENTS_CORE_METADATA_HOST: edgex-core-metadata - MESSAGEQUEUE_HOST: edgex-redis - REGISTRY_HOST: edgex-core-consul - SECRETSTORE_HOST: edgex-vault - SECRETSTORE_PORT: '8200' - STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper - STAGEGATE_READY_TORUNPORT: '54329' - STAGEGATE_WAITFOR_TIMEOUT: '60s' - # Unique for ssh-proxy - SERVICE_HOST: edgex-device-virtual - SERVICE_PORT: 59900 - TUNNEL_HOST: 192.168.122.193 - TUNNEL_SSH_PORT: 2223 - SECRETSTORE_RUNTIMETOKENPROVIDER_HOST: edgex-security-spiffe-token-provider - SECRETSTORE_RUNTIMETOKENPROVIDER_PORT: 59841 - SECURITY_SPIRE_SERVER_HOST: edgex-security-spire-server - SECURITY_SPIRE_SERVER_PORT: 59840 - hostname: edgex-device-ssh-proxy - image: device-ssh-proxy:latest - networks: - edgex-network: - aliases: - - edgex-device-virtual - ports: - - 127.0.0.1:59900:59900/tcp - read_only: true - restart: always - security_opt: - - no-new-privileges:true - tmpfs: - - /run - volumes: - - edgex-init:/edgex-init:ro,z - - spire-ca:/srv/spiffe/ca:z - - spire-remote-agent:/srv/spiffe/remote-agent:z - - /tmp/edgex/secrets/spiffe/trust:/tmp/edgex/secrets/spiffe/trust:ro,z - - $PWD/ssh_keys:/root/.ssh - ### =============== - ### END NEW CONTENT - ### =============== -version: '3.7' -volumes: - consul-acl-token: {} - consul-config: {} - consul-data: {} - db-data: {} - edgex-init: {} - kong: {} - kuiper-connections: {} - kuiper-data: {} - kuiper-sources: {} - postgres-config: {} - postgres-data: {} - redis-config: {} - spire-agent: {} - ### =============== - ### BEGIN NEW CONTENT - ### =============== - spire-remote-agent: {} - ### =============== - ### END NEW CONTENT - ### =============== - spire-ca: {} - spire-server: {} - vault-config: {} - vault-file: {} - vault-logs: {} - diff --git a/security/remote_devices/spiffe_and_ssh/remote/docker-compose.yml b/security/remote_devices/spiffe_and_ssh/remote/docker-compose.yml index fbc4a30..0f88072 100644 --- a/security/remote_devices/spiffe_and_ssh/remote/docker-compose.yml +++ b/security/remote_devices/spiffe_and_ssh/remote/docker-compose.yml @@ -50,7 +50,7 @@ services: depends_on: - sshd-remote hostname: edgex-security-spire-agent - image: nexus3.edgexfoundry.org:10004/security-spire-agent:3.0.0 + image: edgexfoundry/security-spire-agent:3.1.0 networks: edgex-network: {} pid: host @@ -89,7 +89,7 @@ services: SECRETSTORE_RUNTIMETOKENPROVIDER_TRUSTDOMAIN: edgexfoundry.org SERVICE_HOST: edgex-device-virtual hostname: edgex-device-virtual - image: nexus3.edgexfoundry.org:10004/device-virtual:3.0.0 + image: edgexfoundry/device-virtual:3.1.0 networks: edgex-network: {} ports: diff --git a/security/remote_devices/spiffe_and_ssh/remote/docker-compose.yml.2.x b/security/remote_devices/spiffe_and_ssh/remote/docker-compose.yml.2.x deleted file mode 100644 index 5d295f1..0000000 --- a/security/remote_devices/spiffe_and_ssh/remote/docker-compose.yml.2.x +++ /dev/null @@ -1,107 +0,0 @@ -# * Copyright 2022 Intel Corporation. -# * -# * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except -# * in compliance with the License. You may obtain a copy of the License at -# * -# * http://www.apache.org/licenses/LICENSE-2.0 -# * -# * Unless required by applicable law or agreed to in writing, software distributed under the License -# * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express -# * or implied. See the License for the specific language governing permissions and limitations under -# * the License. -# *******************************************************************************/ - -networks: - edgex-network: - driver: bridge -services: - sshd-remote: - image: edgex-sshd-remote:latest - build: - context: sshd-remote - container_name: edgex-sshd-remote - hostname: edgex-sshd-remote - ports: - - "2223:22" - read_only: true - restart: always - security_opt: - - no-new-privileges:true - networks: - edgex-network: - aliases: - - edgex-core-consul - - edgex-core-data - - edgex-core-metadata - - edgex-redis - - edgex-security-spire-server - - edgex-security-spiffe-token-provider - - edgex-vault - tmpfs: - - /run - volumes: - - spire-remote-agent:/srv/spiffe/remote-agent:z - - /tmp/edgex/secrets/spiffe:/tmp/edgex/secrets/spiffe:z - remote-spire-agent: - build: - context: remote-spire-agent - command: docker-entrypoint.sh - container_name: edgex-remote-spire-agent - depends_on: - - sshd-remote - hostname: edgex-security-spire-agent - image: nexus3.edgexfoundry.org:10004/security-spire-agent:latest - networks: - edgex-network: {} - pid: host - privileged: true - read_only: true - restart: always - security_opt: - - no-new-privileges:true - tmpfs: - - /run - user: root:root - volumes: - - spire-remote-agent:/srv/spiffe/remote-agent:z - - /tmp/edgex/secrets/spiffe:/tmp/edgex/secrets/spiffe:z - - /var/run/docker.sock:/var/run/docker.sock:rw - device-virtual: - command: /device-virtual -cp=consul.http://edgex-core-consul:8500 --registry --confdir=/res - container_name: edgex-device-virtual - depends_on: - - remote-spire-agent - environment: - CLIENTS_CORE_COMMAND_HOST: edgex-core-command - CLIENTS_CORE_DATA_HOST: edgex-core-data - CLIENTS_CORE_METADATA_HOST: edgex-core-metadata - EDGEX_SECURITY_SECRET_STORE: "true" - MESSAGEQUEUE_HOST: edgex-redis - REGISTRY_HOST: edgex-core-consul - SECRETSTORE_HOST: edgex-vault - SECRETSTORE_PORT: '8200' - SECRETSTORE_RUNTIMETOKENPROVIDER_ENABLED: "true" - SECRETSTORE_RUNTIMETOKENPROVIDER_ENDPOINTSOCKET: /tmp/edgex/secrets/spiffe/public/api.sock - SECRETSTORE_RUNTIMETOKENPROVIDER_HOST: edgex-security-spiffe-token-provider - SECRETSTORE_RUNTIMETOKENPROVIDER_PORT: 59841 - SECRETSTORE_RUNTIMETOKENPROVIDER_PROTOCOL: https - SECRETSTORE_RUNTIMETOKENPROVIDER_REQUIREDSECRETS: redisdb - SECRETSTORE_RUNTIMETOKENPROVIDER_TRUSTDOMAIN: edgexfoundry.org - SERVICE_HOST: edgex-device-virtual - hostname: edgex-device-virtual - image: nexus3.edgexfoundry.org:10004/device-virtual:latest - networks: - edgex-network: {} - ports: - - 127.0.0.1:59900:59900/tcp - read_only: true - restart: always - security_opt: - - no-new-privileges:true - user: 2002:2001 - volumes: - - /tmp/edgex/secrets/device-virtual:/tmp/edgex/secrets/device-virtual:ro,z - - /tmp/edgex/secrets/spiffe/public:/tmp/edgex/secrets/spiffe/public:ro,z -version: '3.7' -volumes: - spire-remote-agent: {}