Example - Docker stack
Docker Compose files can also be used in swarm cluster environments.
The following example uses Docker volumes, profiles, secrets and limit the resources to deploy Adminapp and Loginapp as separate containers.
Notice
The option -XX:MaxRAMPercentage relates the container memory available to the JVM for the heap to the total amount of container memory.
Do not to set the value of -XX:MaxRAMPercentage too high
If the JVM and additional processes running in the container (e.g., docker exec) exceed the container's memory limit, the container may be killed.
This template can be used with “docker stack”:
docker-compose.yml
Example
version: '3.7'
services:
loginapp:
image: "${IAM_IMAGE}" # Use container image from local environment variable
read_only: true
volumes:
- type: volume
source: "airlock_iam_config"
target: "/home/airlock/iam"
- type: tmpfs
target: "/home/airlock/work"
environment:
- "TZ=Europe/Zurich"
- "IAM_JAVA_OPTS=-XX:MaxRAMPercentage=50"
- "IAM_MODULES=loginapp"
- "IAM_SENSITIVE_VALUES_CONFIG=secrets:/run/secrets/airlock_iam_secrets"
- "IAM_LICENSE=/run/secrets/airlock_iam_license"
ports:
- "8443"
deploy:
resources:
limits:
memory: "4G"
adminapp:
image: "${IAM_IMAGE}"
read_only: true
volumes:
- type: volume
source: "airlock_iam_config"
target: "/home/airlock/iam"
- type: tmpfs
target: "/home/airlock/work"
environment:
- "TZ=Europe/Zurich"
- "IAM_JAVA_OPTS=-XX:MaxRAMPercentage=50"
- "IAM_MODULES=adminapp,service-container"
- "IAM_SENSITIVE_VALUES_CONFIG=secrets:/run/secrets/airlock_iam_secrets"
- "IAM_LICENSE=/run/secrets/airlock_iam_license"
ports:
- "8443"
deploy:
resources:
limits:
memory: "2G"
volumes:
airlock_iam_config:
external: true
secrets:
airlock_iam_secrets:
external: true
airlock_iam_license:
external: true