forked from openfaas/faas
-
Notifications
You must be signed in to change notification settings - Fork 0
/
docker-compose.yml
232 lines (221 loc) · 7.28 KB
/
docker-compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
version: "3.3"
services:
gateway:
ports:
- 8080:8080
image: openfaas/gateway:0.17.0
networks:
- functions
environment:
functions_provider_url: "http://faas-swarm:8080/"
read_timeout: "5m5s" # Maximum time to read HTTP request
write_timeout: "5m5s" # Maximum time to write HTTP response
upstream_timeout: "5m" # Maximum duration of upstream function call - should be more than read_timeout and write_timeout
dnsrr: "true" # Temporarily use dnsrr in place of VIP while issue persists on PWD
faas_nats_address: "nats"
faas_nats_port: 4222
direct_functions: "true" # Functions are invoked directly over the overlay network
direct_functions_suffix: ""
basic_auth: "${BASIC_AUTH:-true}"
secret_mount_path: "/run/secrets/"
scale_from_zero: "true" # Enable if you want functions to scale from 0/0 to min replica count upon invoke
max_idle_conns: 1024
max_idle_conns_per_host: 1024
auth_proxy_url: "${AUTH_URL:-}"
auth_proxy_pass_body: "false"
deploy:
resources:
# limits: # Enable if you want to limit memory usage
# memory: 200M
reservations:
memory: 100M
restart_policy:
condition: on-failure
delay: 5s
max_attempts: 20
window: 380s
placement:
constraints:
- "node.platform.os == linux"
secrets:
- basic-auth-user
- basic-auth-password
# auth service provide basic-auth plugin for system APIs
basic-auth-plugin:
image: openfaas/basic-auth-plugin:0.17.0
networks:
- functions
environment:
secret_mount_path: "/run/secrets/"
user_filename: "basic-auth-user"
pass_filename: "basic-auth-password"
deploy:
placement:
constraints:
- "node.role == manager"
- "node.platform.os == linux"
resources:
# limits: # Enable if you want to limit memory usage
# memory: 100M
reservations:
memory: 50M
restart_policy:
condition: on-failure
delay: 5s
max_attempts: 20
window: 380s
secrets:
- basic-auth-user
- basic-auth-password
# Docker Swarm provider
faas-swarm:
volumes:
- "/var/run/docker.sock:/var/run/docker.sock"
image: openfaas/faas-swarm:0.7.3
networks:
- functions
environment:
read_timeout: "5m5s" # set both here, and on your functions
write_timeout: "5m5s" # set both here, and on your functions
DOCKER_API_VERSION: "1.30"
basic_auth: "${BASIC_AUTH:-true}"
secret_mount_path: "/run/secrets/"
deploy:
placement:
constraints:
- "node.role == manager"
- "node.platform.os == linux"
resources:
# limits: # Enable if you want to limit memory usage
# memory: 100M
reservations:
memory: 100M
restart_policy:
condition: on-failure
delay: 5s
max_attempts: 20
window: 380s
secrets:
- basic-auth-user
- basic-auth-password
nats:
image: nats-streaming:0.11.2
# Uncomment the following port mappings if you wish to expose the
# NATS client and/or management ports you must also add `-m 8222` to the command
# ports:
# - 4222:4222
# - 8222:8222
command: "--store memory --cluster_id faas-cluster"
networks:
- functions
deploy:
resources:
limits:
memory: 125M
reservations:
memory: 50M
placement:
constraints:
- "node.platform.os == linux"
queue-worker:
image: openfaas/queue-worker:0.8.0
networks:
- functions
environment:
max_inflight: "1"
ack_wait: "5m5s" # Max duration of any async task / request
basic_auth: "${BASIC_AUTH:-true}"
secret_mount_path: "/run/secrets/"
gateway_invoke: "true"
faas_gateway_address: "gateway"
deploy:
resources:
limits:
memory: 50M
reservations:
memory: 20M
restart_policy:
condition: on-failure
delay: 5s
max_attempts: 20
window: 380s
placement:
constraints:
- "node.platform.os == linux"
secrets:
- basic-auth-user
- basic-auth-password
# End services
# Start monitoring
prometheus:
image: prom/prometheus:v2.7.1
environment:
no_proxy: "gateway"
configs:
- source: prometheus_config
target: /etc/prometheus/prometheus.yml
- source: prometheus_rules
target: /etc/prometheus/alert.rules.yml
command:
- "--config.file=/etc/prometheus/prometheus.yml"
# - '-storage.local.path=/prometheus'
ports:
- 9090:9090
networks:
- functions
deploy:
placement:
constraints:
- "node.role == manager"
- "node.platform.os == linux"
resources:
limits:
memory: 500M
reservations:
memory: 200M
alertmanager:
image: prom/alertmanager:v0.16.1
environment:
no_proxy: "gateway"
command:
- "--config.file=/alertmanager.yml"
- "--storage.path=/alertmanager"
networks:
- functions
# Uncomment the following port mapping if you wish to expose the Prometheus
# Alertmanager UI.
# ports:
# - 9093:9093
deploy:
resources:
limits:
memory: 50M
reservations:
memory: 20M
placement:
constraints:
- "node.role == manager"
- "node.platform.os == linux"
configs:
- source: alertmanager_config
target: /alertmanager.yml
secrets:
- basic-auth-password
configs:
prometheus_config:
file: ./prometheus/prometheus.yml
prometheus_rules:
file: ./prometheus/alert.rules.yml
alertmanager_config:
file: ./prometheus/alertmanager.yml
networks:
functions:
driver: overlay
attachable: true
labels:
- "openfaas=true"
secrets:
basic-auth-user:
external: true
basic-auth-password:
external: true