9ea31368f5
Major accomplishments: - ✅ SELinux policy installed and working - ✅ Core Traefik v2.10 deployment running - ✅ Production configuration ready (v3.1) - ✅ Monitoring stack configured - ✅ Comprehensive documentation created - ✅ Security hardening implemented Current status: - 🟡 Partially deployed (60% complete) - ⚠️ Docker socket access needs resolution - ❌ Monitoring stack not deployed yet - ⚠️ Production migration pending Next steps: 1. Fix Docker socket permissions 2. Deploy monitoring stack 3. Migrate to production config 4. Validate full functionality Files added: - Complete Traefik deployment documentation - Production and test configurations - Monitoring stack configurations - SELinux policy module - Security checklists and guides - Current status documentation
51 lines
1.2 KiB
YAML
51 lines
1.2 KiB
YAML
version: '3.9'
|
|
|
|
services:
|
|
pgbouncer:
|
|
image: pgbouncer/pgbouncer:1.21.0
|
|
environment:
|
|
- DATABASES_HOST=postgresql_primary
|
|
- DATABASES_PORT=5432
|
|
- DATABASES_USER=postgres
|
|
- DATABASES_PASSWORD_FILE=/run/secrets/pg_root_password
|
|
- DATABASES_DBNAME=*
|
|
- POOL_MODE=transaction
|
|
- MAX_CLIENT_CONN=100
|
|
- DEFAULT_POOL_SIZE=20
|
|
- MIN_POOL_SIZE=5
|
|
- RESERVE_POOL_SIZE=3
|
|
- SERVER_LIFETIME=3600
|
|
- SERVER_IDLE_TIMEOUT=600
|
|
- LOG_CONNECTIONS=1
|
|
- LOG_DISCONNECTIONS=1
|
|
secrets:
|
|
- pg_root_password
|
|
networks:
|
|
- database-network
|
|
healthcheck:
|
|
test: ["CMD", "psql", "-h", "localhost", "-p", "6432", "-U", "postgres", "-c", "SELECT 1;"]
|
|
interval: 30s
|
|
timeout: 10s
|
|
retries: 3
|
|
start_period: 30s
|
|
deploy:
|
|
resources:
|
|
limits:
|
|
memory: 512M
|
|
cpus: '0.5'
|
|
reservations:
|
|
memory: 128M
|
|
cpus: '0.1'
|
|
placement:
|
|
constraints:
|
|
- "node.labels.role==db"
|
|
labels:
|
|
- traefik.enable=false
|
|
|
|
secrets:
|
|
pg_root_password:
|
|
external: true
|
|
|
|
networks:
|
|
database-network:
|
|
external: true |