moderate-platform-api/docker-compose-dev.yml at main · MODERATE-Project/moderate-platform-api · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
services:
  api:
    build: .
    restart: on-failure
    ports:
      - 8000:8000
    environment:
      LOG_LEVEL: DEBUG
      MODERATE_API_OPENID_CONFIG_URL: http://keycloak:8080/realms/moderate/.well-known/openid-configuration
      MODERATE_API_POSTGRES_URL: postgresql+asyncpg://${POSTGRES_USER}:${POSTGRES_PASSWORD}@postgres:5432/moderateapi
      MODERATE_API_S3__ACCESS_KEY: ${MODERATE_API_S3__ACCESS_KEY}
      MODERATE_API_S3__SECRET_KEY: ${MODERATE_API_S3__SECRET_KEY}
      MODERATE_API_S3__ENDPOINT_URL: ${MODERATE_API_S3__ENDPOINT_URL}
      MODERATE_API_S3__REGION: ${MODERATE_API_S3__REGION}
      MODERATE_API_S3__BUCKET: ${MODERATE_API_S3__BUCKET}
      MODERATE_API_TRUST_SERVICE__ENDPOINT_URL: ${MODERATE_API_TRUST_SERVICE__ENDPOINT_URL}
      MODERATE_API_OPEN_METADATA_SERVICE__ENDPOINT_URL: ${MODERATE_API_OPEN_METADATA_SERVICE__ENDPOINT_URL:-}
      MODERATE_API_OPEN_METADATA_SERVICE__BEARER_TOKEN: ${MODERATE_API_OPEN_METADATA_SERVICE__BEARER_TOKEN:-}
      MODERATE_API_RABBIT_ROUTER_URL: amqp://${RABBITMQ_DEFAULT_USER}:${RABBITMQ_DEFAULT_PASS}@rabbit:${DEV_RABBIT_PORT:-5672}/
      MODERATE_API_DIVA__ENABLED: ${MODERATE_API_DIVA__ENABLED:-false}
      MODERATE_API_DIVA__KAFKA_REST_URL: ${MODERATE_API_DIVA__KAFKA_REST_URL:-}
      MODERATE_API_DIVA__QUALITY_REPORTER_URL: ${MODERATE_API_DIVA__QUALITY_REPORTER_URL:-}
      MODERATE_API_DIVA__BASIC_AUTH_USER: ${MODERATE_API_DIVA__BASIC_AUTH_USER:-}
      MODERATE_API_DIVA__BASIC_AUTH_PASSWORD: ${MODERATE_API_DIVA__BASIC_AUTH_PASSWORD:-}
  apisix:
    image: apache/apisix:3.5.0-debian
    restart: on-failure
    ports:
      - 9080:9080
      - 9092:9092
    volumes:
      - type: bind
        source: ./apisix-dev-apisix.yaml
        target: /usr/local/apisix/conf/apisix.yaml
      - type: bind
        source: ./apisix-dev-config.yaml
        target: /usr/local/apisix/conf/config.yaml
    depends_on:
      - keycloak
    extra_hosts:
      # For portability with Linux
      - host.docker.internal:host-gateway
  keycloak:
    image: quay.io/keycloak/keycloak:22.0
    restart: on-failure
    ports:
      - ${DEV_KEYCLOAK_PORT:-8080}:8080
    command: [start-dev]
    environment:
      # Bootstrap admin user
      KEYCLOAK_ADMIN: ${KEYCLOAK_ADMIN_USER}
      KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD}
      # Configuration reference:
      # https://github.com/keycloak/keycloak/tree/22.0.0/quarkus/config-api/src/main/java/org/keycloak/config
      # Logging
      KC_LOG_CONSOLE_COLOR: true
      KC_LOG_LEVEL: info
      # Database
      KC_DB: postgres
      KC_DB_USERNAME: ${POSTGRES_USER}
      KC_DB_PASSWORD: ${POSTGRES_PASSWORD}
      KC_DB_URL_PORT: 5432
      KC_DB_URL_DATABASE: ${KEYCLOAK_POSTGRES_DBNAME}
      KC_DB_URL_HOST: postgres
      # HTTP
      KC_HTTP_ENABLED: true
      KC_HTTP_PORT: 8080
      # Hostname
      KC_HOSTNAME_STRICT: false
      KC_HOSTNAME_STRICT_HTTPS: false
      KC_HOSTNAME_STRICT_BACKCHANNEL: false
      # It is crucial to set the frontend URL for Keycloak to avoid errors
      # when the token introspection endpoint is called using a different
      # hostname from the one originally used to issue the token
      # https://stackoverflow.com/a/62310113
      KC_HOSTNAME_URL: ${KC_HOSTNAME_URL:-http://localhost:${DEV_KEYCLOAK_PORT:-8080}}
    depends_on:
      postgres:
        condition: service_healthy
  postgres:
    image: postgres:14
    restart: on-failure
    ports:
      - ${DEV_POSTGRES_PORT:-5432}:5432
    environment:
      POSTGRES_DB: ${KEYCLOAK_POSTGRES_DBNAME}
      POSTGRES_USER: ${POSTGRES_USER}
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
    volumes:
      - postgres_data:/var/lib/postgresql/data
      - ./createdb.sh:/docker-entrypoint-initdb.d/01.sh
    healthcheck:
      test: [CMD-SHELL, pg_isready -U postgres]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 40s
  keycloak_init:
    image: agmangas/moderate-cli:0.6.0
    restart: on-failure
    command:
      - /bin/bash
      - -c
      - |
        set -xe
        moderatecli create-keycloak-realm
        moderatecli create-apisix-client
        moderatecli create-ui-client
    environment:
      KEYCLOAK_URL: http://keycloak:8080
      KEYCLOAK_ADMIN_USER: ${KEYCLOAK_ADMIN_USER}
      KEYCLOAK_ADMIN_PASS: ${KEYCLOAK_ADMIN_PASSWORD}
      MODERATE_REALM: moderate
      APISIX_CLIENT_ID: apisix
      APISIX_CLIENT_SECRET: apisix
      APISIX_CLIENT_RESOURCE_MODERATE_API: moderateapi
      UI_CLIENT_ID: ui
      UI_WEB_ORIGINS: "*"
      UI_REDIRECT_URIS: "*"
    depends_on:
      - keycloak
  # A Docker networking update likely caused Keycloak to require HTTPS when
  # accessing from localhost while "Require SSL" was set to "External". This
  # container disables SSL requirements for all realms to work around this issue.
  keycloak_ssl_disable:
    image: quay.io/keycloak/keycloak:22.0
    restart: on-failure
    entrypoint: []
    command:
      - /bin/bash
      - -c
      - |
        set -xe
        /opt/keycloak/bin/kcadm.sh config credentials \
          --server http://keycloak:8080 \
          --realm master \
          --user ${KEYCLOAK_ADMIN_USER} \
          --password ${KEYCLOAK_ADMIN_PASSWORD}
        if ! /opt/keycloak/bin/kcadm.sh get realms/moderate > /dev/null 2>&1; then
          echo "Error: moderate realm does not exist"
          exit 1
        fi
        /opt/keycloak/bin/kcadm.sh update realms/moderate -s sslRequired=NONE
        /opt/keycloak/bin/kcadm.sh update realms/master -s sslRequired=NONE
    environment:
      KEYCLOAK_ADMIN_USER: ${KEYCLOAK_ADMIN_USER}
      KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD}
    depends_on:
      - keycloak_init
  minio:
    image: minio/minio:RELEASE.2023-11-15T20-43-25Z
    command: server /data --console-address ":9001"
    restart: on-failure
    ports:
      - 9000:9000
      - 9001:9001
    environment:
      MINIO_ROOT_USER: ${MINIO_ROOT_USER}
      MINIO_ROOT_PASSWORD: ${MINIO_ROOT_PASSWORD}
      MINIO_SERVER_URL: http://minio:9000
      MINIO_REGION: ${MINIO_REGION}
    volumes:
      - minio_data:/data
    healthcheck:
      test: [CMD, mc, ready, local]
      interval: 10s
      timeout: 10s
      retries: 3
  minio_setup:
    image: debian:bullseye
    command:
      - /bin/bash
      - /opt/minio-setup.sh
    restart: on-failure
    environment:
      MINIO_USER: ${MINIO_ROOT_USER}
      MINIO_PASS: ${MINIO_ROOT_PASSWORD}
      BUCKET_NAME: ${MINIO_BUCKET_NAME}
      MINIO_URL: http://minio:9000
    volumes:
      - type: bind
        source: ./minio-setup.sh
        target: /opt/minio-setup.sh
    depends_on:
      minio:
        condition: service_healthy
  rabbit:
    image: rabbitmq:4-management
    restart: on-failure
    ports:
      - ${DEV_RABBIT_PORT:-5672}:5672
      - ${DEV_RABBIT_MANAGEMENT_PORT:-15672}:15672
    environment:
      RABBITMQ_DEFAULT_USER: ${RABBITMQ_DEFAULT_USER}
      RABBITMQ_DEFAULT_PASS: ${RABBITMQ_DEFAULT_PASS}
    healthcheck:
      test: rabbitmq-diagnostics -q ping
      interval: 10s
      timeout: 10s
      retries: 3
volumes:
  postgres_data: {}
  minio_data: {}