#cloud-config # Copyright 2024 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # https://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # https://hub.docker.com/r/nginx/nginx/ # https://nginx.io/manual/toc/#installation users: - name: bindplane uid: 2000 %{ for user in users } - name: ${user.username} uid: ${user.uid} %{ endfor } write_files: - path: /var/lib/docker/daemon.json permissions: 0644 owner: root content: | { "live-restore": true, "storage-driver": "overlay2", "log-opts": { "max-size": "1024m" } } - path: /run/bindplane/docker-compose.yml permissions: 0644 owner: root content: | version: "3" volumes: bindplane: prometheus: services: prometheus: container_name: bindplane-prometheus restart: always image: ${bindplane_prometheus_image} ports: - "9090:9090" volumes: - prometheus:/prometheus transform: container_name: bindplane-transform-agent restart: always image: ${bindplane_transform_agent_image} ports: - "4568:4568" bindplane: container_name: bindplane-server restart: always image: ${bindplane_server_image} ports: - "3001:3001" environment: - BINDPLANE_LICENSE=${license} - BINDPLANE_USERNAME=admin - BINDPLANE_PASSWORD=${password} - BINDPLANE_REMOTE_URL=http://${remote_url}:3001 - BINDPLANE_SESSION_SECRET=${uuid} - BINDPLANE_LOG_OUTPUT=stdout - BINDPLANE_ACCEPT_EULA=true - BINDPLANE_PROMETHEUS_ENABLE=true - BINDPLANE_PROMETHEUS_ENABLE_REMOTE=true - BINDPLANE_PROMETHEUS_HOST=prometheus - BINDPLANE_PROMETHEUS_PORT=9090 - BINDPLANE_TRANSFORM_AGENT_ENABLE_REMOTE=true - BINDPLANE_TRANSFORM_AGENT_REMOTE_AGENTS=transform:4568 volumes: - bindplane:/data depends_on: - prometheus - transform # bindplane container service - path: /etc/systemd/system/bindplane.service permissions: 0644 owner: root content: | [Unit] Description=Start bindplane containers After=gcr-online.target docker.socket Wants=gcr-online.target docker.socket docker-events-collector.service [Service] Environment="HOME=/home/bindplane" ExecStartPre=/usr/bin/docker-credential-gcr configure-docker ExecStart=/usr/bin/docker run --rm -v /var/run/docker.sock:/var/run/docker.sock -v /var:/var -v /run:/run -w=/var cryptopants/docker-compose-gcr -f /run/bindplane/docker-compose.yml up ExecStop=/usr/bin/docker rm -f $(docker ps -a -q) %{ for path, data in files } - path: ${path} owner: ${lookup(data, "owner", "root")} permissions: ${lookup(data, "permissions", "0644")} content: | ${indent(6, data.content)} %{ endfor } bootcmd: - systemctl start node-problem-detector runcmd: %{ for cmd in runcmd_pre ~} - ${cmd} %{ endfor ~} - iptables -I INPUT 1 -p tcp -m tcp --dport 3001 -m state --state NEW,ESTABLISHED -j ACCEPT - systemctl daemon-reload - systemctl start bindplane %{ for cmd in runcmd_post ~} - ${cmd} %{ endfor ~}