Перейти к содержанию

Приложение 10. Пример docker-compose.yml для контейнера hub-engine-manager

Примечание

В версиях Docker-compose 2.26.0 и выше для ограничения по процессам вместо параметра pids_limit требуется использовать поле deploy.resources.limits.pids.

В docker-compose.yml для версий Docker-compose 2.26.0 и выше поле, которое в версиях ниже 2.26.0 описывалось так:

pids_limit: 100

должно быть определено следующим образом:

deploy:
    resources:
        limits:
            pids: 100

Ниже приведен пример docker-compose.yml для версий Docker-compose выше 2.26.0.

services:
    jenkins:
        image: docker.swordfishsecurity.com/appsechub/hub-engine-manager:${hub_engine_manager_version}
        container_name: jenkins
        user: 1000:1000
        ports:
            - 8080:8080
        environment:
            - JENKINS_URL=http://jenkins.company.com
            - JENKINS_ADMIN_USER=admin
            - JENKINS_ADMIN_PASSWORD=<some-password>
            - DOCKER_HOST=tcp://docker-in-docker:2375
            - gradle_dependency_task=dependencies
            - fetch_license=true
            - maven_home=/opt/maven
            - gradle_home=/opt/gradle
            - github_token=
            - gradle_args=
            - mvn_args=
            - cdxgen_npm_url=https://registry.npmjs.org/
            - cdxgen_maven_central_url=https://repo1.maven.org/maven2/
            - cdxgen_android_maven=https://maven.google.com/
            - cdxgen_pypi_url=https://pypi.org/pypi/
            - cdxgen_go_url=https://pkg.go.dev/
            - cdxgen_nuget_url=https://api.nuget.org/v3/registration3/
        networks:
            - network
        volumes:
            - ./jenkins_home:/var/jenkins_home:z
            - ./fortify/projects:/fortify/projects
            - /etc/localtime:/etc/localtime
            - /etc/timezone:/etc/timezone
            - ./certs:/tmp/certs
        # pids_limit: 100
        security_opt:
            - no-new-privileges
        restart: on-failure:5
        cpu_shares: 1024
        deploy:
            resources:
                limits:
                    memory: 2048M
                    pids: 100

    node-all:
        image: docker.swordfishsecurity.com/appsechub/hub-engine:${hub_engine_version}
        container_name: node-all
        networks:
            - network
        user: 2000:2000
        environment:
            - LANG=en_US.utf-8
            - DOCKER_HOST=tcp://docker-in-docker:2375
        volumes:
            - ./ssh-pub-keys-all:/home/ubuntu/.ssh
            - ./jenkins-slave-all:/home/ubuntu/jenkins-slave
            - /etc/localtime:/etc/localtime
            - /etc/timezone:/etc/timezone
            - ./certs:/tmp/certs
        restart: on-failure:5
        cpu_shares: 2048
        deploy:
            resources:
                limits:
                    memory: 3072M

    docker-in-docker:
        image: docker.swordfishsecurity.com/public/sfs-docker:19.03.3-dind
        container_name: docker-in-docker
        privileged: true
        volumes:
            - ./docker-certs:/etc/docker/certs.d
            - /sys/fs/cgroup:/sys/fs/cgroup:ro
        environment:
            - DOCKER_TLS_CERTDIR=
        networks:
            - network
        # pids_limit: 100
        restart: on-failure:5
        cpu_shares: 512
        deploy:
            resources:
                limits:
                    memory: 512M
                    pids: 100

networks:
    network:
        driver: "bridge"
        driver_opts:
            com.docker.network.driver.mtu: 1450
К началу