#version: '3.8' services: postgres: image: postgres:16-alpine environment: POSTGRES_USER: ${POSTGRES_USER:-meldestelle} POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-meldestelle} POSTGRES_DB: ${POSTGRES_DB:-meldestelle} ports: - "5432:5432" volumes: - postgres-data:/var/lib/postgresql/data - ./docker/services/postgres:/docker-entrypoint-initdb.d networks: - meldestelle-network healthcheck: test: ["CMD-SHELL", "pg_isready -U meldestelle -d meldestelle"] interval: 10s timeout: 5s retries: 5 start_period: 20s restart: unless-stopped redis: image: redis:7-alpine ports: - "6379:6379" volumes: - redis-data:/data command: redis-server --appendonly yes networks: - meldestelle-network healthcheck: test: ["CMD", "redis-cli", "ping"] interval: 10s timeout: 5s retries: 3 start_period: 10s restart: unless-stopped keycloak: image: quay.io/keycloak/keycloak:23.0 environment: KEYCLOAK_ADMIN: ${KEYCLOAK_ADMIN:-admin} KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD:-admin} KC_DB: ${KC_DB:-postgres} KC_DB_URL: ${KC_DB_URL:-jdbc:postgresql://postgres:5432/keycloak} KC_DB_USERNAME: ${KC_DB_USERNAME:-meldestelle} KC_DB_PASSWORD: ${KC_DB_PASSWORD:-meldestelle} ports: - "8180:8080" depends_on: postgres: condition: service_healthy volumes: - ./docker/services/keycloak:/opt/keycloak/data/import command: start-dev --import-realm networks: - meldestelle-network healthcheck: test: ["CMD", "curl", "--fail", "http://localhost:8080/health/ready"] interval: 10s timeout: 5s retries: 5 start_period: 30s restart: unless-stopped zookeeper: image: confluentinc/cp-zookeeper:7.5.0 environment: ZOOKEEPER_CLIENT_PORT: ${ZOOKEEPER_CLIENT_PORT:-2181} ports: - "2181:2181" networks: - meldestelle-network healthcheck: test: ["CMD", "nc", "-z", "localhost", "2181"] interval: 10s timeout: 5s retries: 3 start_period: 10s restart: unless-stopped kafka: image: confluentinc/cp-kafka:7.5.0 depends_on: zookeeper: condition: service_healthy ports: - "9092:9092" environment: KAFKA_BROKER_ID: ${KAFKA_BROKER_ID:-1} KAFKA_ZOOKEEPER_CONNECT: ${KAFKA_ZOOKEEPER_CONNECT:-zookeeper:2181} KAFKA_ADVERTISED_LISTENERS: ${KAFKA_ADVERTISED_LISTENERS:-PLAINTEXT://kafka:29092,PLAINTEXT_HOST://localhost:9092} KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: ${KAFKA_LISTENER_SECURITY_PROTOCOL_MAP:-PLAINTEXT:PLAINTEXT,PLAINTEXT_HOST:PLAINTEXT} KAFKA_INTER_BROKER_LISTENER_NAME: ${KAFKA_INTER_BROKER_LISTENER_NAME:-PLAINTEXT} KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: ${KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR:-1} networks: - meldestelle-network healthcheck: test: ["CMD", "kafka-topics", "--bootstrap-server", "localhost:9092", "--list"] interval: 10s timeout: 5s retries: 3 start_period: 30s restart: unless-stopped zipkin: image: openzipkin/zipkin:2 ports: - "9411:9411" networks: - meldestelle-network healthcheck: test: ["CMD", "wget", "-q", "-O", "-", "http://localhost:9411/health"] interval: 10s timeout: 5s retries: 3 start_period: 10s restart: unless-stopped consul: image: hashicorp/consul:1.15 ports: - "8500:8500" - "8600:8600/udp" command: agent -server -ui -node=server-1 -bootstrap-expect=1 -client=0.0.0.0 networks: - meldestelle-network healthcheck: test: ["CMD", "curl", "-f", "http://localhost:8500/v1/status/leader"] interval: 10s timeout: 5s retries: 3 start_period: 15s restart: unless-stopped # =================================================================== # Application Services moved to docker-compose.services.yml # Usage: docker-compose -f docker-compose.yml -f docker-compose.services.yml up # =================================================================== # Optional monitoring services prometheus: image: prom/prometheus:v2.48.1 volumes: - ./config/monitoring/prometheus.yml:/etc/prometheus/prometheus.yml - prometheus-data:/prometheus command: - '--config.file=/etc/prometheus/prometheus.yml' - '--storage.tsdb.path=/prometheus' - '--web.console.libraries=/etc/prometheus/console_libraries' - '--web.console.templates=/etc/prometheus/consoles' - '--web.enable-lifecycle' ports: - "9090:9090" networks: - meldestelle-network healthcheck: test: ["CMD", "wget", "-q", "-O", "-", "http://localhost:9090/-/healthy"] interval: 10s timeout: 5s retries: 3 start_period: 15s restart: unless-stopped # Security: Run as a non-root user user: "65534:65534" # Resource limits for development deploy: resources: limits: memory: 512M cpus: '0.5' grafana: image: grafana/grafana:10.2.3 volumes: - ./config/monitoring/grafana/provisioning:/etc/grafana/provisioning - ./config/monitoring/grafana/dashboards:/var/lib/grafana/dashboards - grafana-data:/var/lib/grafana environment: - GF_SECURITY_ADMIN_USER=${GF_SECURITY_ADMIN_USER:-admin} - GF_SECURITY_ADMIN_PASSWORD=${GF_SECURITY_ADMIN_PASSWORD:-admin} - GF_USERS_ALLOW_SIGN_UP=${GF_USERS_ALLOW_SIGN_UP:-false} ports: - "3000:3000" networks: - meldestelle-network depends_on: prometheus: condition: service_healthy healthcheck: test: ["CMD", "wget", "-q", "-O", "-", "http://localhost:3000/api/health"] interval: 10s timeout: 5s retries: 3 start_period: 20s restart: unless-stopped # Security: Run as a non-root user user: "472:472" # Resource limits for development deploy: resources: limits: memory: 256M cpus: '0.25' volumes: postgres-data: redis-data: prometheus-data: grafana-data: networks: meldestelle-network: driver: bridge