mocode-software/meldestelle
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
b5b87292fe
meldestelle/docker-compose.yml.optimized
StefanMo b35c4087a2
Fix: Test-Commit für VCS-Integration (MP-8) (#15) 
* MP-8 OTHER Implementiere JWT-Authentifizierungs-Filter im Gateway

* Fix(ci): Update upload-artifact action to v4

* Fix(ci): Add start command for Keycloak and failure logs

* Fix(ci): Remove invalid 'command' property from Keycloak service

* Fix(ci): Use KC_DEV_MODE env var to start Keycloak

* Fix(ci): Keycloak service was removed from GitHub Actions services and replaced with a manual docker run step that starts Keycloak with the start-dev command.

* dev(ci): vereinheitliche Keycloak auf 26.4.2; aktiviere Health im CI (MP-8)

* Fix(ci): Stabilize Keycloak startup in integration tests via matrix

- Add `dev-file` Keycloak variant to matrix for stability fallback.
- Improve wait logic and health checks for Keycloak and Postgres.
- Unify Keycloak version to 26.4.2 across codebase.
- Add log dumps on failure.

* Fix(ci): Die betroffene Datei docs/Visionen-Ideen/Infrastruktur-Strategie_DSGVO-Konformität.md endet aktuell mit genau einer leeren Zeile (Zeile 87). Das entspricht der Regel MD047 („Files should end with a single newline character“). Damit ist deine Korrektur korrekt.

* Fix(ci): Repository-wide auto-fix for Markdown files was implemented with a GitHub Actions workflow and a local helper script. EditorConfig and markdownlint ignore files were added to ensure consistent formatting. Instructions for using the auto-fix both via GitHub Actions and locally were provided.

* fix(gradle): build.gradle.kts jsBrowser testTask disabled

* fix(gradle): build.gradle.kts jsBrowser testTask disabled

* Fix(ci): Stabilize integration tests with Keycloak matrix build (MP-8)

Introduces a matrix strategy (`keycloak_db: [postgres, dev-file]`)
in the integration-tests workflow to mitigate flaky Keycloak starts
when using the Postgres service container.

- Adds a `dev-file` Keycloak variant for stability fallback.
- Improves wait logic and health checks for Keycloak/Postgres.
- Unifies Keycloak version to 26.4.2 across codebase (Dockerfile, Compose,
  ADR, README, tests).
- Adds log dumps on failure in CI.
- Ensures `KC_HEALTH_ENABLED=true` is set.
- Updates related documentation (README, Schlachtplan).
- Includes broader Docker SSoT cleanup (versions.toml as source,
  script updates, env file cleanup, validator hardening).

This resolves recurring CI failures related to Keycloak startup and
ensures required checks for PRs (#15) are reliable, while also
improving overall Docker build consistency.

* feat(docs, ci): Implement YouTrack SSoT strategy with Dokka sync (MP-8)

- Add Dokka multi-module Gradle configuration and KDoc style guide.
- Add GitHub Actions workflow (docs-kdoc-sync.yml) and Python script
  (youtrack-sync-kb.py) to sync Dokka GFM output to YouTrack KB.
- Extend front-matter schema (bc, doc_type) and update relevant pages/stubs.
- Adapt CI scripts (validate-frontmatter, check-docs-drift, ci-docs link ignore).
- Update README.md to reference YouTrack KB.

* feat(docs, ci): Implement YouTrack SSoT strategy with Dokka sync (MP-8)

- Add Dokka multi-module Gradle configuration and KDoc style guide.
- Add GitHub Actions workflow (docs-kdoc-sync.yml) and Python script
  (youtrack-sync-kb.py) to sync Dokka GFM output to YouTrack KB.
- Extend front-matter schema (bc, doc_type) and update relevant pages/stubs.
- Adapt CI scripts (validate-frontmatter, check-docs-drift, ci-docs link ignore).
- Update README.md to reference YouTrack KB.

* Fix(ci): Replace OpenAPI validator with Spectral

Replaces the deprecated 'char0n/swagger-editor-validate' action,
which failed due to sandbox issues in GitHub Actions, with the
modern '@stoplight/spectral-cli'.

This ensures robust OpenAPI specification validation without
requiring a headless browser environment. The 'generate-api-docs'
job now depends on the successful completion of the Spectral validation.

Part of resolving CI failures for PR #15 (MP-8).

* Fix(ci): Specify spectral:oas ruleset for OpenAPI validation (MP-8)

* Fix(ci): Remove explicit ruleset argument for Spectral validation (MP-8)

* Fix(ci): Added a .spectral.yaml file to fix Spectral linting errors. Corrected markdown lint issues in two documentation files. Updated README.md with a new guidelines section to fix link validation errors.

* Fix(ci): Markdownlint errors were fixed by adding required blank lines. The Guidelines Validation error was resolved by updating the README.md link. The API Documentation Generator workflow was stabilized by updating paths, tasks, and validation steps.

* Fix(ci): Alle vier fehlerhaften GitHub-Action-Prüfungen wurden behoben. Fehler in der OpenAPI-Spezifikation, Probleme mit der Markdown-Linting-Analyse und Validierungsfehler bei Querverweisen wurden korrigiert. Die README.md enthält nun alle erforderlichen Links zu den Richtlinien.

* Fix(ci): Markdown linting errors in docs/api/README.md were fixed by specifying languages in fenced code blocks. OpenAPI specification errors in documentation.yaml were resolved by correcting example property types to strings. Cross-reference validation errors in README.md were fixed by adding the missing link to project-standards/coding-standards.md.

* Fix(ci): Duplicate heading errors in docs/api/members-api.md were fixed. Cross-reference validation errors for docker-architecture.md were resolved. All originally reported issues passed validation successfully.

* Fix(ci): The markdown heading levels in docs/api/members-api.md were corrected from h5 to h4 to fix linting errors. The missing cross-reference link from technology-guides/docker/docker-development.md to docker-overview.md was added. These fixes resolved the original validation and linting errors causing the process to fail.

* Fix(ci): Duplicate heading warnings in docs/api/members-api.md were resolved. Cross-reference validation for docker-development.md to docker-architecture.md was fixed. A new unrelated warning about docker-production.md was identified but not addressed.

* refactor(ci,docs): Simplify CI pipeline and migrate docs to YouTrack SSoT

BREAKING CHANGE: Documentation structure radically simplified

- Consolidate 9 GitHub Actions workflows into 1 main pipeline (ci-main.yml)
- Remove redundant workflows: ci-docs, markdownlint-autofix, guidelines-validation, api-docs
- Delete documentation migrated to YouTrack: api/, BCs/, Visionen-Ideen/, reference/, now/, overview/
- Keep only ADRs, C4 diagrams, and essential dev guides in repo
- Update README.md with YouTrack KB links
- Create new docs/README.md as documentation gateway
- Relax markdown-lint config for pragmatic developer experience

Kept workflows:
- ssot-guard.yml (Docker SSoT validation)
- docs-kdoc-sync.yml (KDoc → YouTrack sync)
- integration-tests.yml (Integration tests)
- deploy-proxmox.yml (Deployment)
- youtrack-sync.yml (YouTrack integration)

Related: MP-DOCS-001

* refactor(ci,docs): Simplify CI pipeline and migrate docs to YouTrack SSoT

BREAKING CHANGE: Documentation structure radically simplified

- Consolidate 9 GitHub Actions workflows into 1 main pipeline (ci-main.yml)
- Remove redundant workflows: ci-docs, markdownlint-autofix, guidelines-validation, api-docs
- Delete documentation migrated to YouTrack: api/, BCs/, Visionen-Ideen/, reference/, now/, overview/
- Keep only ADRs, C4 diagrams, and essential dev guides in repo
- Update README.md with YouTrack KB links
- Create new docs/README.md as documentation gateway
- Relax markdown-lint config for pragmatic developer experience

Kept workflows:
- ssot-guard.yml (Docker SSoT validation)
- docs-kdoc-sync.yml (KDoc → YouTrack sync)
- integration-tests.yml (Integration tests)
- deploy-proxmox.yml (Deployment)
- youtrack-sync.yml (YouTrack integration)

Related: MP-DOCS-001

* refactor(ci,docs): README.md und einige andere Dokumentationen überarbeitet.
ports-and-urls.md hinzugefügt.
Related: MP-DOCS-001

* refactor(ci,docs): Die Markdownlint-Fehler in README.md und docs/README.md wurden behoben, indem die Überschriftenebenen angepasst, überflüssige Satzzeichen am Ende entfernt und die notwendigen Leerzeilen um Überschriften, Listen, Tabellen und Codeblöcke eingefügt wurden. Das problematische Leerzeichen am Ende in docs/README.md wurde ebenfalls entfernt. Die Dateien entsprechen nun den vorgegebenen Markdownlint-Regeln und sollten die CI-Validierung bestehen.
Related: MP-DOCS-001

* refactor(ci,docs): Docker guideline cross-references were fixed and normalized to lowercase labels. Validation scripts confirmed zero cross-reference warnings and consistent metadata. Documentation was updated with a changelog and enhanced README navigation.
Related: MP-DOCS-001

* refactor(ci,docs): Docker guideline cross-references were fixed and normalized to lowercase labels. Validation scripts confirmed zero cross-reference warnings and consistent metadata. Documentation was updated with a changelog and enhanced README navigation.
Related: MP-DOCS-001

* refactor(ci,docs): Dead links in docs/architecture/adr were fixed by updating URLs to stable sources and adding an ignore pattern for a placeholder link. Specific ADR files had their broken links replaced with valid ones. The markdown-link-check GitHub Action is expected to pass with zero dead links now.
Related: MP-DOCS-001

* refactor(ci,docs): Links in ADR checked
Related: MP-DOCS-001

* refactor(ci,docs): Links in ADR checked
Related: MP-DOCS-001

* refactor(ci,docs): Markdown Regeln ausgebessert
Related: MP-DOCS-001

* refactor(ci,docs): Markdown Regeln ausgebessert
Related: MP-DOCS-001

* refactor(ci,docs): Markdown Regeln ausgebessert
Related: MP-DOCS-001

* Chore: Rerun CI checks with updated branch protection rules
2025-11-07 12:26:33 +01:00

523 lines
16 KiB
Plaintext
Raw Blame History

# ===================================================================
# Docker Compose - Basis-Infrastruktur (OPTIMIZED & SECURED)
# Meldestelle Project - Essentielle Services
# ===================================================================
# Security & Performance Improvements:
# - Secrets management for sensitive data
# - Resource limits and reservations
# - Security hardening (read-only volumes, non-root users)
# - Optimized health checks and startup
# - Production-ready configurations
# ===================================================================
version: '3.9'
services:
# ===================================================================
# Datenbank - PostgresQL with Security Hardening
# ===================================================================
postgres:
image: postgres:${DOCKER_POSTGRES_VERSION:-16-alpine}
container_name: meldestelle-postgres
environment:
POSTGRES_USER_FILE: /run/secrets/postgres_user
POSTGRES_PASSWORD_FILE: /run/secrets/postgres_password
POSTGRES_DB: ${POSTGRES_DB:-meldestelle}
# Security hardening
POSTGRES_INITDB_ARGS: "--auth-local=trust --auth-host=scram-sha-256"
ports:
- "5432:5432"
volumes:
- postgres-data:/var/lib/postgresql/data
- ./docker/services/postgres:/docker-entrypoint-initdb.d:ro
networks:
- meldestelle-network
secrets:
- postgres_user
- postgres_password
deploy:
resources:
limits:
cpus: '2.0'
memory: 2G
reservations:
cpus: '0.5'
memory: 512M
healthcheck:
test: ["CMD-SHELL", "pg_isready -U $(cat /run/secrets/postgres_user) -d ${POSTGRES_DB:-meldestelle}"]
interval: 10s
timeout: 5s
retries: 3
start_period: 30s
restart: unless-stopped
# Security: Run as postgres user (built into image)
security_opt:
- no-new-privileges:true
# ===================================================================
# Cache - Redis with Authentication
# ===================================================================
redis:
image: redis:${DOCKER_REDIS_VERSION:-7-alpine}
container_name: meldestelle-redis
ports:
- "${REDIS_PORT:-6379}:6379"
volumes:
- redis-data:/data
command: >
redis-server
--appendonly yes
--requirepass "$(cat /run/secrets/redis_password)"
--maxmemory 1gb
--maxmemory-policy allkeys-lru
networks:
- meldestelle-network
secrets:
- redis_password
deploy:
resources:
limits:
cpus: '1.0'
memory: 1G
reservations:
cpus: '0.25'
memory: 256M
healthcheck:
test: ["CMD", "redis-cli", "--no-auth-warning", "-a", "$(cat /run/secrets/redis_password)", "ping"]
interval: 10s
timeout: 5s
retries: 3
start_period: 20s
restart: unless-stopped
security_opt:
- no-new-privileges:true
# ===================================================================
# Authentifizierung - Keycloak with Enhanced Security
# ===================================================================
keycloak:
image: quay.io/keycloak/keycloak:${DOCKER_KEYCLOAK_VERSION:-26.4.2}
container_name: meldestelle-keycloak
environment:
# Admin Configuration - Using secrets
KEYCLOAK_ADMIN: admin
KEYCLOAK_ADMIN_PASSWORD_FILE: /run/secrets/keycloak_admin_password
# Database Configuration - Using secrets
KC_DB: postgres
KC_DB_URL: jdbc:postgresql://postgres:5432/meldestelle
KC_DB_USERNAME_FILE: /run/secrets/postgres_user
KC_DB_PASSWORD_FILE: /run/secrets/postgres_password
KC_DB_SCHEMA: keycloak
# HTTP Configuration - Production settings
KC_HTTP_ENABLED: true
KC_HOSTNAME_STRICT: false
KC_PROXY: edge
# Security Configuration
KC_FEATURES: token-exchange,admin-fine-grained-authz
KC_LOG_LEVEL: ${KEYCLOAK_LOG_LEVEL:-INFO}
ports:
- "${KEYCLOAK_PORT:-8180}:8080"
depends_on:
postgres:
condition: service_healthy
volumes:
- ./docker/services/keycloak:/opt/keycloak/data/import:ro
- keycloak-data:/opt/keycloak/data
command:
# Development mode with realm import enabled
- start-dev
- --import-realm
networks:
- meldestelle-network
secrets:
- keycloak_admin_password
- postgres_user
- postgres_password
deploy:
resources:
limits:
cpus: '2.0'
memory: 2G
reservations:
cpus: '0.5'
memory: 1G
healthcheck:
test: ['CMD-SHELL', 'curl -fsS --max-time 5 http://localhost:8080/health/ready || exit 1']
interval: 15s
timeout: 10s
retries: 5
start_period: 90s
restart: unless-stopped
security_opt:
- no-new-privileges:true
# ===================================================================
# Service Discovery - Consul
# ===================================================================
consul:
image: hashicorp/consul:${DOCKER_CONSUL_VERSION:-1.15}
container_name: meldestelle-consul
ports:
- "${CONSUL_PORT:-8500}:8500"
command: >
agent -server -ui -node=server-1 -bootstrap-expect=1 -client=0.0.0.0
-encrypt=$(consul keygen)
-datacenter=meldestelle-dc
networks:
- meldestelle-network
volumes:
- consul-data:/consul/data
deploy:
resources:
limits:
cpus: '1.0'
memory: 512M
reservations:
cpus: '0.25'
memory: 128M
healthcheck:
test: ["CMD", "consul", "members", "-http-addr=localhost:8500"]
interval: 10s
timeout: 5s
retries: 3
start_period: 20s
restart: unless-stopped
security_opt:
- no-new-privileges:true
# ===================================================================
# Messaging - Zookeeper & Kafka with Resource Limits
# ===================================================================
zookeeper:
image: confluentinc/cp-zookeeper:${DOCKER_ZOOKEEPER_VERSION:-7.4.0}
container_name: meldestelle-zookeeper
environment:
ZOOKEEPER_CLIENT_PORT: ${ZOOKEEPER_CLIENT_PORT:-2181}
ZOOKEEPER_TICK_TIME: 2000
ZOOKEEPER_INIT_LIMIT: 5
ZOOKEEPER_SYNC_LIMIT: 2
KAFKA_OPTS: "-Xmx512m -Xms256m"
ports:
- "${ZOOKEEPER_CLIENT_PORT:-2181}:2181"
volumes:
- zookeeper-data:/var/lib/zookeeper/data
- zookeeper-logs:/var/lib/zookeeper/log
networks:
- meldestelle-network
deploy:
resources:
limits:
cpus: '1.0'
memory: 1G
reservations:
cpus: '0.25'
memory: 256M
healthcheck:
test: ["CMD", "bash", "-c", "echo 'ruok' | nc localhost 2181 | grep imok"]
interval: 10s
timeout: 5s
retries: 3
start_period: 30s
restart: unless-stopped
security_opt:
- no-new-privileges:true
kafka:
image: confluentinc/cp-kafka:${DOCKER_KAFKA_VERSION:-7.4.0}
container_name: meldestelle-kafka
environment:
KAFKA_BROKER_ID: ${KAFKA_BROKER_ID:-1}
KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181
KAFKA_ADVERTISED_LISTENERS: PLAINTEXT://kafka:29092,PLAINTEXT_HOST://localhost:${KAFKA_PORT:-9092}
KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: PLAINTEXT:PLAINTEXT,PLAINTEXT_HOST:PLAINTEXT
KAFKA_INTER_BROKER_LISTENER_NAME: PLAINTEXT
KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: ${KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR:-1}
# JVM Settings
KAFKA_HEAP_OPTS: "-Xmx1G -Xms512m"
KAFKA_JVM_PERFORMANCE_OPTS: "-XX:+UseG1GC -XX:MaxGCPauseMillis=20 -XX:InitiatingHeapOccupancyPercent=35"
ports:
- "${KAFKA_PORT:-9092}:9092"
depends_on:
zookeeper:
condition: service_healthy
volumes:
- kafka-data:/var/lib/kafka/data
networks:
- meldestelle-network
deploy:
resources:
limits:
cpus: '2.0'
memory: 2G
reservations:
cpus: '0.5'
memory: 512M
healthcheck:
test: ["CMD", "kafka-broker-api-versions", "--bootstrap-server", "localhost:9092"]
interval: 15s
timeout: 10s
retries: 3
start_period: 60s
restart: unless-stopped
security_opt:
- no-new-privileges:true
# ===================================================================
# Monitoring - Prometheus with Security
# ===================================================================
prometheus:
image: prom/prometheus:${DOCKER_PROMETHEUS_VERSION:-v2.54.1}
container_name: meldestelle-prometheus
ports:
- "${PROMETHEUS_PORT:-9090}:9090"
volumes:
- prometheus-data:/prometheus
- ./docker/monitoring/prometheus:/etc/prometheus:ro
command:
- '--config.file=/etc/prometheus/prometheus.yml'
- '--storage.tsdb.path=/prometheus'
- '--web.console.libraries=/etc/prometheus/console_libraries'
- '--web.console.templates=/etc/prometheus/consoles'
- '--storage.tsdb.retention.time=15d'
- '--storage.tsdb.retention.size=20GB'
- '--web.enable-lifecycle'
- '--web.enable-admin-api'
networks:
- meldestelle-network
deploy:
resources:
limits:
cpus: '1.0'
memory: 2G
reservations:
cpus: '0.25'
memory: 512M
healthcheck:
test: ["CMD", "promtool", "query", "instant", "localhost:9090", "up"]
interval: 15s
timeout: 10s
retries: 3
start_period: 30s
restart: unless-stopped
security_opt:
- no-new-privileges:true
user: "65534:65534" # nobody:nobody
# ===================================================================
# Monitoring - Grafana with Enhanced Security
# ===================================================================
grafana:
image: grafana/grafana:${DOCKER_GRAFANA_VERSION:-11.3.0}
container_name: meldestelle-grafana
environment:
# Use secrets for admin credentials
GF_SECURITY_ADMIN_USER__FILE: /run/secrets/grafana_admin_user
GF_SECURITY_ADMIN_PASSWORD__FILE: /run/secrets/grafana_admin_password
GF_USERS_ALLOW_SIGN_UP: false
GF_INSTALL_PLUGINS: grafana-piechart-panel
# Security settings
GF_SECURITY_COOKIE_SECURE: true
GF_SECURITY_COOKIE_SAMESITE: strict
GF_SECURITY_DISABLE_GRAVATAR: true
GF_ANALYTICS_REPORTING_ENABLED: false
GF_ANALYTICS_CHECK_FOR_UPDATES: false
GF_SNAPSHOTS_EXTERNAL_ENABLED: false
ports:
- "${GRAFANA_PORT:-3000}:3000"
volumes:
- grafana-data:/var/lib/grafana
- ./docker/monitoring/grafana:/etc/grafana/provisioning:ro
depends_on:
- prometheus
networks:
- meldestelle-network
secrets:
- grafana_admin_user
- grafana_admin_password
deploy:
resources:
limits:
cpus: '1.0'
memory: 1G
reservations:
cpus: '0.25'
memory: 256M
healthcheck:
test: ["CMD", "curl", "--fail", "http://localhost:3000/api/health"]
interval: 15s
timeout: 10s
retries: 3
start_period: 30s
restart: unless-stopped
security_opt:
- no-new-privileges:true
user: "472:0" # grafana user
# ===================================================================
# API Gateway - Enhanced Security & Resource Management
# ===================================================================
api-gateway:
build:
context: .
dockerfile: dockerfiles/infrastructure/gateway/Dockerfile
args:
# Global build arguments
GRADLE_VERSION: ${DOCKER_GRADLE_VERSION}
JAVA_VERSION: ${DOCKER_JAVA_VERSION:-21}
BUILD_DATE: ${BUILD_DATE:-unknown}
VERSION: ${DOCKER_APP_VERSION:-1.0.0}
# Infrastructure-specific arguments
SPRING_PROFILES_ACTIVE: ${DOCKER_SPRING_PROFILES_DEFAULT:-default}
container_name: meldestelle-api-gateway
volumes:
# Mount Gradle cache for better build performance
- api-gateway-gradle-cache:/home/gradle/.gradle
environment:
SPRING_PROFILES_ACTIVE: ${SPRING_PROFILES_ACTIVE:-dev,keycloak}
CONSUL_HOST: consul
CONSUL_PORT: ${CONSUL_PORT:-8500}
CONSUL_ENABLED: "true"
GATEWAY_PORT: ${GATEWAY_PORT:-8081}
# Keycloak OAuth2 Integration - Using internal network
KEYCLOAK_SERVER_URL: http://keycloak:8080
KEYCLOAK_ISSUER_URI: http://keycloak:8080/realms/meldestelle
KEYCLOAK_JWK_SET_URI: http://keycloak:8080/realms/meldestelle/protocol/openid-connect/certs
KEYCLOAK_REALM: meldestelle
KEYCLOAK_CLIENT_ID: api-gateway
# Security: Client secret via file
KEYCLOAK_CLIENT_SECRET_FILE: /run/secrets/keycloak_client_secret
# Custom JWT filter disabled - using oauth2ResourceServer instead
GATEWAY_SECURITY_KEYCLOAK_ENABLED: "false"
# Database connection via secrets
DB_HOST: postgres
DB_PORT: 5432
DB_NAME: ${POSTGRES_DB:-meldestelle}
DB_USERNAME_FILE: /run/secrets/postgres_user
DB_PASSWORD_FILE: /run/secrets/postgres_password
# Redis connection with auth
REDIS_HOST: redis
REDIS_PORT: 6379
REDIS_PASSWORD_FILE: /run/secrets/redis_password
ports:
- "${GATEWAY_PORT:-8081}:8081"
depends_on:
consul:
condition: service_healthy
postgres:
condition: service_healthy
redis:
condition: service_healthy
keycloak:
condition: service_started
networks:
- meldestelle-network
secrets:
- keycloak_client_secret
- postgres_user
- postgres_password
- redis_password
deploy:
resources:
limits:
cpus: '2.0'
memory: 2G
reservations:
cpus: '0.5'
memory: 1G
healthcheck:
test: ["CMD", "curl", "--fail", "http://localhost:${GATEWAY_PORT:-8081}/actuator/health/readiness"]
interval: 15s
timeout: 10s
retries: 3
start_period: 60s
restart: unless-stopped
security_opt:
- no-new-privileges:true
# ===================================================================
# Secrets Management - Production Ready
# ===================================================================
secrets:
postgres_user:
file: ./docker/secrets/postgres_user.txt
postgres_password:
file: ./docker/secrets/postgres_password.txt
redis_password:
file: ./docker/secrets/redis_password.txt
keycloak_admin_password:
file: ./docker/secrets/keycloak_admin_password.txt
keycloak_client_secret:
file: ./docker/secrets/keycloak_client_secret.txt
grafana_admin_user:
file: ./docker/secrets/grafana_admin_user.txt
grafana_admin_password:
file: ./docker/secrets/grafana_admin_password.txt
# ===================================================================
# Volumes - Enhanced with Better Drivers
# ===================================================================
volumes:
postgres-data:
driver: local
driver_opts:
type: none
o: bind
device: ${DATA_PATH:-./data}/postgres
redis-data:
driver: local
driver_opts:
type: none
o: bind
device: ${DATA_PATH:-./data}/redis
prometheus-data:
driver: local
driver_opts:
type: none
o: bind
device: ${DATA_PATH:-./data}/prometheus
grafana-data:
driver: local
driver_opts:
type: none
o: bind
device: ${DATA_PATH:-./data}/grafana
keycloak-data:
driver: local
driver_opts:
type: none
o: bind
device: ${DATA_PATH:-./data}/keycloak
consul-data:
driver: local
driver_opts:
type: none
o: bind
device: ${DATA_PATH:-./data}/consul
zookeeper-data:
driver: local
zookeeper-logs:
driver: local
kafka-data:
driver: local
api-gateway-gradle-cache:
driver: local
# ===================================================================
# Networks - Enhanced Security
# ===================================================================
networks:
meldestelle-network:
driver: bridge
driver_opts:
com.docker.network.bridge.enable_icc: "true"
com.docker.network.bridge.enable_ip_masquerade: "true"
com.docker.network.driver.mtu: "1500"
ipam:
config:
- subnet: 172.20.0.0/16
gateway: 172.20.0.1
Reference in New Issue View Git Blame Copy Permalink