-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathdocker-compose.prod-like.yml
More file actions
37 lines (34 loc) · 1.16 KB
/
Copy pathdocker-compose.prod-like.yml
File metadata and controls
37 lines (34 loc) · 1.16 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
# Production-like overrides (resource constraints + runtime security)
# Usage: docker compose -f docker-compose.yml -f docker-compose.prod-like.yml up
#
# What this adds on top of the base:
# - read_only: true → immutable container filesystem
# - tmpfs: [/tmp] → writable scratch space in RAM
#
# What the base already always enforces (no toggle needed):
# - security_opt: [no-new-privileges:true]
# - cap_drop: [ALL]
services:
db:
deploy:
resources:
reservations:
cpus: '0.5'
memory: '512M'
limits:
cpus: '1.0' # Tight (prod-like)
memory: '1G' # Tight (prod-like)
ingestor:
read_only: true # container filesystem is immutable
tmpfs: [/tmp] # writable scratch space in RAM (e.g. for file uploads, caching, etc.)
deploy:
resources:
reservations:
cpus: '0.25'
memory: '256M'
limits:
cpus: '0.5' # Tight (prod-like) — will OOM if app leaks memory
memory: '512M' # Tight (prod-like) — catch memory leaks early
dashboard:
read_only: true
tmpfs: [/tmp]