Docker Compose files can also be used in swarm cluster environments.
The following example uses Docker volumes, profiles, secrets and limit the resources to deploy Adminapp and Loginapp as separate containers.
Caution when using -XX:MaxRAMPercentage
The option -XX:MaxRAMPercentage limits the amount of heap available to the JVM to the specified percentage of the total amount of memory available for the container.
It is important not to set this value too high (e.g. to 100): If the JVM and additional processes running in the container (e.g. through docker exec) exceed the container's memory limit, the container may be killed.
The default value for -XX:MaxRAMPercentage is 25.
This template can be used with "docker stack":
docker-compose.yml
version: '3.7'
services:
loginapp:
image: "${IAM_IMAGE}" # Use container image from local environment variable
read_only: true
volumes:
- type: volume
source: "airlock_iam_config"
target: "/home/airlock/iam"
- type: tmpfs
target: "/home/airlock/work"
environment:
- "TZ=Europe/Zurich"
- "IAM_JAVA_OPTS=-XX:MaxRAMPercentage=50"
- "IAM_MODULES=loginapp"
- "IAM_SENSITIVE_VALUES_CONFIG=secrets:/run/secrets/airlock_iam_secrets"
- "IAM_LICENSE=/run/secrets/airlock_iam_license"
ports:
- "8443"
deploy:
resources:
limits:
memory: "4G"
adminapp:
image: "${IAM_IMAGE}"
read_only: true
volumes:
- type: volume
source: "airlock_iam_config"
target: "/home/airlock/iam"
- type: tmpfs
target: "/home/airlock/work"
environment:
- "TZ=Europe/Zurich"
- "IAM_JAVA_OPTS=-XX:MaxRAMPercentage=50"
- "IAM_MODULES=adminapp,service-container"
- "IAM_SENSITIVE_VALUES_CONFIG=secrets:/run/secrets/airlock_iam_secrets"
- "IAM_LICENSE=/run/secrets/airlock_iam_license"
ports:
- "8443"
deploy:
resources:
limits:
memory: "2G"
volumes:
airlock_iam_config:
external: true
secrets:
airlock_iam_secrets:
external: true
airlock_iam_license:
external: true