add docker compose for stack deployment

[VorlMaldor]

Hello!

I would like the ability to deploy step-ca with a docker compose file. This would allow me to deploy this as a stack for managers like portainer.

Once the image is deployed in a gui manager it allows less technical people and people that just aren't as familiar with docker to better manage and update these images.

This would also simplify cli deployments as well with the compose file.

Thanks!

[hslatman]

Hey @VorlMaldor,

What are you looking for exactly? Based on the fact you mentioned Portainer, it sounds like it's a regular compose file? Would it function as a template or an example? Or both? The reason I'm asking is because step-ca has quite a few settings that are required to be setup during initialization, and some of them might require re-initialization if you want to change them later. It's not simple to support all these in a single compose file.

[VorlMaldor]

Hey! thanks for reaching out and asking!

I use the stack feature in portainer where I copy the compose file into the web editor to deploy the container. This is what I am talking about:

I don't know if that's going to work or not, just something I have been toying with.

So what I would hope for is a compose file that can run the container. I have read the instructions and understand there is stuff we need to do for the initial setup. As long as the initial compose file can get a container far enough to at least start so that I can go in and do the initialization after it's started that would be cool. alternatively if I need to start the container once so that it can lay down some basic config stuff that we need to edit (with the use of the volume mapping) that works too.

Once it's setup then anyone should be able to use their container manager/compose file (portainer for me) and have it redeploy the container for updates when the image is updated.

I am guessing that it would mean your compose file would need to have volume maps (at least one?) so that a redeploy doesn't wipe out the database/config.

I will freely admit I am mostly a beginner with portainer and docker so if I am doing something wrong or could do it in a better way (with a template and .env file that you have embedded into the image for example) I am open to learning or doing it differently.

[VorlMaldor]

so as it turns out this compose was enough to bring the container up. I received the root/intermediate .crts in /home/step/certs

services:
  step-ca:
    image: smallstep/step-ca:latest
    volumes:
      - /qnap-media/home/step-ca:/home/step
    ports:
      - 9000:9000
    environment:
      - DOCKER_STEPCA_INIT_NAME=Smallstep
      - DOCKER_STEPCA_INIT_DNS_NAMES=localhost,$(hostname -f),portainer,192.168.1.205
      - DOCKER_STEPCA_INIT_REMOTE_MANAGEMENT=true
      - DOCKER_STEPCA_INIT_SSH=true
      - DOCKER_STEPCA_INIT_ACME=true

here is what my /home/step tree looks like:

[root@portainer step-ca]# tree
.
├── certs
│   ├── intermediate_ca.crt
│   ├── root_ca.crt
│   ├── ssh_host_ca_key.pub
│   └── ssh_user_ca_key.pub
├── config
│   ├── ca.json
│   └── defaults.json
├── db
│   ├── 000000.vlog
│   ├── 000002.sst
│   ├── KEYREGISTRY
│   ├── LOCK
│   └── MANIFEST
├── secrets
│   ├── intermediate_ca_key
│   ├── password
│   ├── root_ca_key
│   ├── ssh_host_ca_key
│   └── ssh_user_ca_key
└── templates
    └── ssh
        ├── ca.tpl
        ├── config.tpl
        ├── known_hosts.tpl
        ├── sshd_config.tpl
        ├── step_config.tpl
        └── step_includes.tpl

7 directories, 22 files

now I am trying to figure out how to get the rest of your instructions to match what my install looks like.