mirror of
https://github.com/akvorado/akvorado.git
synced 2025-12-11 22:14:02 +01:00
529a8f69be
This is used for demo, it makes sense to also do that for the other components. This helps test one of the component temporarily, for example during the e2e tests.
199 lines
6.7 KiB
YAML
199 lines
6.7 KiB
YAML
---
|
|
name: akvorado-dev
|
|
services:
|
|
mock-oauth2-server:
|
|
extends:
|
|
file: versions.yml
|
|
service: mock-oauth2-server
|
|
ports:
|
|
- 127.0.0.1:5556:8080/tcp
|
|
environment:
|
|
LOG_LEVEL: debug
|
|
|
|
kafka:
|
|
extends:
|
|
file: versions.yml
|
|
service: kafka
|
|
environment:
|
|
# KRaft settings
|
|
KAFKA_NODE_ID: 1
|
|
KAFKA_PROCESS_ROLES: controller,broker
|
|
KAFKA_CONTROLLER_QUORUM_VOTERS: 1@kafka:9096
|
|
KAFKA_GROUP_INITIAL_REBALANCE_DELAY_MS: 500
|
|
# We have two sets of listeners: INTERNAL that is used from inside the docker
|
|
# compose network and listens on "kafka" and EXTERNAL that is mapped to
|
|
# the host network and listens on "localhost".
|
|
#
|
|
# Then, in each set, we have a plain text one and an OAuth-enabled one.
|
|
KAFKA_LISTENERS: >-
|
|
INTERNAL://:9092,
|
|
OINTERNAL://:9093,
|
|
EXTERNAL://:9094,
|
|
OEXTERNAL://:9095,
|
|
CONTROLLER://:9096
|
|
KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: >-
|
|
INTERNAL:PLAINTEXT,
|
|
OINTERNAL:SASL_PLAINTEXT,
|
|
EXTERNAL:PLAINTEXT,
|
|
OEXTERNAL:SASL_PLAINTEXT,
|
|
CONTROLLER:PLAINTEXT
|
|
KAFKA_ADVERTISED_LISTENERS: >-
|
|
INTERNAL://kafka:9092,
|
|
OINTERNAL://kafka:9093,
|
|
EXTERNAL://localhost:9092,
|
|
OEXTERNAL://localhost:9093
|
|
KAFKA_INTER_BROKER_LISTENER_NAME: INTERNAL
|
|
KAFKA_CONTROLLER_LISTENER_NAMES: CONTROLLER
|
|
# OAuth2 configuration
|
|
KAFKA_LISTENER_NAME_OEXTERNAL_SASL_ENABLED_MECHANISMS: OAUTHBEARER
|
|
KAFKA_LISTENER_NAME_OEXTERNAL_SASL_OAUTHBEARER_JWKS_ENDPOINT_URL: http://mock-oauth2-server:8080/default/jwks
|
|
KAFKA_LISTENER_NAME_OEXTERNAL_SASL_OAUTHBEARER_EXPECTED_AUDIENCE: default
|
|
KAFKA_LISTENER_NAME_OEXTERNAL_OAUTHBEARER_SASL_JAAS_CONFIG: >-
|
|
org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required
|
|
clientId=kafka-client
|
|
clientSecret=kafka-client-secret
|
|
unsecuredLoginStringClaim_sub="sub";
|
|
KAFKA_LISTENER_NAME_OEXTERNAL_OAUTHBEARER_SASL_SERVER_CALLBACK_HANDLER_CLASS: org.apache.kafka.common.security.oauthbearer.OAuthBearerValidatorCallbackHandler
|
|
KAFKA_LISTENER_NAME_OINTERNAL_SASL_ENABLED_MECHANISMS: OAUTHBEARER
|
|
KAFKA_LISTENER_NAME_OINTERNAL_SASL_OAUTHBEARER_JWKS_ENDPOINT_URL: http://mock-oauth2-server:8080/default/jwks
|
|
KAFKA_LISTENER_NAME_OINTERNAL_SASL_OAUTHBEARER_EXPECTED_AUDIENCE: default
|
|
KAFKA_LISTENER_NAME_OINTERNAL_OAUTHBEARER_SASL_JAAS_CONFIG: >-
|
|
org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required
|
|
clientId=kafka-client
|
|
clientSecret=kafka-client-secret
|
|
unsecuredLoginStringClaim_sub="sub";
|
|
KAFKA_LISTENER_NAME_OINTERNAL_OAUTHBEARER_SASL_SERVER_CALLBACK_HANDLER_CLASS: org.apache.kafka.common.security.oauthbearer.OAuthBearerValidatorCallbackHandler
|
|
KAFKA_OPTS: >-
|
|
-Dorg.apache.kafka.sasl.oauthbearer.allowed.urls=http://mock-oauth2-server:8080/default/jwks
|
|
KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 1
|
|
KAFKA_TRANSACTION_STATE_LOG_MIN_ISR: 1
|
|
KAFKA_TRANSACTION_STATE_LOG_REPLICATION_FACTOR: 1
|
|
KAFKA_SHARE_COORDINATOR_STATE_TOPIC_REPLICATION_FACTOR: 1
|
|
KAFKA_SHARE_COORDINATOR_STATE_TOPIC_MIN_ISR: 1
|
|
KAFKA_LOG_DIRS: /var/lib/kafka/data
|
|
depends_on:
|
|
- mock-oauth2-server
|
|
ports:
|
|
- 127.0.0.1:9092:9094/tcp
|
|
- 127.0.0.1:9093:9095/tcp
|
|
|
|
redis:
|
|
extends:
|
|
file: versions.yml
|
|
service: redis
|
|
ports:
|
|
- 127.0.0.1:6379:6379/tcp
|
|
|
|
postgres:
|
|
extends:
|
|
file: versions.yml
|
|
service: postgres
|
|
environment:
|
|
POSTGRES_USER: akvorado
|
|
POSTGRES_PASSWORD: akpass
|
|
POSTGRES_DB: akvorado
|
|
ports:
|
|
- 127.0.0.1:5432:5432/tcp
|
|
healthcheck:
|
|
test: ["CMD-SHELL", "pg_isready -U akvorado -d akvorado"]
|
|
interval: 5s
|
|
timeout: 5s
|
|
retries: 5
|
|
|
|
mysql:
|
|
extends:
|
|
file: versions.yml
|
|
service: mysql
|
|
environment:
|
|
MARIADB_ALLOW_EMPTY_ROOT_PASSWORD: "yes"
|
|
MARIADB_USER: akvorado
|
|
MARIADB_PASSWORD: akpass
|
|
MARIADB_DATABASE: akvorado
|
|
ports:
|
|
- 127.0.0.1:3306:3306/tcp
|
|
healthcheck:
|
|
test: ['CMD', 'healthcheck.sh', '--connect', '--innodb_initialized']
|
|
interval: 5s
|
|
timeout: 5s
|
|
retries: 5
|
|
|
|
clickhouse: &clickhouse
|
|
extends:
|
|
file: versions.yml
|
|
service: clickhouse
|
|
environment:
|
|
CLICKHOUSE_SKIP_USER_SETUP: 1
|
|
CLICKHOUSE_ALWAYS_RUN_INITDB_SCRIPTS: 1
|
|
cap_add:
|
|
- SYS_NICE
|
|
volumes:
|
|
- ./clickhouse/standalone.xml:/etc/clickhouse-server/config.d/standalone.xml
|
|
- ./clickhouse/test-db.sql:/docker-entrypoint-initdb.d/test-db.sql
|
|
ports:
|
|
- 127.0.0.1:8123:8123/tcp
|
|
- 127.0.0.1:9000:9000/tcp
|
|
clickhouse-1: &clickhouse-cluster
|
|
<<: *clickhouse
|
|
depends_on:
|
|
- clickhouse-keeper-1
|
|
volumes:
|
|
- ./clickhouse/cluster.xml:/etc/clickhouse-server/config.d/cluster.xml
|
|
- ./clickhouse/cluster-1.xml:/etc/clickhouse-server/config.d/cluster-1.xml
|
|
ports:
|
|
- 127.0.0.1:9001:9000/tcp
|
|
clickhouse-2:
|
|
<<: *clickhouse-cluster
|
|
volumes:
|
|
- ./clickhouse/cluster.xml:/etc/clickhouse-server/config.d/cluster.xml
|
|
- ./clickhouse/cluster-2.xml:/etc/clickhouse-server/config.d/cluster-2.xml
|
|
ports:
|
|
- 127.0.0.1:9002:9000/tcp
|
|
clickhouse-3:
|
|
<<: *clickhouse-cluster
|
|
volumes:
|
|
- ./clickhouse/cluster.xml:/etc/clickhouse-server/config.d/cluster.xml
|
|
- ./clickhouse/cluster-3.xml:/etc/clickhouse-server/config.d/cluster-3.xml
|
|
ports:
|
|
- 127.0.0.1:9003:9000/tcp
|
|
clickhouse-4:
|
|
<<: *clickhouse-cluster
|
|
volumes:
|
|
- ./clickhouse/cluster.xml:/etc/clickhouse-server/config.d/cluster.xml
|
|
- ./clickhouse/cluster-4.xml:/etc/clickhouse-server/config.d/cluster-4.xml
|
|
ports:
|
|
- 127.0.0.1:9004:9000/tcp
|
|
clickhouse-keeper-1:
|
|
extends:
|
|
file: versions.yml
|
|
service: clickhouse-keeper
|
|
volumes:
|
|
- ./clickhouse/observability:/etc/clickhouse-keeper/keeper_config.d/observability.xml
|
|
- ./clickhouse/keeper.xml:/etc/clickhouse-keeper/keeper_config.d/akvorado.xml
|
|
|
|
srlinux:
|
|
# The SR Linux container does not like to be restarted. If you get:
|
|
# Error: Peer netns reference is invalid.
|
|
# Be sure to put it down before starting it.
|
|
extends:
|
|
file: versions.yml
|
|
service: srlinux
|
|
privileged: true
|
|
user: root
|
|
command: /opt/srlinux/bin/sr_linux
|
|
ports:
|
|
- 127.0.0.1:57400:57400/tcp
|
|
- 127.0.0.1:57401:22/tcp
|
|
|
|
vector:
|
|
extends:
|
|
file: versions.yml
|
|
service: vector
|
|
restart: "no"
|
|
profiles: [ manual ]
|
|
volumes:
|
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
|
- ./vector.yaml:/etc/vector/vector.yaml:ro
|
|
- ./vector.tests.yaml:/etc/vector/vector.tests.yaml:ro
|
|
environment:
|
|
VECTOR_CONFIG_DIR: /etc/vector
|