core/oc-deploy
6
0
Fork 0
Code Issues 2 Pull Requests Packages Projects Releases 1 Wiki Activity
Files
c4a67e6a84d812db0824c213d8820963885bfc6d
oc-deploy/docker/demo/docker-compose.dev.yml

417 lines
15 KiB
YAML
Raw Normal View History

New Deploy for Demo
2026-04-13 16:35:42 +02:00
version: '3.9'
services:
mongo:
image: 'mongo:latest'
networks:
- oc
ports:
- 27017:27017
container_name: mongo
volumes:
- oc-data:/data/db
- oc-data:/data/configdb
mongo-express:
image: "mongo-express:latest"
restart: always
depends_on:
- mongo
networks:
- oc
ports:
- 8081:8081
container_name: mongo-express
environment:
- ME_CONFIG_BASICAUTH_USERNAME=test
- ME_CONFIG_BASICAUTH_PASSWORD=test
nats:
image: 'nats:latest'
container_name: nats
ports:
- 4222:4222
command:
- "--debug"
networks:
- oc
loki:
image: 'grafana/loki'
container_name: loki
labels:
- "traefik.stack=peer1"
- "traefik.enable=true"
- "traefik.http.routers.loki.entrypoints=web"
- "traefik.http.routers.loki.rule=PathPrefix(`/tools/loki`)"
- "traefik.http.services.loki.loadbalancer.server.port=3100"
- "traefik.http.middlewares.loki-stripprefix.stripprefix.prefixes=/tools/loki"
- "traefik.http.routers.loki.middlewares=loki-stripprefix"
- "traefik.http.middlewares.loki.forwardauth.address=http://oc-auth:8080/oc/forward"
ports :
- "3100:3100"
networks:
- oc
hydra:
container_name: hydra
image: oryd/hydra:v2.2.0
environment:
SECRETS_SYSTEM: oc-auth-got-secret
LOG_LEAK_SENSITIVE_VALUES: true
# OAUTH2_TOKEN_HOOK_URL: http://oc-auth:8080/oc/claims
HYDRA_ADMIN_URL: http://hydra:4445
URLS_SELF_ISSUER: http://localhost:8000/hydra
URLS_SELF_PUBLIC: http://localhost:8000/hydra
URLS_LOGIN: http://localhost:8000/auth/login
URLS_CONSENT: http://localhost:8000/auth/consent
URLS_LOGOUT: http://localhost:8000/auth/logout
URLS_ERROR: http://localhost:8000
STRATEGIES_ACCESS_TOKEN: jwt
WEBFINGER_OIDC_DISCOVERY_SUPPORTED_SCOPES: profile,email,phone,roles
WEBFINGER_OIDC_DISCOVERY_SUPPORTED_CLAIMS: name,family_name,given_name,nickname,email,phone_number
DSN: memory
user: root
entrypoint: >
sh -c "
hydra serve all --dev &
echo '⏳ Waiting for Hydra admin API...' &&
until wget -q --spider http://localhost:4445/health/ready; do
sleep 2;
done &&
echo '✅ Hydra is ready. Importing clients...' &&
hydra import oauth2-client /clients.json -e http://hydra:4445 &&
echo '🚀 Clients imported.' &&
wait
"
volumes:
- ./clients.json:/clients.json
networks:
- oc
ports:
- "4444:4444"
- "4445:4445"
deploy:
restart_policy:
condition: on-failure
labels:
- "traefik.stack=peer1"
- "traefik.enable=true"
- "traefik.http.routers.hydra.entrypoints=web"
- "traefik.http.routers.hydra.rule=PathPrefix(`/hydra`)"
- "traefik.http.services.hydra.loadbalancer.server.port=4444"
- "traefik.http.middlewares.hydra-stripprefix.stripprefix.prefixes=/hydra"
- "traefik.http.routers.hydra.middlewares=hydra-stripprefix"
ldap:
image: pgarrett/ldap-alpine
container_name: ldap
volumes:
- "./ldap.ldif:/ldif/ldap.ldif"
networks:
- oc
ports:
- "390:389"
deploy:
restart_policy:
condition: on-failure
keto:
image: oryd/keto:v0.7.0-alpha.1-sqlite
ports:
- "4466:4466"
- "4467:4467"
command: serve -c /home/ory/keto.yml
restart: on-failure
volumes:
- type: bind
source: .
target: /home/ory
container_name: keto
networks:
- oc
traefik:
image: traefik:v3.6
container_name: traefik
restart: unless-stopped
networks:
- oc
command:
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--providers.docker.network=oc"
- "--providers.docker.constraints=Label(`traefik.stack`,`peer1`)"
- "--entrypoints.web.address=:8000"
user: root
ports:
- "8000:8000" # Expose Traefik on port 8000
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
oc-datacenter:
env_file:
- path: ./env.env
required: false
environment:
- MONGO_DATABASE=DC_myDC
- KUBE_CA=${KUBE_CA:-}
- KUBE_CERT=${KUBE_CERT:-}
- KUBE_DATA=${KUBE_DATA:-}
image: '${REGISTRY:-opencloudregistry/}oc-datacenter:latest'
ports:
- 8092:8080
labels:
- "traefik.stack=peer1"
- "traefik.enable=true"
- "traefik.http.routers.datacenter.entrypoints=web"
- "traefik.http.routers.datacenter.rule=PathPrefix(`/datacenter`)"
- "traefik.http.services.datacenter.loadbalancer.server.port=8080"
- "traefik.http.middlewares.datacenter-rewrite.replacepathregex.regex=^/datacenter(.*)"
- "traefik.http.middlewares.datacenter-rewrite.replacepathregex.replacement=/oc$$1"
- "traefik.http.routers.datacenter.middlewares=datacenter-rewrite,auth-datacenter"
- "traefik.http.middlewares.auth-datacenter.forwardauth.address=http://oc-auth:8080/oc/forward"
- "traefik.http.middlewares.auth-datacenter.forwardauth.trustForwardHeader=true"
- "traefik.http.middlewares.auth-datacenter.forwardauth.authResponseHeaders=X-Auth-Request-User,X-Auth-Request-Email"
container_name: oc-datacenter
networks:
- oc
oc-scheduler:
environment:
- MONGO_DATABASE=DC_myDC
- KUBE_CA=${KUBE_CA:-}
- KUBE_CERT=${KUBE_CERT:-}
- KUBE_DATA=${KUBE_DATA:-}
image: '${REGISTRY:-opencloudregistry/}oc-scheduler:latest'
labels:
- "traefik.stack=peer1"
- "traefik.enable=true"
- "traefik.http.routers.scheduler.entrypoints=web"
- "traefik.http.routers.scheduler.rule=PathPrefix(`/scheduler`)"
- "traefik.http.middlewares.scheduler-rewrite.replacepathregex.regex=^/scheduler(.*)"
- "traefik.http.middlewares.scheduler-rewrite.replacepathregex.replacement=/oc$$1"
- "traefik.http.routers.scheduler.middlewares=scheduler-rewrite,auth-scheduler"
- "traefik.http.services.scheduler.loadbalancer.server.port=8080"
- "traefik.http.middlewares.auth-scheduler.forwardauth.address=http://oc-auth:8080/oc/forward"
- "traefik.http.middlewares.auth-scheduler.forwardauth.trustForwardHeader=true"
- "traefik.http.middlewares.auth-scheduler.forwardauth.authResponseHeaders=X-Auth-Request-User,X-Auth-Request-Email"
ports:
- 8090:8080
container_name: oc-scheduler
networks:
- oc
oc-catalog:
environment:
- MONGO_DATABASE=DC_myDC
image: '${REGISTRY:-opencloudregistry/}oc-catalog:latest'
ports:
- 8087:8080
container_name: oc-catalog
networks:
- oc
labels:
- "traefik.stack=peer1"
- "traefik.enable=true"
- "traefik.http.routers.catalog.entrypoints=web"
- "traefik.http.routers.catalog.rule=PathPrefix(`/catalog`)"
- "traefik.http.middlewares.catalog-rewrite.replacepathregex.regex=^/catalog(.*)"
- "traefik.http.middlewares.catalog-rewrite.replacepathregex.replacement=/oc$$1"
- "traefik.http.routers.catalog.middlewares=catalog-rewrite,auth-catalog"
- "traefik.http.services.catalog.loadbalancer.server.port=8080"
- "traefik.http.middlewares.auth-catalog.forwardauth.address=http://oc-auth:8080/oc/forward"
- "traefik.http.middlewares.auth-catalog.forwardauth.trustForwardHeader=true"
- "traefik.http.middlewares.auth-catalog.forwardauth.authResponseHeaders=X-Auth-Request-User,X-Auth-Request-Email"
oc-workspace:
environment:
- MONGO_DATABASE=DC_myDC
image: '${REGISTRY:-opencloudregistry/}oc-workspace:latest'
ports:
- 8089:8080
labels:
- "traefik.stack=peer1"
- "traefik.enable=true"
- "traefik.http.routers.workspace.entrypoints=web"
- "traefik.http.routers.workspace.rule=PathPrefix(`/workspace`)"
- "traefik.http.middlewares.workspace-rewrite.replacepathregex.regex=^/workspace(.*)"
- "traefik.http.middlewares.workspace-rewrite.replacepathregex.replacement=/oc$$1"
- "traefik.http.routers.workspace.middlewares=workspace-rewrite,auth-workspace"
- "traefik.http.services.workspace.loadbalancer.server.port=8080"
- "traefik.http.middlewares.auth-workspace.forwardauth.address=http://oc-auth:8080/oc/forward"
- "traefik.http.middlewares.auth-workspace.forwardauth.trustForwardHeader=true"
- "traefik.http.middlewares.auth-workspace.forwardauth.authResponseHeaders=X-Auth-Request-User,X-Auth-Request-Email"
container_name: oc-workspace
networks:
- oc
oc-peer:
environment:
- MONGO_DATABASE=DC_myDC
image: '${REGISTRY:-opencloudregistry/}oc-peer:latest'
labels:
- "traefik.stack=peer1"
- "traefik.enable=true"
- "traefik.http.routers.peer.entrypoints=web"
- "traefik.http.routers.peer.rule=PathPrefix(`/peer`)"
- "traefik.http.middlewares.peer-rewrite.replacepathregex.regex=^/peer(.*)"
- "traefik.http.middlewares.peer-rewrite.replacepathregex.replacement=/oc$$1"
- "traefik.http.routers.peer.middlewares=peer-rewrite,auth-peer"
- "traefik.http.services.peer.loadbalancer.server.port=8080"
- "traefik.http.middlewares.auth-peer.forwardauth.address=http://oc-auth:8080/oc/forward"
- "traefik.http.middlewares.auth-peer.forwardauth.trustForwardHeader=true"
- "traefik.http.middlewares.auth-peer.forwardauth.authResponseHeaders=X-Auth-Request-User,X-Auth-Request-Email"
ports:
- 8093:8080
container_name: oc-peer
networks:
- oc
oc-auth:
image: '${REGISTRY:-opencloudregistry/}oc-auth:latest'
ports:
- 8094:8080
container_name: oc-auth
labels:
- "traefik.stack=peer1"
- "traefik.enable=true"
- "traefik.http.routers.auth-sec.entrypoints=web"
- "traefik.http.routers.auth-sec.rule=PathPrefix(`/auth/`)"
- "traefik.http.middlewares.auth-sec-rewrite.replacepathregex.regex=^/auth(.*)"
- "traefik.http.middlewares.auth-sec-rewrite.replacepathregex.replacement=/oc$$1"
- "traefik.http.services.auth-sec.loadbalancer.server.port=8080"
- "traefik.http.routers.auth-sec.middlewares=auth-sec-rewrite,auth-auth-sec"
- "traefik.http.middlewares.auth-auth-sec.forwardauth.address=http://oc-auth:8080/oc/forward"
- "traefik.http.middlewares.auth-auth-sec.forwardauth.trustForwardHeader=true"
- "traefik.http.middlewares.auth-auth-sec.forwardauth.authResponseHeaders=X-Auth-Request-User,X-Auth-Request-Email"
environment:
LDAP_ENDPOINTS: ldap:389
LDAP_BINDDN: cn=admin,dc=example,dc=com
LDAP_BINDPW: password
LDAP_BASEDN: "dc=example,dc=com"
LDAP_USER_BASEDN: "ou=users,dc=example,dc=com"
LDAP_ROLE_BASEDN: "ou=AppRoles,dc=example,dc=com"
networks:
- oc
volumes:
- ./pem/private3.pem:/keys/private/private.pem
- ./pem/public3.pem:/keys/public/public.pem
oc-shared:
environment:
- MONGO_DATABASE=DC_myDC
image: '${REGISTRY:-opencloudregistry/}oc-shared:latest'
ports:
- 8091:8080
container_name: oc-shared
labels:
- "traefik.stack=peer1"
- "traefik.enable=true"
- "traefik.http.routers.shared.entrypoints=web"
- "traefik.http.routers.shared.rule=PathPrefix(`/shared`)"
- "traefik.http.middlewares.shared-rewrite.replacepathregex.regex=^/shared(.*)"
- "traefik.http.middlewares.shared-rewrite.replacepathregex.replacement=/oc$$1"
- "traefik.http.routers.shared.middlewares=shared-rewrite"
- "traefik.http.services.shared.loadbalancer.server.port=8080"
- "traefik.http.middlewares.shared.forwardauth.address=http://oc-auth:8080/oc/forward"
networks:
- oc
oc-workflow:
environment:
- _OCWORKFLOW_MONGO_DATABASE=DC_myDC
- _OCWORKFLOW_MONGO_URL=mongodb://mongo:27017
- _OCWORKFLOW_NATS_URL=nats://nats:4222
image: '${REGISTRY:-opencloudregistry/}oc-workflow:latest'
ports:
- 8088:8080
container_name: oc-workflow
labels:
- "traefik.stack=peer1"
- "traefik.enable=true"
- "traefik.http.routers.workflow.entrypoints=web"
- "traefik.http.routers.workflow.rule=PathPrefix(`/workflow`)"
- "traefik.http.services.workflow.loadbalancer.server.port=8080"
- "traefik.http.middlewares.workflow-rewrite.replacepathregex.regex=^/workflow(.*)"
- "traefik.http.middlewares.workflow-rewrite.replacepathregex.replacement=/oc$1"
- "traefik.http.routers.workflow.middlewares=workflow-rewrite,auth-workflow"
- "traefik.http.middlewares.auth-workflow.forwardauth.address=http://oc-auth:8080/oc/forward"
- "traefik.http.middlewares.auth-workflow.forwardauth.trustForwardHeader=true"
- "traefik.http.middlewares.auth-workflow.forwardauth.authResponseHeaders=X-Auth-Request-User,X-Auth-Request-Email"
networks:
- oc
oc-discovery_1:
image: '${REGISTRY:-opencloudregistry/}oc-discovery_1:latest'
ports:
- 4001:4001
container_name: oc-discovery_1
networks:
Demo Multicluster
2026-04-14 10:17:07 +02:00
discovery:
ipv4_address: 172.40.0.1
oc:
New Deploy for Demo
2026-04-13 16:35:42 +02:00
oc-discovery_2:
image: '${REGISTRY:-opencloudregistry/}oc-discovery_2:latest'
ports:
- 4002:4002
container_name: oc-discovery_2
networks:
Demo Multicluster
2026-04-14 10:17:07 +02:00
discovery:
ipv4_address: 172.40.0.2
oc:
New Deploy for Demo
2026-04-13 16:35:42 +02:00
oc-discovery_3:
image: '${REGISTRY:-opencloudregistry/}oc-discovery_3:latest'
ports:
- 4003:4003
container_name: oc-discovery_3
networks:
Demo Multicluster
2026-04-14 10:17:07 +02:00
discovery:
ipv4_address: 172.40.0.3
oc:
New Deploy for Demo
2026-04-13 16:35:42 +02:00
oc-schedulerd:
image: '${REGISTRY:-opencloudregistry/}oc-schedulerd:latest'
ports:
- 9006:8080
environment:
- MONGO_DATABASE=DC_myDC
- KUBE_CA=${KUBE_CA:-}
- KUBE_CERT=${KUBE_CERT:-}
- KUBE_DATA=${KUBE_DATA:-}
container_name: oc-schedulerd
networks:
- oc
oc-front:
image: '${REGISTRY:-opencloudregistry/}oc-front:latest'
container_name: oc-front
ports:
- 8001:80
networks:
- oc
labels:
- "traefik.stack=peer1"
- "traefik.enable=true"
- "traefik.http.routers.front.entrypoints=web"
- "traefik.http.routers.front.rule=PathPrefix(`/`)"
- "traefik.http.services.front.loadbalancer.server.port=80"
- "traefik.http.middlewares.front-stripprefix.stripprefix.prefixes=/"
- "traefik.http.routers.front.middlewares=front-stripprefix"
oc-static:
image: '${REGISTRY:-opencloudregistry/}oc-static:latest'
ports:
- 8098:80
labels:
- "traefik.stack=peer1"
- "traefik.enable=true"
- "traefik.http.routers.static.entrypoints=web"
- "traefik.http.routers.static.rule=PathPrefix(`/static`)"
Demo Multicluster
2026-04-14 10:17:07 +02:00
- "traefik.http.routers.static.middlewares=static-stripprefix"
- "traefik.http.middlewares.static-stripprefix.stripprefix.prefixes=/static"
New Deploy for Demo
2026-04-13 16:35:42 +02:00
- "traefik.http.services.static.loadbalancer.server.port=80"
container_name: oc-static
networks:
- oc
volumes:
oc-data:
networks:
oc:
external: true
Demo Multicluster
2026-04-14 10:17:07 +02:00
discovery:
external: true
New Deploy for Demo
2026-04-13 16:35:42 +02:00
Reference in New Issue Copy Permalink