-
Notifications
You must be signed in to change notification settings - Fork 7
/
docker-compose.yaml
137 lines (130 loc) · 3.7 KB
/
docker-compose.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
services:
traefik:
image: "traefik:2.9"
container_name: traefik
profiles: ["dev", "test"]
ports:
- "80:80"
- "443:443"
- "8089:8080"
volumes:
- ./local/traefik/traefik.yaml:/etc/traefik/traefik.yaml
- ./local/traefik/certs:/certs/
- /var/run/docker.sock:/var/run/docker.sock
healthcheck:
test:
- CMD
- traefik
- healthcheck
interval: 10s
timeout: 5s
retries: 3
# An instance of JIMM used in integration tests, pulled from a tag.
jimm-test:
extends:
file: docker-compose.common.yaml
service: jimm-base
image: ghcr.io/canonical/jimm:${JIMM_VERSION:-latest}
profiles: ["test"]
container_name: jimm-test
ports:
- 17070:80
entrypoint:
- bash
- -c
- >-
apt update && apt install curl -y
&& /usr/local/bin/jimmsrv
# An instance of JIMM used for dev, built from source with hot-reloading.
jimm-dev:
extends:
file: docker-compose.common.yaml
service: jimm-base
build:
context: .
dockerfile: ./local/Dockerfile
profiles: ["dev"]
# working_dir value has to be the same of mapped volume
hostname: jimm.localhost
working_dir: /jimm
container_name: jimm
ports:
- 17070:80
- 2345:2345
volumes:
- ./:/jimm/
- go-modules:/go/pkg/mod # cache modules to improve startup
- go-cache:/root/.cache/go-build # cache build's artifacts to startup
db:
image: postgres
container_name: postgres
restart: on-failure
ports:
- 5432:5432
environment:
POSTGRES_DB: jimm
POSTGRES_USER: jimm
POSTGRES_PASSWORD: jimm
# Since it's mainly used for testing purposes, it's okay to set fsync=off for
# improved performance.
command: -c fsync=off -c full_page_writes=off -c max_connections=200
healthcheck:
test: [ "CMD-SHELL", "pg_isready -U jimm" ]
interval: 5s
timeout: 5s
retries: 5
vault:
build:
context: ./local/vault/
dockerfile: Dockerfile
container_name: vault
ports:
- 8200:8200
environment:
VAULT_ADDR: "http://localhost:8200"
VAULT_DEV_LISTEN_ADDRESS: "0.0.0.0:8200"
VAULT_DEV_ROOT_TOKEN_ID: "root"
cap_add:
- IPC_LOCK
openfga:
build:
context: ./local/openfga/
dockerfile: Dockerfile
container_name: openfga
environment:
OPENFGA_AUTHN_METHOD: "preshared"
OPENFGA_AUTHN_PRESHARED_KEYS: "jimm"
OPENFGA_DATASTORE_ENGINE: "postgres"
OPENFGA_DATASTORE_URI: "postgresql://jimm:jimm@db/jimm?sslmode=disable"
volumes:
- ./openfga/authorisation_model.fga:/app/authorisation_model.fga
ports:
- 8080:8080
- 3000:3000
depends_on:
db:
condition: service_healthy
keycloak:
image: docker.io/bitnami/keycloak:23
container_name: keycloak
hostname: keycloak.localhost
environment:
KEYCLOAK_HTTP_PORT: 8082
KEYCLOAK_ENABLE_HEALTH_ENDPOINTS: true
KEYCLOAK_CREATE_ADMIN_USER: true
KEYCLOAK_ADMIN_USER: jimm
KEYCLOAK_ADMIN_PASSWORD: jimm
KEYCLOAK_DATABASE_VENDOR: dev-file
KEYCLOAK_EXTRA_ARGS: "-Dkeycloak.migration.action=import -Dkeycloak.migration.provider=singleFile -Dkeycloak.migration.file=/bitnami/keycloak/data/import/realm.json -Dkeycloak.migration.replace-placeholders=true -Dkeycloak.profile.feature.upload_scripts=enabled"
volumes:
- ./local/keycloak/jimm-realm.json:/bitnami/keycloak/data/import/realm.json:ro
ports:
- "8082:8082"
healthcheck:
test: [ "CMD", "curl", "http://localhost:8082/health/ready" ]
interval: 5s
timeout: 10s
retries: 30
volumes:
go-modules:
go-cache: