-
Notifications
You must be signed in to change notification settings - Fork 82
/
docker-compose.yaml
66 lines (66 loc) · 2.28 KB
/
docker-compose.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
version: '3'
services:
# Root
root-server:
image: ghcr.io/spiffe/spire-server:1.5.1
hostname: root-server
volumes:
- ./root/server:/opt/spire/conf/server
command: ["-config", "/opt/spire/conf/server/server.conf"]
root-agent:
# Share the host pid namespace so this agent can attest the nested servers
pid: "host"
image: ghcr.io/spiffe/spire-agent:1.5.1
depends_on: ["root-server"]
hostname: root-agent
volumes:
# Share root-agent socket to be accessed by nested servers
- ./sharedRootSocket:/opt/spire/sockets
- ./root/agent:/opt/spire/conf/agent
- /var/run/:/var/run/
command: ["-config", "/opt/spire/conf/agent/agent.conf"]
# NestedA
nestedA-server:
# Share the host pid namespace so this server can be attested by the root agent
pid: "host"
image: ghcr.io/spiffe/spire-server:1.5.1
hostname: nestedA-server
labels:
# label to attest server against root-agent
- org.example.name=nestedA-server
depends_on: ["root-server","root-agent"]
volumes:
# Add root-agent socket
- ./sharedRootSocket:/opt/spire/sockets
- ./nestedA/server:/opt/spire/conf/server
command: ["-config", "/opt/spire/conf/server/server.conf"]
nestedA-agent:
image: ghcr.io/spiffe/spire-agent:1.5.1
hostname: nestedA-agent
depends_on: ["nestedA-server"]
volumes:
- ./nestedA/agent:/opt/spire/conf/agent
- /var/run/:/var/run/
command: ["-config", "/opt/spire/conf/agent/agent.conf"]
nestedB-server:
# Share the host pid namespace so this server can be attested by the root agent
pid: "host"
image: ghcr.io/spiffe/spire-server:1.5.1
hostname: nestedB-server
depends_on: ["root-server","root-agent"]
labels:
# Label to attest server against root-agent
- org.example.name=nestedB-server
volumes:
# Add root-agent socket
- ./sharedRootSocket:/opt/spire/sockets
- ./nestedB/server:/opt/spire/conf/server
command: ["-config", "/opt/spire/conf/server/server.conf"]
nestedB-agent:
image: ghcr.io/spiffe/spire-agent:1.5.1
hostname: nestedB-agent
depends_on: ["nestedB-server"]
volumes:
- ./nestedB/agent:/opt/spire/conf/agent
- /var/run/:/var/run/
command: ["-config", "/opt/spire/conf/agent/agent.conf"]