-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathcompose.yaml
178 lines (171 loc) · 4.75 KB
/
compose.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
version: '3'
services:
db:
image: postgres:15.3-alpine
ports:
- 5432:5432
environment:
- POSTGRES_USER=admin
- POSTGRES_PASSWORD=password
- POSTGRES_DB=dbildungs-iam-server
keycloak:
image: ghcr.io/dbildungsplattform/dbildungs-iam-keycloak:latest
environment:
- KEYCLOAK_ADMIN=admin
- KEYCLOAK_ADMIN_PASSWORD=admin
- PI_ADMIN_USER=admin
- PI_ADMIN_PASSWORD=admin
- PI_REALM=defrealm
- PI_BASE_URL=http://privacy-idea:8080
- STATUS_REDIRECT_URL=https://status.dev.spsh.dbildungsplattform.de/
entrypoint: '/opt/keycloak/bin/kc.sh start-dev'
command:
# Internal DB but still persisted in container
- '--db=dev-file'
# No caching
- '--cache=local'
# We have no way of checking for the health probe so we might just as well turn it off
- '--health-enabled=false'
# Import SPSH-Realm
- '--import-realm'
ports:
- 8080:8080
- 8443:8443
volumes:
- ./config/dev-realm-spsh.json:/opt/keycloak/data/import/realm.json
redis:
image: redis:7.2.2
healthcheck:
test: ['CMD', 'redis-cli', '--raw', 'incr', 'ping']
ports:
- 6379:6379
command: redis-server --requirepass password
backend:
profiles:
- full-backend
image: ghcr.io/dbildungsplattform/dbildungs-iam-server
build:
context: .
depends_on:
keycloak:
condition: service_started
db:
condition: service_started
redis:
condition: service_healthy
environment:
NODE_ENV: dev
DEPLOY_STAGE: dev
network_mode: host
volumes:
- source: 'config'
target: '/app/config'
type: bind
db-init:
profiles:
- db-init
image: ghcr.io/dbildungsplattform/dbildungs-iam-server
build:
context: .
depends_on:
- db
environment:
NODE_ENV: dev
DEPLOY_STAGE: dev
command: ['node', 'dist/src/console/main.js', 'db', 'init']
volumes:
- source: 'config'
target: '/app/config'
type: bind
openldap:
image: osixia/openldap:1.5.0
container_name: openldap
command: --copy-service --loglevel debug
ports:
- 389:389
- 636:636
volumes:
- ./config/ldif:/container/service/slapd/assets/config/bootstrap/ldif/custom
environment:
- LDAP_ORGANISATION=schule-sh-de
- LDAP_DOMAIN=schule-sh.de
- LDAP_BASE_DN=dc=schule-sh,dc=de
- LDAP_ADMIN_PASSWORD=admin
- LDAP_CONFIG_PASSWORD=config
- LDAP_RFC2307BIS_SCHEMA=true
- LDAP_REMOVE_CONFIG_AFTER_SETUP=true
- LDAP_TLS_VERIFY_CLIENT=never
openldap-admin:
image: osixia/phpldapadmin:0.9.0
container_name: ldap-admin
restart: 'no'
environment:
PHPLDAPADMIN_LDAP_HOSTS: openldap
PHPLDAPADMIN_HTTPS: 'false'
depends_on:
- openldap
ports:
- 9007:80
- 4443:443
privacy-idea:
image: khalibre/privacyidea:latest
container_name: privacy-idea
ports:
- 5000:8080
environment:
- PI_ADMIN_USER=admin
- PI_ADMIN_PASSWORD=admin
- PI_DB_TYPE=mysql
- PI_DB_HOST=mariadb
- PI_DB_PORT=3306
- PI_DB_NAME=ducsxqm001
- PI_DB_USER=admin
- PI_DB_PASSWORD=password
- PI_DB_VENDOR=mysql
- PI_SUPERUSER_REALM="administrator,api"
- PI_PAGE_TITLE=Schulportal SH
- PI_SECRET_KEY=secret
- PI_PEPPER=pepper
- PI_LOGLEVEL=DEBUG
depends_on:
maria-db:
condition: service_healthy
volumes:
- ./privacyidea/encfile:/data/privacyidea/keys/encfile
- ./privacyidea/dummy_private.pem:/data/privacyidea/keys/private.pem
- ./privacyidea/dummy_public.pem:/data/privacyidea/keys/public.pem
maria-db:
image: mariadb:latest
container_name: mariadb
ports:
- 3306:3306
environment:
- MYSQL_ROOT_PASSWORD=password
- MYSQL_DATABASE=ducsxqm001
- MYSQL_USER=admin
- MYSQL_PASSWORD=password
healthcheck:
test: ['CMD', 'healthcheck.sh', '--connect', '--innodb_initialized']
start_period: 10s
interval: 10s
timeout: 5s
retries: 3
volumes:
- mariadb:/var/lib/mysql
- ./privacyidea/dump.sql:/docker-entrypoint-initdb.d/dump.sql
cron-service:
build: ./charts/dbildungs-iam-server/cron
environment:
- KC_CLIENT_ID=spsh-service
- KC_TOKEN_URL=http://keycloak:8080/realms/SPSH/protocol/openid-connect/token
- BACKEND_ENDPOINT_URL=http://host.docker.internal:9090/api/cron/kopers-lock
- HTTP_METHOD=PUT
- JWKS_FILE_PATH=/keys/jwks.json
volumes:
- ./charts/dbildungs-iam-server/cron/scripts:/scripts
- ./charts/dbildungs-iam-server/cron/keys/dummy_jwks.json:/keys/jwks.json:ro
depends_on:
- keycloak
volumes:
db-data:
mariadb: