# * Copyright 2023 Intel Corporation. # * # * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except # * in compliance with the License. You may obtain a copy of the License at # * # * http://www.apache.org/licenses/LICENSE-2.0 # * # * Unless required by applicable law or agreed to in writing, software distributed under the License # * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express # * or implied. See the License for the specific language governing permissions and limitations under # * the License. # * # * EdgeX Foundry, Napa release # *******************************************************************************/ # # # # ************************ This is a generated compose file **************************** # # DO NOT MAKE CHANGES that are intended to be permanent to EdgeX edgex-compose repo. # # Permanent changes can be made to the source compose files located in the compose-builder folder # at the top level of the edgex-compose repo. # # From the compose-builder folder use `make build` to regenerate all standard compose files variations # name: edgex services: app-rules-engine: command: - /app-service-configurable - -cp=consul.http://edgex-core-consul:8500 - --registry container_name: edgex-app-rules-engine depends_on: consul: condition: service_started core-data: condition: service_started security-bootstrapper: condition: service_started entrypoint: - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_PROFILE: rules-engine EDGEX_SECURITY_SECRET_STORE: "true" PROXY_SETUP_HOST: edgex-security-proxy-setup SECRETSTORE_HOST: edgex-vault SERVICE_HOST: edgex-app-rules-engine STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" STAGEGATE_DATABASE_HOST: edgex-redis STAGEGATE_DATABASE_PORT: "6379" STAGEGATE_DATABASE_READYPORT: "6379" STAGEGATE_PROXYSETUP_READYPORT: "54325" STAGEGATE_READY_TORUNPORT: "54329" STAGEGATE_REGISTRY_HOST: edgex-core-consul STAGEGATE_REGISTRY_PORT: "8500" STAGEGATE_REGISTRY_READYPORT: "54324" STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" STAGEGATE_WAITFOR_TIMEOUT: 60s hostname: edgex-app-rules-engine image: edgexfoundry/app-service-configurable-arm64:3.1.0 networks: edgex-network: null ports: - mode: ingress host_ip: 127.0.0.1 target: 59701 published: "59701" protocol: tcp read_only: true restart: always security_opt: - no-new-privileges:true user: 2002:2001 volumes: - type: volume source: edgex-init target: /edgex-init read_only: true volume: {} - type: bind source: /etc/localtime target: /etc/localtime read_only: true bind: create_host_path: true - type: bind source: /tmp/edgex/secrets/app-rules-engine target: /tmp/edgex/secrets/app-rules-engine read_only: true bind: selinux: z create_host_path: true consul: command: - agent - -ui - -bootstrap - -server - -client - 0.0.0.0 container_name: edgex-core-consul depends_on: security-bootstrapper: condition: service_started vault: condition: service_started entrypoint: - /edgex-init/consul_wait_install.sh environment: EDGEX_ADD_REGISTRY_ACL_ROLES: "" EDGEX_GROUP: "2001" EDGEX_SECURITY_SECRET_STORE: "true" EDGEX_USER: "2002" PROXY_SETUP_HOST: edgex-security-proxy-setup SECRETSTORE_HOST: edgex-vault STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" STAGEGATE_DATABASE_HOST: edgex-redis STAGEGATE_DATABASE_PORT: "6379" STAGEGATE_DATABASE_READYPORT: "6379" STAGEGATE_PROXYSETUP_READYPORT: "54325" STAGEGATE_READY_TORUNPORT: "54329" STAGEGATE_REGISTRY_ACL_BOOTSTRAPTOKENPATH: /tmp/edgex/secrets/consul-acl-token/bootstrap_token.json STAGEGATE_REGISTRY_ACL_MANAGEMENTTOKENPATH: /tmp/edgex/secrets/consul-acl-token/mgmt_token.json STAGEGATE_REGISTRY_ACL_SENTINELFILEPATH: /consul/config/consul_acl_done STAGEGATE_REGISTRY_HOST: edgex-core-consul STAGEGATE_REGISTRY_PORT: "8500" STAGEGATE_REGISTRY_READYPORT: "54324" STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" STAGEGATE_WAITFOR_TIMEOUT: 60s hostname: edgex-core-consul image: hashicorp/consul:1.16.2 networks: edgex-network: null ports: - mode: ingress host_ip: 127.0.0.1 target: 8500 published: "8500" protocol: tcp read_only: true restart: always security_opt: - no-new-privileges:true user: root:root volumes: - type: volume source: consul-config target: /consul/config volume: {} - type: volume source: consul-data target: /consul/data volume: {} - type: volume source: edgex-init target: /edgex-init read_only: true volume: {} - type: volume source: consul-acl-token target: /tmp/edgex/secrets/consul-acl-token volume: {} - type: bind source: /tmp/edgex/secrets/edgex-consul target: /tmp/edgex/secrets/edgex-consul read_only: true bind: selinux: z create_host_path: true core-command: command: - /core-command - -cp=consul.http://edgex-core-consul:8500 - --registry container_name: edgex-core-command depends_on: consul: condition: service_started core-metadata: condition: service_started database: condition: service_started security-bootstrapper: condition: service_started security-secretstore-setup: condition: service_started entrypoint: - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" EXTERNALMQTT_URL: tcp://edgex-mqtt-broker:1883 PROXY_SETUP_HOST: edgex-security-proxy-setup SECRETSTORE_HOST: edgex-vault SERVICE_HOST: edgex-core-command STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" STAGEGATE_DATABASE_HOST: edgex-redis STAGEGATE_DATABASE_PORT: "6379" STAGEGATE_DATABASE_READYPORT: "6379" STAGEGATE_PROXYSETUP_READYPORT: "54325" STAGEGATE_READY_TORUNPORT: "54329" STAGEGATE_REGISTRY_HOST: edgex-core-consul STAGEGATE_REGISTRY_PORT: "8500" STAGEGATE_REGISTRY_READYPORT: "54324" STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" STAGEGATE_WAITFOR_TIMEOUT: 60s hostname: edgex-core-command image: edgexfoundry/core-command-arm64:3.1.0 networks: edgex-network: null ports: - mode: ingress host_ip: 127.0.0.1 target: 59882 published: "59882" protocol: tcp read_only: true restart: always security_opt: - no-new-privileges:true user: 2002:2001 volumes: - type: volume source: edgex-init target: /edgex-init read_only: true volume: {} - type: bind source: /etc/localtime target: /etc/localtime read_only: true bind: create_host_path: true - type: bind source: /tmp/edgex/secrets/core-command target: /tmp/edgex/secrets/core-command read_only: true bind: selinux: z create_host_path: true core-common-config-bootstrapper: command: - /entrypoint.sh - /core-common-config-bootstrapper - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-core-common-config-bootstrapper depends_on: consul: condition: service_started security-bootstrapper: condition: service_started security-secretstore-setup: condition: service_started entrypoint: - /edgex-init/ready_to_run_wait_install.sh environment: ALL_SERVICES_DATABASE_HOST: edgex-redis ALL_SERVICES_MESSAGEBUS_HOST: edgex-redis ALL_SERVICES_REGISTRY_HOST: edgex-core-consul APP_SERVICES_CLIENTS_CORE_METADATA_HOST: edgex-core-metadata DEVICE_SERVICES_CLIENTS_CORE_METADATA_HOST: edgex-core-metadata EDGEX_SECURITY_SECRET_STORE: "true" PROXY_SETUP_HOST: edgex-security-proxy-setup SECRETSTORE_HOST: edgex-vault STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" STAGEGATE_DATABASE_HOST: edgex-redis STAGEGATE_DATABASE_PORT: "6379" STAGEGATE_DATABASE_READYPORT: "6379" STAGEGATE_PROXYSETUP_READYPORT: "54325" STAGEGATE_READY_TORUNPORT: "54329" STAGEGATE_REGISTRY_HOST: edgex-core-consul STAGEGATE_REGISTRY_PORT: "8500" STAGEGATE_REGISTRY_READYPORT: "54324" STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" STAGEGATE_WAITFOR_TIMEOUT: 60s hostname: edgex-core-common-config-bootstrapper image: edgexfoundry/core-common-config-bootstrapper-arm64:3.1.0 networks: edgex-network: null read_only: true security_opt: - no-new-privileges:true user: 2002:2001 volumes: - type: volume source: edgex-init target: /edgex-init read_only: true volume: {} - type: bind source: /etc/localtime target: /etc/localtime read_only: true bind: create_host_path: true - type: bind source: /tmp/edgex/secrets/core-common-config-bootstrapper target: /tmp/edgex/secrets/core-common-config-bootstrapper read_only: true bind: selinux: z create_host_path: true core-data: command: - /core-data - -cp=consul.http://edgex-core-consul:8500 - --registry container_name: edgex-core-data depends_on: consul: condition: service_started core-metadata: condition: service_started database: condition: service_started security-bootstrapper: condition: service_started security-secretstore-setup: condition: service_started entrypoint: - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" PROXY_SETUP_HOST: edgex-security-proxy-setup SECRETSTORE_HOST: edgex-vault SERVICE_HOST: edgex-core-data STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" STAGEGATE_DATABASE_HOST: edgex-redis STAGEGATE_DATABASE_PORT: "6379" STAGEGATE_DATABASE_READYPORT: "6379" STAGEGATE_PROXYSETUP_READYPORT: "54325" STAGEGATE_READY_TORUNPORT: "54329" STAGEGATE_REGISTRY_HOST: edgex-core-consul STAGEGATE_REGISTRY_PORT: "8500" STAGEGATE_REGISTRY_READYPORT: "54324" STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" STAGEGATE_WAITFOR_TIMEOUT: 60s hostname: edgex-core-data image: edgexfoundry/core-data-arm64:3.1.0 networks: edgex-network: null ports: - mode: ingress host_ip: 127.0.0.1 target: 59880 published: "59880" protocol: tcp read_only: true restart: always security_opt: - no-new-privileges:true user: 2002:2001 volumes: - type: volume source: edgex-init target: /edgex-init read_only: true volume: {} - type: bind source: /etc/localtime target: /etc/localtime read_only: true bind: create_host_path: true - type: bind source: /tmp/edgex/secrets/core-data target: /tmp/edgex/secrets/core-data read_only: true bind: selinux: z create_host_path: true core-metadata: command: - /core-metadata - -cp=consul.http://edgex-core-consul:8500 - --registry container_name: edgex-core-metadata depends_on: consul: condition: service_started database: condition: service_started security-bootstrapper: condition: service_started security-secretstore-setup: condition: service_started entrypoint: - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" PROXY_SETUP_HOST: edgex-security-proxy-setup SECRETSTORE_HOST: edgex-vault SERVICE_HOST: edgex-core-metadata STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" STAGEGATE_DATABASE_HOST: edgex-redis STAGEGATE_DATABASE_PORT: "6379" STAGEGATE_DATABASE_READYPORT: "6379" STAGEGATE_PROXYSETUP_READYPORT: "54325" STAGEGATE_READY_TORUNPORT: "54329" STAGEGATE_REGISTRY_HOST: edgex-core-consul STAGEGATE_REGISTRY_PORT: "8500" STAGEGATE_REGISTRY_READYPORT: "54324" STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" STAGEGATE_WAITFOR_TIMEOUT: 60s hostname: edgex-core-metadata image: edgexfoundry/core-metadata-arm64:3.1.0 networks: edgex-network: null ports: - mode: ingress host_ip: 127.0.0.1 target: 59881 published: "59881" protocol: tcp read_only: true restart: always security_opt: - no-new-privileges:true user: 2002:2001 volumes: - type: volume source: edgex-init target: /edgex-init read_only: true volume: {} - type: bind source: /etc/localtime target: /etc/localtime read_only: true bind: create_host_path: true - type: bind source: /tmp/edgex/secrets/core-metadata target: /tmp/edgex/secrets/core-metadata read_only: true bind: selinux: z create_host_path: true database: container_name: edgex-redis depends_on: security-bootstrapper: condition: service_started security-secretstore-setup: condition: service_started entrypoint: - /edgex-init/redis_wait_install.sh environment: DATABASECONFIG_NAME: redis.conf DATABASECONFIG_PATH: /run/redis/conf EDGEX_SECURITY_SECRET_STORE: "true" PROXY_SETUP_HOST: edgex-security-proxy-setup SECRETSTORE_HOST: edgex-vault STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" STAGEGATE_DATABASE_HOST: edgex-redis STAGEGATE_DATABASE_PORT: "6379" STAGEGATE_DATABASE_READYPORT: "6379" STAGEGATE_PROXYSETUP_READYPORT: "54325" STAGEGATE_READY_TORUNPORT: "54329" STAGEGATE_REGISTRY_HOST: edgex-core-consul STAGEGATE_REGISTRY_PORT: "8500" STAGEGATE_REGISTRY_READYPORT: "54324" STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" STAGEGATE_WAITFOR_TIMEOUT: 60s hostname: edgex-redis image: redis:7.0.14-alpine networks: edgex-network: null ports: - mode: ingress host_ip: 127.0.0.1 target: 6379 published: "6379" protocol: tcp read_only: true restart: always security_opt: - no-new-privileges:true tmpfs: - /run user: root:root volumes: - type: volume source: db-data target: /data volume: {} - type: volume source: edgex-init target: /edgex-init read_only: true volume: {} - type: volume source: redis-config target: /run/redis/conf volume: {} - type: bind source: /tmp/edgex/secrets/security-bootstrapper-redis target: /tmp/edgex/secrets/security-bootstrapper-redis read_only: true bind: selinux: z create_host_path: true device-rest: command: - /device-rest - -cp=consul.http://edgex-core-consul:8500 - --registry container_name: edgex-device-rest depends_on: consul: condition: service_started core-data: condition: service_started core-metadata: condition: service_started security-bootstrapper: condition: service_started entrypoint: - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" PROXY_SETUP_HOST: edgex-security-proxy-setup SECRETSTORE_HOST: edgex-vault SERVICE_HOST: edgex-device-rest STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" STAGEGATE_DATABASE_HOST: edgex-redis STAGEGATE_DATABASE_PORT: "6379" STAGEGATE_DATABASE_READYPORT: "6379" STAGEGATE_PROXYSETUP_READYPORT: "54325" STAGEGATE_READY_TORUNPORT: "54329" STAGEGATE_REGISTRY_HOST: edgex-core-consul STAGEGATE_REGISTRY_PORT: "8500" STAGEGATE_REGISTRY_READYPORT: "54324" STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" STAGEGATE_WAITFOR_TIMEOUT: 60s hostname: edgex-device-rest image: edgexfoundry/device-rest-arm64:3.1.0 networks: edgex-network: null ports: - mode: ingress host_ip: 127.0.0.1 target: 59986 published: "59986" protocol: tcp read_only: true restart: always security_opt: - no-new-privileges:true user: 2002:2001 volumes: - type: volume source: edgex-init target: /edgex-init read_only: true volume: {} - type: bind source: /etc/localtime target: /etc/localtime read_only: true bind: create_host_path: true - type: bind source: /tmp/edgex/secrets/device-rest target: /tmp/edgex/secrets/device-rest read_only: true bind: selinux: z create_host_path: true device-virtual: command: - /device-virtual - -cp=consul.http://edgex-core-consul:8500 - --registry container_name: edgex-device-virtual depends_on: consul: condition: service_started core-data: condition: service_started core-metadata: condition: service_started security-bootstrapper: condition: service_started entrypoint: - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" PROXY_SETUP_HOST: edgex-security-proxy-setup SECRETSTORE_HOST: edgex-vault SERVICE_HOST: edgex-device-virtual STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" STAGEGATE_DATABASE_HOST: edgex-redis STAGEGATE_DATABASE_PORT: "6379" STAGEGATE_DATABASE_READYPORT: "6379" STAGEGATE_PROXYSETUP_READYPORT: "54325" STAGEGATE_READY_TORUNPORT: "54329" STAGEGATE_REGISTRY_HOST: edgex-core-consul STAGEGATE_REGISTRY_PORT: "8500" STAGEGATE_REGISTRY_READYPORT: "54324" STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" STAGEGATE_WAITFOR_TIMEOUT: 60s hostname: edgex-device-virtual image: edgexfoundry/device-virtual-arm64:3.1.0 networks: edgex-network: null ports: - mode: ingress host_ip: 127.0.0.1 target: 59900 published: "59900" protocol: tcp read_only: true restart: always security_opt: - no-new-privileges:true user: 2002:2001 volumes: - type: volume source: edgex-init target: /edgex-init read_only: true volume: {} - type: bind source: /etc/localtime target: /etc/localtime read_only: true bind: create_host_path: true - type: bind source: /tmp/edgex/secrets/device-virtual target: /tmp/edgex/secrets/device-virtual read_only: true bind: selinux: z create_host_path: true nginx: command: - /docker-entrypoint.sh - nginx - -g - daemon off; container_name: edgex-nginx depends_on: security-secretstore-setup: condition: service_started entrypoint: - /bin/sh - /edgex-init/nginx_wait_install.sh environment: PROXY_SETUP_HOST: edgex-security-proxy-setup STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" STAGEGATE_DATABASE_HOST: edgex-redis STAGEGATE_DATABASE_PORT: "6379" STAGEGATE_DATABASE_READYPORT: "6379" STAGEGATE_PROXYSETUP_READYPORT: "54325" STAGEGATE_READY_TORUNPORT: "54329" STAGEGATE_REGISTRY_HOST: edgex-core-consul STAGEGATE_REGISTRY_PORT: "8500" STAGEGATE_REGISTRY_READYPORT: "54324" STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" STAGEGATE_WAITFOR_TIMEOUT: 60s hostname: edgex-nginx image: nginx:1.25.3-alpine-slim networks: edgex-network: aliases: - edgex-kong ports: - mode: ingress target: 8443 published: "8443" protocol: tcp read_only: true restart: always security_opt: - no-new-privileges:true tmpfs: - /etc/nginx/conf.d - /var/cache/nginx - /var/log/nginx - /var/run volumes: - type: volume source: edgex-init target: /edgex-init read_only: true volume: {} - type: volume source: nginx-templates target: /etc/nginx/templates volume: {} - type: volume source: nginx-tls target: /etc/ssl/nginx volume: {} rules-engine: container_name: edgex-kuiper depends_on: database: condition: service_started security-bootstrapper: condition: service_started security-secretstore-setup: condition: service_started entrypoint: - /edgex-init/kuiper_wait_install.sh environment: CONNECTION__EDGEX__REDISMSGBUS__PORT: "6379" CONNECTION__EDGEX__REDISMSGBUS__PROTOCOL: redis CONNECTION__EDGEX__REDISMSGBUS__SERVER: edgex-redis CONNECTION__EDGEX__REDISMSGBUS__TYPE: redis EDGEX__DEFAULT__PORT: "6379" EDGEX__DEFAULT__PROTOCOL: redis EDGEX__DEFAULT__SERVER: edgex-redis EDGEX__DEFAULT__TOPIC: edgex/rules-events EDGEX__DEFAULT__TYPE: redis KUIPER__BASIC__CONSOLELOG: "true" KUIPER__BASIC__RESTPORT: "59720" PROXY_SETUP_HOST: edgex-security-proxy-setup STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" STAGEGATE_DATABASE_HOST: edgex-redis STAGEGATE_DATABASE_PORT: "6379" STAGEGATE_DATABASE_READYPORT: "6379" STAGEGATE_PROXYSETUP_READYPORT: "54325" STAGEGATE_READY_TORUNPORT: "54329" STAGEGATE_REGISTRY_HOST: edgex-core-consul STAGEGATE_REGISTRY_PORT: "8500" STAGEGATE_REGISTRY_READYPORT: "54324" STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" STAGEGATE_WAITFOR_TIMEOUT: 60s hostname: edgex-kuiper image: lfedge/ekuiper:1.11.4-alpine networks: edgex-network: null ports: - mode: ingress host_ip: 127.0.0.1 target: 59720 published: "59720" protocol: tcp read_only: true restart: always security_opt: - no-new-privileges:true user: kuiper:kuiper volumes: - type: volume source: edgex-init target: /edgex-init read_only: true volume: {} - type: bind source: /etc/localtime target: /etc/localtime read_only: true bind: create_host_path: true - type: volume source: kuiper-data target: /kuiper/data volume: {} - type: volume source: kuiper-etc target: /kuiper/etc volume: {} - type: volume source: kuiper-connections target: /kuiper/etc/connections volume: {} - type: volume source: kuiper-sources target: /kuiper/etc/sources volume: {} - type: volume source: kuiper-log target: /kuiper/log volume: {} - type: volume source: kuiper-plugins target: /kuiper/plugins volume: {} security-bootstrapper: container_name: edgex-security-bootstrapper environment: EDGEX_GROUP: "2001" EDGEX_USER: "2002" PROXY_SETUP_HOST: edgex-security-proxy-setup STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" STAGEGATE_DATABASE_HOST: edgex-redis STAGEGATE_DATABASE_PORT: "6379" STAGEGATE_DATABASE_READYPORT: "6379" STAGEGATE_PROXYSETUP_READYPORT: "54325" STAGEGATE_READY_TORUNPORT: "54329" STAGEGATE_REGISTRY_HOST: edgex-core-consul STAGEGATE_REGISTRY_PORT: "8500" STAGEGATE_REGISTRY_READYPORT: "54324" STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" STAGEGATE_WAITFOR_TIMEOUT: 60s hostname: edgex-security-bootstrapper image: edgexfoundry/security-bootstrapper-arm64:3.1.0 networks: edgex-network: null read_only: true restart: always security_opt: - no-new-privileges:true user: root:root volumes: - type: bind source: /etc/localtime target: /etc/localtime read_only: true bind: create_host_path: true - type: volume source: edgex-init target: /edgex-init volume: {} security-proxy-auth: command: - entrypoint.sh - /security-proxy-auth - -cp=consul.http://edgex-core-consul:8500 - --registry container_name: edgex-proxy-auth depends_on: security-secretstore-setup: condition: service_started entrypoint: - /bin/sh - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" PROXY_SETUP_HOST: edgex-security-proxy-setup SECRETSTORE_HOST: edgex-vault SERVICE_HOST: edgex-proxy-auth STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" STAGEGATE_DATABASE_HOST: edgex-redis STAGEGATE_DATABASE_PORT: "6379" STAGEGATE_DATABASE_READYPORT: "6379" STAGEGATE_PROXYSETUP_READYPORT: "54325" STAGEGATE_READY_TORUNPORT: "54329" STAGEGATE_REGISTRY_HOST: edgex-core-consul STAGEGATE_REGISTRY_PORT: "8500" STAGEGATE_REGISTRY_READYPORT: "54324" STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" STAGEGATE_WAITFOR_TIMEOUT: 60s hostname: edgex-proxy-auth image: edgexfoundry/security-proxy-auth-arm64:3.1.0 networks: edgex-network: null ports: - mode: ingress host_ip: 127.0.0.1 target: 59842 published: "59842" protocol: tcp read_only: true restart: always security_opt: - no-new-privileges:true volumes: - type: bind source: /etc/localtime target: /etc/localtime read_only: true bind: create_host_path: true - type: volume source: edgex-init target: /edgex-init read_only: true volume: {} - type: bind source: /tmp/edgex/secrets/security-proxy-auth target: /tmp/edgex/secrets/security-proxy-auth read_only: true bind: selinux: z create_host_path: true security-proxy-setup: container_name: edgex-security-proxy-setup depends_on: security-bootstrapper: condition: service_started security-secretstore-setup: condition: service_started entrypoint: - /edgex-init/proxy_setup_wait_install.sh environment: EDGEX_ADD_PROXY_ROUTE: device-rest.http://edgex-device-rest:59986 EDGEX_SECURITY_SECRET_STORE: "true" PROXY_SETUP_HOST: edgex-security-proxy-setup ROUTES_CORE_COMMAND_HOST: edgex-core-command ROUTES_CORE_CONSUL_HOST: edgex-core-consul ROUTES_CORE_DATA_HOST: edgex-core-data ROUTES_CORE_METADATA_HOST: edgex-core-metadata ROUTES_DEVICE_VIRTUAL_HOST: device-virtual ROUTES_RULES_ENGINE_HOST: edgex-kuiper ROUTES_SUPPORT_NOTIFICATIONS_HOST: edgex-support-notifications ROUTES_SUPPORT_SCHEDULER_HOST: edgex-support-scheduler ROUTES_SYS_MGMT_AGENT_HOST: edgex-sys-mgmt-agent SECRETSTORE_HOST: edgex-vault STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" STAGEGATE_DATABASE_HOST: edgex-redis STAGEGATE_DATABASE_PORT: "6379" STAGEGATE_DATABASE_READYPORT: "6379" STAGEGATE_PROXYSETUP_READYPORT: "54325" STAGEGATE_READY_TORUNPORT: "54329" STAGEGATE_REGISTRY_HOST: edgex-core-consul STAGEGATE_REGISTRY_PORT: "8500" STAGEGATE_REGISTRY_READYPORT: "54324" STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" STAGEGATE_WAITFOR_TIMEOUT: 60s hostname: edgex-security-proxy-setup image: edgexfoundry/security-proxy-setup-arm64:3.1.0 networks: edgex-network: null read_only: true security_opt: - no-new-privileges:true user: root:root volumes: - type: bind source: /etc/localtime target: /etc/localtime read_only: true bind: create_host_path: true - type: volume source: edgex-init target: /edgex-init read_only: true volume: {} - type: volume source: vault-config target: /vault/config volume: {} - type: volume source: nginx-templates target: /etc/nginx/templates volume: {} - type: volume source: nginx-tls target: /etc/ssl/nginx volume: {} - type: bind source: /tmp/edgex/secrets/security-proxy-setup target: /tmp/edgex/secrets/security-proxy-setup read_only: true bind: selinux: z create_host_path: true - type: volume source: consul-acl-token target: /tmp/edgex/secrets/consul-acl-token read_only: true volume: {} security-secretstore-setup: container_name: edgex-security-secretstore-setup depends_on: security-bootstrapper: condition: service_started vault: condition: service_started environment: EDGEX_ADD_KNOWN_SECRETS: redisdb[app-rules-engine],redisdb[device-rest],message-bus[device-rest],redisdb[device-virtual],message-bus[device-virtual] EDGEX_ADD_SECRETSTORE_TOKENS: "" EDGEX_GROUP: "2001" EDGEX_SECURITY_SECRET_STORE: "true" EDGEX_USER: "2002" PROXY_SETUP_HOST: edgex-security-proxy-setup SECRETSTORE_HOST: edgex-vault SECUREMESSAGEBUS_TYPE: redis STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" STAGEGATE_DATABASE_HOST: edgex-redis STAGEGATE_DATABASE_PORT: "6379" STAGEGATE_DATABASE_READYPORT: "6379" STAGEGATE_PROXYSETUP_READYPORT: "54325" STAGEGATE_READY_TORUNPORT: "54329" STAGEGATE_REGISTRY_HOST: edgex-core-consul STAGEGATE_REGISTRY_PORT: "8500" STAGEGATE_REGISTRY_READYPORT: "54324" STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" STAGEGATE_WAITFOR_TIMEOUT: 60s hostname: edgex-security-secretstore-setup image: edgexfoundry/security-secretstore-setup-arm64:3.1.0 networks: edgex-network: null read_only: true restart: always security_opt: - no-new-privileges:true tmpfs: - /run - /vault user: root:root volumes: - type: volume source: edgex-init target: /edgex-init read_only: true volume: {} - type: bind source: /etc/localtime target: /etc/localtime read_only: true bind: create_host_path: true - type: bind source: /tmp/edgex/secrets target: /tmp/edgex/secrets bind: selinux: z create_host_path: true - type: volume source: kuiper-sources target: /tmp/kuiper volume: {} - type: volume source: kuiper-connections target: /tmp/kuiper-connections volume: {} - type: volume source: vault-config target: /vault/config volume: {} support-notifications: command: - /support-notifications - -cp=consul.http://edgex-core-consul:8500 - --registry container_name: edgex-support-notifications depends_on: consul: condition: service_started database: condition: service_started security-bootstrapper: condition: service_started security-secretstore-setup: condition: service_started entrypoint: - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" PROXY_SETUP_HOST: edgex-security-proxy-setup SECRETSTORE_HOST: edgex-vault SERVICE_HOST: edgex-support-notifications STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" STAGEGATE_DATABASE_HOST: edgex-redis STAGEGATE_DATABASE_PORT: "6379" STAGEGATE_DATABASE_READYPORT: "6379" STAGEGATE_PROXYSETUP_READYPORT: "54325" STAGEGATE_READY_TORUNPORT: "54329" STAGEGATE_REGISTRY_HOST: edgex-core-consul STAGEGATE_REGISTRY_PORT: "8500" STAGEGATE_REGISTRY_READYPORT: "54324" STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" STAGEGATE_WAITFOR_TIMEOUT: 60s hostname: edgex-support-notifications image: edgexfoundry/support-notifications-arm64:3.1.0 networks: edgex-network: null ports: - mode: ingress host_ip: 127.0.0.1 target: 59860 published: "59860" protocol: tcp read_only: true restart: always security_opt: - no-new-privileges:true user: 2002:2001 volumes: - type: volume source: edgex-init target: /edgex-init read_only: true volume: {} - type: bind source: /etc/localtime target: /etc/localtime read_only: true bind: create_host_path: true - type: bind source: /tmp/edgex/secrets/support-notifications target: /tmp/edgex/secrets/support-notifications read_only: true bind: selinux: z create_host_path: true support-scheduler: command: - /support-scheduler - -cp=consul.http://edgex-core-consul:8500 - --registry container_name: edgex-support-scheduler depends_on: consul: condition: service_started database: condition: service_started security-bootstrapper: condition: service_started security-secretstore-setup: condition: service_started entrypoint: - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" INTERVALACTIONS_SCRUBAGED_HOST: edgex-core-data INTERVALACTIONS_SCRUBPUSHED_HOST: edgex-core-data PROXY_SETUP_HOST: edgex-security-proxy-setup SECRETSTORE_HOST: edgex-vault SERVICE_HOST: edgex-support-scheduler STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" STAGEGATE_DATABASE_HOST: edgex-redis STAGEGATE_DATABASE_PORT: "6379" STAGEGATE_DATABASE_READYPORT: "6379" STAGEGATE_PROXYSETUP_READYPORT: "54325" STAGEGATE_READY_TORUNPORT: "54329" STAGEGATE_REGISTRY_HOST: edgex-core-consul STAGEGATE_REGISTRY_PORT: "8500" STAGEGATE_REGISTRY_READYPORT: "54324" STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" STAGEGATE_WAITFOR_TIMEOUT: 60s hostname: edgex-support-scheduler image: edgexfoundry/support-scheduler-arm64:3.1.0 networks: edgex-network: null ports: - mode: ingress host_ip: 127.0.0.1 target: 59861 published: "59861" protocol: tcp read_only: true restart: always security_opt: - no-new-privileges:true user: 2002:2001 volumes: - type: volume source: edgex-init target: /edgex-init read_only: true volume: {} - type: bind source: /etc/localtime target: /etc/localtime read_only: true bind: create_host_path: true - type: bind source: /tmp/edgex/secrets/support-scheduler target: /tmp/edgex/secrets/support-scheduler read_only: true bind: selinux: z create_host_path: true ui: container_name: edgex-ui-go environment: EDGEX_SECURITY_SECRET_STORE: "true" SERVICE_HOST: edgex-ui-go hostname: edgex-ui-go image: edgexfoundry/edgex-ui-arm64:3.1.0 networks: edgex-network: null ports: - mode: ingress target: 4000 published: "4000" protocol: tcp read_only: true restart: always security_opt: - no-new-privileges:true user: 2002:2001 volumes: - type: bind source: /etc/localtime target: /etc/localtime read_only: true bind: create_host_path: true vault: cap_add: - IPC_LOCK command: - server container_name: edgex-vault depends_on: security-bootstrapper: condition: service_started entrypoint: - /edgex-init/vault_wait_install.sh environment: PROXY_SETUP_HOST: edgex-security-proxy-setup STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" STAGEGATE_DATABASE_HOST: edgex-redis STAGEGATE_DATABASE_PORT: "6379" STAGEGATE_DATABASE_READYPORT: "6379" STAGEGATE_PROXYSETUP_READYPORT: "54325" STAGEGATE_READY_TORUNPORT: "54329" STAGEGATE_REGISTRY_HOST: edgex-core-consul STAGEGATE_REGISTRY_PORT: "8500" STAGEGATE_REGISTRY_READYPORT: "54324" STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" STAGEGATE_WAITFOR_TIMEOUT: 60s VAULT_ADDR: http://edgex-vault:8200 VAULT_CONFIG_DIR: /vault/config VAULT_UI: "true" hostname: edgex-vault image: hashicorp/vault:1.14.5 networks: edgex-network: null ports: - mode: ingress host_ip: 127.0.0.1 target: 8200 published: "8200" protocol: tcp restart: always tmpfs: - /vault/config user: root:root volumes: - type: volume source: edgex-init target: /edgex-init read_only: true volume: {} - type: volume source: vault-file target: /vault/file volume: {} - type: volume source: vault-logs target: /vault/logs volume: {} networks: edgex-network: name: edgex_edgex-network driver: bridge volumes: consul-acl-token: name: edgex_consul-acl-token consul-config: name: edgex_consul-config consul-data: name: edgex_consul-data db-data: name: edgex_db-data edgex-init: name: edgex_edgex-init kuiper-connections: name: edgex_kuiper-connections kuiper-data: name: edgex_kuiper-data kuiper-etc: name: edgex_kuiper-etc kuiper-log: name: edgex_kuiper-log kuiper-plugins: name: edgex_kuiper-plugins kuiper-sources: name: edgex_kuiper-sources nginx-templates: name: edgex_nginx-templates nginx-tls: name: edgex_nginx-tls redis-config: name: edgex_redis-config vault-config: name: edgex_vault-config vault-file: name: edgex_vault-file vault-logs: name: edgex_vault-logs