mocode-software/meldestelle
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
f47e5f6415
meldestelle/dc-infra.yaml
Stefan Mogeritsch 09b0b1a462 infra: clean up Keycloak configuration, enforce consistency in .env, and improve health checks 
Streamlined Keycloak configurations with defaults for development and production in `.env`. Added health checks and improved environment variable documentation with comments to differentiate local and server deployments. Ensured compatibility with pre-built registry images.
2026-03-06 11:23:24 +01:00

167 lines
5.7 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

name: "${PROJECT_NAME:-meldestelle}"
services:
# ==========================================
# 1. INFRASTRUCTURE (Stateful & Core)
# ==========================================
# --- DATABASE: PostgreSQL ---
postgres:
image: "${POSTGRES_IMAGE:-postgres:16-alpine}"
container_name: "${PROJECT_NAME:-meldestelle}-postgres"
restart: unless-stopped
profiles: [ "infra", "all" ]
ports:
- "${POSTGRES_PORT:-5432:5432}"
environment:
POSTGRES_USER: "${POSTGRES_USER:-pg-user}"
POSTGRES_PASSWORD: "${POSTGRES_PASSWORD:-pg-password}"
POSTGRES_DB: "${POSTGRES_DB:-pg-meldestelle-db}"
volumes:
- "postgres-data:/var/lib/postgresql/data"
- "./config/docker/postgres:/docker-entrypoint-initdb.d:Z"
- "./config/docker/postgres/postgresql.conf:/etc/postgresql/postgresql.conf:Z"
command:
- "postgres"
- "-c"
- "config_file=/etc/postgresql/postgresql.conf"
- "-c"
- "shared_buffers=${POSTGRES_SHARED_BUFFERS:-256MB}"
- "-c"
- "effective_cache_size=${POSTGRES_EFFECTIVE_CACHE_SIZE:-768MB}"
healthcheck:
test: [ "CMD-SHELL", "pg_isready -U ${POSTGRES_USER} -d ${POSTGRES_DB}" ]
interval: "10s"
timeout: "5s"
retries: "5"
start_period: "10s"
networks:
meldestelle-network:
aliases:
- "postgres"
# --- CACHE: Valkey ---
valkey:
image: "${VALKEY_IMAGE:-valkey/valkey:9-alpine}"
container_name: "${PROJECT_NAME:-meldestelle}-valkey"
restart: unless-stopped
profiles: [ "infra", "all" ]
ports:
- "${VALKEY_PORT:-6379:6379}"
volumes:
- "valkey-data:/data"
- "./config/docker/valkey/valkey.conf:/etc/valkey/valkey.conf:Z"
command:
- "sh"
- "-lc"
- |
exec valkey-server /etc/valkey/valkey.conf \
--protected-mode no \
--maxmemory ${VALKEY_MAX_MEMORY:-256MB} \
--maxmemory-policy ${VALKEY_POLICY:-allkeys-lru} \
${VALKEY_PASSWORD:+--requirepass $VALKEY_PASSWORD}
healthcheck:
test: [ "CMD-SHELL", "[ -z \"$VALKEY_PASSWORD\" ] && valkey-cli ping | grep PONG || valkey-cli -a \"$VALKEY_PASSWORD\" ping | grep PONG" ]
interval: "10s"
timeout: "5s"
retries: "3"
networks:
meldestelle-network:
aliases:
- "valkey"
# --- IAM: Keycloak (Zora-Optimiert) ---
keycloak:
build:
context: .
dockerfile: config/docker/keycloak/Dockerfile
args:
KEYCLOAK_IMAGE_TAG: "${KEYCLOAK_IMAGE_TAG:-26.4}"
image: "${DOCKER_REGISTRY:-git.mo-code.at/mocode-software}/keycloak:${KEYCLOAK_IMAGE_TAG:-26.4}"
container_name: "${PROJECT_NAME:-meldestelle}-keycloak"
restart: unless-stopped
profiles: [ "infra", "all" ]
environment:
KC_BOOTSTRAP_ADMIN_USERNAME: "${KC_ADMIN_USERNAME:-kc-admin}"
KC_BOOTSTRAP_ADMIN_PASSWORD: "${KC_ADMIN_PASSWORD:-kc-password}"
KC_DB: "${KC_DB:-postgres}"
KC_DB_SCHEMA: "${KC_DB_SCHEMA:-keycloak}"
KC_DB_URL: "jdbc:postgresql://postgres:5432/${POSTGRES_DB:-pg-meldestelle-db}"
KC_DB_USERNAME: "${POSTGRES_USER:-pg-user}"
KC_DB_PASSWORD: "${POSTGRES_PASSWORD:-pg-password}"
# Hostname-Konfiguration: Für lokale Entwicklung "localhost", auf dem Server die echte IP/Domain setzen
KC_HOSTNAME: "${KC_HOSTNAME:-localhost}"
# WICHTIG: false erlaubt Zugriff über beliebige Hostnamen (nötig für Server-Betrieb ohne TLS)
KC_HOSTNAME_STRICT: "${KC_HOSTNAME_STRICT:-false}"
# WICHTIG: false erlaubt HTTP (kein HTTPS-Zwang) für Entwicklung und HTTP-only Server
KC_HOSTNAME_STRICT_HTTPS: "${KC_HOSTNAME_STRICT_HTTPS:-false}"
KC_HTTP_ENABLED: "true"
# Admin-Interface explizit auf allen Interfaces binden (0.0.0.0)
KC_HTTP_MANAGEMENT_PORT: "9000"
KC_HEALTH_ENABLED: "true"
KC_METRICS_ENABLED: "true"
# Integration der Power-Flags
JAVA_OPTS_APPEND: "-Xms${KC_HEAP_MIN:-512M} -Xmx${KC_HEAP_MAX:-1024M} ${JVM_OPTS_ARM64}"
ports:
- "${KC_PORT:-8180:8080}"
- "${KC_MANAGEMENT_PORT:-9000:9000}"
depends_on:
postgres:
condition: "service_healthy"
healthcheck:
test: [ "CMD-SHELL", "curl -sf http://localhost:9000/health/ready || exit 1" ]
interval: "15s"
timeout: "5s"
retries: "10"
start_period: "60s"
volumes:
- "./config/docker/keycloak:/opt/keycloak/data/import:Z"
# start --optimized nutzt das pre-built Image (kc.sh build im Dockerfile)
# start-dev würde den Pre-Build ignorieren und im Dev-Modus starten (Konflikt mit Registry-Images!)
command: "${KC_COMMAND:-start --optimized --import-realm}"
networks:
meldestelle-network:
aliases:
- "keycloak"
- "auth.mo-code.at"
# --- SERVICE DISCOVERY: Consul ---
consul:
image: "${CONSUL_IMAGE:-hashicorp/consul:1.22.1}"
container_name: "${PROJECT_NAME:-meldestelle}-consul"
restart: unless-stopped
profiles: [ "infra", "all" ]
ports:
- "${CONSUL_PORT:-8500:8500}"
- "${CONSUL_UDP_PORT:-8600:8600/udp}"
command: "agent -server -bootstrap-expect=1 -ui -client=0.0.0.0"
healthcheck:
test: [ "CMD", "curl", "-f", "http://localhost:8500/v1/status/leader" ]
interval: "30s"
networks:
meldestelle-network:
aliases:
- "consul"
# --- TRACING: Zipkin ---
zipkin:
image: "${ZIPKIN_IMAGE:-openzipkin/zipkin:3}"
container_name: "${PROJECT_NAME:-meldestelle}-zipkin"
restart: unless-stopped
profiles: [ "infra", "all" ]
environment:
JAVA_OPTS: "-Xms${ZIPKIN_MIN_HEAP:-256M} -Xmx${ZIPKIN_MAX_HEAP:-512M} ${JVM_OPTS_ARM64}"
ports:
- "${ZIPKIN_PORT:-9411:9411}"
networks:
meldestelle-network:
volumes:
postgres-data:
valkey-data:
mailpit-data:
networks:
meldestelle-network:
driver: bridge
Reference in New Issue View Git Blame Copy Permalink