rode-dev-env/docker-compose.yaml at main · rode/rode-dev-env · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
version: '3'
services:
  opa:
    image: openpolicyagent/opa:${OPA_VERSION:-0.24.0}-debug
    command: run --server
    ports:
      - 8181:8181
    healthcheck:
      test: ["CMD", "wget", "-O-", "http://localhost:8181/health"]
      interval: 10s
      timeout: 30s
      retries: 3
  elasticsearch:
    image: docker.elastic.co/elasticsearch/elasticsearch:${ELASTICSEARCH_VERSION:-7.10.0}
    ports:
      - 9200:9200
    environment:
      'discovery.type': "single-node"
      ES_JAVA_OPTS: "-Xms512m -Xmx512m"
    healthcheck:
      test: ["CMD", "curl", "http://localhost:9200/_cluster/health"]
      interval: 10s
      timeout: 1m
      retries: 3
  grafeas:
    image: ghcr.io/rode/grafeas-elasticsearch:${GRAFEAS_VERSION:-latest}
    command: "--config /etc/grafeas/config.yaml"
    volumes:
      - ./grafeas/config.yaml:/etc/grafeas/config.yaml:ro
    ports:
      - 8080:8080
    depends_on:
      elasticsearch:
        condition: service_healthy
    healthcheck:
      test: ["CMD", "wget", "-O-", "http://localhost:8080/v1beta1/projects"] # no dedicated health endpoint
      interval: 10s
      timeout: 30s
      start_period: 15s
      retries: 3
  oidc-provider:
    image: ghcr.io/rode/rode-dev-env/oidc-provider:latest
    init: true
    ports:
      - 3000:3000
    healthcheck:
      test: ["CMD", "wget", "-O-", "http://localhost:3000/.well-known/openid-configuration"]
      interval: 10s
      timeout: 1m
      retries: 3
    environment:
      ISSUER_URL: ${ISSUER_URL:-http://oidc-provider:3000}
  rode: &rode
    image: ghcr.io/rode/rode:${RODE_VERSION:-latest}
    environment: &rodeEnv
      GRAFEAS_HOST: "grafeas:8080"
      ELASTICSEARCH_HOST: "http://elasticsearch:9200"
      OPA_HOST: "http://opa:8181"
    depends_on: &rodeDeps
      grafeas:
        condition: service_healthy
      elasticsearch:
        condition: service_healthy
      opa:
        condition: service_healthy
    ports:
      - 50051:50051
    healthcheck:
      test: ["CMD", "/grpc_health_probe", "-addr=:50051"]
      interval: 10s
      timeout: 30s
      retries: 3
      start_period: 15s
  rode-with-auth:
    <<: *rode
    environment:
      <<: *rodeEnv
      OIDC_ISSUER: ${ISSUER_URL:-http://oidc-provider:3000}
      OIDC_REQUIRED_AUDIENCE: "rode"
      OIDC_TLS_INSECURE_SKIP_VERIFY: "true"
    depends_on:
      <<: *rodeDeps
      oidc-provider:
        condition: service_healthy
networks:
  default:
    name: rode