core/oc-deploy
6
0
Fork 0
Code Issues 2 Pull Requests Packages Projects Releases 1 Wiki Activity
Files
7164c1191e0b354b9302ab8cf497be18dd9095aa
oc-deploy/docker/demo/docker-compose.dev.yml
mr 7164c1191e loki volume adjust
2026-04-15 17:18:53 +02:00

416 lines
15 KiB
YAML
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

version: '3.9'
services:
mongo:
image: 'mongo:latest'
networks:
- oc
ports:
- 27017:27017
container_name: mongo
volumes:
- oc-data:/data/db
- oc-data:/data/configdb
mongo-express:
image: "mongo-express:latest"
restart: always
depends_on:
- mongo
networks:
- oc
ports:
- 8081:8081
container_name: mongo-express
environment:
- ME_CONFIG_BASICAUTH_USERNAME=test
- ME_CONFIG_BASICAUTH_PASSWORD=test
nats:
image: 'nats:latest'
container_name: nats
ports:
- 4222:4222
command:
- "--debug"
networks:
- oc
loki:
image: 'grafana/loki'
container_name: loki
labels:
- "traefik.stack=peer1"
- "traefik.enable=true"
- "traefik.http.routers.loki.entrypoints=web"
- "traefik.http.routers.loki.rule=PathPrefix(`/tools/loki`)"
- "traefik.http.services.loki.loadbalancer.server.port=3100"
- "traefik.http.middlewares.loki-stripprefix.stripprefix.prefixes=/tools/loki"
- "traefik.http.routers.loki.middlewares=loki-stripprefix"
- "traefik.http.middlewares.loki.forwardauth.address=http://oc-auth:8080/oc/forward"
user: root
ports :
- "3100:3100"
networks:
- oc
volumes:
- ./loki-data:/loki
hydra:
container_name: hydra
image: oryd/hydra:v2.2.0
environment:
SECRETS_SYSTEM: oc-auth-got-secret
LOG_LEAK_SENSITIVE_VALUES: true
# OAUTH2_TOKEN_HOOK_URL: http://oc-auth:8080/oc/claims
HYDRA_ADMIN_URL: http://hydra:4445
URLS_SELF_ISSUER: http://localhost:8000/hydra
URLS_SELF_PUBLIC: http://localhost:8000/hydra
URLS_LOGIN: http://localhost:8000/auth/login
URLS_CONSENT: http://localhost:8000/auth/consent
URLS_LOGOUT: http://localhost:8000/auth/logout
URLS_ERROR: http://localhost:8000
STRATEGIES_ACCESS_TOKEN: jwt
WEBFINGER_OIDC_DISCOVERY_SUPPORTED_SCOPES: profile,email,phone,roles
WEBFINGER_OIDC_DISCOVERY_SUPPORTED_CLAIMS: name,family_name,given_name,nickname,email,phone_number
DSN: memory
user: root
entrypoint: >
sh -c "
hydra serve all --dev &
echo '⏳ Waiting for Hydra admin API...' &&
until wget -q --spider http://localhost:4445/health/ready; do
sleep 2;
done &&
echo '✅ Hydra is ready. Importing clients...' &&
hydra import oauth2-client /clients.json -e http://hydra:4445 &&
echo '🚀 Clients imported.' &&
wait
"
volumes:
- ./clients.json:/clients.json
networks:
- oc
ports:
- "4444:4444"
- "4445:4445"
deploy:
restart_policy:
condition: on-failure
labels:
- "traefik.stack=peer1"
- "traefik.enable=true"
- "traefik.http.routers.hydra.entrypoints=web"
- "traefik.http.routers.hydra.rule=PathPrefix(`/hydra`)"
- "traefik.http.services.hydra.loadbalancer.server.port=4444"
- "traefik.http.middlewares.hydra-stripprefix.stripprefix.prefixes=/hydra"
- "traefik.http.routers.hydra.middlewares=hydra-stripprefix"
ldap:
image: pgarrett/ldap-alpine
container_name: ldap
volumes:
- "./ldap.ldif:/ldif/ldap.ldif"
networks:
- oc
ports:
- "390:389"
deploy:
restart_policy:
condition: on-failure
keto:
image: oryd/keto:v0.7.0-alpha.1-sqlite
ports:
- "4466:4466"
- "4467:4467"
command: serve -c /home/ory/keto.yml
restart: on-failure
volumes:
- type: bind
source: .
target: /home/ory
container_name: keto
networks:
- oc
traefik:
image: traefik:v3.6
container_name: traefik
restart: unless-stopped
networks:
- oc
command:
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--providers.docker.network=oc"
- "--providers.docker.constraints=Label(`traefik.stack`,`peer1`)"
- "--entrypoints.web.address=:8000"
user: root
ports:
- "8000:8000" # Expose Traefik on port 8000
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
oc-datacenter:
env_file:
- path: ./env.env
required: false
environment:
- OC_MONGO_DATABASE=DC_myDC
- OC_KUBE_CA=${KUBE_CA:-}
- OC_KUBE_CERT=${KUBE_CERT:-}
- OC_KUBE_DATA=${KUBE_DATA:-}
image: '${REGISTRY:-opencloudregistry/}oc-datacenter:latest'
ports:
- 8092:8080
labels:
- "traefik.stack=peer1"
- "traefik.enable=true"
- "traefik.http.routers.datacenter.entrypoints=web"
- "traefik.http.routers.datacenter.rule=PathPrefix(`/datacenter`)"
- "traefik.http.services.datacenter.loadbalancer.server.port=8080"
- "traefik.http.middlewares.datacenter-rewrite.replacepathregex.regex=^/datacenter(.*)"
- "traefik.http.middlewares.datacenter-rewrite.replacepathregex.replacement=/oc$$1"
- "traefik.http.routers.datacenter.middlewares=datacenter-rewrite,auth-datacenter"
- "traefik.http.middlewares.auth-datacenter.forwardauth.address=http://oc-auth:8080/oc/forward"
- "traefik.http.middlewares.auth-datacenter.forwardauth.trustForwardHeader=true"
- "traefik.http.middlewares.auth-datacenter.forwardauth.authResponseHeaders=X-Auth-Request-User,X-Auth-Request-Email"
container_name: oc-datacenter
networks:
- oc
oc-scheduler:
environment:
- OC_MONGO_DATABASE=DC_myDC
- OC_KUBE_CA=${KUBE_CA:-}
- OC_KUBE_CERT=${KUBE_CERT:-}
- OC_KUBE_DATA=${KUBE_DATA:-}
image: '${REGISTRY:-opencloudregistry/}oc-scheduler:latest'
labels:
- "traefik.stack=peer1"
- "traefik.enable=true"
- "traefik.http.routers.scheduler.entrypoints=web"
- "traefik.http.routers.scheduler.rule=PathPrefix(`/scheduler`)"
- "traefik.http.middlewares.scheduler-rewrite.replacepathregex.regex=^/scheduler(.*)"
- "traefik.http.middlewares.scheduler-rewrite.replacepathregex.replacement=/oc$$1"
- "traefik.http.routers.scheduler.middlewares=scheduler-rewrite,auth-scheduler"
- "traefik.http.services.scheduler.loadbalancer.server.port=8080"
- "traefik.http.middlewares.auth-scheduler.forwardauth.address=http://oc-auth:8080/oc/forward"
- "traefik.http.middlewares.auth-scheduler.forwardauth.trustForwardHeader=true"
- "traefik.http.middlewares.auth-scheduler.forwardauth.authResponseHeaders=X-Auth-Request-User,X-Auth-Request-Email"
ports:
- 8090:8080
container_name: oc-scheduler
networks:
- oc
oc-catalog:
environment:
- OC_MONGO_DATABASE=DC_myDC
image: '${REGISTRY:-opencloudregistry/}oc-catalog:latest'
ports:
- 8087:8080
container_name: oc-catalog
networks:
- oc
labels:
- "traefik.stack=peer1"
- "traefik.enable=true"
- "traefik.http.routers.catalog.entrypoints=web"
- "traefik.http.routers.catalog.rule=PathPrefix(`/catalog`)"
- "traefik.http.middlewares.catalog-rewrite.replacepathregex.regex=^/catalog(.*)"
- "traefik.http.middlewares.catalog-rewrite.replacepathregex.replacement=/oc$$1"
- "traefik.http.routers.catalog.middlewares=catalog-rewrite,auth-catalog"
- "traefik.http.services.catalog.loadbalancer.server.port=8080"
- "traefik.http.middlewares.auth-catalog.forwardauth.address=http://oc-auth:8080/oc/forward"
- "traefik.http.middlewares.auth-catalog.forwardauth.trustForwardHeader=true"
- "traefik.http.middlewares.auth-catalog.forwardauth.authResponseHeaders=X-Auth-Request-User,X-Auth-Request-Email"
oc-workspace:
environment:
- OC_MONGO_DATABASE=DC_myDC
image: '${REGISTRY:-opencloudregistry/}oc-workspace:latest'
ports:
- 8089:8080
labels:
- "traefik.stack=peer1"
- "traefik.enable=true"
- "traefik.http.routers.workspace.entrypoints=web"
- "traefik.http.routers.workspace.rule=PathPrefix(`/workspace`)"
- "traefik.http.middlewares.workspace-rewrite.replacepathregex.regex=^/workspace(.*)"
- "traefik.http.middlewares.workspace-rewrite.replacepathregex.replacement=/oc$$1"
- "traefik.http.routers.workspace.middlewares=workspace-rewrite,auth-workspace"
- "traefik.http.services.workspace.loadbalancer.server.port=8080"
- "traefik.http.middlewares.auth-workspace.forwardauth.address=http://oc-auth:8080/oc/forward"
- "traefik.http.middlewares.auth-workspace.forwardauth.trustForwardHeader=true"
- "traefik.http.middlewares.auth-workspace.forwardauth.authResponseHeaders=X-Auth-Request-User,X-Auth-Request-Email"
container_name: oc-workspace
networks:
- oc
oc-peer:
environment:
- OC_MONGO_DATABASE=DC_myDC
image: '${REGISTRY:-opencloudregistry/}oc-peer:latest'
labels:
- "traefik.stack=peer1"
- "traefik.enable=true"
- "traefik.http.routers.peer.entrypoints=web"
- "traefik.http.routers.peer.rule=PathPrefix(`/peer`)"
- "traefik.http.middlewares.peer-rewrite.replacepathregex.regex=^/peer(.*)"
- "traefik.http.middlewares.peer-rewrite.replacepathregex.replacement=/oc$$1"
- "traefik.http.routers.peer.middlewares=peer-rewrite,auth-peer"
- "traefik.http.services.peer.loadbalancer.server.port=8080"
- "traefik.http.middlewares.auth-peer.forwardauth.address=http://oc-auth:8080/oc/forward"
- "traefik.http.middlewares.auth-peer.forwardauth.trustForwardHeader=true"
- "traefik.http.middlewares.auth-peer.forwardauth.authResponseHeaders=X-Auth-Request-User,X-Auth-Request-Email"
ports:
- 8093:8080
container_name: oc-peer
networks:
- oc
oc-auth:
image: '${REGISTRY:-opencloudregistry/}oc-auth:latest'
ports:
- 8094:8080
container_name: oc-auth
labels:
- "traefik.stack=peer1"
- "traefik.enable=true"
- "traefik.http.routers.auth-sec.entrypoints=web"
- "traefik.http.routers.auth-sec.rule=PathPrefix(`/auth/`)"
- "traefik.http.middlewares.auth-sec-rewrite.replacepathregex.regex=^/auth(.*)"
- "traefik.http.middlewares.auth-sec-rewrite.replacepathregex.replacement=/oc$$1"
- "traefik.http.services.auth-sec.loadbalancer.server.port=8080"
- "traefik.http.routers.auth-sec.middlewares=auth-sec-rewrite,auth-auth-sec"
- "traefik.http.middlewares.auth-auth-sec.forwardauth.address=http://oc-auth:8080/oc/forward"
- "traefik.http.middlewares.auth-auth-sec.forwardauth.trustForwardHeader=true"
- "traefik.http.middlewares.auth-auth-sec.forwardauth.authResponseHeaders=X-Auth-Request-User,X-Auth-Request-Email"
environment:
LDAP_ENDPOINTS: ldap:389
LDAP_BINDDN: cn=admin,dc=example,dc=com
LDAP_BINDPW: password
LDAP_BASEDN: "dc=example,dc=com"
LDAP_USER_BASEDN: "ou=users,dc=example,dc=com"
LDAP_ROLE_BASEDN: "ou=AppRoles,dc=example,dc=com"
networks:
- oc
volumes:
- ./pem/private3.pem:/keys/private/private.pem
- ./pem/public3.pem:/keys/public/public.pem
oc-shared:
environment:
- MONGO_DATABASE=DC_myDC
image: '${REGISTRY:-opencloudregistry/}oc-shared:latest'
ports:
- 8091:8080
container_name: oc-shared
labels:
- "traefik.stack=peer1"
- "traefik.enable=true"
- "traefik.http.routers.shared.entrypoints=web"
- "traefik.http.routers.shared.rule=PathPrefix(`/shared`)"
- "traefik.http.middlewares.shared-rewrite.replacepathregex.regex=^/shared(.*)"
- "traefik.http.middlewares.shared-rewrite.replacepathregex.replacement=/oc$$1"
- "traefik.http.routers.shared.middlewares=shared-rewrite"
- "traefik.http.services.shared.loadbalancer.server.port=8080"
- "traefik.http.middlewares.shared.forwardauth.address=http://oc-auth:8080/oc/forward"
networks:
- oc
oc-workflow:
image: '${REGISTRY:-opencloudregistry/}oc-workflow:latest'
ports:
- 8088:8080
container_name: oc-workflow
labels:
- "traefik.stack=peer1"
- "traefik.enable=true"
- "traefik.http.routers.workflow.entrypoints=web"
- "traefik.http.routers.workflow.rule=PathPrefix(`/workflow`)"
- "traefik.http.services.workflow.loadbalancer.server.port=8080"
- "traefik.http.middlewares.workflow-rewrite.replacepathregex.regex=^/workflow(.*)"
- "traefik.http.middlewares.workflow-rewrite.replacepathregex.replacement=/oc$1"
- "traefik.http.routers.workflow.middlewares=workflow-rewrite,auth-workflow"
- "traefik.http.middlewares.auth-workflow.forwardauth.address=http://oc-auth:8080/oc/forward"
- "traefik.http.middlewares.auth-workflow.forwardauth.trustForwardHeader=true"
- "traefik.http.middlewares.auth-workflow.forwardauth.authResponseHeaders=X-Auth-Request-User,X-Auth-Request-Email"
networks:
- oc
oc-discovery_1:
image: '${REGISTRY:-opencloudregistry/}oc-discovery_1:latest'
ports:
- 4005:4005
container_name: oc-discovery_1
networks:
discovery:
ipv4_address: 172.40.0.5
oc:
oc-discovery_2:
image: '${REGISTRY:-opencloudregistry/}oc-discovery_2:latest'
ports:
- 4002:4002
container_name: oc-discovery_2
networks:
discovery:
ipv4_address: 172.40.0.2
oc:
oc-discovery_3:
image: '${REGISTRY:-opencloudregistry/}oc-discovery_3:latest'
ports:
- 4003:4003
container_name: oc-discovery_3
networks:
discovery:
ipv4_address: 172.40.0.3
oc:
oc-schedulerd:
image: '${REGISTRY:-opencloudregistry/}oc-schedulerd:latest'
ports:
- 9006:8080
environment:
- OC_MONGO_DATABASE=DC_myDC
- OC_KUBE_CA=${KUBE_CA:-}
- OC_KUBE_CERT=${KUBE_CERT:-}
- OC_KUBE_DATA=${KUBE_DATA:-}
container_name: oc-schedulerd
networks:
- oc
oc-front:
image: '${REGISTRY:-opencloudregistry/}oc-front:latest'
container_name: oc-front
ports:
- 8001:80
networks:
- oc
labels:
- "traefik.stack=peer1"
- "traefik.enable=true"
- "traefik.http.routers.front.entrypoints=web"
- "traefik.http.routers.front.rule=PathPrefix(`/`)"
- "traefik.http.services.front.loadbalancer.server.port=80"
- "traefik.http.middlewares.front-stripprefix.stripprefix.prefixes=/"
- "traefik.http.routers.front.middlewares=front-stripprefix"
oc-static:
image: '${REGISTRY:-opencloudregistry/}oc-static:latest'
ports:
- 8098:80
labels:
- "traefik.stack=peer1"
- "traefik.enable=true"
- "traefik.http.routers.static.entrypoints=web"
- "traefik.http.routers.static.rule=PathPrefix(`/static`)"
- "traefik.http.routers.static.middlewares=static-stripprefix"
- "traefik.http.middlewares.static-stripprefix.stripprefix.prefixes=/static"
- "traefik.http.services.static.loadbalancer.server.port=80"
container_name: oc-static
networks:
- oc
volumes:
oc-data:
networks:
oc:
external: true
discovery:
external: true
Reference in New Issue View Git Blame Copy Permalink