diff --git a/docker-stack/coder.yml b/docker-stack/coder.yml index 449185e..1c1d305 100644 --- a/docker-stack/coder.yml +++ b/docker-stack/coder.yml @@ -7,10 +7,40 @@ networks: external: true services: + ## use this unsafe proxy to gain access to the docker socket. + ## group_add as suggested by coder oss isn't avaiable in compose 3 + ## even if it's supported, adding a group repliably over multiple + ## nodes isn't possible because the group id for 'docker' may not be + ## the same across multiple nodes. + coder-socat-service: + image: docker.io/alpine/socat:latest + hostname: coder-socat-service-host + command: tcp-listen:2375,fork,reuseaddr unix-connect:/var/run/docker.sock + environment: + - DS_NODE_NAME={{.Node.Hostname}} + - DS_SERVICE_NAME={{.Service.Name}} + - DS_TASK_NAME={{.Task.Name}} + volumes: + - type: bind + source: /var/run/docker.sock + target: /var/run/docker.sock + networks: + - coder-network + deploy: + mode: global + placement: + constraints: + - node.role == manager + resources: + limits: + memory: 10MB + coder-service: image: ghcr.io/coder/coder:latest hostname: coder-service-host tty: true + depends_on: + - coder-socat-service environment: - DS_NODE_NAME={{.Node.Hostname}} - DS_SERVICE_NAME={{.Service.Name}} @@ -22,6 +52,7 @@ services: - CODER_OIDC_EMAIL_DOMAIN=miflux.com - CODER_OIDC_CLIENT_ID=8fc09269-57cd-4a03-a66b-6fb357d8abec - CODER_OIDC_CLIENT_SECRET=gto_7hfqdkyg3tfc6ho5zuv2k34wl4jmnwxctzp32kvujrrmjf4bb2ta + - DOCKER_HOST=tcp://coder-socat-service-host:2375 networks: - coder-network - traefik-network @@ -42,11 +73,11 @@ services: deploy: mode: replicated replicas: 1 - placement: - max_replicas_per_node: 1 - ##constraints: - ## - node.labels.location == home - ## - node.hostname == rose + ##placement: + ## max_replicas_per_node: 1 + ## constraints: + ## - node.labels.location == home + ## - node.hostname == rose resources: limits: memory: 1GB diff --git a/docker-stack/traefik.yml b/docker-stack/traefik.yml index a63e8fa..f2b0c7d 100644 --- a/docker-stack/traefik.yml +++ b/docker-stack/traefik.yml @@ -17,6 +17,7 @@ services: - DS_SERVICE_NAME={{.Service.Name}} - DS_TASK_NAME={{.Task.Name}} volumes: + # direct binding is ok for the constraints 'node.role == manager' below - type: bind source: /var/run/docker.sock target: /var/run/docker.sock @@ -44,7 +45,8 @@ services: deploy: mode: global placement: - constraints: [node.role == manager] + constraints: + - node.role == manager command: - --log.level=INFO - --accessLog