version: "3.7" services: front-envoy: image: envoyproxy/envoy:v1.18-latest volumes: - ./config/envoy/v3.yaml:/etc/envoy/envoy.yaml - ./config/opa-service/lua:/etc/envoy/lua environment: - loglevel=error networks: - envoymesh ports: - "8000:8000" - "8090:8090" policy-api: build: context: . dockerfile: Dockerfile image: orchestracities/anubis-management-api:test networks: - envoymesh environment: - CORS_ALLOWED_ORIGINS=http://localhost;http://localhost:3000 - CORS_ALLOWED_METHODS=* - CORS_ALLOWED_HEADERS=* - DEFAULT_POLICIES_CONFIG_FILE=/home/apiuser/config/opa-service/default_policies.ttl - DEFAULT_WAC_CONFIG_FILE=/home/apiuser/config/opa-service/default_wac_config.yml - DB_TYPE=postgres - DB_HOST=postgresserver - DB_USER=admin - DB_PASSWORD=password - DB_NAME=anubis - KEYCLOACK_ENABLED=True - TENANT_ADMIN_ROLE_ID=9dc79aa8-d42f-4720-8de0-fe79a00a46b7 - KEYCLOACK_ADMIN_ENDPOINT=http://keycloak:8080/admin/realms/default - OPA_ENDPOINT=http://ext_authz-opa-service:8181 - HOURLY_OPA_POLICIES_REFRESH=True ports: - "8085:8000" volumes: - ./config/opa-service/default_policies.ttl:/home/apiuser/config/opa-service/default_policies.ttl - ./config/opa-service/default_wac_config.yml:/home/apiuser/config/opa-service/default_wac_config.yml depends_on: - postgresserver ext_authz-opa-service: image: openpolicyagent/opa:0.38.1-envoy-3 environment: - AUTH_API_URI=http://policy-api:8000/v1/policies/ - VALID_ISSUERS=http://keycloak:8080/realms/default - VALID_AUDIENCE=ngsi;configuration - GOGC=2000 ports: - "9191:9191" - "8282:8282" - "8181:8181" volumes: - ./config/opa-service/rego:/etc/rego - ./config/opa-service/opa.yaml:/opa.yaml command: - run - --log-level=error - --server - --config-file=/opa.yaml - --diagnostic-addr=0.0.0.0:8282 - --set=plugins.envoy_ext_authz_grpc.addr=:9002 - /etc/rego/common.rego - /etc/rego/context_broker_policy.rego - /etc/rego/anubis_management_api_policy.rego #- /etc/rego/nop.rego - /etc/rego/audit.rego networks: - envoymesh opa_init_script: image: alpine:3.17.1 environment: - AUTH_API_URI=http://policy-api:8000 - OPA_ENDPOINT=http://ext_authz-opa-service:8181 volumes: - ./scripts/init_opa.sh:/etc/init_opa.sh entrypoint: sh /etc/init_opa.sh networks: - envoymesh depends_on: - ext_authz-opa-service - policy-api mongo: image: mongo:4.4 ports: - "27017:27017" volumes: - mongodata:/data/db networks: - envoymesh postgresserver: image: postgres:14 ports: - "5432:5432" environment: - POSTGRES_USER=admin - POSTGRES_PASSWORD=password - POSTGRES_DB=anubis networks: - envoymesh keycloak: image: quay.io/keycloak/keycloak:${KEYCLOAK_VERSION:-19.0.1} ports: - "8080:8080" volumes: - ./keycloak/oc-custom.jar:/opt/keycloak/providers/oc-custom.jar - ./keycloak/realm-export.json:/opt/keycloak/data/import/realm-export.json environment: - KEYCLOAK_ADMIN=admin - KEYCLOAK_ADMIN_PASSWORD=admin - KC_FEATURES=scripts command: start-dev --import-realm networks: - envoymesh upstream-service: image: fiware/orion-ld:${ORION_VERSION:-1.1.1} ports: - "1026:1026" command: -logLevel error -dbhost mongo -corsOrigin __ALL depends_on: - mongo healthcheck: test: ["CMD", "curl", "-f", "http://0.0.0.0:1026/version"] interval: 1m timeout: 10s retries: 3 networks: - envoymesh management-ui: image: orchestracities/management-ui:master volumes: - .env:/usr/share/nginx/.env ports: - "3000:80" networks: - envoymesh configuration-api: env_file: .env image: orchestracities/configuration-api:master ports: - "4000:4000" networks: - envoymesh volumes: mongodata: networks: envoymesh: {}