-
Notifications
You must be signed in to change notification settings - Fork 17
Expand file tree
/
Copy pathdocker-compose.yml
More file actions
111 lines (103 loc) · 2.93 KB
/
docker-compose.yml
File metadata and controls
111 lines (103 loc) · 2.93 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
# Copyright IBM Corp. 2022, 2024
# SPDX-License-Identifier: MPL-2.0
version: "3.9"
services:
app:
build: .
environment:
VAULT_ADDRESS: http://vault-server:8200
VAULT_APPROLE_ROLE_ID: demo-web-app
VAULT_APPROLE_SECRET_ID_FILE: /tmp/secret
VAULT_DATABASE_CREDENTIALS_PATH: creds/dev-readonly
VAULT_KV2_MOUNT: kv-v2
VAULT_API_KEY_PATH: api-key
VAULT_API_KEY_FIELD: api-key-field
DATABASE_URL: jdbc:postgresql://database:5432/postgres
DATABASE_PLATFORM: postgres
SECURE_SERVICE_ADDRESS: http://secure-service/api
volumes:
- type: volume
source: trusted-orchestrator-volume
target: /tmp
ports:
- "8080:8080"
depends_on:
vault-server:
condition: service_healthy
trusted-orchestrator:
condition: service_healthy
database:
condition: service_healthy
secure-service:
condition: service_healthy
vault-server:
build: ./setup/vault-server/
cap_add:
- IPC_LOCK
environment:
VAULT_DEV_ROOT_TOKEN_ID: root
APPROLE_ROLE_ID: demo-web-app
ORCHESTRATOR_TOKEN: insecure-token
DATABASE_HOSTNAME: database
DATABASE_PORT: 5432
API_KEY_PATH: kv-v2/api-key
API_KEY_FIELD: api-key-field
ports:
- "8200:8200"
depends_on:
database:
condition: service_healthy
trusted-orchestrator:
build: ./setup/trusted-orchestrator
environment:
VAULT_ADDRESS: http://vault-server:8200
ORCHESTRATOR_TOKEN: insecure-token
volumes:
- type: volume
source: trusted-orchestrator-volume
target: /tmp
depends_on:
vault-server:
condition: service_healthy
database:
image: postgres:14.0
environment:
POSTGRES_PASSWORD: rootpassword
volumes:
- type: bind
source: ./setup/database/
target: /docker-entrypoint-initdb.d/
ports:
- "5432:5432"
healthcheck:
test: [ "CMD", "/usr/bin/pg_isready" ]
start_period: 1s
interval: 1s
timeout: 1s
retries: 30
# a simulated 3rd party service that requires a specific header to get a 200 response
secure-service:
image: nginx:latest
environment:
EXPECTED_API_KEY: my-secret-key # sets the expected value for incoming requests' header X-API-KEY
volumes:
- type: bind
source: ./setup/secure-service/default.conf.template
target: /etc/nginx/templates/default.conf.template
ports:
- "1717:80"
healthcheck:
test: curl --fail -s http://localhost/healthcheck || exit 1
start_period: 1s
interval: 1s
timeout: 1s
retries: 30
# a dummy service which blocks "docker compose up -d" from returning until all services are up & healthy
healthy:
image: alpine:latest
command: [ "echo", "all services are up & healthy" ]
depends_on:
app:
condition: service_healthy
volumes:
trusted-orchestrator-volume: