From fb0be62d3dc9f6c5030690d45f87f728398742bf Mon Sep 17 00:00:00 2001 From: dovholuknf <46322585+dovholuknf@users.noreply.github.com> Date: Thu, 28 Mar 2024 17:25:24 -0400 Subject: [PATCH] fix: bring zero trust inline with built version Signed-off-by: dovholuknf <46322585+dovholuknf@users.noreply.github.com> --- docker-compose-zero-trust.yml | 806 +++++++++++++++++----------------- 1 file changed, 408 insertions(+), 398 deletions(-) diff --git a/docker-compose-zero-trust.yml b/docker-compose-zero-trust.yml index 2d1bd621..6821917f 100644 --- a/docker-compose-zero-trust.yml +++ b/docker-compose-zero-trust.yml @@ -2,9 +2,9 @@ name: edgex services: app-rules-engine: command: - - /app-service-configurable - - -cp=consul.http://edgex-core-consul:8500 - - --registry + - /app-service-configurable + - -cp=consul.http://edgex-core-consul:8500 + - --registry container_name: edgex-app-rules-engine depends_on: consul: @@ -20,7 +20,7 @@ services: condition: service_started required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_PROFILE: rules-engine EDGEX_SECURITY_SECRET_STORE: "true" @@ -48,35 +48,35 @@ services: read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /tmp/edgex/secrets/app-rules-engine - target: /tmp/edgex/secrets/app-rules-engine - read_only: true - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/app-rules-engine + target: /tmp/edgex/secrets/app-rules-engine + read_only: true + bind: + selinux: z + create_host_path: true consul: command: - - agent - - -ui - - -bootstrap - - -server - - -client - - 0.0.0.0 + - agent + - -ui + - -bootstrap + - -server + - -client + - 0.0.0.0 container_name: edgex-core-consul depends_on: security-bootstrapper: @@ -86,7 +86,7 @@ services: condition: service_started required: true entrypoint: - - /edgex-init/consul_wait_install.sh + - /edgex-init/consul_wait_install.sh environment: EDGEX_ADD_REGISTRY_ACL_ROLES: "" EDGEX_GROUP: "2001" @@ -114,41 +114,47 @@ services: image: hashicorp/consul:1.16 networks: edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 8500 + published: "8500" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: root:root volumes: - - type: volume - source: consul-config - target: /consul/config - volume: {} - - type: volume - source: consul-data - target: /consul/data - volume: {} - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: volume - source: consul-acl-token - target: /tmp/edgex/secrets/consul-acl-token - volume: {} - - type: bind - source: /tmp/edgex/secrets/edgex-consul - target: /tmp/edgex/secrets/edgex-consul - read_only: true - bind: - selinux: z - create_host_path: true + - type: volume + source: consul-config + target: /consul/config + volume: {} + - type: volume + source: consul-data + target: /consul/data + volume: {} + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/edgex-consul + target: /tmp/edgex/secrets/edgex-consul + read_only: true + bind: + selinux: z + create_host_path: true + - type: volume + source: consul-acl-token + target: /tmp/edgex/secrets/consul-acl-token + volume: {} core-command: command: - - /core-command - - -cp=consul.http://edgex-core-consul:8500 - - --registry + - /core-command + - -cp=consul.http://edgex-core-consul:8500 + - --registry container_name: edgex-core-command depends_on: consul: @@ -170,7 +176,7 @@ services: condition: service_started required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: CLIENTS_CORE_METADATA_HOST: core-metadata.edgex.ziti CLIENTS_CORE_METADATA_PORT: "80" @@ -194,7 +200,6 @@ services: STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" STAGEGATE_WAITFOR_TIMEOUT: 60s - hostname: edgex-core-command image: nexus3.edgexfoundry.org:10004/core-command:latest networks: @@ -202,32 +207,32 @@ services: read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /tmp/edgex/secrets/core-command - target: /tmp/edgex/secrets/core-command - read_only: true - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/core-command + target: /tmp/edgex/secrets/core-command + read_only: true + bind: + selinux: z + create_host_path: true core-common-config-bootstrapper: command: - - /entrypoint.sh - - /core-common-config-bootstrapper - - -cp=consul.http://edgex-core-consul:8500 + - /entrypoint.sh + - /core-common-config-bootstrapper + - -cp=consul.http://edgex-core-consul:8500 container_name: edgex-core-common-config-bootstrapper depends_on: consul: @@ -240,7 +245,7 @@ services: condition: service_started required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: ALL_SERVICES_DATABASE_HOST: edgex-redis ALL_SERVICES_MESSAGEBUS_HOST: edgex-redis @@ -274,32 +279,32 @@ services: edgex-network: null read_only: true security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /tmp/edgex/secrets/core-common-config-bootstrapper - target: /tmp/edgex/secrets/core-common-config-bootstrapper - read_only: true - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/core-common-config-bootstrapper + target: /tmp/edgex/secrets/core-common-config-bootstrapper + read_only: true + bind: + selinux: z + create_host_path: true core-data: command: - - /core-data - - -cp=consul.http://edgex-core-consul:8500 - - --registry + - /core-data + - -cp=consul.http://edgex-core-consul:8500 + - --registry container_name: edgex-core-data depends_on: consul: @@ -318,7 +323,7 @@ services: condition: service_started required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" PROXY_SETUP_HOST: edgex-security-proxy-setup @@ -345,32 +350,32 @@ services: read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /tmp/edgex/secrets/core-data - target: /tmp/edgex/secrets/core-data - read_only: true - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/core-data + target: /tmp/edgex/secrets/core-data + read_only: true + bind: + selinux: z + create_host_path: true core-metadata: command: - - /core-metadata - - -cp=consul.http://edgex-core-consul:8500 - - --registry + - /core-metadata + - -cp=consul.http://edgex-core-consul:8500 + - --registry container_name: edgex-core-metadata depends_on: consul: @@ -386,7 +391,7 @@ services: condition: service_started required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" PROXY_SETUP_HOST: edgex-security-proxy-setup @@ -413,27 +418,27 @@ services: read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /tmp/edgex/secrets/core-metadata - target: /tmp/edgex/secrets/core-metadata - read_only: true - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/core-metadata + target: /tmp/edgex/secrets/core-metadata + read_only: true + bind: + selinux: z + create_host_path: true database: container_name: edgex-redis depends_on: @@ -444,7 +449,7 @@ services: condition: service_started required: true entrypoint: - - /edgex-init/redis_wait_install.sh + - /edgex-init/redis_wait_install.sh environment: DATABASECONFIG_NAME: redis.conf DATABASECONFIG_PATH: /run/redis/conf @@ -468,39 +473,45 @@ services: image: redis:7.0-alpine networks: edgex-network: null + ports: + - mode: ingress + host_ip: 127.0.0.1 + target: 6379 + published: "6379" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true tmpfs: - - /run + - /run user: root:root volumes: - - type: volume - source: db-data - target: /data - volume: {} - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: volume - source: redis-config - target: /run/redis/conf - volume: {} - - type: bind - source: /tmp/edgex/secrets/security-bootstrapper-redis - target: /tmp/edgex/secrets/security-bootstrapper-redis - read_only: true - bind: - selinux: z - create_host_path: true + - type: volume + source: db-data + target: /data + volume: {} + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: volume + source: redis-config + target: /run/redis/conf + volume: {} + - type: bind + source: /tmp/edgex/secrets/security-bootstrapper-redis + target: /tmp/edgex/secrets/security-bootstrapper-redis + read_only: true + bind: + selinux: z + create_host_path: true device-rest: command: - - /device-rest - - -cp=consul.http://edgex-core-consul:8500 - - --registry + - /device-rest + - -cp=consul.http://edgex-core-consul:8500 + - --registry container_name: edgex-device-rest depends_on: consul: @@ -519,7 +530,7 @@ services: condition: service_started required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" PROXY_SETUP_HOST: edgex-security-proxy-setup @@ -546,32 +557,32 @@ services: read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /tmp/edgex/secrets/device-rest - target: /tmp/edgex/secrets/device-rest - read_only: true - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/device-rest + target: /tmp/edgex/secrets/device-rest + read_only: true + bind: + selinux: z + create_host_path: true device-virtual: command: - - /device-virtual - - -cp=consul.http://edgex-core-consul:8500 - - --registry + - /device-virtual + - -cp=consul.http://edgex-core-consul:8500 + - --registry container_name: edgex-device-virtual depends_on: consul: @@ -590,9 +601,10 @@ services: condition: service_started required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" + PROXY_SETUP_HOST: edgex-security-proxy-setup SECRETSTORE_HOST: edgex-vault SERVICE_HOST: device-virtual.edgex.ziti SERVICE_PORT: "80" @@ -616,27 +628,27 @@ services: read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /tmp/edgex/secrets/device-virtual - target: /tmp/edgex/secrets/device-virtual - read_only: true - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/device-virtual + target: /tmp/edgex/secrets/device-virtual + read_only: true + bind: + selinux: z + create_host_path: true rules-engine: container_name: edgex-kuiper depends_on: @@ -650,7 +662,7 @@ services: condition: service_started required: true entrypoint: - - /edgex-init/kuiper_wait_install.sh + - /edgex-init/kuiper_wait_install.sh environment: CONNECTION__EDGEX__REDISMSGBUS__PORT: "6379" CONNECTION__EDGEX__REDISMSGBUS__PROTOCOL: redis @@ -665,7 +677,7 @@ services: EDGEX_CREDENTIALS: /tmp/edgex/secrets/rules-engine/secrets-token.json KUIPER__BASIC__CONSOLELOG: "true" KUIPER__BASIC__RESTPORT: "59720" - OPENZITI_CONTROLLER: openziti:1280 + OPENZITI_CONTROLLER: openziti:1280 PROXY_SETUP_HOST: edgex-security-proxy-setup STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper STAGEGATE_BOOTSTRAPPER_STARTPORT: "54321" @@ -679,59 +691,58 @@ services: STAGEGATE_REGISTRY_READYPORT: "54324" STAGEGATE_SECRETSTORESETUP_HOST: edgex-security-secretstore-setup STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT: "54322" - STAGEGATE_WAITFOR_TIMEOUT: 60s + STAGEGATE_WAITFOR_TIMEOUT: 60s hostname: edgex-kuiper - #image: lfedge/ekuiper:1.12-alpine - image: lfedge/ekuiper:d5bbd747 + image: lfedge/ekuiper:1.12-alpine networks: edgex-network: null read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: kuiper:kuiper volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: volume - source: kuiper-data - target: /kuiper/data - volume: {} - - type: volume - source: kuiper-etc - target: /kuiper/etc - volume: {} - - type: volume - source: kuiper-connections - target: /kuiper/etc/connections - volume: {} - - type: volume - source: kuiper-sources - target: /kuiper/etc/sources - volume: {} - - type: volume - source: kuiper-log - target: /kuiper/log - volume: {} - - type: volume - source: kuiper-plugins - target: /kuiper/plugins - volume: {} - - type: bind - source: /tmp/edgex/secrets - target: /tmp/edgex/secrets - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: kuiper-data + target: /kuiper/data + volume: {} + - type: volume + source: kuiper-etc + target: /kuiper/etc + volume: {} + - type: volume + source: kuiper-log + target: /kuiper/log + volume: {} + - type: volume + source: kuiper-plugins + target: /kuiper/plugins + volume: {} + - type: volume + source: kuiper-sources + target: /kuiper/etc/sources + volume: {} + - type: volume + source: kuiper-connections + target: /kuiper/etc/connections + volume: {} + - type: volume + source: edgex-init + target: /edgex-init + volume: {} + - type: bind + source: /tmp/edgex/secrets/rules-engine + target: /tmp/edgex/secrets/rules-engine + read_only: true + bind: + selinux: z + create_host_path: true security-bootstrapper: container_name: edgex-security-bootstrapper environment: @@ -758,19 +769,19 @@ services: read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: root:root volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: volume - source: edgex-init - target: /edgex-init - volume: {} + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + volume: {} security-secretstore-setup: container_name: edgex-security-secretstore-setup depends_on: @@ -809,46 +820,46 @@ services: read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true tmpfs: - - /run - - /vault + - /run + - /vault user: root:root volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /tmp/edgex/secrets - target: /tmp/edgex/secrets - bind: - selinux: z - create_host_path: true - - type: volume - source: kuiper-sources - target: /tmp/kuiper - volume: {} - - type: volume - source: kuiper-connections - target: /tmp/kuiper-connections - volume: {} - - type: volume - source: vault-config - target: /vault/config - volume: {} + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: volume + source: vault-config + target: /vault/config + volume: {} + - type: bind + source: /tmp/edgex/secrets + target: /tmp/edgex/secrets + bind: + selinux: z + create_host_path: true + - type: volume + source: kuiper-sources + target: /tmp/kuiper + volume: {} + - type: volume + source: kuiper-connections + target: /tmp/kuiper-connections + volume: {} support-notifications: command: - - /support-notifications - - -cp=consul.http://edgex-core-consul:8500 - - --registry + - /support-notifications + - -cp=consul.http://edgex-core-consul:8500 + - --registry container_name: edgex-support-notifications depends_on: consul: @@ -867,7 +878,7 @@ services: condition: service_started required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" PROXY_SETUP_HOST: edgex-security-proxy-setup @@ -894,32 +905,32 @@ services: read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /tmp/edgex/secrets/support-notifications - target: /tmp/edgex/secrets/support-notifications - read_only: true - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/support-notifications + target: /tmp/edgex/secrets/support-notifications + read_only: true + bind: + selinux: z + create_host_path: true support-scheduler: command: - - /support-scheduler - - -cp=consul.http://edgex-core-consul:8500 - - --registry + - /support-scheduler + - -cp=consul.http://edgex-core-consul:8500 + - --registry container_name: edgex-support-scheduler depends_on: consul: @@ -938,7 +949,7 @@ services: condition: service_started required: true entrypoint: - - /edgex-init/ready_to_run_wait_install.sh + - /edgex-init/ready_to_run_wait_install.sh environment: EDGEX_SECURITY_SECRET_STORE: "true" INTERVALACTIONS_SCRUBAGED_HOST: edgex-core-data @@ -967,27 +978,27 @@ services: read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /tmp/edgex/secrets/support-scheduler - target: /tmp/edgex/secrets/support-scheduler - read_only: true - bind: - selinux: z - create_host_path: true + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: bind + source: /tmp/edgex/secrets/support-scheduler + target: /tmp/edgex/secrets/support-scheduler + read_only: true + bind: + selinux: z + create_host_path: true ui: command: - ./edgex-ui-server @@ -1050,46 +1061,45 @@ services: networks: edgex-network: null ports: - - mode: ingress - target: 4000 - published: "4000" - protocol: tcp + - mode: ingress + target: 4000 + published: "4000" + protocol: tcp read_only: true restart: always security_opt: - - no-new-privileges:true + - no-new-privileges:true user: 2002:2001 volumes: - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - create_host_path: true - - type: bind - source: /tmp/edgex/secrets/ui - target: /tmp/edgex/secrets/ui - read_only: true - bind: - selinux: z - create_host_path: true - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} + - type: bind + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + create_host_path: true + - type: volume + source: edgex-init + target: /edgex-init + volume: {} + - type: bind + source: /tmp/edgex/secrets/ui + target: /tmp/edgex/secrets/ui + read_only: true + bind: + selinux: z + create_host_path: true vault: cap_add: - - IPC_LOCK + - IPC_LOCK command: - - server + - server container_name: edgex-vault depends_on: security-bootstrapper: condition: service_started required: true entrypoint: - - /edgex-init/vault_wait_install.sh + - /edgex-init/vault_wait_install.sh environment: PROXY_SETUP_HOST: edgex-security-proxy-setup STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper @@ -1113,29 +1123,29 @@ services: networks: edgex-network: null ports: - - mode: ingress - host_ip: 127.0.0.1 - target: 8200 - published: "8200" - protocol: tcp + - mode: ingress + host_ip: 127.0.0.1 + target: 8200 + published: "8200" + protocol: tcp restart: always tmpfs: - - /vault/config + - /vault/config user: root:root volumes: - - type: volume - source: edgex-init - target: /edgex-init - read_only: true - volume: {} - - type: volume - source: vault-file - target: /vault/file - volume: {} - - type: volume - source: vault-logs - target: /vault/logs - volume: {} + - type: volume + source: edgex-init + target: /edgex-init + read_only: true + volume: {} + - type: volume + source: vault-file + target: /vault/file + volume: {} + - type: volume + source: vault-logs + target: /vault/logs + volume: {} networks: edgex-network: name: edgex_edgex-network