core/oc-deploy
6
0
Fork 0
Code Issues 2 Pull Requests Packages Projects Releases 1 Wiki Activity

New Deploy for Demo

Browse Source
This commit is contained in:
mr
2026-04-13 16:35:42 +02:00
parent fdd8c6a50d
commit 34f10565c7
32 changed files with 3630 additions and 54 deletions
Download Patch File Download Diff File Expand all files Collapse all files

371
docker/demo/docker-compose.dev2.yml Normal file
View File

@@ -0,0 +1,371 @@
version: '3.9'
services:
mongo2:
image: 'mongo:latest'
container_name: mongo2
networks:
- oc2
ports:
- 27018:27017
volumes:
- oc-data2:/data/db
- oc-data2:/data/configdb
mongo-express2:
image: "mongo-express:latest"
container_name: mongo-express2
restart: always
depends_on:
- mongo2
networks:
- oc2
ports:
- 8082:8081
environment:
- ME_CONFIG_BASICAUTH_USERNAME=test
- ME_CONFIG_BASICAUTH_PASSWORD=test
nats2:
image: 'nats:latest'
container_name: nats2
ports:
- 4223:4222
command:
- "--debug"
networks:
- oc2
loki2:
image: 'grafana/loki'
container_name: loki2
labels:
- "traefik.enable=true"
- "traefik.http.routers.loki2.entrypoints=web"
- "traefik.http.routers.loki2.rule=PathPrefix(`/tools/loki`)"
- "traefik.http.services.loki2.loadbalancer.server.port=3100"
- "traefik.http.middlewares.loki2-stripprefix.stripprefix.prefixes=/tools/loki"
- "traefik.http.routers.loki2.middlewares=loki2-stripprefix"
- "traefik.http.middlewares.loki2.forwardauth.address=http://oc-auth2:8080/oc/forward"
ports :
- "3101:3100"
networks:
- oc2
hydra2:
container_name: hydra2
image: oryd/hydra:v2.2.0
environment:
SECRETS_SYSTEM: oc-auth-got-secret
LOG_LEAK_SENSITIVE_VALUES: true
# OAUTH2_TOKEN_HOOK_URL: http://oc-auth2:8080/oc/claims
HYDRA_ADMIN_URL: http://hydra2:4445
URLS_SELF_ISSUER: http://localhost:9000/hydra
URLS_SELF_PUBLIC: http://localhost:9000/hydra
URLS_LOGIN: http://localhost:9000/auth/login
URLS_CONSENT: http://localhost:9000/auth/consent
URLS_LOGOUT: http://localhost:9000/auth/logout
URLS_ERROR: http://localhost:9000
STRATEGIES_ACCESS_TOKEN: jwt
WEBFINGER_OIDC_DISCOVERY_SUPPORTED_SCOPES: profile,email,phone,roles
WEBFINGER_OIDC_DISCOVERY_SUPPORTED_CLAIMS: name,family_name,given_name,nickname,email,phone_number
DSN: memory
user: root
entrypoint: >
sh -c "
hydra serve all --dev &
echo '⏳ Waiting for Hydra admin API...' &&
until wget -q --spider http://localhost:4445/health/ready; do
sleep 2;
done &&
echo '✅ Hydra is ready. Importing clients...' &&
hydra import oauth2-client /clients.json -e http://hydra2:4445 &&
echo '🚀 Clients imported.' &&
wait
"
volumes:
- ./clients.json:/clients.json
networks:
- oc2
ports:
- "4446:4444"
- "4447:4445"
deploy:
restart_policy:
condition: on-failure
labels:
- "traefik.enable=true"
- "traefik.http.routers.hydra2.entrypoints=web"
- "traefik.http.routers.hydra2.rule=PathPrefix(`/hydra`)"
- "traefik.http.services.hydra2.loadbalancer.server.port=4444"
- "traefik.http.middlewares.hydra2-stripprefix.stripprefix.prefixes=/hydra"
- "traefik.http.routers.hydra2.middlewares=hydra2-stripprefix"
ldap2:
image: pgarrett/ldap-alpine
container_name: ldap2
volumes:
- "./ldap.ldif:/ldif/ldap.ldif"
networks:
- oc2
ports:
- "391:389"
deploy:
restart_policy:
condition: on-failure
keto2:
image: oryd/keto:v0.7.0-alpha.1-sqlite
ports:
- "4468:4466"
- "4469:4467"
command: serve -c /home/ory/keto.yml
restart: on-failure
volumes:
- type: bind
source: .
target: /home/ory
container_name: keto2
networks:
- oc2
traefik2:
image: traefik:v3.6
container_name: traefik2
restart: unless-stopped
networks:
- oc2
command:
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--providers.docker.network=oc2"
- "--providers.docker.constraints=Label(`traefik.stack`,`peer2`)"
- "--entrypoints.web.address=:9000"
user: root
ports:
- "9000:9000" # Expose Traefik on port 9000
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
oc-datacenter2:
env_file:
- path: ./env.env
required: false
environment:
- MONGO_DATABASE=DC_myDC
- KUBE_CA=${KUBE_CA:-}
- KUBE_CERT=${KUBE_CERT:-}
- KUBE_DATA=${KUBE_DATA:-}
image: '${REGISTRY:-opencloudregistry/}oc-datacenter:latest'
ports:
- 9092:8080
labels:
- "traefik.stack=peer2"
- "traefik.enable=true"
- "traefik.http.routers.datacenter2.entrypoints=web"
- "traefik.http.routers.datacenter2.rule=PathPrefix(`/datacenter`)"
- "traefik.http.services.datacenter2.loadbalancer.server.port=8080"
- "traefik.http.middlewares.datacenter2-rewrite.replacepathregex.regex=^/datacenter(.*)"
- "traefik.http.middlewares.datacenter2-rewrite.replacepathregex.replacement=/oc$$1"
- "traefik.http.routers.datacenter2.middlewares=datacenter2-rewrite,auth-datacenter2"
- "traefik.http.middlewares.auth-datacenter2.forwardauth.address=http://oc-auth2:8080/oc/forward"
- "traefik.http.middlewares.auth-datacenter2.forwardauth.trustForwardHeader=true"
- "traefik.http.middlewares.auth-datacenter2.forwardauth.authResponseHeaders=X-Auth-Request-User,X-Auth-Request-Email"
container_name: oc-datacenter2
networks:
- oc2
oc-scheduler2:
environment:
- MONGO_DATABASE=DC_myDC
- KUBE_CA=${KUBE_CA:-}
- KUBE_CERT=${KUBE_CERT:-}
- KUBE_DATA=${KUBE_DATA:-}
image: '${REGISTRY:-opencloudregistry/}oc-scheduler:latest'
labels:
- "traefik.stack=peer2"
- "traefik.enable=true"
- "traefik.http.routers.scheduler2.entrypoints=web"
- "traefik.http.routers.scheduler2.rule=PathPrefix(`/scheduler`)"
- "traefik.http.middlewares.scheduler2-rewrite.replacepathregex.regex=^/scheduler(.*)"
- "traefik.http.middlewares.scheduler2-rewrite.replacepathregex.replacement=/oc$$1"
- "traefik.http.routers.scheduler2.middlewares=scheduler2-rewrite,auth-scheduler2"
- "traefik.http.services.scheduler2.loadbalancer.server.port=8080"
- "traefik.http.middlewares.auth-scheduler2.forwardauth.address=http://oc-auth2:8080/oc/forward"
- "traefik.http.middlewares.auth-scheduler2.forwardauth.trustForwardHeader=true"
- "traefik.http.middlewares.auth-scheduler2.forwardauth.authResponseHeaders=X-Auth-Request-User,X-Auth-Request-Email"
ports:
- 9090:8080
container_name: oc-scheduler2
networks:
- oc2
oc-catalog2:
environment:
- MONGO_DATABASE=DC_myDC
image: '${REGISTRY:-opencloudregistry/}oc-catalog:latest'
ports:
- 9087:8080
container_name: oc-catalog2
networks:
- oc2
labels:
- "traefik.stack=peer2"
- "traefik.enable=true"
- "traefik.http.routers.catalog2.entrypoints=web"
- "traefik.http.routers.catalog2.rule=PathPrefix(`/catalog`)"
- "traefik.http.middlewares.catalog2-rewrite.replacepathregex.regex=^/catalog(.*)"
- "traefik.http.middlewares.catalog2-rewrite.replacepathregex.replacement=/oc$$1"
- "traefik.http.routers.catalog2.middlewares=catalog2-rewrite,auth-catalog2"
- "traefik.http.services.catalog2.loadbalancer.server.port=8080"
- "traefik.http.middlewares.auth-catalog2.forwardauth.address=http://oc-auth2:8080/oc/forward"
- "traefik.http.middlewares.auth-catalog2.forwardauth.trustForwardHeader=true"
- "traefik.http.middlewares.auth-catalog2.forwardauth.authResponseHeaders=X-Auth-Request-User,X-Auth-Request-Email"
oc-workspace2:
environment:
- MONGO_DATABASE=DC_myDC
image: '${REGISTRY:-opencloudregistry/}oc-workspace:latest'
ports:
- 9089:8080
labels:
- "traefik.stack=peer2"
- "traefik.enable=true"
- "traefik.http.routers.workspace2.entrypoints=web"
- "traefik.http.routers.workspace2.rule=PathPrefix(`/workspace`)"
- "traefik.http.middlewares.workspace2-rewrite.replacepathregex.regex=^/workspace(.*)"
- "traefik.http.middlewares.workspace2-rewrite.replacepathregex.replacement=/oc$$1"
- "traefik.http.routers.workspace2.middlewares=workspace2-rewrite,auth-workspace2"
- "traefik.http.services.workspace2.loadbalancer.server.port=8080"
- "traefik.http.middlewares.auth-workspace2.forwardauth.address=http://oc-auth2:8080/oc/forward"
- "traefik.http.middlewares.auth-workspace2.forwardauth.trustForwardHeader=true"
- "traefik.http.middlewares.auth-workspace2.forwardauth.authResponseHeaders=X-Auth-Request-User,X-Auth-Request-Email"
container_name: oc-workspace2
networks:
- oc2
oc-peer2:
environment:
- MONGO_DATABASE=DC_myDC
image: '${REGISTRY:-opencloudregistry/}oc-peer:latest'
labels:
- "traefik.stack=peer2"
- "traefik.enable=true"
- "traefik.http.routers.peer2.entrypoints=web"
- "traefik.http.routers.peer2.rule=PathPrefix(`/peer`)"
- "traefik.http.middlewares.peer2-rewrite.replacepathregex.regex=^/peer(.*)"
- "traefik.http.middlewares.peer2-rewrite.replacepathregex.replacement=/oc$$1"
- "traefik.http.routers.peer2.middlewares=peer2-rewrite,auth-peer2"
- "traefik.http.services.peer2.loadbalancer.server.port=8080"
- "traefik.http.middlewares.auth-peer2.forwardauth.address=http://oc-auth2:8080/oc/forward"
- "traefik.http.middlewares.auth-peer2.forwardauth.trustForwardHeader=true"
- "traefik.http.middlewares.auth-peer2.forwardauth.authResponseHeaders=X-Auth-Request-User,X-Auth-Request-Email"
ports:
- 9093:8080
container_name: oc-peer2
networks:
- oc2
oc-auth2:
image: '${REGISTRY:-opencloudregistry/}oc-auth:latest'
ports:
- 9094:8080
container_name: oc-auth2
labels:
- "traefik.stack=peer2"
- "traefik.enable=true"
- "traefik.http.routers.auth-sec2.entrypoints=web"
- "traefik.http.routers.auth-sec2.rule=PathPrefix(`/auth/`)"
- "traefik.http.middlewares.auth-sec2-rewrite.replacepathregex.regex=^/auth(.*)"
- "traefik.http.middlewares.auth-sec2-rewrite.replacepathregex.replacement=/oc$$1"
- "traefik.http.services.auth-sec2.loadbalancer.server.port=8080"
- "traefik.http.routers.auth-sec2.middlewares=auth-sec2-rewrite,auth-auth-sec2"
- "traefik.http.middlewares.auth-auth-sec2.forwardauth.address=http://oc-auth2:8080/oc/forward"
- "traefik.http.middlewares.auth-auth-sec2.forwardauth.trustForwardHeader=true"
- "traefik.http.middlewares.auth-auth-sec2.forwardauth.authResponseHeaders=X-Auth-Request-User,X-Auth-Request-Email"
environment:
LDAP_ENDPOINTS: ldap2:389
LDAP_BINDDN: cn=admin,dc=example,dc=com
LDAP_BINDPW: password
LDAP_BASEDN: "dc=example,dc=com"
LDAP_USER_BASEDN: "ou=users,dc=example,dc=com"
LDAP_ROLE_BASEDN: "ou=AppRoles,dc=example,dc=com"
ADMIN_ORIGIN: "http://localhost:9000"
OAUTH_REDIRECT_URI: "http://localhost:9000"
networks:
- oc2
volumes:
- ./pem/private4.pem:/keys/private/private.pem
- ./pem/public4.pem:/keys/public/public.pem
oc-shared2:
environment:
- MONGO_DATABASE=DC_myDC
image: '${REGISTRY:-opencloudregistry/}oc-shared:latest'
ports:
- 9091:8080
container_name: oc-shared2
labels:
- "traefik.stack=peer2"
- "traefik.enable=true"
- "traefik.http.routers.shared2.entrypoints=web"
- "traefik.http.routers.shared2.rule=PathPrefix(`/shared`)"
- "traefik.http.middlewares.shared2-rewrite.replacepathregex.regex=^/shared(.*)"
- "traefik.http.middlewares.shared2-rewrite.replacepathregex.replacement=/oc$$1"
- "traefik.http.routers.shared2.middlewares=shared2-rewrite"
- "traefik.http.services.shared2.loadbalancer.server.port=8080"
- "traefik.http.middlewares.shared2.forwardauth.address=http://oc-auth2:8080/oc/forward"
networks:
- oc2
oc-workflow2:
environment:
- _OCWORKFLOW_MONGO_DATABASE=DC_myDC
- _OCWORKFLOW_MONGO_URL=mongodb://mongo2:27017
- _OCWORKFLOW_NATS_URL=nats://nats2:4222
image: '${REGISTRY:-opencloudregistry/}oc-workflow:latest'
ports:
- 9088:8080
container_name: oc-workflow2
labels:
- "traefik.stack=peer2"
- "traefik.enable=true"
- "traefik.http.routers.workflow2.entrypoints=web"
- "traefik.http.routers.workflow2.rule=PathPrefix(`/workflow`)"
- "traefik.http.services.workflow2.loadbalancer.server.port=8080"
- "traefik.http.middlewares.workflow2-rewrite.replacepathregex.regex=^/workflow(.*)"
- "traefik.http.middlewares.workflow2-rewrite.replacepathregex.replacement=/oc$1"
- "traefik.http.routers.workflow2.middlewares=workflow2-rewrite"
networks:
- oc2
oc-discovery_4:
image: '${REGISTRY:-opencloudregistry/}oc-discovery_4:latest'
ports:
- 4004:4004
container_name: oc-discovery_4
networks:
- oc2
oc-schedulerd2:
image: '${REGISTRY:-opencloudregistry/}oc-schedulerd:latest'
ports:
- 10006:8080
environment:
- MONGO_DATABASE=DC_myDC
- KUBE_CA=${KUBE_CA:-}
- KUBE_CERT=${KUBE_CERT:-}
- KUBE_DATA=${KUBE_DATA:-}
container_name: oc-schedulerd2
networks:
- oc2
oc-static2:
image: '${REGISTRY:-opencloudregistry/}oc-static:latest'
ports:
- 9098:8080
labels:
- "traefik.stack=peer2"
- "traefik.enable=true"
- "traefik.http.routers.static2.entrypoints=web"
- "traefik.http.routers.static2.rule=PathPrefix(`/static`)"
- "traefik.http.services.static2.loadbalancer.server.port=8080"
container_name: oc-static2
networks:
- oc2
volumes:
oc-data2:
networks:
oc2:
external: true