1 # no more versions needed! Compose spec supports all features w/o a version
5 image: ${TRAEFIK_IMAGE}
6 container_name: gateway
22 - --serverstransport.insecureskipverify=true
23 - --log.level=${TRAEFIK_LOG_LEVEL}
24 - --global.sendanonymoususage=false
25 - --global.checkNewVersion=false
27 - --api.dashboard=true
31 - --entrypoints.web.address=:80
32 - --entrypoints.web.http.redirections.entrypoint.to=websecure
33 - --entrypoints.web.http.redirections.entrypoint.scheme=https
34 - --entrypoints.websecure.address=:443
35 - --entrypoints.websecure.http.tls.domains[0].main=gateway.${SOLUTION_DOMAIN}
36 - --entrypoints.websecure.http.tls.domains[0].sans=*.${SOLUTION_DOMAIN}
37 - --providers.docker.endpoint=unix:///var/run/docker.sock
38 - --providers.docker.network=${TRAEFIK_NETWORK_NAME}
39 - --providers.docker.exposedByDefault=false
40 - --providers.docker.watch=true
41 - --providers.file.filename=/middleware.yml
43 - /var/run/docker.sock:/var/run/docker.sock:ro
44 - ./gateway/conf/middleware.yml:/middleware.yml:ro
45 - ./gateway/conf/.htpasswd:/.htpasswd:ro
48 traefik.http.middlewares.traefik-auth.basicauth.usersfile: .htpasswd
49 traefik.http.routers.gateway.rule: Host(`gateway.${SOLUTION_DOMAIN}`)
50 traefik.http.routers.gateway.entrypoints: websecure
51 traefik.http.routers.gateway.service: api@internal
52 traefik.http.routers.gateway.middlewares: strip
53 traefik.http.middlewares.strip.stripprefix.prefixes: /traefik
54 traefik.http.routers.gateway.tls: true
55 traefik.http.services.gateway.loadbalancer.server.port: 8080
61 image: ${IDENTITYDB_IMAGE}
62 container_name: identitydb
65 - ALLOW_EMPTY_PASSWORD=no
66 - POSTGRESQL_USERNAME=keycloak
67 - POSTGRESQL_DATABASE=keycloak
68 - POSTGRESQL_PASSWORD=keycloak
71 image: ${IDENTITY_IMAGE}
72 container_name: identity
75 - KEYCLOAK_CREATE_ADMIN_USER=true
76 - KEYCLOAK_ADMIN_USER=${ADMIN_USERNAME}
77 - KEYCLOAK_ADMIN_PASSWORD=${ADMIN_PASSWORD}
78 - KEYCLOAK_MANAGEMENT_USER=${IDENTITY_MGMT_USERNAME}
79 - KEYCLOAK_MANAGEMENT_PASSWORD=${IDENTITY_MGMT_PASSWORD}
80 - KEYCLOAK_DATABASE_HOST=identitydb
81 - KEYCLOAK_DATABASE_NAME=keycloak
82 - KEYCLOAK_DATABASE_USER=keycloak
83 - KEYCLOAK_DATABASE_PASSWORD=keycloak
84 - KEYCLOAK_JDBC_PARAMS=sslmode=disable&connectTimeout=30000
85 - KEYCLOAK_PRODUCTION=false
86 - KEYCLOAK_ENABLE_TLS=true
87 - KEYCLOAK_TLS_KEYSTORE_FILE=/opt/bitnami/keycloak/certs/keystore.jks
88 - KEYCLOAK_TLS_TRUSTSTORE_FILE=/opt/bitnami/keycloak/certs/truststore.jks
89 - KEYCLOAK_TLS_KEYSTORE_PASSWORD=password
90 - KEYCLOAK_TLS_TRUSTSTORE_PASSWORD=changeit
91 restart: unless-stopped
93 - /etc/localtime:/etc/localtime:ro
94 - ./identity/standalone.xml:/opt/jboss/keycloak/standalone/configuration/standalone.xml
95 - ./identity/keystore.jks:/opt/bitnami/keycloak/certs/keystore.jks
96 - ./identity/truststoreONAPall.jks:/opt/bitnami/keycloak/certs/truststore.jks
99 traefik.http.routers.identity.entrypoints: websecure
100 traefik.http.routers.identity.rule: Host(`identity.${SOLUTION_DOMAIN}`)
101 traefik.http.routers.identity.tls: true
102 traefik.http.services.identity.loadbalancer.server.port: 8080
105 condition: service_started
107 condition: service_healthy
110 image: ${PERSISTENCE_IMAGE}
111 container_name: persistence
113 - discovery.type=single-node
116 image: ${ZOOKEEPER_IMAGE}
117 container_name: zookeeper
121 ZOOKEEPER_REPLICAS: 1
122 ZOOKEEPER_TICK_TIME: 2000
123 ZOOKEEPER_SYNC_LIMIT: 5
124 ZOOKEEPER_INIT_LIMIT: 10
125 ZOOKEEPER_MAX_CLIENT_CNXNS: 200
126 ZOOKEEPER_AUTOPURGE_SNAP_RETAIN_COUNT: 3
127 ZOOKEEPER_AUTOPURGE_PURGE_INTERVAL: 24
128 ZOOKEEPER_CLIENT_PORT: 2181
129 KAFKA_OPTS: -Djava.security.auth.login.config=/etc/zookeeper/secrets/jaas/zk_server_jaas.conf -Dzookeeper.kerberos.removeHostFromPrincipal=true -Dzookeeper.kerberos.removeRealmFromPrincipal=true -Dzookeeper.authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider -Dzookeeper.requireClientAuthScheme=sasl
132 - ./zookeeper/zk_server_jaas.conf:/etc/zookeeper/secrets/jaas/zk_server_jaas.conf
135 image: ${KAFKA_IMAGE}
136 container_name: kafka
139 KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181
140 KAFKA_ZOOKEEPER_CONNECTION_TIMEOUT_MS: 40000
141 KAFKA_ZOOKEEPER_SESSION_TIMEOUT_MS: 40000
142 KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: INTERNAL_PLAINTEXT:PLAINTEXT,EXTERNAL_PLAINTEXT:PLAINTEXT
143 KAFKA_ADVERTISED_LISTENERS: INTERNAL_PLAINTEXT://kafka:9092
144 KAFKA_LISTENERS: INTERNAL_PLAINTEXT://0.0.0.0:9092
145 KAFKA_INTER_BROKER_LISTENER_NAME: INTERNAL_PLAINTEXT
146 KAFKA_CONFLUENT_SUPPORT_METRICS_ENABLE: 'false'
147 KAFKA_OPTS: -Djava.security.auth.login.config=/etc/kafka/secrets/jaas/zk_client_jaas.conf
148 KAFKA_ZOOKEEPER_SET_ACL: 'true'
149 KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 1
150 # Reduced the number of partitions only to avoid the timeout error for the first subscribe call in slow environment
151 KAFKA_OFFSETS_TOPIC_NUM_PARTITIONS: 1
153 - ./kafka/zk_client_jaas.conf:/etc/kafka/secrets/jaas/zk_client_jaas.conf
156 condition: service_started
159 image: ${DMAAP_IMAGE}
160 container_name: messages
165 - ./messages/MsgRtrApi.properties:/appl/dmaapMR1/bundleconfig/etc/appprops/MsgRtrApi.properties
166 - ./messages/logback.xml:/appl/dmaapMR1/bundleconfig/etc/logback.xml
167 - ./messages/cadi.properties:/appl/dmaapMR1/etc/cadi.properties
170 traefik.http.routers.messages.entrypoints: websecure
171 traefik.http.routers.messages.rule: Host(`messages.${SOLUTION_DOMAIN}`)
172 traefik.http.routers.messages.tls: true
173 traefik.http.services.messages.loadbalancer.server.port: 3904
176 condition: service_started
178 condition: service_healthy
188 - subnet: ${TRAEFIK_SUBNET}
189 gateway: ${TRAEFIK_GATEWAY_IP}
190 - subnet: ${TRAEFIK_SUBNET_IPv6}
191 gateway: ${TRAEFIK_GATEWAY_IPv6}
193 name: ${TRAEFIK_NETWORK_NAME}