dash 2.12.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/MIT-LICENSE +20 -0
- data/README.md +13 -0
- data/bin/dash +18 -0
- data/bin/kamal +18 -0
- data/lib/kamal/cli/accessory.rb +342 -0
- data/lib/kamal/cli/alias/command.rb +10 -0
- data/lib/kamal/cli/app/assets.rb +24 -0
- data/lib/kamal/cli/app/boot.rb +126 -0
- data/lib/kamal/cli/app/error_pages.rb +33 -0
- data/lib/kamal/cli/app/ssl_certificates.rb +28 -0
- data/lib/kamal/cli/app.rb +368 -0
- data/lib/kamal/cli/base.rb +324 -0
- data/lib/kamal/cli/build/clone.rb +59 -0
- data/lib/kamal/cli/build/port_forwarding.rb +66 -0
- data/lib/kamal/cli/build.rb +242 -0
- data/lib/kamal/cli/healthcheck/barrier.rb +33 -0
- data/lib/kamal/cli/healthcheck/error.rb +2 -0
- data/lib/kamal/cli/healthcheck/poller.rb +42 -0
- data/lib/kamal/cli/lock.rb +34 -0
- data/lib/kamal/cli/main.rb +299 -0
- data/lib/kamal/cli/proxy.rb +419 -0
- data/lib/kamal/cli/prune.rb +34 -0
- data/lib/kamal/cli/registry.rb +49 -0
- data/lib/kamal/cli/secrets.rb +50 -0
- data/lib/kamal/cli/server.rb +70 -0
- data/lib/kamal/cli/templates/deploy.yml +102 -0
- data/lib/kamal/cli/templates/sample_hooks/docker-setup.sample +3 -0
- data/lib/kamal/cli/templates/sample_hooks/post-app-boot.sample +3 -0
- data/lib/kamal/cli/templates/sample_hooks/post-deploy.sample +14 -0
- data/lib/kamal/cli/templates/sample_hooks/post-proxy-reboot.sample +3 -0
- data/lib/kamal/cli/templates/sample_hooks/pre-app-boot.sample +3 -0
- data/lib/kamal/cli/templates/sample_hooks/pre-build.sample +51 -0
- data/lib/kamal/cli/templates/sample_hooks/pre-connect.sample +47 -0
- data/lib/kamal/cli/templates/sample_hooks/pre-deploy.sample +122 -0
- data/lib/kamal/cli/templates/sample_hooks/pre-proxy-reboot.sample +3 -0
- data/lib/kamal/cli/templates/secrets +22 -0
- data/lib/kamal/cli.rb +9 -0
- data/lib/kamal/commander/specifics.rb +62 -0
- data/lib/kamal/commander.rb +230 -0
- data/lib/kamal/commands/accessory/proxy.rb +16 -0
- data/lib/kamal/commands/accessory.rb +118 -0
- data/lib/kamal/commands/app/assets.rb +51 -0
- data/lib/kamal/commands/app/containers.rb +31 -0
- data/lib/kamal/commands/app/error_pages.rb +9 -0
- data/lib/kamal/commands/app/execution.rb +38 -0
- data/lib/kamal/commands/app/images.rb +13 -0
- data/lib/kamal/commands/app/logging.rb +28 -0
- data/lib/kamal/commands/app/proxy.rb +32 -0
- data/lib/kamal/commands/app.rb +125 -0
- data/lib/kamal/commands/auditor.rb +39 -0
- data/lib/kamal/commands/base.rb +147 -0
- data/lib/kamal/commands/builder/base.rb +143 -0
- data/lib/kamal/commands/builder/clone.rb +32 -0
- data/lib/kamal/commands/builder/cloud.rb +22 -0
- data/lib/kamal/commands/builder/hybrid.rb +21 -0
- data/lib/kamal/commands/builder/local.rb +20 -0
- data/lib/kamal/commands/builder/pack.rb +46 -0
- data/lib/kamal/commands/builder/remote.rb +75 -0
- data/lib/kamal/commands/builder.rb +54 -0
- data/lib/kamal/commands/docker.rb +50 -0
- data/lib/kamal/commands/hook.rb +20 -0
- data/lib/kamal/commands/loadbalancer.rb +130 -0
- data/lib/kamal/commands/lock.rb +70 -0
- data/lib/kamal/commands/proxy.rb +150 -0
- data/lib/kamal/commands/prune.rb +38 -0
- data/lib/kamal/commands/registry.rb +38 -0
- data/lib/kamal/commands/server.rb +15 -0
- data/lib/kamal/commands.rb +2 -0
- data/lib/kamal/configuration/accessory.rb +280 -0
- data/lib/kamal/configuration/alias.rb +15 -0
- data/lib/kamal/configuration/boot.rb +29 -0
- data/lib/kamal/configuration/builder.rb +218 -0
- data/lib/kamal/configuration/docs/accessory.yml +160 -0
- data/lib/kamal/configuration/docs/alias.yml +29 -0
- data/lib/kamal/configuration/docs/boot.yml +21 -0
- data/lib/kamal/configuration/docs/builder.yml +132 -0
- data/lib/kamal/configuration/docs/configuration.yml +228 -0
- data/lib/kamal/configuration/docs/env.yml +118 -0
- data/lib/kamal/configuration/docs/logging.yml +21 -0
- data/lib/kamal/configuration/docs/output.yml +25 -0
- data/lib/kamal/configuration/docs/proxy.yml +207 -0
- data/lib/kamal/configuration/docs/registry.yml +64 -0
- data/lib/kamal/configuration/docs/role.yml +54 -0
- data/lib/kamal/configuration/docs/servers.yml +27 -0
- data/lib/kamal/configuration/docs/ssh.yml +81 -0
- data/lib/kamal/configuration/docs/sshkit.yml +31 -0
- data/lib/kamal/configuration/env/tag.rb +13 -0
- data/lib/kamal/configuration/env.rb +42 -0
- data/lib/kamal/configuration/loadbalancer.rb +34 -0
- data/lib/kamal/configuration/logging.rb +33 -0
- data/lib/kamal/configuration/output.rb +34 -0
- data/lib/kamal/configuration/proxy/boot.rb +124 -0
- data/lib/kamal/configuration/proxy/run.rb +152 -0
- data/lib/kamal/configuration/proxy.rb +156 -0
- data/lib/kamal/configuration/registry.rb +40 -0
- data/lib/kamal/configuration/role.rb +247 -0
- data/lib/kamal/configuration/servers.rb +25 -0
- data/lib/kamal/configuration/ssh.rb +76 -0
- data/lib/kamal/configuration/sshkit.rb +26 -0
- data/lib/kamal/configuration/validation.rb +27 -0
- data/lib/kamal/configuration/validator/accessory.rb +13 -0
- data/lib/kamal/configuration/validator/alias.rb +15 -0
- data/lib/kamal/configuration/validator/builder.rb +15 -0
- data/lib/kamal/configuration/validator/configuration.rb +6 -0
- data/lib/kamal/configuration/validator/env.rb +54 -0
- data/lib/kamal/configuration/validator/proxy.rb +47 -0
- data/lib/kamal/configuration/validator/registry.rb +27 -0
- data/lib/kamal/configuration/validator/role.rb +13 -0
- data/lib/kamal/configuration/validator/servers.rb +7 -0
- data/lib/kamal/configuration/validator.rb +251 -0
- data/lib/kamal/configuration/volume.rb +29 -0
- data/lib/kamal/configuration.rb +465 -0
- data/lib/kamal/docker.rb +30 -0
- data/lib/kamal/env_file.rb +44 -0
- data/lib/kamal/git.rb +37 -0
- data/lib/kamal/otel_shipper.rb +176 -0
- data/lib/kamal/output/base_logger.rb +29 -0
- data/lib/kamal/output/file_logger.rb +51 -0
- data/lib/kamal/output/formatter.rb +36 -0
- data/lib/kamal/output/otel_logger.rb +70 -0
- data/lib/kamal/secrets/adapters/aws_secrets_manager.rb +59 -0
- data/lib/kamal/secrets/adapters/base.rb +33 -0
- data/lib/kamal/secrets/adapters/bitwarden.rb +81 -0
- data/lib/kamal/secrets/adapters/bitwarden_secrets_manager.rb +66 -0
- data/lib/kamal/secrets/adapters/doppler.rb +57 -0
- data/lib/kamal/secrets/adapters/enpass.rb +71 -0
- data/lib/kamal/secrets/adapters/gcp_secret_manager.rb +112 -0
- data/lib/kamal/secrets/adapters/last_pass.rb +40 -0
- data/lib/kamal/secrets/adapters/one_password.rb +104 -0
- data/lib/kamal/secrets/adapters/passbolt.rb +129 -0
- data/lib/kamal/secrets/adapters/test.rb +16 -0
- data/lib/kamal/secrets/adapters.rb +16 -0
- data/lib/kamal/secrets/dotenv/inline_command_substitution.rb +47 -0
- data/lib/kamal/secrets.rb +53 -0
- data/lib/kamal/sshkit_with_ext.rb +273 -0
- data/lib/kamal/tags.rb +40 -0
- data/lib/kamal/utils/sensitive.rb +20 -0
- data/lib/kamal/utils.rb +110 -0
- data/lib/kamal/version.rb +3 -0
- data/lib/kamal.rb +15 -0
- metadata +388 -0
|
@@ -0,0 +1,218 @@
|
|
|
1
|
+
class Kamal::Configuration::Builder
|
|
2
|
+
include Kamal::Configuration::Validation
|
|
3
|
+
|
|
4
|
+
attr_reader :config, :builder_config
|
|
5
|
+
delegate :image, :service, to: :config
|
|
6
|
+
delegate :server, to: :"config.registry"
|
|
7
|
+
|
|
8
|
+
def initialize(config:)
|
|
9
|
+
@config = config
|
|
10
|
+
@builder_config = config.raw_config.builder || {}
|
|
11
|
+
@image = config.image
|
|
12
|
+
@server = config.registry.server
|
|
13
|
+
@service = config.service
|
|
14
|
+
|
|
15
|
+
validate! builder_config, with: Kamal::Configuration::Validator::Builder
|
|
16
|
+
end
|
|
17
|
+
|
|
18
|
+
def to_h
|
|
19
|
+
builder_config
|
|
20
|
+
end
|
|
21
|
+
|
|
22
|
+
def remote
|
|
23
|
+
builder_config["remote"]
|
|
24
|
+
end
|
|
25
|
+
|
|
26
|
+
def arches
|
|
27
|
+
Array(builder_config.fetch("arch", default_arch))
|
|
28
|
+
end
|
|
29
|
+
|
|
30
|
+
def local_arches
|
|
31
|
+
@local_arches ||= if local_disabled?
|
|
32
|
+
[]
|
|
33
|
+
elsif remote
|
|
34
|
+
arches & [ Kamal::Utils.docker_arch ]
|
|
35
|
+
else
|
|
36
|
+
arches
|
|
37
|
+
end
|
|
38
|
+
end
|
|
39
|
+
|
|
40
|
+
def remote_arches
|
|
41
|
+
@remote_arches ||= if remote
|
|
42
|
+
arches - local_arches
|
|
43
|
+
else
|
|
44
|
+
[]
|
|
45
|
+
end
|
|
46
|
+
end
|
|
47
|
+
|
|
48
|
+
def remote?
|
|
49
|
+
remote_arches.any?
|
|
50
|
+
end
|
|
51
|
+
|
|
52
|
+
def local?
|
|
53
|
+
!local_disabled? && (arches.empty? || local_arches.any?)
|
|
54
|
+
end
|
|
55
|
+
|
|
56
|
+
def cloud?
|
|
57
|
+
driver.start_with? "cloud"
|
|
58
|
+
end
|
|
59
|
+
|
|
60
|
+
def cached?
|
|
61
|
+
!!builder_config["cache"]
|
|
62
|
+
end
|
|
63
|
+
|
|
64
|
+
def pack?
|
|
65
|
+
!!builder_config["pack"]
|
|
66
|
+
end
|
|
67
|
+
|
|
68
|
+
def args
|
|
69
|
+
builder_config["args"] || {}
|
|
70
|
+
end
|
|
71
|
+
|
|
72
|
+
def secrets
|
|
73
|
+
(builder_config["secrets"] || []).to_h { |key| [ key, config.secrets[key] ] }
|
|
74
|
+
end
|
|
75
|
+
|
|
76
|
+
def dockerfile
|
|
77
|
+
builder_config["dockerfile"] || "Dockerfile"
|
|
78
|
+
end
|
|
79
|
+
|
|
80
|
+
def target
|
|
81
|
+
builder_config["target"]
|
|
82
|
+
end
|
|
83
|
+
|
|
84
|
+
def context
|
|
85
|
+
builder_config["context"] || "."
|
|
86
|
+
end
|
|
87
|
+
|
|
88
|
+
def driver
|
|
89
|
+
builder_config.fetch("driver", "docker-container")
|
|
90
|
+
end
|
|
91
|
+
|
|
92
|
+
def pack_builder
|
|
93
|
+
builder_config["pack"]["builder"] if pack?
|
|
94
|
+
end
|
|
95
|
+
|
|
96
|
+
def pack_buildpacks
|
|
97
|
+
builder_config["pack"]["buildpacks"] if pack?
|
|
98
|
+
end
|
|
99
|
+
|
|
100
|
+
def local_disabled?
|
|
101
|
+
builder_config["local"] == false
|
|
102
|
+
end
|
|
103
|
+
|
|
104
|
+
def cache_from
|
|
105
|
+
if cached?
|
|
106
|
+
case builder_config["cache"]["type"]
|
|
107
|
+
when "gha"
|
|
108
|
+
cache_from_config_for_gha
|
|
109
|
+
when "registry"
|
|
110
|
+
cache_from_config_for_registry
|
|
111
|
+
end
|
|
112
|
+
end
|
|
113
|
+
end
|
|
114
|
+
|
|
115
|
+
def cache_to
|
|
116
|
+
if cached?
|
|
117
|
+
case builder_config["cache"]["type"]
|
|
118
|
+
when "gha"
|
|
119
|
+
cache_to_config_for_gha
|
|
120
|
+
when "registry"
|
|
121
|
+
cache_to_config_for_registry
|
|
122
|
+
end
|
|
123
|
+
end
|
|
124
|
+
end
|
|
125
|
+
|
|
126
|
+
def ssh
|
|
127
|
+
builder_config["ssh"]
|
|
128
|
+
end
|
|
129
|
+
|
|
130
|
+
def provenance
|
|
131
|
+
builder_config["provenance"]
|
|
132
|
+
end
|
|
133
|
+
|
|
134
|
+
def sbom
|
|
135
|
+
builder_config["sbom"]
|
|
136
|
+
end
|
|
137
|
+
|
|
138
|
+
def git_clone?
|
|
139
|
+
Kamal::Git.used? && builder_config["context"].nil?
|
|
140
|
+
end
|
|
141
|
+
|
|
142
|
+
def clone_directory
|
|
143
|
+
@clone_directory ||= File.join Dir.tmpdir, "kamal-clones", [ service, pwd_sha ].compact.join("-")
|
|
144
|
+
end
|
|
145
|
+
|
|
146
|
+
def build_directory
|
|
147
|
+
@build_directory ||=
|
|
148
|
+
if git_clone?
|
|
149
|
+
File.join clone_directory, repo_basename, repo_relative_pwd
|
|
150
|
+
else
|
|
151
|
+
"."
|
|
152
|
+
end
|
|
153
|
+
end
|
|
154
|
+
|
|
155
|
+
def docker_driver?
|
|
156
|
+
driver == "docker"
|
|
157
|
+
end
|
|
158
|
+
|
|
159
|
+
private
|
|
160
|
+
def valid?
|
|
161
|
+
if docker_driver?
|
|
162
|
+
raise ArgumentError, "Invalid builder configuration: the `docker` driver does not not support remote builders" if remote
|
|
163
|
+
raise ArgumentError, "Invalid builder configuration: the `docker` driver does not not support caching" if cached?
|
|
164
|
+
raise ArgumentError, "Invalid builder configuration: the `docker` driver does not not support multiple arches" if arches.many?
|
|
165
|
+
end
|
|
166
|
+
|
|
167
|
+
if @options["cache"] && @options["cache"]["type"]
|
|
168
|
+
raise ArgumentError, "Invalid cache type: #{@options["cache"]["type"]}" unless [ "gha", "registry" ].include?(@options["cache"]["type"])
|
|
169
|
+
end
|
|
170
|
+
end
|
|
171
|
+
|
|
172
|
+
def cache_image
|
|
173
|
+
builder_config["cache"]&.fetch("image", nil) || "#{image}-build-cache"
|
|
174
|
+
end
|
|
175
|
+
|
|
176
|
+
def cache_image_ref
|
|
177
|
+
[ server, cache_image ].compact.join("/")
|
|
178
|
+
end
|
|
179
|
+
|
|
180
|
+
def cache_options
|
|
181
|
+
builder_config["cache"]&.fetch("options", nil)
|
|
182
|
+
end
|
|
183
|
+
|
|
184
|
+
def cache_from_config_for_gha
|
|
185
|
+
individual_options = cache_options&.split(",") || []
|
|
186
|
+
allowed_options = individual_options.select { |option| option =~ /^(url|url_v2|token|scope|timeout)=/ }
|
|
187
|
+
|
|
188
|
+
[ "type=gha", *allowed_options ].compact.join(",")
|
|
189
|
+
end
|
|
190
|
+
|
|
191
|
+
def cache_from_config_for_registry
|
|
192
|
+
[ "type=registry", "ref=#{cache_image_ref}" ].compact.join(",")
|
|
193
|
+
end
|
|
194
|
+
|
|
195
|
+
def cache_to_config_for_gha
|
|
196
|
+
[ "type=gha", cache_options ].compact.join(",")
|
|
197
|
+
end
|
|
198
|
+
|
|
199
|
+
def cache_to_config_for_registry
|
|
200
|
+
[ "type=registry", "ref=#{cache_image_ref}", cache_options ].compact.join(",")
|
|
201
|
+
end
|
|
202
|
+
|
|
203
|
+
def repo_basename
|
|
204
|
+
File.basename(Kamal::Git.root)
|
|
205
|
+
end
|
|
206
|
+
|
|
207
|
+
def repo_relative_pwd
|
|
208
|
+
Dir.pwd.delete_prefix(Kamal::Git.root)
|
|
209
|
+
end
|
|
210
|
+
|
|
211
|
+
def pwd_sha
|
|
212
|
+
Digest::SHA256.hexdigest(Dir.pwd)[0..12]
|
|
213
|
+
end
|
|
214
|
+
|
|
215
|
+
def default_arch
|
|
216
|
+
docker_driver? ? [] : [ "amd64", "arm64" ]
|
|
217
|
+
end
|
|
218
|
+
end
|
|
@@ -0,0 +1,160 @@
|
|
|
1
|
+
# Accessories
|
|
2
|
+
#
|
|
3
|
+
# Accessories can be booted on a single host, a list of hosts, or on specific roles.
|
|
4
|
+
# The hosts do not need to be defined in the Kamal servers configuration.
|
|
5
|
+
#
|
|
6
|
+
# Accessories are managed separately from the main service — they are not updated
|
|
7
|
+
# when you deploy, and they do not have zero-downtime deployments.
|
|
8
|
+
#
|
|
9
|
+
# Run `kamal accessory boot <accessory>` to boot an accessory.
|
|
10
|
+
# See `kamal accessory --help` for more information.
|
|
11
|
+
|
|
12
|
+
# Configuring accessories
|
|
13
|
+
#
|
|
14
|
+
# First, define the accessory in the `accessories`:
|
|
15
|
+
accessories:
|
|
16
|
+
mysql:
|
|
17
|
+
|
|
18
|
+
# Service name
|
|
19
|
+
#
|
|
20
|
+
# This is used in the service label and defaults to `<service>-<accessory>`,
|
|
21
|
+
# where `<service>` is the main service name from the root configuration:
|
|
22
|
+
service: mysql
|
|
23
|
+
|
|
24
|
+
# Image
|
|
25
|
+
#
|
|
26
|
+
# The Docker image to use.
|
|
27
|
+
# Prefix it with its server when using root level registry different from Docker Hub.
|
|
28
|
+
# Define registry directly or via anchors when it differs from root level registry.
|
|
29
|
+
image: mysql:8.0
|
|
30
|
+
|
|
31
|
+
# Registry
|
|
32
|
+
#
|
|
33
|
+
# By default accessories use Docker Hub registry.
|
|
34
|
+
# You can specify different registry per accessory with this option.
|
|
35
|
+
# Don't prefix image with this registry server.
|
|
36
|
+
# Use anchors if you need to set the same specific registry for several accessories.
|
|
37
|
+
#
|
|
38
|
+
# ```yml
|
|
39
|
+
# registry:
|
|
40
|
+
# <<: *specific-registry
|
|
41
|
+
# ```
|
|
42
|
+
#
|
|
43
|
+
# See kamal docs registry for more information:
|
|
44
|
+
registry:
|
|
45
|
+
...
|
|
46
|
+
|
|
47
|
+
# Accessory hosts
|
|
48
|
+
#
|
|
49
|
+
# Specify one of `host`, `hosts`, `role`, `roles`, `tag` or `tags`:
|
|
50
|
+
host: mysql-db1
|
|
51
|
+
hosts:
|
|
52
|
+
- mysql-db1
|
|
53
|
+
- mysql-db2
|
|
54
|
+
role: mysql
|
|
55
|
+
roles:
|
|
56
|
+
- mysql
|
|
57
|
+
tag: writer
|
|
58
|
+
tags:
|
|
59
|
+
- writer
|
|
60
|
+
- reader
|
|
61
|
+
|
|
62
|
+
# Custom command
|
|
63
|
+
#
|
|
64
|
+
# You can set a custom command to run in the container if you do not want to use the default:
|
|
65
|
+
cmd: "bin/mysqld"
|
|
66
|
+
|
|
67
|
+
# Port mappings
|
|
68
|
+
#
|
|
69
|
+
# See [https://docs.docker.com/network/](https://docs.docker.com/network/), and
|
|
70
|
+
# especially note the warning about the security implications of exposing ports publicly.
|
|
71
|
+
port: "127.0.0.1:3306:3306"
|
|
72
|
+
|
|
73
|
+
# Labels
|
|
74
|
+
labels:
|
|
75
|
+
app: myapp
|
|
76
|
+
|
|
77
|
+
# Options
|
|
78
|
+
#
|
|
79
|
+
# These are passed to the Docker run command in the form `--<name> <value>`:
|
|
80
|
+
options:
|
|
81
|
+
restart: always
|
|
82
|
+
cpus: 2
|
|
83
|
+
|
|
84
|
+
# Environment variables
|
|
85
|
+
#
|
|
86
|
+
# See kamal docs env for more information:
|
|
87
|
+
env:
|
|
88
|
+
...
|
|
89
|
+
|
|
90
|
+
# Copying files
|
|
91
|
+
#
|
|
92
|
+
# You can specify files to mount into the container.
|
|
93
|
+
#
|
|
94
|
+
# They will be uploaded from the local repo to the host and then mounted.
|
|
95
|
+
# ERB files will be evaluated before being copied.
|
|
96
|
+
#
|
|
97
|
+
# You can use the string format: `local:remote` or `local:remote:options`
|
|
98
|
+
# where the options can be `ro` for read-only or `z`/`Z` for SELinux labels
|
|
99
|
+
files:
|
|
100
|
+
- config/my.cnf.erb:/etc/mysql/my.cnf
|
|
101
|
+
- config/myoptions.cnf:/etc/mysql/myoptions.cnf:ro
|
|
102
|
+
- config/certs:/etc/mysql/certs:ro,Z
|
|
103
|
+
#
|
|
104
|
+
# Or you can use the hash format for custom mode and ownership.
|
|
105
|
+
#
|
|
106
|
+
# Note: Setting `owner` requires root access:
|
|
107
|
+
files:
|
|
108
|
+
- local: config/secret.key
|
|
109
|
+
remote: /etc/mysql/secret.key
|
|
110
|
+
mode: "0600"
|
|
111
|
+
owner: "mysql:mysql"
|
|
112
|
+
- local: config/ca-cert.pem
|
|
113
|
+
remote: /etc/mysql/certs/ca-cert.pem
|
|
114
|
+
mode: "0644"
|
|
115
|
+
owner: "1000:1000"
|
|
116
|
+
options: "Z"
|
|
117
|
+
|
|
118
|
+
# Directories
|
|
119
|
+
#
|
|
120
|
+
# You can specify directories to mount into the container. They will be created on the host
|
|
121
|
+
# before being mounted.
|
|
122
|
+
#
|
|
123
|
+
# You can use the string format: `local:remote` or `local:remote:options`
|
|
124
|
+
# where the options can be `ro` for read-only or `z`/`Z` for SELinux labels
|
|
125
|
+
directories:
|
|
126
|
+
- mysql-logs:/var/log/mysql
|
|
127
|
+
- mysql-data:/var/lib/mysql:z
|
|
128
|
+
#
|
|
129
|
+
# Or you can use the hash format for custom mode and ownership.
|
|
130
|
+
#
|
|
131
|
+
# Note: Setting `owner` requires root access:
|
|
132
|
+
directories:
|
|
133
|
+
- local: mysql-data
|
|
134
|
+
remote: /var/lib/mysql
|
|
135
|
+
mode: "0750"
|
|
136
|
+
owner: "mysql:mysql"
|
|
137
|
+
- local: mysql-logs
|
|
138
|
+
remote: /var/log/mysql
|
|
139
|
+
mode: "0755"
|
|
140
|
+
options: "z"
|
|
141
|
+
|
|
142
|
+
# Volumes
|
|
143
|
+
#
|
|
144
|
+
# Any other volumes to mount, in addition to the files and directories.
|
|
145
|
+
# They are not created or copied before mounting:
|
|
146
|
+
volumes:
|
|
147
|
+
- /path/to/mysql-logs:/var/log/mysql
|
|
148
|
+
|
|
149
|
+
# Network
|
|
150
|
+
#
|
|
151
|
+
# The network the accessory will be attached to.
|
|
152
|
+
#
|
|
153
|
+
# Defaults to kamal:
|
|
154
|
+
network: custom
|
|
155
|
+
|
|
156
|
+
# Proxy
|
|
157
|
+
#
|
|
158
|
+
# You can run your accessory behind the Kamal proxy. See kamal docs proxy for more information
|
|
159
|
+
proxy:
|
|
160
|
+
...
|
|
@@ -0,0 +1,29 @@
|
|
|
1
|
+
# Aliases
|
|
2
|
+
#
|
|
3
|
+
# Aliases are shortcuts for Kamal commands.
|
|
4
|
+
#
|
|
5
|
+
# For example, for a Rails app, you might open a console with:
|
|
6
|
+
#
|
|
7
|
+
# ```shell
|
|
8
|
+
# kamal app exec -i --reuse "bin/rails console"
|
|
9
|
+
# ```
|
|
10
|
+
#
|
|
11
|
+
# By defining an alias, like this:
|
|
12
|
+
aliases:
|
|
13
|
+
console: app exec -i --reuse "bin/rails console"
|
|
14
|
+
# You can now open the console with:
|
|
15
|
+
#
|
|
16
|
+
# ```shell
|
|
17
|
+
# kamal console
|
|
18
|
+
# ```
|
|
19
|
+
|
|
20
|
+
# Configuring aliases
|
|
21
|
+
#
|
|
22
|
+
# Aliases are defined in the root config under the alias key.
|
|
23
|
+
#
|
|
24
|
+
# Each alias is named and can only contain lowercase letters, numbers, dashes, and underscores:
|
|
25
|
+
aliases:
|
|
26
|
+
uname: app exec -p -q -r web "uname -a"
|
|
27
|
+
#
|
|
28
|
+
# Aliases can include a destination with the `-d` flag:
|
|
29
|
+
staging_deploy: deploy -d staging
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
# Booting
|
|
2
|
+
#
|
|
3
|
+
# When deploying to large numbers of hosts, you might prefer not to restart your services on every host at the same time.
|
|
4
|
+
#
|
|
5
|
+
# Kamal’s default is to boot new containers on all hosts in parallel. However, you can control this with the boot configuration.
|
|
6
|
+
|
|
7
|
+
boot:
|
|
8
|
+
|
|
9
|
+
# The number or percentage of hosts to boot at a time.
|
|
10
|
+
# This can be an integer (e.g., 3) or a percentage string (e.g., 25%).
|
|
11
|
+
limit: 25%
|
|
12
|
+
|
|
13
|
+
# The number of seconds to wait between booting each group of hosts.
|
|
14
|
+
wait: 10
|
|
15
|
+
|
|
16
|
+
# Whether to boot roles in parallel on a host.
|
|
17
|
+
#
|
|
18
|
+
# If a host has multiple roles, control whether they are booted in parallel or sequentially on that host.
|
|
19
|
+
#
|
|
20
|
+
# Defaults to false.
|
|
21
|
+
parallel_roles: true
|
|
@@ -0,0 +1,132 @@
|
|
|
1
|
+
# Builder
|
|
2
|
+
#
|
|
3
|
+
# The builder configuration controls how the application is built with `docker build`.
|
|
4
|
+
#
|
|
5
|
+
# See https://kamal-deploy.org/docs/configuration/builder-examples/ for more information.
|
|
6
|
+
|
|
7
|
+
# Builder options
|
|
8
|
+
#
|
|
9
|
+
# Options go under the builder key in the root configuration.
|
|
10
|
+
builder:
|
|
11
|
+
|
|
12
|
+
# Arch
|
|
13
|
+
#
|
|
14
|
+
# The architectures to build for — you can set an array or just a single value.
|
|
15
|
+
#
|
|
16
|
+
# Allowed values are `amd64` and `arm64`:
|
|
17
|
+
arch:
|
|
18
|
+
- amd64
|
|
19
|
+
|
|
20
|
+
# Remote
|
|
21
|
+
#
|
|
22
|
+
# The connection string for a remote builder. If supplied, Kamal will use this
|
|
23
|
+
# for builds that do not match the local architecture of the deployment host.
|
|
24
|
+
remote: ssh://docker@docker-builder
|
|
25
|
+
|
|
26
|
+
# Local
|
|
27
|
+
#
|
|
28
|
+
# If set to false, Kamal will always use the remote builder even when building
|
|
29
|
+
# the local architecture.
|
|
30
|
+
#
|
|
31
|
+
# Defaults to true:
|
|
32
|
+
local: true
|
|
33
|
+
|
|
34
|
+
# Buildpack configuration
|
|
35
|
+
#
|
|
36
|
+
# The build configuration for using pack to build a Cloud Native Buildpack image.
|
|
37
|
+
#
|
|
38
|
+
# For additional buildpack customization options you can create a project descriptor
|
|
39
|
+
# file(project.toml) that the Pack CLI will automatically use.
|
|
40
|
+
# See https://buildpacks.io/docs/for-app-developers/how-to/build-inputs/use-project-toml/ for more information.
|
|
41
|
+
pack:
|
|
42
|
+
builder: heroku/builder:24
|
|
43
|
+
buildpacks:
|
|
44
|
+
- heroku/ruby
|
|
45
|
+
- heroku/procfile
|
|
46
|
+
|
|
47
|
+
# Builder cache
|
|
48
|
+
#
|
|
49
|
+
# The type must be either 'gha' or 'registry'.
|
|
50
|
+
#
|
|
51
|
+
# The image is only used for registry cache and is not compatible with the Docker driver:
|
|
52
|
+
cache:
|
|
53
|
+
type: registry
|
|
54
|
+
options: mode=max
|
|
55
|
+
image: kamal-app-build-cache
|
|
56
|
+
|
|
57
|
+
# Build context
|
|
58
|
+
#
|
|
59
|
+
# If this is not set, then a local Git clone of the repo is used.
|
|
60
|
+
# This ensures a clean build with no uncommitted changes.
|
|
61
|
+
#
|
|
62
|
+
# To use the local checkout instead, you can set the context to `.`, or a path to another directory.
|
|
63
|
+
context: .
|
|
64
|
+
|
|
65
|
+
# Dockerfile
|
|
66
|
+
#
|
|
67
|
+
# The Dockerfile to use for building, defaults to `Dockerfile`:
|
|
68
|
+
dockerfile: Dockerfile.production
|
|
69
|
+
|
|
70
|
+
# Build target
|
|
71
|
+
#
|
|
72
|
+
# If not set, then the default target is used:
|
|
73
|
+
target: production
|
|
74
|
+
|
|
75
|
+
# Build arguments
|
|
76
|
+
#
|
|
77
|
+
# Any additional build arguments, passed to `docker build` with `--build-arg <key>=<value>`:
|
|
78
|
+
args:
|
|
79
|
+
ENVIRONMENT: production
|
|
80
|
+
|
|
81
|
+
# Referencing build arguments
|
|
82
|
+
#
|
|
83
|
+
# ```shell
|
|
84
|
+
# ARG RUBY_VERSION
|
|
85
|
+
# FROM ruby:$RUBY_VERSION-slim as base
|
|
86
|
+
# ```
|
|
87
|
+
|
|
88
|
+
# Build secrets
|
|
89
|
+
#
|
|
90
|
+
# Values are read from `.kamal/secrets`:
|
|
91
|
+
secrets:
|
|
92
|
+
- SECRET1
|
|
93
|
+
- SECRET2
|
|
94
|
+
|
|
95
|
+
# Referencing build secrets
|
|
96
|
+
#
|
|
97
|
+
# ```shell
|
|
98
|
+
# # Copy Gemfiles
|
|
99
|
+
# COPY Gemfile Gemfile.lock ./
|
|
100
|
+
#
|
|
101
|
+
# # Install dependencies, including private repositories via access token
|
|
102
|
+
# # Then remove bundle cache with exposed GITHUB_TOKEN
|
|
103
|
+
# RUN --mount=type=secret,id=GITHUB_TOKEN \
|
|
104
|
+
# BUNDLE_GITHUB__COM=x-access-token:$(cat /run/secrets/GITHUB_TOKEN) \
|
|
105
|
+
# bundle install && \
|
|
106
|
+
# rm -rf /usr/local/bundle/cache
|
|
107
|
+
# ```
|
|
108
|
+
|
|
109
|
+
# SSH
|
|
110
|
+
#
|
|
111
|
+
# SSH agent socket or keys to expose to the build:
|
|
112
|
+
ssh: default=$SSH_AUTH_SOCK
|
|
113
|
+
|
|
114
|
+
# Driver
|
|
115
|
+
#
|
|
116
|
+
# The build driver to use, defaults to `docker-container`:
|
|
117
|
+
driver: docker
|
|
118
|
+
#
|
|
119
|
+
# If you want to use Docker Build Cloud (https://www.docker.com/products/build-cloud/), you can set the driver to:
|
|
120
|
+
driver: cloud org-name/builder-name
|
|
121
|
+
|
|
122
|
+
# Provenance
|
|
123
|
+
#
|
|
124
|
+
# It is used to configure provenance attestations for the build result.
|
|
125
|
+
# The value can also be a boolean to enable or disable provenance attestations.
|
|
126
|
+
provenance: mode=max
|
|
127
|
+
|
|
128
|
+
# SBOM (Software Bill of Materials)
|
|
129
|
+
#
|
|
130
|
+
# It is used to configure SBOM generation for the build result.
|
|
131
|
+
# The value can also be a boolean to enable or disable SBOM generation.
|
|
132
|
+
sbom: true
|