upgrade docker compose

camunda-consulting · Oct 7, 2022 · dd4a4b0 · dd4a4b0
1 parent e73b4be
commit dd4a4b0
Show file tree

Hide file tree

Showing 2 changed files with 50 additions and 111 deletions.
diff --git a/docker-compose-core.yaml b/docker-compose-core.yaml
diff --git a/docker-compose.yaml b/docker-compose.yaml
@@ -12,7 +12,7 @@
 services:
 
   zeebe: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#zeebe
-    image: camunda/zeebe:${CAMUNDA_PLATFORM_VERSION:-8.0.2}
+    image: camunda/zeebe:${CAMUNDA_PLATFORM_VERSION:-8.0.6}
     container_name: zeebe
     ports:
       - "26500:26500"
@@ -34,7 +34,7 @@ services:
       - elasticsearch
 
   operate: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#operate
-    image: camunda/operate:${CAMUNDA_PLATFORM_VERSION:-8.0.2}
+    image: camunda/operate:${CAMUNDA_PLATFORM_VERSION:-8.0.6}
     container_name: operate
     ports:
       - "8081:8080"
@@ -50,6 +50,8 @@ services:
       - CAMUNDA_OPERATE_IDENTITY_CLIENTID=operate
       - CAMUNDA_OPERATE_IDENTITY_CLIENTSECRET=XALaRPl5qwTEItdwCMiPS62nVpKs7dL7
       - CAMUNDA_OPERATE_IDENTITY_AUDIENCE=operate-api
+      - SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI=http://localhost:18080/auth/realms/camunda-platform
+      - SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_JWK_SET_URI=http://localhost:18080/auth/realms/camunda-platform/protocol/openid-connect/certs
     networks:
       - camunda-platform
       - identity-network
@@ -59,7 +61,7 @@ services:
       - elasticsearch
 
   tasklist: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#tasklist
-    image: camunda/tasklist:${CAMUNDA_PLATFORM_VERSION:-8.0.2}
+    image: camunda/tasklist:${CAMUNDA_PLATFORM_VERSION:-8.0.6}
     container_name: tasklist
     ports:
       - "8082:8080"
@@ -75,6 +77,8 @@ services:
       - CAMUNDA_TASKLIST_IDENTITY_CLIENTID=tasklist
       - CAMUNDA_TASKLIST_IDENTITY_CLIENTSECRET=XALaRPl5qwTEItdwCMiPS62nVpKs7dL7
       - CAMUNDA_TASKLIST_IDENTITY_AUDIENCE=tasklist-api
+      - SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI=http://localhost:18080/auth/realms/camunda-platform
+      - SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_JWK_SET_URI=http://localhost:18080/auth/realms/camunda-platform/protocol/openid-connect/certs
     networks:
       - camunda-platform
       - identity-network
@@ -84,7 +88,7 @@ services:
       - elasticsearch
 
   optimize: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#optimize
-    image: camunda/optimize:${CAMUNDA_OPTIMIZE_VERSION:-3.8.2}
+    image: camunda/optimize:${CAMUNDA_OPTIMIZE_VERSION:-3.8.5}
     container_name: optimize
     ports:
       - "8083:8090"
@@ -101,6 +105,8 @@ services:
       - CAMUNDA_OPTIMIZE_IDENTITY_AUDIENCE=optimize-api
       - CAMUNDA_OPTIMIZE_SECURITY_AUTH_COOKIE_SAME_SITE_ENABLED=false
       - CAMUNDA_OPTIMIZE_UI_LOGOUT_HIDDEN=true
+    volumes:
+      - "./.optimize/environment-config.yaml:/optimize/config/environment-config.yaml"
     restart: on-failure
     networks:
       - camunda-platform
@@ -111,11 +117,12 @@ services:
 
   identity: # https://docs.camunda.io/docs/self-managed/platform-deployment/docker/#identity
     container_name: identity
-    image: camunda/identity:${CAMUNDA_PLATFORM_VERSION:-8.0.2}
+    image: camunda/identity:${CAMUNDA_PLATFORM_VERSION:-8.0.6}
     ports:
       - "8084:8084"
     environment: # https://docs.camunda.io/docs/self-managed/identity/deployment/configuration-variables/
       SERVER_PORT: 8084
+      IDENTITY_RETRY_DELAY_SECONDS: 30
       KEYCLOAK_URL: http://keycloak:8080/auth
       IDENTITY_AUTH_PROVIDER_BACKEND_URL: http://keycloak:8080/auth/realms/camunda-platform
       KEYCLOAK_INIT_OPERATE_SECRET: XALaRPl5qwTEItdwCMiPS62nVpKs7dL7
@@ -137,18 +144,47 @@ services:
     depends_on:
       - keycloak
 
-  keycloak: # https://hub.docker.com/r/jboss/keycloak
+  postgres: # https://hub.docker.com/_/postgres
+    container_name: postgres
+    image: postgres:${POSTGRES_VERSION:-14.5-alpine}
+    environment:
+      POSTGRES_DB: bitnami_keycloak
+      POSTGRES_USER: bn_keycloak
+      POSTGRES_PASSWORD: "#3]O?4RGj)DE7Z!9SA5"
+    restart: on-failure
+    healthcheck:
+      test: [ "CMD-SHELL", "pg_isready" ]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+    volumes:
+      - postgres:/usr/local/postgres/data
+    networks:
+      - identity-network
+
+  keycloak: # https://hub.docker.com/r/bitnami/keycloak
     container_name: keycloak
-    image: jboss/keycloak:${KEYCLOAK_VERSION:-16.1.1}
+    image: bitnami/keycloak:${KEYCLOAK_SERVER_VERSION:-16.1.1}
+    volumes:
+      - ./.keycloak/themes/identity:/opt/bitnami/keycloak/themes/identity
     ports:
       - "18080:8080"
     environment:
-      KEYCLOAK_USER: admin
-      KEYCLOAK_PASSWORD: admin
-    volumes:
-      - "./.keycloak/themes/identity:/opt/jboss/keycloak/themes/identity"
+      KEYCLOAK_DATABASE_HOST: postgres
+      KEYCLOAK_DATABASE_PASSWORD: "#3]O?4RGj)DE7Z!9SA5"
+      KEYCLOAK_ADMIN_USER: admin
+      KEYCLOAK_ADMIN_PASSWORD: admin
+    restart: on-failure
+    healthcheck:
+      test: [ "CMD", "curl", "-f", "http://localhost:9990/health" ]
+      interval: 30s
+      timeout: 15s
+      retries: 5
+      start_period: 30s
     networks:
       - identity-network
+    depends_on:
+      - postgres
 
   elasticsearch: # https://hub.docker.com/_/elasticsearch
     image: docker.elastic.co/elasticsearch/elasticsearch:${ELASTIC_VERSION:-7.17.0}
@@ -159,6 +195,7 @@ services:
     environment:
       - bootstrap.memory_lock=true
       - discovery.type=single-node
+      - xpack.security.enabled=false
       # allow running with low disk space
       - cluster.routing.allocation.disk.threshold_enabled=false
       - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
@@ -180,9 +217,10 @@ services:
 volumes:
   zeebe:
   elastic:
+  postgres:
 
 networks:
   # Note there are two bridge networks: One for Camunda Platform and one for Identity.
   # Operate, Tasklist, and Optimize use both
   camunda-platform:
-  identity-network:
+  identity-network: