This patching method is based on the Strategic Merge Patch from Kubernetes. Kompozit internally uses the deepmerge module to apply these patches. Unlike patchesJSON6902 , patchesStrategicMerge allows you to define your patch in a separate file, making it easier to customize your configurations.
For example, the patch file overlay/public_wordpress/docker-compose-traefik-patch.yml might look like this:
Copy ```
services :
traefik :
command :
- "--log.level=INFO"
- "--api.insecure=false"
- "--api.dashboard=false"
- "--providers.docker=true"
- "--providers.docker.exposedByDefault=false"
- "--global.sendAnonymousUsage=false"
- "--global.checkNewVersion=false"
# ---------------------------------- ACME --------------------------------------------
- "--certificatesresolvers.letsencrypt.acme.dnschallenge=true"
- "--certificatesresolvers.letsencrypt.acme.dnschallenge.delaybeforecheck=5"
- "--certificatesresolvers.letsencrypt.acme.dnschallenge.provider=${MY_PROVIDER}"
- "--certificatesresolvers.letsencrypt.acme.email=mail@mail.com"
- "--certificatesresolvers.letsencrypt.acme.dnschallenge.disablePropagationCheck=true"
- "--certificatesresolvers.letsencrypt.acme.dnschallenge.resolvers=1.1.1.1:53,8.8.8.8:53"
- "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"
# -------------------------------- ENTRYPOINT -----------------------------------------
- "--entrypoints.web.address=:80"
- "--entrypoints.web.http.redirections.entrypoint.to=websecure"
- "--entrypoints.web.http.redirections.entrypoint.scheme=https"
- "--entrypoints.websecure.address=:443"
# -------------------------------- PROXY -----------------------------------------
- "--entryPoints.web.forwardedHeaders.trustedIPs=10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,fc00::/7"
- "--entryPoints.web.proxyProtocol.trustedIPs=10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,fc00::/7"
- "--entryPoints.websecure.forwardedHeaders.trustedIPs=10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,fc00::/7"
- "--entryPoints.websecure.proxyProtocol.trustedIPs=10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,fc00::/7"
- "--entryPoints.web.forwardedHeaders.insecure=false"
- "--entryPoints.web.proxyProtocol.insecure=false"
- "--entryPoints.websecure.forwardedHeaders.insecure=false"
- "--entryPoints.websecure.proxyProtocol.insecure=false"
# -------------------------------- PLUGINS -----------------------------------------
- --experimental.plugins.fail2ban.modulename=github.com/juitde/traefik-plugin-fail2ban
- --experimental.plugins.fail2ban.version=v0.2.0
- --experimental.plugins.fail2ban.modulename=github.com/Paxxs/traefik-get-real-ip
- --experimental.plugins.fail2ban.version=v1.0.2
labels :
- com.centurylinklabs.watchtower.enable=true
- traefik.enable=true
- traefik.docker.network=traefik_public
- traefik.http.routers.api.tls=true
- traefik.http.routers.api.entryPoints=websecure
- traefik.http.routers.api.service=api@internal
- traefik.http.routers.api.tls.certresolver=letsencrypt
- traefik.http.routers.api.rule=Host(`${MY_DOMAIN}`)
``` Result After Applying the Patch
Copy $ kompozit -b overlay/public_wordpress/
---
networks:
public:
attachable: true
internal: false
private:
attachable: true
internal: true
volumes:
acme: null
services:
traefik:
image: traefik:latest
hostname: traefik
container_name: traefik
restart: unless-stopped
environment:
DUCKDNS_TOKEN: ${DUCKDNS_TOKEN}
CLOUDFLARE_DNS_API_TOKEN: ${CLOUDFLARE_DNS_API_TOKEN}
ports:
- 80:80/tcp
- 443:443/tcp
networks:
- public
- private
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- acme:/letsencrypt
command :
- --log.level=INFO
- --api.insecure=false
- --api.dashboard=false
- --providers.docker=true
- --providers.docker.exposedByDefault=false
- --global.sendAnonymousUsage=false
- --global.checkNewVersion=false
- --certificatesresolvers.letsencrypt.acme.dnschallenge=true
- --certificatesresolvers.letsencrypt.acme.dnschallenge.delaybeforecheck=5
- --certificatesresolvers.letsencrypt.acme.dnschallenge.provider=${MY_PROVIDER}
- --certificatesresolvers.letsencrypt.acme.email=mail@mail.com
- --certificatesresolvers.letsencrypt.acme.dnschallenge.disablePropagationCheck=true
- --certificatesresolvers.letsencrypt.acme.dnschallenge.resolvers=1.1.1.1:53,8.8.8.8:53
- --certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json
- --entrypoints.web.address=:80
- --entrypoints.web.http.redirections.entrypoint.to=websecure
- --entrypoints.web.http.redirections.entrypoint.scheme=https
- --entrypoints.websecure.address=:443
- --entryPoints.web.forwardedHeaders.trustedIPs=10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,fc00::/7
- --entryPoints.web.proxyProtocol.trustedIPs=10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,fc00::/7
- --entryPoints.websecure.forwardedHeaders.trustedIPs=10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,fc00::/7
- --entryPoints.websecure.proxyProtocol.trustedIPs=10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,fc00::/7
- --entryPoints.web.forwardedHeaders.insecure=false
- --entryPoints.web.proxyProtocol.insecure=false
- --entryPoints.websecure.forwardedHeaders.insecure=false
- --entryPoints.websecure.proxyProtocol.insecure=false
- --experimental.plugins.fail2ban.modulename=github.com/juitde/traefik-plugin-fail2ban
- --experimental.plugins.fail2ban.version=v0.2.0
- --experimental.plugins.fail2ban.modulename=github.com/Paxxs/traefik-get-real-ip
- --experimental.plugins.fail2ban.version=v1.0.2
labels:
- com.centurylinklabs.watchtower.enable= true
- traefik.enable= true
- traefik.docker.network=traefik_public
- traefik.http.routers.api.tls= true
- traefik.http.routers.api.entryPoints=websecure
- traefik.http.routers.api.service=api@internal
- traefik.http.routers.api.tls.certresolver=letsencrypt
- traefik.http.routers.api.rule=Host ( `${MY_DOMAIN}` ) Caveat
To determine which patch file should be applied to which specific resource, the patch file name must match the resource file name in the base configuration. For instance, if your base resource file is named docker-compose-traefik.yml, the corresponding patch file should be named docker-compose-traefik-patch.yml.
The matching logic can be summarized as:
Copy if resource_base_file == patch_base_file . replace ( "-patch" , "" ):
patch_data = load_yaml (patch[ "path" ])
resource_data = CUSTOM_MERGER . merge (resource_data, patch_data)
