diff --git a/kubernetes-templates/cassandra/0/cassandra-controller.yaml b/kubernetes-templates/cassandra/0/cassandra-controller.yaml
index 9037ee0..1e7b07d 100644
--- a/kubernetes-templates/cassandra/0/cassandra-controller.yaml
+++ b/kubernetes-templates/cassandra/0/cassandra-controller.yaml
@@ -30,7 +30,7 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- image: llparse/cassandra:v1
+ image: llparse/cassandra
name: cassandra
ports:
- containerPort: 9042
diff --git a/scripts/test b/scripts/test
index 864fbd7..c40bba3 100755
--- a/scripts/test
+++ b/scripts/test
@@ -6,7 +6,7 @@ cd $(dirname $0)/..
trap "rm -rf /scratch/*" exit
GIT_BRANCH=$(git rev-parse --abbrev-ref HEAD)
-if [ -n "${DRONE_BRANCH}" ]; then
+if [ -n "${DRONE_BRANCH}" ] && [ "${DRONE_BRANCH}" != "${GIT_BRANCH}" ]; then
git checkout -b ${DRONE_BRANCH}
GIT_BRANCH=${DRONE_BRANCH}
fi
diff --git a/swarm-templates/wordpress/0/rancher-compose.yml b/swarm-templates/wordpress/0/rancher-compose.yml
index 3ed1fba..fda81ae 100644
--- a/swarm-templates/wordpress/0/rancher-compose.yml
+++ b/swarm-templates/wordpress/0/rancher-compose.yml
@@ -1,6 +1,6 @@
.catalog:
name: "Wordpress"
- version: latest-rancher1
+ version: 1.0.0-latest-rancher1
description: "Blog tool, publishing platform and CMS"
minimum_rancher_version: v1.0.0-rc2
questions:
diff --git a/swarm-templates/wordpress/config.yml b/swarm-templates/wordpress/config.yml
index 97e474d..5a68a92 100644
--- a/swarm-templates/wordpress/config.yml
+++ b/swarm-templates/wordpress/config.yml
@@ -1,5 +1,5 @@
name: Wordpress
description: |
Blog tool, publishing platform and CMS
-version: latest-rancher1
+version: 1.0.0-latest-rancher1
category: Blogging
diff --git a/templates/alfresco/0/rancher-compose.yml b/templates/alfresco/0/rancher-compose.yml
index 15c8848..f32096c 100644
--- a/templates/alfresco/0/rancher-compose.yml
+++ b/templates/alfresco/0/rancher-compose.yml
@@ -1,6 +1,6 @@
.catalog:
name: "Alfresco"
- version: "5.1 201605-GA"
+ version: "5.1.0-201605-GA"
description: "Alfresco Electronic Document Management"
uuid: alfresco-5.1-201605-1
minimum_rancher_version: v0.56.0
diff --git a/templates/alfresco/config.yml b/templates/alfresco/config.yml
index 3d04415..a65eb4f 100644
--- a/templates/alfresco/config.yml
+++ b/templates/alfresco/config.yml
@@ -1,5 +1,5 @@
name: Alfresco
description: |
An ECM and BPM platform.
-version: 5.1 201605-GA
+version: 5.1.0-201605-GA
category: ECM
diff --git a/templates/confluence/0/docker-compose.yml b/templates/confluence/0/docker-compose.yml
new file mode 100644
index 0000000..9929793
--- /dev/null
+++ b/templates/confluence/0/docker-compose.yml
@@ -0,0 +1,13 @@
+confluence:
+ image: sanderkleykens/confluence:5.10.6
+ restart: always
+ environment:
+ - CATALINA_OPTS=-Xms${heap_size} -Xmx${heap_size} ${jvm_args}
+ - CONFLUENCE_PROXY_PORT=${proxy_port}
+ - CONFLUENCE_PROXY_NAME=${proxy_name}
+ - CONFLUENCE_PROXY_SCHEME=${proxy_scheme}
+ - CONFLUENCE_CONTEXT_PATH=${context_path}
+ external_links:
+ - ${database_link}:database
+ volumes:
+ - ${confluence_home}:/var/atlassian/confluence
diff --git a/templates/confluence/0/rancher-compose.yml b/templates/confluence/0/rancher-compose.yml
new file mode 100644
index 0000000..9eb3bfc
--- /dev/null
+++ b/templates/confluence/0/rancher-compose.yml
@@ -0,0 +1,69 @@
+.catalog:
+ name: "Confluence"
+ version: "5.10.6"
+ description: "Create, organize, and discuss work with your team"
+ questions:
+ - variable: "context_path"
+ label: "Context path"
+ description: |
+ The context path under which Confluence will be available
+ type: "string"
+ default: "/confluence"
+ required: true
+ - variable: "proxy_name"
+ label: "Proxy name"
+ description: |
+ When behind a proxy, specify the name through which clients will connect to Confluence. For example: confluence.mycompany.com
+ type: "string"
+ required: false
+ - variable: "proxy_port"
+ label: "Proxy port"
+ description: |
+ When behind a proxy, specify the port through which clients will connect to Confluence
+ type: "int"
+ required: false
+ - variable: "proxy_scheme"
+ label: "Proxy scheme"
+ description: |
+ When behind a proxy, specify the protocol clients will use to connect to Confluence
+ type: "enum"
+ options:
+ - http
+ - https
+ default: http
+ required: false
+ - variable: "heap_size"
+ label: "Heap size"
+ description: |
+ The size of the heap the JVM can allocate
+ type: "string"
+ default: "1024m"
+ required: true
+ - variable: "jvm_args"
+ label: "JVM arguments"
+ description: |
+ Additional arguments to pass to the JVM
+ type: "string"
+ required: false
+ - variable: "database_link"
+ label: "Database"
+ description: |
+ Service link to the database. This will be mapped to the container as 'database'
+ type: "service"
+ required: false
+ - variable: "confluence_home"
+ label: "Confluence home directory"
+ description: |
+ The location to mount the Confluence home directory on
+ type: "string"
+ required: true
+confluence:
+ scale: 1
+ health_check:
+ port: 8090
+ interval: 2000
+ initializing_timeout: 60000
+ unhealthy_threshold: 3
+ strategy: recreate
+ healthy_threshold: 2
+ response_timeout: 2000
diff --git a/templates/confluence/catalogIcon-confluence.svg b/templates/confluence/catalogIcon-confluence.svg
new file mode 100644
index 0000000..e62e807
--- /dev/null
+++ b/templates/confluence/catalogIcon-confluence.svg
@@ -0,0 +1,85 @@
+
+
+
+
diff --git a/templates/confluence/config.yml b/templates/confluence/config.yml
new file mode 100644
index 0000000..e1d0af3
--- /dev/null
+++ b/templates/confluence/config.yml
@@ -0,0 +1,5 @@
+name: Confluence
+description: |
+ Create, organize, and discuss work with your team
+version: 5.10.6
+category: Collaboration
diff --git a/templates/datadog/4/README.md b/templates/datadog/4/README.md
new file mode 100644
index 0000000..7eed15e
--- /dev/null
+++ b/templates/datadog/4/README.md
@@ -0,0 +1,16 @@
+# DataDog Agent
+
+This template deploys a [DataDog](https://www.datadoghq.com/) agent stack consisting of the official [docker-dd-agent](https://www.github.com/Datadog/docker-dd-agent) image and a configuration sidekick that provides closer integration with Rancher:
+
+* Hosts in Datadog are named correctly
+* Host labels can be exported as DataDog host tags
+* Service labels can be exported as DataDog metric tags
+
+## Service Discovery
+Please refer to the Datadog documentation [here](http://docs.datadoghq.com/guides/servicediscovery/) to learn how to provide configuration templates for Service Discovery in etcd or Consul.
+
+## Changelog
+
+**11.3.585**
+
+* Support for specifying connection options for Consul backends (ACL token, scheme, SSL certificate verification)
\ No newline at end of file
diff --git a/templates/datadog/4/docker-compose.yml b/templates/datadog/4/docker-compose.yml
new file mode 100755
index 0000000..dd6057d
--- /dev/null
+++ b/templates/datadog/4/docker-compose.yml
@@ -0,0 +1,41 @@
+datadog-init:
+ image: janeczku/datadog-rancher-init:v2.2.3
+ net: none
+ command: /bin/true
+ volumes:
+ - /opt/rancher
+ labels:
+ io.rancher.container.start_once: 'true'
+ io.rancher.container.pull_image: always
+datadog-agent:
+ image: datadog/docker-dd-agent:11.3.585
+ entrypoint: /opt/rancher/entrypoint-wrapper.py
+ command:
+ - supervisord
+ - -n
+ - -c
+ - /etc/dd-agent/supervisor.conf
+ restart: always
+ environment:
+ API_KEY: ${api_key}
+ SD_BACKEND_HOST: ${sd_backend_host}
+ SD_BACKEND_PORT: ${sd_backend_port}
+ SD_TEMPLATE_DIR: ${sd_template_dir}
+ STATSD_METRIC_NAMESPACE: ${statsd_namespace}
+ DD_STATSD_STANDALONE: "${statsd_standalone}"
+ DD_HOST_LABELS: ${host_labels}
+ DD_CONTAINER_LABELS: ${service_labels}
+ DD_SERVICE_DISCOVERY: ${service_discovery}
+ DD_SD_CONFIG_BACKEND: ${sd_config_backend}
+ DD_CONSUL_TOKEN: ${dd_consul_token}
+ DD_CONSUL_SCHEME: ${dd_consul_scheme}
+ DD_CONSUL_VERIFY: ${dd_consul_verify}
+ volumes:
+ - /var/run/docker.sock:/var/run/docker.sock
+ - /proc/:/host/proc/:ro
+ - /sys/fs/cgroup/:/host/sys/fs/cgroup:ro
+ volumes_from:
+ - datadog-init
+ labels:
+ io.rancher.scheduler.global: "${global_service}"
+ io.rancher.sidekicks: 'datadog-init'
diff --git a/templates/datadog/4/rancher-compose.yml b/templates/datadog/4/rancher-compose.yml
new file mode 100755
index 0000000..3f05a4a
--- /dev/null
+++ b/templates/datadog/4/rancher-compose.yml
@@ -0,0 +1,107 @@
+.catalog:
+ name: "DataDog"
+ version: "11.3.585-rancher1"
+ description: "Real-time performance tracking and visualization of your container-based application deployment"
+ minimum_rancher_version: v0.46.0
+ questions:
+ - variable: "api_key"
+ label: "DataDog Api Key"
+ description: |
+ Enter your DataDog API key.
+ required: true
+ type: "string"
+ - variable: "global_service"
+ label: "Global Service"
+ description: |
+ Enable this option to run a DataDog agent container on every host in the environment.
+ required: true
+ type: "boolean"
+ default: true
+ - variable: "host_labels"
+ label: "Export Host Labels as Tags"
+ description: |
+ Comma delimited list of host labels to export as DataDog host tags, e.g. 'region,zone'.
+ required: false
+ type: "string"
+ - variable: "service_labels"
+ label: "Export Service Labels as Tags"
+ description: |
+ Comma delimited list of service labels to export as DataDog metric tags.
+ 'io.rancher.stack.name' and 'io.rancher.stack_service.name' are exported by default.
+ required: false
+ type: "string"
+ - variable: "service_discovery"
+ label: "Enable Service Discovery"
+ description: |
+ Collect metrics from supported applications running in Docker containers.
+ required: true
+ type: "boolean"
+ default: false
+ - variable: sd_config_backend
+ label: Service Discovery Configuration Backend
+ description: |
+ Choose a key/value store to use for looking up application configuration templates.
+ If none is provided only auto config templates will be used.
+ required: true
+ type: enum
+ default: none
+ options:
+ - none
+ - etcd
+ - consul
+ - variable: "sd_backend_host"
+ label: "Configuration Backend Host"
+ description: |
+ IP address or DNS name to use to connect to the configuration backend.
+ required: false
+ type: "string"
+ - variable: "sd_backend_port"
+ label: "Configuration Backend Port"
+ description: |
+ Port to use to connect to the configuration backend.
+ required: false
+ type: "int"
+ - variable: "sd_template_dir"
+ label: "Configuration Backend Template Path"
+ description: |
+ Specify a custom path where the agent should look for configuration templates in the backend.
+ The default is '/datadog/check_configs'.
+ required: false
+ type: "string"
+ - variable: "dd_consul_scheme"
+ label: "Consul Connection Scheme"
+ description: |
+ Scheme to use for requests to a Consul backend.
+ required: false
+ type: enum
+ default: http
+ options:
+ - http
+ - https
+ - variable: "dd_consul_verify"
+ label: "Verify Consul SSL Certificate"
+ description: |
+ Whether to verify the SSL certificate for HTTPS requests to a Consul backend.
+ required: false
+ type: "boolean"
+ default: true
+ - variable: "dd_consul_token"
+ label: "Consul ACL Token"
+ description: |
+ If the Consul backend uses ACL, specify a token granting read access to the configuration templates.
+ required: false
+ type: "string"
+ - variable: "statsd_standalone"
+ label: "Run Standalone DogStatsD"
+ description: |
+ Enable this option to run just the DogStatsD service without the full agent.
+ Should be used with the Global Service option set 'False'.
+ required: true
+ type: "boolean"
+ default: false
+ - variable: "statsd_namespace"
+ label: "StatsD Metric Namespace"
+ description: |
+ Optional namespace for aggregated StatsD metrics.
+ required: false
+ type: "string"
diff --git a/templates/datadog/README.md b/templates/datadog/README.md
index a9c6c38..9d66c95 100644
--- a/templates/datadog/README.md
+++ b/templates/datadog/README.md
@@ -5,6 +5,3 @@ This template deploys a [DataDog](https://www.datadoghq.com/) agent stack consis
* Hosts in Datadog are named correctly
* Host labels can be exported as DataDog host tags
* Service labels can be exported as DataDog metric tags
-
-## Service Discovery
-Please refer to the Datadog documentation [here](http://docs.datadoghq.com/guides/servicediscovery/) to learn how to provide configuration templates for Service Discovery in etcd or Consul.
\ No newline at end of file
diff --git a/templates/datadog/config.yml b/templates/datadog/config.yml
index af2d0c7..a00e748 100755
--- a/templates/datadog/config.yml
+++ b/templates/datadog/config.yml
@@ -1,7 +1,7 @@
name: Datadog
description: |
Real-time performance tracking and visualization of your container-based application deployment
-version: 11.1.580-rancher1
+version: 11.3.585-rancher1
category: Monitoring
maintainer: "Jan Bruder "
license: The MIT License
diff --git a/templates/janitor/3/docker-compose.yml b/templates/janitor/3/docker-compose.yml
new file mode 100644
index 0000000..3109a9a
--- /dev/null
+++ b/templates/janitor/3/docker-compose.yml
@@ -0,0 +1,20 @@
+cleanup:
+ image: meltwater/docker-cleanup:1.8.0
+ environment:
+ CLEAN_PERIOD: ${FREQUENCY}
+ DELAY_TIME: "900"
+ KEEP_IMAGES: "${KEEP}"
+ KEEP_CONTAINERS: "${KEEPC}"
+ KEEP_CONTAINERS_NAMED: "${KEEPCN}"
+ LOOP: "true"
+ DEBUG: "0"
+ labels:
+ io.rancher.scheduler.global: "true"
+ io.rancher.scheduler.affinity:host_label_ne: "${EXCLUDE_LABEL}"
+ net: none
+ privileged: true
+ tty: false
+ stdin_open: false
+ volumes:
+ - /var/run/docker.sock:/var/run/docker.sock
+ - /var/lib/docker:/var/lib/docker
diff --git a/templates/janitor/3/rancher-compose.yml b/templates/janitor/3/rancher-compose.yml
new file mode 100644
index 0000000..19ca95b
--- /dev/null
+++ b/templates/janitor/3/rancher-compose.yml
@@ -0,0 +1,36 @@
+.catalog:
+ name: "Janitor"
+ version: "v1.7"
+ description: "Docker cleanup"
+ uuid: janitor-3
+ questions:
+ - variable: "FREQUENCY"
+ label: "Frequency"
+ description: "Run the cleanup on a cycle of this many seconds"
+ default: 3600
+ required: true
+ type: "int"
+ - variable: "EXCLUDE_LABEL"
+ label: "Exclude label"
+ description: "Specify a Rancher host label here that will be used to determine on which hosts the Janitor container should not deploy."
+ default: janitor.exclude=true
+ required: true
+ type: "string"
+ - variable: "KEEP"
+ label: "Keep images"
+ description: "A comma separated list of images that should never be removed. These are left-anchored Bash Shell Wildcard patterns."
+ default: "rancher/"
+ required: false
+ type: "string"
+ - variable: "KEEPC"
+ label: "Keep containers"
+ description: "A comma separated list of images that should never have stopped containers removed. These are left-anchored Bash Shell Wildcard patterns."
+ default: "*:*"
+ required: false
+ type: "string"
+ - variable: "KEEPCN"
+ label: "Keep named containers"
+ description: "A comma separated list of names of exited or dead container that should never be removed. These are left-anchored Bash Shell Wildcard patterns."
+ default: "**None**"
+ required: false
+ type: "string"
diff --git a/templates/janitor/README.md b/templates/janitor/README.md
index 68f08d5..a60f94b 100644
--- a/templates/janitor/README.md
+++ b/templates/janitor/README.md
@@ -15,13 +15,13 @@ that are taking up space; note that this may not be what you want if you
are using stopped containers to hold volumes! If this is the case, use the
Keep List below.
-This cleanup will help to prevent the /var/lib/docker filesystem from filling
+This cleanup will help to prevent the /var/lib/docker filesystem from filling
up with old and unused container images, which is an issue on lighter-weight
Docker hosts.
### Keep list
-You can specify match patterns for unused Images, and stopped Containers,
+You can specify match patterns for unused Images, and stopped Containers,
which should be excluded from the cleanup.
The match patterns are comma-separated Left Anchored Bash Shell wildcard
@@ -40,9 +40,11 @@ However it will not match
* bar:latest
* foo/\*:v1
-By default, nothing will be matched. If you want to match everything,
+By default, nothing will be matched. If you want to match everything,
then use a pattern **\*:\***
+The self-descriptive values '\*\*None\*\*' and '\*\*All\*\*' can also be used.
+
### Warning
If you are using 'run-once' sidekick containers that mount a volume, then
diff --git a/templates/janitor/config.yml b/templates/janitor/config.yml
index e0241f0..082b015 100644
--- a/templates/janitor/config.yml
+++ b/templates/janitor/config.yml
@@ -1,7 +1,7 @@
name: Janitor
description: |
Automatic cleanup of unused images on hosts, in order to save disk space.
-version: v1.6
+version: v1.7
category: Monitoring
maintainer: Steve Shipway
diff --git a/templates/logspout/0/docker-compose.yml b/templates/logspout/0/docker-compose.yml
index 3f4f811..92287fc 100644
--- a/templates/logspout/0/docker-compose.yml
+++ b/templates/logspout/0/docker-compose.yml
@@ -11,5 +11,5 @@ logspout:
io.rancher.scheduler.global: 'true'
io.rancher.container.hostname_override: container_name
tty: true
- image: rancher/logspout-logstash:v0.2.0
+ image: bekt/logspout-logstash:latest
stdin_open: true
diff --git a/templates/logspout/1/docker-compose.yml b/templates/logspout/1/docker-compose.yml
index f6005e9..a55d954 100644
--- a/templates/logspout/1/docker-compose.yml
+++ b/templates/logspout/1/docker-compose.yml
@@ -10,5 +10,5 @@ logspout:
io.rancher.scheduler.global: 'true'
io.rancher.container.hostname_override: container_name
tty: true
- image: rancher/logspout-logstash:v0.2.0
+ image: bekt/logspout-logstash:latest
stdin_open: true
diff --git a/templates/rabbitmq-3/1/README.md b/templates/rabbitmq-3/1/README.md
new file mode 100644
index 0000000..5716bb4
--- /dev/null
+++ b/templates/rabbitmq-3/1/README.md
@@ -0,0 +1,12 @@
+RabbitMQ 3.6 with easy Rancher clustering
+===
+Provides RabbitMQ image that can scale to a cluster.
+
+The following environment variables are passed to confd in order to set up RabbitMQ's configuration file:
+
+* Partition handling: RabbitMQ's cluster handling setting: default set to autoheal
+* Erlang cookie: cookie to allow nodes communication: default set to defaultcookiepleasechange
+* Net ticktime: adjusts the frequency of both tick messages and detection of failures: default set to 60
+* Confd args: additional confd args along with default --backend rancher --prefix /2015-07-25: default set to --interval 5
+
+*Note*: You can pass an alternate `confd` configuration via the `ALTERNATE_CONF` environment variable.
diff --git a/templates/rabbitmq-3/1/docker-compose.yml b/templates/rabbitmq-3/1/docker-compose.yml
new file mode 100755
index 0000000..f85f82f
--- /dev/null
+++ b/templates/rabbitmq-3/1/docker-compose.yml
@@ -0,0 +1,33 @@
+rabbitmq:
+ image: rdaneel/rabbitmq-conf:0.2.0
+ labels:
+ io.rancher.container.hostname_override: container_name
+ io.rancher.sidekicks: rabbitmq-base,rabbitmq-datavolume
+ volumes_from:
+ - rabbitmq-datavolume
+ environment:
+ - RABBITMQ_NET_TICKTIME=${net_ticktime}
+ - RABBITMQ_CLUSTER_PARTITION_HANDLING=${cluster_partition_handling}
+ - CONFD_ARGS=${confd_args}
+rabbitmq-datavolume:
+ labels:
+ io.rancher.container.hostname_override: container_name
+ io.rancher.container.start_once: true
+ volumes:
+ - /etc/rabbitmq
+ - /opt/rancher/bin
+ entrypoint: /bin/true
+ image: rabbitmq:3.6-management
+rabbitmq-base:
+ labels:
+ io.rancher.container.hostname_override: container_name
+ image: rabbitmq:3.6-management
+ restart: always
+ volumes_from:
+ - rabbitmq-datavolume
+ net: "container:rabbitmq"
+ entrypoint:
+ - /opt/rancher/bin/run.sh
+ environment:
+ - RABBITMQ_ERLANG_COOKIE=${erlang_cookie}
+
diff --git a/templates/rabbitmq-3/1/rancher-compose.yml b/templates/rabbitmq-3/1/rancher-compose.yml
new file mode 100755
index 0000000..35f48c5
--- /dev/null
+++ b/templates/rabbitmq-3/1/rancher-compose.yml
@@ -0,0 +1,39 @@
+.catalog:
+ name: "Rabbit MQ"
+ version: "0.2.0"
+ decription: A reliable, distributed messaging broker
+ questions:
+ - variable: "erlang_cookie"
+ description: "Erlang cookie required for auth"
+ label: "Erlang cookie:"
+ required: true
+ default: defaultcookiepleasechange
+ type: "string"
+ - variable: "cluster_partition_handling"
+ label: "Partition Handling:"
+ description: "Cluster partition handling mode"
+ required: true
+ type: "enum"
+ default: autoheal
+ options:
+ - autoheal
+ - ignore
+ - pause_minority
+ - variable: "net_ticktime"
+ description: "Rabbitmq net ticktime setting"
+ label: "Net ticktime:"
+ required: false
+ type: "int"
+ default: 60
+ - variable: "confd_args"
+ description: "Confd additional args"
+ label: "Confd args"
+ required: false
+ type: "string"
+ default: --interval 5
+
+rabbitmq:
+ metadata:
+ rabbitmq:
+ config:
+ node.name: "$${HOSTNAME}"
diff --git a/templates/rabbitmq-3/config.yml b/templates/rabbitmq-3/config.yml
index edd833f..7554719 100755
--- a/templates/rabbitmq-3/config.yml
+++ b/templates/rabbitmq-3/config.yml
@@ -1,5 +1,5 @@
-name: RabbitMQ 3.6.1
+name: RabbitMQ 3.6
description: |
Robust messaging for applications
-version: 0.1.0
+version: 0.2.0
category: Message queues
diff --git a/templates/secrets-bridge-agents/0/README.md b/templates/secrets-bridge-agents/0/README.md
index 9a34e60..dbd30ec 100644
--- a/templates/secrets-bridge-agents/0/README.md
+++ b/templates/secrets-bridge-agents/0/README.md
@@ -6,6 +6,10 @@ Only works with Hashicorp Vault server in dev mode currently.
---
#### Description:
This is the agent component for the Vault secrets bridge with Rancher. This service will be deployed in the environment running applications that need secrets. This service does not have direct access to Vault, it communicates with the Secrets Bridge server.
+
+#### Setup
+
+See [setup guide](https://github.com/rancher/secrets-bridge/blob/master/docs/setup.md)
#### Pre-reqs:
diff --git a/templates/secrets-bridge-agents/0/docker-compose.yml b/templates/secrets-bridge-agents/0/docker-compose.yml
index 35de23f..750d138 100644
--- a/templates/secrets-bridge-agents/0/docker-compose.yml
+++ b/templates/secrets-bridge-agents/0/docker-compose.yml
@@ -1,5 +1,5 @@
secrets-bridge:
- image: rancher/secrets-bridge:v0.0.3
+ image: rancher/secrets-bridge:v0.1.7
command: agent --bridge-url ${BRIDGE_URL}
volumes:
- /var/run/docker.sock:/var/run/docker.sock
diff --git a/templates/secrets-bridge-server/0/README.md b/templates/secrets-bridge-server/0/README.md
index 78cc9b5..574beaf 100644
--- a/templates/secrets-bridge-server/0/README.md
+++ b/templates/secrets-bridge-server/0/README.md
@@ -1,55 +1,11 @@
-## Secrets Bridge Server (Experimental)
----
-###Status: Experimental POC (Read: Do NOT use for production)
-Only works with Hashicorp Vault server in dev mode currently.
-
+## Secrets Bridge Server (Beta)
---
#### Description:
This is the server side component for the Vault Secrets bridge with Rancher. This service should *NOT* be deployed in the same environment as user applications. It will have access to Vault, and compromising it will give the person access to *ALL* secrets available in that environment. It should instead be run in an environment reserved for the team operating Rancher.
The reason this uses a temporary Cubbyhole token to start the service is that ENV variables do show up in the Rancher API and Docker inspect commands. That said, if this service fails, the issuing token will expire and all app tokens will also expire.
-#### Pre-reqs:
-
-A Vault server in Dev mode.
-
-Create Vault Policies and Roles for at least the Issuing token.
-Something like:
-
-```
- vault policy-write grantor-Default ./policies/grantor-Default
- vault policy-write test1 ./policies/test1
- vault policy-write test2 ./policies/test2
-```
-
-
-```
-curl -s -X POST -H "X-Vault-Token: ${VAULT_TOKEN}" -d '{"allowed_policies": "default,grantor,test1,test2"}' http://vault/v1/auth/token/roles/grantor-Default
-```
-
-#### Configure and Launch:
- 1. Create a token to be used to issue new tokens in the environment. As part of the "meta" on the token add a field called `configPath` and set that equal to a path in the secrets folder in Vault. (like `/secrets/secrets-bridge/Default`)
-
-
- ```
-curl -s -X POST -H "X-Vault-Token: $ROOT_TOKEN" ${VAULT_URL}/v1/auth/token/create/grantor-Default -d '{"policies": ["default", "grantor", "test1", "test2"], "ttl": "72h", "meta": {"configPath": "secret/secrets-bridge/Default"}}' | jq -r '.auth.client_token'
- ```
-
-
- 2. Create a temporary token with (2) uses.
-
- ```
- curl -s -H "X-Vault-Token: $ROOT_TOKEN" ${VAULT_URL}/v1/auth/token/create -d '{"policies": ["default"], "ttl": "15m", "num_uses": 2}'|jq -r '.auth.client_token'
- ```
-
- 3. Use the temporary token to put the issuing token into the Vault cubbyhole.
-
- ```
- curl -X POST -H "X-Vault-Token: ${TEMP_TOKEN}" ${VAULT_URL}/v1/cubbyhole/Default -d "{\"permKey\": \"${PERM_TOKEN}\"}"
- ```
-
- 4. Create Cattle API keys for the environment this server will be handling. (Would recommend 1 server per environment)
-
- 5. Launch this app with all of the configs.
-
+#### Setup
+See [setup guide](https://github.com/rancher/secrets-bridge/blob/master/docs/setup.md)
+
diff --git a/templates/secrets-bridge-server/0/docker-compose.yml b/templates/secrets-bridge-server/0/docker-compose.yml
index 2b6b70f..ef8f3a8 100644
--- a/templates/secrets-bridge-server/0/docker-compose.yml
+++ b/templates/secrets-bridge-server/0/docker-compose.yml
@@ -1,5 +1,5 @@
secrets-bridge:
- image: rancher/secrets-bridge:v0.0.3
+ image: rancher/secrets-bridge:v0.1.7
environment:
CATTLE_ACCESS_KEY: ${CATTLE_ACCESS_KEY}
CATTLE_SECRET_KEY: ${CATTLE_SECRET_KEY}
@@ -16,3 +16,9 @@ secrets-bridge:
- ${CATTLE_SECRET_KEY}
- --rancher-access
- ${CATTLE_ACCESS_KEY}
+secrets-bridge-lb:
+ ports:
+ - "${LBPORT}:8181"
+ image: rancher/load-balancer-service
+ links:
+ - secrets-bridge:secrets-bridge
diff --git a/templates/secrets-bridge-server/0/rancher-compose.yml b/templates/secrets-bridge-server/0/rancher-compose.yml
index eb2116a..e2d06b3 100644
--- a/templates/secrets-bridge-server/0/rancher-compose.yml
+++ b/templates/secrets-bridge-server/0/rancher-compose.yml
@@ -34,3 +34,18 @@
label: "Vault Cubbyhole Path"
required: true
description: "Path to get the permenant API key"
+ - variable: LBPORT
+ description: "Port for Secrets Bridge LB to listen on"
+ label: "LB Port"
+ type: string
+ required: true
+secrets-bridge-lb:
+ scale: 1
+ load_balancer_config:
+ haproxy_config: {}
+ health_check:
+ port: 42
+ interval: 2000
+ unhealthy_threshold: 3
+ healthy_threshold: 2
+ response_timeout: 2000