X-Git-Url: https://gerrit.o-ran-sc.org/r/gitweb?a=blobdiff_plain;f=docker-proj%2Fdocker-compose-security.yaml;fp=docker-proj%2Fdocker-compose-security.yaml;h=845ecd743e019e85c379d68a764a766563949f8a;hb=6bf63a18d595d40ed169e79e681fc526a400aa40;hp=0000000000000000000000000000000000000000;hpb=76718ae51764d0a644565f967c4a8ce40f6be4af;p=nonrtric%2Fplt%2Franpm.git diff --git a/docker-proj/docker-compose-security.yaml b/docker-proj/docker-compose-security.yaml new file mode 100644 index 0000000..845ecd7 --- /dev/null +++ b/docker-proj/docker-compose-security.yaml @@ -0,0 +1,80 @@ +# ============LICENSE_START=============================================== +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# ======================================================================== +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END================================================= +# + +version: '3.0' +networks: + default: + external: true + name: nonrtric-docker-net + +services: + bundle-server: + image: ${BUNDLE_IMAGE} + container_name: bundle-server + ports: + - 80:80 + volumes: + - ./config/bundle-server/bundle.tar.gz:/usr/share/nginx/html/bundle.tar.gz + labels: + - "ranpm=yes" + + opa-kafka: + image: ${OPA_IMAGE} + container_name: opa-kafka + ports: + - 8181:8181 + command: + - "run" + - "--server" + - "--log-format=json-pretty" + - "--set=decision_logs.console=true" + - "--set=services.authz.url=http://bundle-server" + - "--set=bundles.authz.service=authz" + - "--set=bundles.authz.resource=bundle.tar.gz" + depends_on: + - bundle-server + labels: + - "ranpm=yes" + + keycloak: + image: ${KEYCLOAK_IMAGE} + container_name: keycloak + command: + - "start" + - "--https-key-store-file=/etc/x509/https/keycloak.server.keystore.p12" + - "--https-key-store-password=$${KC_KEYSTORE_PASSWORD}" + - "--https-key-store-type=PKCS12" + - "--https-trust-store-file=/etc/x509/https/keycloak.client.truststore.p12" + - "--https-trust-store-password=$${KC_KEYSTORE_PASSWORD}" + - "--https-trust-store-type=PKCS12" + - "--https-client-auth=request" + - "--http-enabled=true" + ports: + - 8462:8080 + - 8463:8443 + environment: + - KEYCLOAK_ADMIN=admin + - KEYCLOAK_ADMIN_PASSWORD=admin + - KC_KEYSTORE_PASSWORD=changeit + - KC_HOSTNAME=keycloak + - KC_HTTP_ENABLED=true + - KC_HTTPS_CLIENT_AUTH=request + volumes: + - ./config/keycloak/certs/keycloak.client.truststore.p12:/etc/x509/https/keycloak.client.truststore.p12 + - ./config/keycloak/certs/keycloak.server.keystore.p12:/etc/x509/https/keycloak.server.keystore.p12 + labels: + - "ranpm=yes"