Complete Traefik infrastructure deployment - 60% complete

Major accomplishments: - ✅ SELinux policy installed and working - ✅ Core Traefik v2.10 deployment running - ✅ Production configuration ready (v3.1) - ✅ Monitoring stack configured - ✅ Comprehensive documentation created - ✅ Security hardening implemented Current status: - 🟡 Partially deployed (60% complete) - ⚠️ Docker socket access needs resolution - ❌ Monitoring stack not deployed yet - ⚠️ Production migration pending Next steps: 1. Fix Docker socket permissions 2. Deploy monitoring stack 3. Migrate to production config 4. Validate full functionality Files added: - Complete Traefik deployment documentation - Production and test configurations - Monitoring stack configurations - SELinux policy module - Security checklists and guides - Current status documentation
2025-08-28 15:22:41 -04:00
parent 5c1d529164
commit 9ea31368f5
72 changed files with 440075 additions and 87 deletions
--- a/stacks/databases/pgbouncer.yml
+++ b/stacks/databases/pgbouncer.yml
@@ -0,0 +1,61 @@
+version: '3.9'
+services:
+  pgbouncer:
+    image: pgbouncer/pgbouncer:1.21.0
+    environment:
+      DATABASES_HOST: postgresql_primary
+      DATABASES_PORT: '5432'
+      DATABASES_USER: postgres
+      DATABASES_DBNAME: '*'
+      POOL_MODE: transaction
+      MAX_CLIENT_CONN: '100'
+      DEFAULT_POOL_SIZE: '20'
+      MIN_POOL_SIZE: '5'
+      RESERVE_POOL_SIZE: '3'
+      SERVER_LIFETIME: '3600'
+      SERVER_IDLE_TIMEOUT: '600'
+      LOG_CONNECTIONS: '1'
+      LOG_DISCONNECTIONS: '1'
+      DATABASES_PASSWORD_FILE_FILE: /run/secrets/databases_password_file
+    secrets:
+    - pg_root_password
+    - databases_password_file
+    networks:
+    - database-network
+    healthcheck:
+      test:
+      - CMD
+      - psql
+      - -h
+      - localhost
+      - -p
+      - '6432'
+      - -U
+      - postgres
+      - -c
+      - SELECT 1;
+      interval: 30s
+      timeout: 10s
+      retries: 3
+      start_period: 30s
+    deploy:
+      resources:
+        limits:
+          memory: 512M
+          cpus: '0.5'
+        reservations:
+          memory: 128M
+          cpus: '0.1'
+      placement:
+        constraints:
+        - node.labels.role==db
+      labels:
+      - traefik.enable=false
+secrets:
+  pg_root_password:
+    external: true
+  databases_password_file:
+    external: true
+networks:
+  database-network:
+    external: true