Приложение 10. Пример docker-compose.yml для контейнера hub-engine-manager
Примечание
В версиях Docker-compose 2.26.0 и выше для ограничения по процессам вместо параметра pids_limit
требуется использовать поле deploy.resources.limits.pids
.
В docker-compose.yml для версий Docker-compose 2.26.0 и выше поле, которое в версиях ниже 2.26.0 описывалось так:
должно быть определено следующим образом:
Ниже приведен пример docker-compose.yml для версий Docker-compose выше 2.26.0.
services:
jenkins:
image: docker.swordfishsecurity.com/appsechub/hub-engine-manager:${hub_engine_manager_version}
container_name: jenkins
user: 1000:1000
ports:
- 8080:8080
environment:
- JENKINS_URL=http://jenkins.company.com
- JENKINS_ADMIN_USER=admin
- JENKINS_ADMIN_PASSWORD=<some-password>
- DOCKER_HOST=tcp://docker-in-docker:2375
- gradle_dependency_task=dependencies
- fetch_license=true
- maven_home=/opt/maven
- gradle_home=/opt/gradle
- github_token=
- gradle_args=
- mvn_args=
- cdxgen_npm_url=https://registry.npmjs.org/
- cdxgen_maven_central_url=https://repo1.maven.org/maven2/
- cdxgen_android_maven=https://maven.google.com/
- cdxgen_pypi_url=https://pypi.org/pypi/
- cdxgen_go_url=https://pkg.go.dev/
- cdxgen_nuget_url=https://api.nuget.org/v3/registration3/
networks:
- network
volumes:
- ./jenkins_home:/var/jenkins_home:z
- ./fortify/projects:/fortify/projects
- /etc/localtime:/etc/localtime
- /etc/timezone:/etc/timezone
- ./certs:/tmp/certs
# pids_limit: 100
security_opt:
- no-new-privileges
restart: on-failure:5
cpu_shares: 1024
deploy:
resources:
limits:
memory: 2048M
pids: 100
node-all:
image: docker.swordfishsecurity.com/appsechub/hub-engine:${hub_engine_version}
container_name: node-all
networks:
- network
user: 2000:2000
environment:
- LANG=en_US.utf-8
- DOCKER_HOST=tcp://docker-in-docker:2375
volumes:
- ./ssh-pub-keys-all:/home/ubuntu/.ssh
- ./jenkins-slave-all:/home/ubuntu/jenkins-slave
- /etc/localtime:/etc/localtime
- /etc/timezone:/etc/timezone
- ./certs:/tmp/certs
restart: on-failure:5
cpu_shares: 2048
deploy:
resources:
limits:
memory: 3072M
docker-in-docker:
image: docker.swordfishsecurity.com/public/sfs-docker:19.03.3-dind
container_name: docker-in-docker
privileged: true
volumes:
- ./docker-certs:/etc/docker/certs.d
- /sys/fs/cgroup:/sys/fs/cgroup:ro
environment:
- DOCKER_TLS_CERTDIR=
networks:
- network
# pids_limit: 100
restart: on-failure:5
cpu_shares: 512
deploy:
resources:
limits:
memory: 512M
pids: 100
networks:
network:
driver: "bridge"
driver_opts:
com.docker.network.driver.mtu: 1450