docker-proj/docker-compose-security.yaml

   1 #  ============LICENSE_START===============================================
   2 #  Copyright (C) 2023 Nordix Foundation. All rights reserved.
   3 #  ========================================================================
   4 #  Licensed under the Apache License, Version 2.0 (the "License");
   5 #  you may not use this file except in compliance with the License.
   6 #  You may obtain a copy of the License at
   7 #
   8 #       http://www.apache.org/licenses/LICENSE-2.0
   9 #
  10 #  Unless required by applicable law or agreed to in writing, software
  11 #  distributed under the License is distributed on an "AS IS" BASIS,
  12 #  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13 #  See the License for the specific language governing permissions and
  14 #  limitations under the License.
  15 #  ============LICENSE_END=================================================
  16 #
  17
  18 version: '3.0'
  19 networks:
  20   default:
  21     external: true
  22     name: nonrtric-docker-net
  23
  24 services:
  25   bundle-server:
  26     image: ${BUNDLE_IMAGE}
  27     container_name: bundle-server
  28     ports:
  29       - 80:80
  30     volumes:
  31       - ./config/bundle-server/bundle.tar.gz:/usr/share/nginx/html/bundle.tar.gz
  32     labels:
  33       - "ranpm=yes"
  34
  35   opa-kafka:
  36     image: ${OPA_IMAGE}
  37     container_name: opa-kafka
  38     ports:
  39       - 8181:8181
  40     command:
  41       - "run"
  42       - "--server"
  43       - "--log-format=json-pretty"
  44       - "--set=decision_logs.console=true"
  45       - "--set=services.authz.url=http://bundle-server"
  46       - "--set=bundles.authz.service=authz"
  47       - "--set=bundles.authz.resource=bundle.tar.gz"
  48     depends_on:
  49       - bundle-server
  50     labels:
  51       - "ranpm=yes"
  52
  53   keycloak:
  54     image: ${KEYCLOAK_IMAGE}
  55     container_name: keycloak
  56     command:
  57       - "start"
  58       - "--https-key-store-file=/etc/x509/https/keycloak.server.keystore.p12"
  59       - "--https-key-store-password=$${KC_KEYSTORE_PASSWORD}"
  60       - "--https-key-store-type=PKCS12"
  61       - "--https-trust-store-file=/etc/x509/https/keycloak.client.truststore.p12"
  62       - "--https-trust-store-password=$${KC_KEYSTORE_PASSWORD}"
  63       - "--https-trust-store-type=PKCS12"
  64       - "--https-client-auth=request"
  65       - "--http-enabled=true"
  66     ports:
  67       - 8462:8080
  68       - 8463:8443
  69     environment:
  70       - KEYCLOAK_ADMIN=admin
  71       - KEYCLOAK_ADMIN_PASSWORD=admin
  72       - KC_KEYSTORE_PASSWORD=changeit
  73       - KC_HOSTNAME=keycloak
  74       - KC_HTTP_ENABLED=true
  75       - KC_HTTPS_CLIENT_AUTH=request
  76     volumes:
  77       - ./config/keycloak/certs/keycloak.client.truststore.p12:/etc/x509/https/keycloak.client.truststore.p12
  78       - ./config/keycloak/certs/keycloak.server.keystore.p12:/etc/x509/https/keycloak.server.keystore.p12
  79     labels:
  80       - "ranpm=yes"