-
Notifications
You must be signed in to change notification settings - Fork 20
/
Copy pathdocker-compose-sso.yaml
121 lines (113 loc) · 3.27 KB
/
docker-compose-sso.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
services:
inventory-api:
environment:
INVENTORY_API_CONFIG: /inventory-api-compose.yaml
# - "INVENTORY_API_STORAGE_DBNAME=postgres"
# - "INVENTORY_API_STORAGE_POSTGRES_DBNAME=database"
# - "INVENTORY_API_STORAGE_POSTGRES_USER=${POSTGRES_USER}"
# - "INVENTORY_API_STORAGE_POSTGRES_PASSWORD=${POSTGRES_PASSWORD}"
build:
dockerfile: Dockerfile
volumes:
- ./sso-inventory-api.yaml:/inventory-api-compose.yaml:ro,z
- ./config/psks.yaml:/psks.yaml:ro,z
command: ["serve"]
restart: "always"
ports:
- "8081:8081"
- "9081:9081"
depends_on:
- keycloak
invmigrate:
environment:
INVENTORY_API_CONFIG: /inventory-api-compose.yaml
build:
dockerfile: Dockerfile
volumes:
- ./sso-inventory-api.yaml:/inventory-api-compose.yaml:ro,z
command: ["migrate"]
restart: "on-failure"
depends_on:
- invdatabase
invdatabase:
image: "postgres"
command: ["-p", "5433","-c", "track_commit_timestamp=on"]
hostname: invdatabase
expose:
- "5433"
ports:
- "5433:5433"
environment:
- "POSTGRES_PASSWORD=${POSTGRES_PASSWORD}"
- "POSTGRES_DB=${POSTGRES_DBNAME}"
- "PGPORT=5433"
relations-api:
image: "quay.io/cloudservices/kessel-relations:latest"
hostname: relations-api
environment:
- "SPICEDB_PRESHARED=${SPICEDB_GRPC_PRESHARED_KEY}"
# - "SPICEDB_PRESHARED_FILE=/run/secrets/spicedb_pre_shared"
- "SPICEDB_ENDPOINT=spicedb:50051"
secrets:
- spicedb_pre_shared
restart: "always"
ports:
- "8000:8000"
- "9000:9000"
depends_on:
- spicedb
spicedb:
image: "authzed/spicedb"
command: "serve"
restart: "always"
hostname: spicedb
volumes:
- ./deploy/schema.yaml:/schema.yaml:ro,z
secrets:
- spicedb_pre_shared
ports:
- "8080:8080"
- "9090:9090"
- "50051:50051"
environment:
- "SPICEDB_GRPC_PRESHARED_KEY=${SPICEDB_GRPC_PRESHARED_KEY}"
- "SPICEDB_DATASTORE_ENGINE=postgres"
- "SPICEDB_DATASTORE_BOOTSTRAP_FILES=/schema.yaml"
- "SPICEDB_DATASTORE_CONN_URI=postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@database:5432/spicedb?sslmode=disable"
migrate:
image: "authzed/spicedb"
command: "datastore migrate head"
restart: "on-failure"
secrets:
- spicedb_pre_shared
environment:
- "SPICEDB_DATASTORE_ENGINE=postgres"
- "SPICEDB_DATASTORE_CONN_URI=postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@database:5432/spicedb?sslmode=disable"
depends_on:
- database
keycloak:
image: "quay.io/keycloak/keycloak:latest"
command: "start-dev --http-port=8084 --import-realm"
restart: "on-failure"
environment:
- "KEYCLOAK_ADMIN=admin"
- "KEYCLOAK_ADMIN_PASSWORD=admin"
volumes:
- ./myrealm.json:/opt/keycloak/data/import/myrealm.json:rw,z
ports:
- 8084:8084
database:
image: "postgres"
command: -c track_commit_timestamp=on
hostname: database
ports:
- "5432:5432"
environment:
- "POSTGRES_PASSWORD=${POSTGRES_PASSWORD}"
- "POSTGRES_DB=${POSTGRES_DBNAME}"
configs:
spicedb_pre_shared:
environment: "SPICEDB_GRPC_PRESHARED_KEY"
secrets:
spicedb_pre_shared:
file: ./.secrets/local-spicedb-secret