################################################################################ # Copyright 2023 highstreet technologies GmbH # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # no more versions needed! Compose spec supports all features w/o a version services: gateway: image: ${TRAEFIK_IMAGE} container_name: gateway hostname: gateway healthcheck: test: - CMD - traefik - healthcheck - --ping interval: 10s timeout: 5s retries: 3 restart: always ports: - 80:80 - 443:443 - 4334:4334 - 4335:4335 command: - --serverstransport.insecureskipverify=true - --log.level=${TRAEFIK_LOG_LEVEL} - --global.sendanonymoususage=false - --global.checkNewVersion=false - --api.insecure=true - --api.dashboard=true - --api.debug=true - --ping - --accesslog=false - --entrypoints.web.address=:80 - --entrypoints.web.http.redirections.entrypoint.to=websecure - --entrypoints.web.http.redirections.entrypoint.scheme=https - --entrypoints.websecure.address=:443 - --entrypoints.websecure.http.tls.domains[0].main=gateway.${HTTP_DOMAIN} - --entrypoints.websecure.http.tls.domains[0].sans=*.${HTTP_DOMAIN} - --entrypoints.ssh-netconf-callhome.address=:4334 - --entrypoints.tls-netconf-callhome.address=:4335 - --providers.docker.endpoint=unix:///var/run/docker.sock - --providers.docker.network=${TRAEFIK_NETWORK_NAME} - --providers.docker.exposedByDefault=false - --providers.docker.watch=true - --providers.file.filename=/middleware.yaml volumes: - /var/run/docker.sock:/var/run/docker.sock:ro - ./gateway/conf/middleware.yaml:/middleware.yaml:ro - ./gateway/conf/.htpasswd:/.htpasswd:ro labels: traefik.enable: true traefik.http.middlewares.traefik-auth.basicauth.usersfile: .htpasswd traefik.http.routers.gateway.rule: Host(`gateway.${HTTP_DOMAIN}`) traefik.http.routers.gateway.entrypoints: websecure traefik.http.routers.gateway.service: api@internal traefik.http.routers.gateway.middlewares: strip traefik.http.middlewares.strip.stripprefix.prefixes: /traefik traefik.http.routers.gateway.tls: true traefik.http.services.gateway.loadbalancer.server.port: 8080 networks: dmz: dcn: identitydb: image: ${IDENTITYDB_IMAGE} container_name: identitydb hostname: identitydb environment: - ALLOW_EMPTY_PASSWORD=no - POSTGRESQL_USERNAME=keycloak - POSTGRESQL_DATABASE=keycloak - POSTGRESQL_PASSWORD=keycloak identity: image: ${IDENTITY_IMAGE} container_name: identity hostname: identity environment: - KEYCLOAK_CREATE_ADMIN_USER=true - KEYCLOAK_ADMIN_USER=${ADMIN_USERNAME} - KEYCLOAK_ADMIN_PASSWORD=${ADMIN_PASSWORD} - KEYCLOAK_MANAGEMENT_USER=${IDENTITY_MGMT_USERNAME} - KEYCLOAK_MANAGEMENT_PASSWORD=${IDENTITY_MGMT_PASSWORD} - KEYCLOAK_DATABASE_HOST=identitydb - KEYCLOAK_DATABASE_NAME=keycloak - KEYCLOAK_DATABASE_USER=keycloak - KEYCLOAK_DATABASE_PASSWORD=keycloak - KEYCLOAK_JDBC_PARAMS=sslmode=disable&connectTimeout=30000 - KEYCLOAK_PRODUCTION=false - KEYCLOAK_ENABLE_TLS=true - KEYCLOAK_TLS_KEYSTORE_FILE=/opt/bitnami/keycloak/certs/keystore.jks - KEYCLOAK_TLS_TRUSTSTORE_FILE=/opt/bitnami/keycloak/certs/truststore.jks - KEYCLOAK_TLS_KEYSTORE_PASSWORD=password - KEYCLOAK_TLS_TRUSTSTORE_PASSWORD=changeit restart: unless-stopped volumes: - /etc/localtime:/etc/localtime:ro - ./identity/standalone.xml:/opt/jboss/keycloak/standalone/configuration/standalone.xml - ./identity/keystore.jks:/opt/bitnami/keycloak/certs/keystore.jks - ./identity/truststoreONAPall.jks:/opt/bitnami/keycloak/certs/truststore.jks labels: traefik.enable: true traefik.http.routers.identity.entrypoints: websecure traefik.http.routers.identity.rule: Host(`identity.${HTTP_DOMAIN}`) traefik.http.routers.identity.tls: true traefik.http.services.identity.loadbalancer.server.port: 8080 depends_on: identitydb: condition: service_started gateway: condition: service_healthy networks: dmz: default: persistence: image: ${PERSISTENCE_IMAGE} container_name: persistence environment: - discovery.type=single-node zookeeper: image: ${ZOOKEEPER_IMAGE} container_name: zookeeper environment: ZOOKEEPER_REPLICAS: 1 ZOOKEEPER_TICK_TIME: 2000 ZOOKEEPER_SYNC_LIMIT: 5 ZOOKEEPER_INIT_LIMIT: 10 ZOOKEEPER_MAX_CLIENT_CNXNS: 200 ZOOKEEPER_AUTOPURGE_SNAP_RETAIN_COUNT: 3 ZOOKEEPER_AUTOPURGE_PURGE_INTERVAL: 24 ZOOKEEPER_CLIENT_PORT: 2181 KAFKA_OPTS: -Djava.security.auth.login.config=/etc/zookeeper/secrets/jaas/zk_server_jaas.conf -Dzookeeper.kerberos.removeHostFromPrincipal=true -Dzookeeper.kerberos.removeRealmFromPrincipal=true -Dzookeeper.authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider -Dzookeeper.requireClientAuthScheme=sasl ZOOKEEPER_SERVER_ID: volumes: - ./zookeeper/zk_server_jaas.conf:/etc/zookeeper/secrets/jaas/zk_server_jaas.conf kafka: image: ${KAFKA_IMAGE} container_name: kafka environment: enableCadi: 'false' KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181 KAFKA_ZOOKEEPER_CONNECTION_TIMEOUT_MS: 40000 KAFKA_ZOOKEEPER_SESSION_TIMEOUT_MS: 40000 KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: INTERNAL_PLAINTEXT:PLAINTEXT,EXTERNAL_PLAINTEXT:PLAINTEXT KAFKA_ADVERTISED_LISTENERS: INTERNAL_PLAINTEXT://kafka:9092 KAFKA_LISTENERS: INTERNAL_PLAINTEXT://0.0.0.0:9092 KAFKA_INTER_BROKER_LISTENER_NAME: INTERNAL_PLAINTEXT KAFKA_CONFLUENT_SUPPORT_METRICS_ENABLE: 'false' KAFKA_OPTS: -Djava.security.auth.login.config=/etc/kafka/secrets/jaas/zk_client_jaas.conf KAFKA_ZOOKEEPER_SET_ACL: 'true' KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 1 # Reduced the number of partitions only to avoid the timeout error for the first subscribe call in slow environment KAFKA_OFFSETS_TOPIC_NUM_PARTITIONS: 1 volumes: - ./kafka/zk_client_jaas.conf:/etc/kafka/secrets/jaas/zk_client_jaas.conf depends_on: zookeeper: condition: service_started kafka-bridge: image: ${KAFKA_BRIDGE_IMAGE} container_name: kafka-bridge hostname: kafka-bridge entrypoint: /opt/strimzi/bin/kafka_bridge_run.sh command: --config-file=config/application.properties healthcheck: test: curl http://localhost:8080/healthy || exit 1 interval: 5s timeout: 5s retries: 5 labels: traefik.enable: true traefik.http.routers.kafka-bridge.entrypoints: websecure traefik.http.routers.kafka-bridge.rule: Host(`kafka-bridge.${HTTP_DOMAIN}`) traefik.http.routers.kafka-bridge.tls: true traefik.http.services.kafka-bridge.loadbalancer.server.port: 8080 volumes: - ./kafka-bridge:/opt/strimzi/config depends_on: kafka: condition: service_started gateway: condition: service_healthy networks: dmz: default: topology: image: "${O_RAN_SC_TOPOLOGY_IMAGE}" container_name: topology hostname: topology healthcheck: test: curl -u ${ADMIN_USERNAME}:${ADMIN_USERNAME} http://localhost:8181 || exit 1 start_period: 30s interval: 10s timeout: 5s retries: 5 volumes: - ./topology/tapi-common-operational.json:/opt/dev/deploy/data/tapi-common-operational.json - ./topology/tapi-common-running.json:/opt/dev/deploy/data/tapi-common-running.json labels: traefik.enable: true traefik.http.routers.topology.entrypoints: websecure traefik.http.routers.topology.rule: Host(`topology.${HTTP_DOMAIN}`) traefik.http.routers.topology.tls: true traefik.http.services.topology.loadbalancer.server.port: 8181 networks: dmz: default: messages: image: ${DMAAP_IMAGE} container_name: messages hostname: messages environment: enableCadi: 'false' volumes: - ./messages/MsgRtrApi.properties:/appl/dmaapMR1/bundleconfig/etc/appprops/MsgRtrApi.properties - ./messages/logback.xml:/appl/dmaapMR1/bundleconfig/etc/logback.xml - ./messages/cadi.properties:/appl/dmaapMR1/etc/cadi.properties labels: traefik.enable: true traefik.http.routers.messages.entrypoints: websecure traefik.http.routers.messages.rule: Host(`messages.${HTTP_DOMAIN}`) traefik.http.routers.messages.tls: true traefik.http.services.messages.loadbalancer.server.port: 3904 depends_on: kafka: condition: service_started gateway: condition: service_healthy networks: dmz: default: networks: dmz: name: dmz driver: bridge enable_ipv6: false default: name: smo driver: bridge enable_ipv6: false dcn: driver: bridge name: dcn enable_ipv6: true ipam: driver: default config: - subnet: ${NETWORK_SUBNET_DCN_IPv6}