-
Notifications
You must be signed in to change notification settings - Fork 2
/
compose.yaml
197 lines (183 loc) · 5.21 KB
/
compose.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
#
# Compose setup for running load tests in a repeatable fashion.
#
# The idea is to run and prepare all services (db, sso, …) and then run the trustify API server and load tests.
#
# As all services run on the same machine, we set resource requests and limits on the postgres and trustify instance.
# To ensure that they do get their required resources and won't get throttled due to issues with keycloak or the
# loadtests.
#
services:
postgres:
image: docker.io/library/postgres:16
ports:
- "5432:5432"
environment:
POSTGRES_PASSWORD: "eggs"
POSTGRES_DB: "trustify"
restart: always
shm_size: 1G
deploy:
resources:
reservations:
cpus: "2"
memory: 2G
limits:
cpus: "2"
memory: 2G
healthcheck:
test: [ "CMD", "pg_isready", "-h", "localhost", "-U", "postgres", "-d", "trustify" ]
interval: 2s
timeout: 5s
retries: 20
keycloak:
image: docker.io/bitnami/keycloak:24.0.4
environment:
- KEYCLOAK_DATABASE_VENDOR=dev-file
- KEYCLOAK_ADMIN=admin
- KEYCLOAK_ADMIN_PASSWORD=admin123456
- KEYCLOAK_ENABLE_HEALTH_ENDPOINTS=true
- KEYCLOAK_CACHE_TYPE=local
- KEYCLOAK_PROXY=edge
ports:
- "8090:8080"
deploy:
resources:
reservations:
memory: 512M
limits:
memory: 512M
healthcheck:
test: [ "CMD", "curl", "-f", "http://localhost:8080/health/ready" ]
interval: 5s
timeout: 5s
retries: 20
init-keycloak:
image: docker.io/bitnami/keycloak:24.0.4
depends_on:
keycloak:
condition: service_healthy
environment:
- KEYCLOAK_URL=http://keycloak:8080
- KCADM_PATH=/opt/bitnami/keycloak/bin/kcadm.sh
- KEYCLOAK_ADMIN=admin
- KEYCLOAK_ADMIN_PASSWORD=admin123456
- REALM=trustify
- INIT_DATA=/init-sso/data
- CHICKEN_ADMIN=admin
- CHICKEN_ADMIN_PASSWORD=admin123456
- REDIRECT_URIS=["http://trustify:*", "http://trustify:*/", "http://trustify:*/*"]
- WALKER_SECRET=R8A6KFeyxJsMDBhjfHbpZTIF0GWt43HP
# The internal name (between containers) is "keycloak". However, from the host it is reachable as "localhost:8090".
# So the "frontend" needs to be set to that
- SSO_FRONTEND_URL=http://trustify:8080
volumes:
- ./config/init-sso:/init-sso:z
entrypoint: /usr/bin/bash
command: /init-sso/init.sh
replay-dump:
depends_on:
postgres:
condition: service_healthy
image: docker.io/library/postgres:16
environment:
PGUSER: postgres
PGPASSWORD: eggs
PGHOST: postgres
PGDATABASE: trustify
command:
- bash
- -exc
- |
echo "Installing curl"
apt-get update
env DEBIAN_FRONTEND=noninteractive apt-get install curl -y
echo "Importing dump"
curl --retry 50 --retry-max-time 3600 -sSL https://trustify-dumps.dentrassi.de/dump.sql.gz -o dump.sql.gz
zcat dump.sql.gz | psql
echo "VACUUM ANALYZE; REINDEX database trustify;" | psql
trustify-migrate:
depends_on:
replay-dump:
condition: service_completed_successfully
build:
dockerfile: ./Containerfile.trustify
environment:
RUST_LOG: debug
TRUSTD_DB_USER: postgres
TRUSTD_DB_PASSWORD: eggs
TRUSTD_DB_HOST: postgres
TRUSTD_DB_NAME: trustify
command:
- db
- migrate
trustify:
depends_on:
trustify-migrate:
condition: service_completed_successfully
init-keycloak:
condition: service_completed_successfully
replay-dump:
condition: service_completed_successfully
build:
dockerfile: ./Containerfile.trustify
environment:
TRUSTD_DB_USER: postgres
TRUSTD_DB_PASSWORD: eggs
TRUSTD_DB_HOST: postgres
TRUSTD_DB_NAME: trustify
RUST_LOG: info
NO_COLOR: "true"
INFRASTRUCTURE_ENABLED: "true"
HTTP_SERVER_BIND_ADDR: "::"
UI_ISSUER_URL: http://keycloak:8080/realms/trustify
AUTHENTICATOR_OIDC_CLIENT_IDS: frontend,walker
AUTHENTICATOR_OIDC_ISSUER_URL: http://keycloak:8080/realms/trustify
healthcheck:
test: "curl --fail http://localhost:9010/health/live || exit 1"
interval: 2s
timeout: 5s
retries: 20
start_period: 10s
command:
- api
ports:
- "8080:8080"
deploy:
resources:
reservations:
cpus: "3"
memory: "2G"
limits:
cpus: "3"
memory: "2G"
loadtests:
depends_on:
trustify:
condition: service_healthy
build:
dockerfile: ./Containerfile.loadtests
environment:
ISSUER_URL: http://keycloak:8080/realms/trustify
CLIENT_ID: walker
CLIENT_SECRET: R8A6KFeyxJsMDBhjfHbpZTIF0GWt43HP # notsecret
WAIT_TIME_FROM: "0"
WAIT_TIME_TO: "0"
volumes:
- ./report:/report:z
- ./baseline:/baseline:z
command:
- --host
- http://trustify:8080
- -u
- "5"
- --run-time
- "5m"
- --report-file
- /report/report.html
- --report-file
- /report/report.json
- --baseline-file
- /baseline/baseline.json
- --scenarios
- RestAPIUser