--- /dev/null
+# ============LICENSE_START===============================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# ========================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=================================================
+#
+
+version: '3.0'
+networks:
+ default:
+ external: true
+ name: nonrtric-docker-net
+
+services:
+ bundle-server:
+ image: ${BUNDLE_IMAGE}
+ container_name: bundle-server
+ ports:
+ - 80:80
+ volumes:
+ - ./config/bundle-server/bundle.tar.gz:/usr/share/nginx/html/bundle.tar.gz
+ labels:
+ - "ranpm=yes"
+
+ opa-kafka:
+ image: ${OPA_IMAGE}
+ container_name: opa-kafka
+ ports:
+ - 8181:8181
+ command:
+ - "run"
+ - "--server"
+ - "--log-format=json-pretty"
+ - "--set=decision_logs.console=true"
+ - "--set=services.authz.url=http://bundle-server"
+ - "--set=bundles.authz.service=authz"
+ - "--set=bundles.authz.resource=bundle.tar.gz"
+ depends_on:
+ - bundle-server
+ labels:
+ - "ranpm=yes"
+
+ keycloak:
+ image: ${KEYCLOAK_IMAGE}
+ container_name: keycloak
+ command:
+ - "start"
+ - "--https-key-store-file=/etc/x509/https/keycloak.server.keystore.p12"
+ - "--https-key-store-password=$${KC_KEYSTORE_PASSWORD}"
+ - "--https-key-store-type=PKCS12"
+ - "--https-trust-store-file=/etc/x509/https/keycloak.client.truststore.p12"
+ - "--https-trust-store-password=$${KC_KEYSTORE_PASSWORD}"
+ - "--https-trust-store-type=PKCS12"
+ - "--https-client-auth=request"
+ - "--http-enabled=true"
+ ports:
+ - 8462:8080
+ - 8463:8443
+ environment:
+ - KEYCLOAK_ADMIN=admin
+ - KEYCLOAK_ADMIN_PASSWORD=admin
+ - KC_KEYSTORE_PASSWORD=changeit
+ - KC_HOSTNAME=keycloak
+ - KC_HTTP_ENABLED=true
+ - KC_HTTPS_CLIENT_AUTH=request
+ volumes:
+ - ./config/keycloak/certs/keycloak.client.truststore.p12:/etc/x509/https/keycloak.client.truststore.p12
+ - ./config/keycloak/certs/keycloak.server.keystore.p12:/etc/x509/https/keycloak.server.keystore.p12
+ labels:
+ - "ranpm=yes"