version: '3.6'

services:
  haproxy:
    image: {{ haproxy_docker_image }}
    volumes:
      - {{ haproxy_cert_dir }}:{{ haproxy_cert_dir }}:ro
      - /etc/haproxy:/usr/local/etc/haproxy:ro
    ports:
      - target: {{ haproxy_default_port }}
        published: {{ haproxy_default_port }}
        protocol: tcp
{% if docker_swarm_haproxy_installation_type == 'mesh' %}
        mode: ingress
{% else %}
        mode: host
{% endif %}
      - target: {{ haproxy_ssl_port }}
        published: {{ haproxy_ssl_port }}
        protocol: tcp
{% if docker_swarm_haproxy_installation_type == 'mesh' %}
        mode: ingress
{% else %}
        mode: host
{% endif %}
      - target: {{ haproxy_admin_port }}
        published: {{ haproxy_admin_port }}
        protocol: tcp
{% if docker_swarm_haproxy_installation_type == 'mesh' %}
        mode: ingress
{% else %}
        mode: host
{% endif %}
    dns: [127.0.0.11]
    networks:
{% for net in haproxy_docker_swarm_networks %}
      - {{ net }}
{% endfor %}
{% for othernet in haproxy_docker_swarm_additional_networks %}
      - {{ othernet }}
{% endfor %}
    deploy:
{% if docker_swarm_haproxy_installation_type == 'keepalive' or docker_swarm_haproxy_installation_type == 'mesh' %}
      mode: replicated
      replicas: 1
{% endif %}
{% if docker_swarm_haproxy_installation_type == 'global' %}
      mode: global
{% endif %}
      placement:
        constraints:
{% for constr in docker_swarm_haproxy_constraints %}
          - {{ constr }}
{% endfor %}
      restart_policy:
        condition: on-failure
        delay: 20s
        max_attempts: 5
        window: 120s
      resources:
        limits:
          cpus: '2.0'
          memory: 768M
        reservations:
          cpus: '1.0'
          memory: 384M
{% if docker_log_to_journal %}
    logging:
      driver: 'journald'
{% endif %}