docker-proj/docker-compose-security.yaml - oransc/nonrtric/plt/ranpm - Gitiles

 #  ============LICENSE_START===============================================
 #  Copyright (C) 2023 Nordix Foundation. All rights reserved.
 #  ========================================================================
 #  Licensed under the Apache License, Version 2.0 (the "License");
 #  you may not use this file except in compliance with the License.
 #  You may obtain a copy of the License at
 #
 #       http://www.apache.org/licenses/LICENSE-2.0
 #
 #  Unless required by applicable law or agreed to in writing, software
 #  distributed under the License is distributed on an "AS IS" BASIS,
 #  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 #  See the License for the specific language governing permissions and
 #  limitations under the License.
 #  ============LICENSE_END=================================================
 #

 version: '3.0'
 networks:
   default:
     external: true
     name: nonrtric-docker-net

 services:
   bundle-server:
     image: ${BUNDLE_IMAGE}
     container_name: bundle-server
     ports:
       - 80:80
     volumes:
       - ./config/bundle-server/bundle.tar.gz:/usr/share/nginx/html/bundle.tar.gz
     labels:
       - "ranpm=yes"

   opa-kafka:
     image: ${OPA_IMAGE}
     container_name: opa-kafka
     ports:
       - 8181:8181
     command:
       - "run"
       - "--server"
       - "--log-format=json-pretty"
       - "--set=decision_logs.console=true"
       - "--set=services.authz.url=http://bundle-server"
       - "--set=bundles.authz.service=authz"
       - "--set=bundles.authz.resource=bundle.tar.gz"
     depends_on:
       - bundle-server
     labels:
       - "ranpm=yes"

   keycloak:
     image: ${KEYCLOAK_IMAGE}
     container_name: keycloak
     command:
       - "start"
       - "--https-key-store-file=/etc/x509/https/keycloak.server.keystore.p12"
       - "--https-key-store-password=$${KC_KEYSTORE_PASSWORD}"
       - "--https-key-store-type=PKCS12"
       - "--https-trust-store-file=/etc/x509/https/keycloak.client.truststore.p12"
       - "--https-trust-store-password=$${KC_KEYSTORE_PASSWORD}"
       - "--https-trust-store-type=PKCS12"
       - "--https-client-auth=request"
       - "--http-enabled=true"
     ports:
       - 8462:8080
       - 8463:8443
     environment:
       - KEYCLOAK_ADMIN=admin
       - KEYCLOAK_ADMIN_PASSWORD=admin
       - KC_KEYSTORE_PASSWORD=changeit
       - KC_HOSTNAME=keycloak
       - KC_HTTP_ENABLED=true
       - KC_HTTPS_CLIENT_AUTH=request
     volumes:
       - ./config/keycloak/certs/keycloak.client.truststore.p12:/etc/x509/https/keycloak.client.truststore.p12
       - ./config/keycloak/certs/keycloak.server.keystore.p12:/etc/x509/https/keycloak.server.keystore.p12
     labels:
       - "ranpm=yes"
	# ============LICENSE_START===============================================
	# Copyright (C) 2023 Nordix Foundation. All rights reserved.
	# ========================================================================
	# Licensed under the Apache License, Version 2.0 (the "License");
	# you may not use this file except in compliance with the License.
	# You may obtain a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing, software
	# distributed under the License is distributed on an "AS IS" BASIS,
	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	# See the License for the specific language governing permissions and
	# limitations under the License.
	# ============LICENSE_END=================================================
	#

	version: '3.0'
	networks:
	default:
	external: true
	name: nonrtric-docker-net

	services:
	bundle-server:
	image: ${BUNDLE_IMAGE}
	container_name: bundle-server
	ports:
	- 80:80
	volumes:
	- ./config/bundle-server/bundle.tar.gz:/usr/share/nginx/html/bundle.tar.gz
	labels:
	- "ranpm=yes"

	opa-kafka:
	image: ${OPA_IMAGE}
	container_name: opa-kafka
	ports:
	- 8181:8181
	command:
	- "run"
	- "--server"
	- "--log-format=json-pretty"
	- "--set=decision_logs.console=true"
	- "--set=services.authz.url=http://bundle-server"
	- "--set=bundles.authz.service=authz"
	- "--set=bundles.authz.resource=bundle.tar.gz"
	depends_on:
	- bundle-server
	labels:
	- "ranpm=yes"

	keycloak:
	image: ${KEYCLOAK_IMAGE}
	container_name: keycloak
	command:
	- "start"
	- "--https-key-store-file=/etc/x509/https/keycloak.server.keystore.p12"
	- "--https-key-store-password=$${KC_KEYSTORE_PASSWORD}"
	- "--https-key-store-type=PKCS12"
	- "--https-trust-store-file=/etc/x509/https/keycloak.client.truststore.p12"
	- "--https-trust-store-password=$${KC_KEYSTORE_PASSWORD}"
	- "--https-trust-store-type=PKCS12"
	- "--https-client-auth=request"
	- "--http-enabled=true"
	ports:
	- 8462:8080
	- 8463:8443
	environment:
	- KEYCLOAK_ADMIN=admin
	- KEYCLOAK_ADMIN_PASSWORD=admin
	- KC_KEYSTORE_PASSWORD=changeit
	- KC_HOSTNAME=keycloak
	- KC_HTTP_ENABLED=true
	- KC_HTTPS_CLIENT_AUTH=request
	volumes:
	- ./config/keycloak/certs/keycloak.client.truststore.p12:/etc/x509/https/keycloak.client.truststore.p12
	- ./config/keycloak/certs/keycloak.server.keystore.p12:/etc/x509/https/keycloak.server.keystore.p12
	labels:
	- "ranpm=yes"