-
Notifications
You must be signed in to change notification settings - Fork 18
/
docker-compose.yaml
178 lines (178 loc) · 5.22 KB
/
docker-compose.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
version: '3.9'
x-logging:
&default-logging
driver: 'json-file'
options:
max-size: '100k'
max-file: '10'
services:
# ingress in front of the app for TLS termination among other uses
ingress:
image: traefik:v2.9
x-kubernetes:
exclude: true
command: >
--providers.docker=true
--providers.docker.exposedByDefault=false
--entrypoints.web.address=:80
--entrypoints.web.http.redirections.entrypoint.to=websecure
--entrypoints.web.http.redirections.entrypoint.scheme=https
--entrypoints.websecure.address=:443
--certificatesresolvers.letsencrypt-prod.acme.email=${LETSENCRYPT_EMAIL}
--certificatesresolvers.letsencrypt-prod.acme.storage=/data/acme.json
--certificatesresolvers.letsencrypt-prod.acme.tlschallenge=true
ports:
- 80:80
- 443:443
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./data/ingress:/data
logging: *default-logging
# app serves the UI & API, it registers user interactions into the database (pg)
pwb-app:
image: maayanlab/playbook-partnership:0.71.7-ui
build:
context: .
dockerfile: Dockerfile
target: app_minimal
init: true
cap_add:
- SYS_ADMIN
platform: linux/amd64
deploy:
# this can be safely replicated if necessary but an ingress will be required
replicas: 1
environment:
- PUBLIC_URL
- LANDING_PAGE
- NEXTAUTH_SECRET
- NEXTAUTH_GOOGLE
- NEXTAUTH_ORCID
- NEXTAUTH_KEYCLOAK
- EMAIL_SERVER
- EMAIL_FROM
- DATABASE_URL
- NEXT_PUBLIC_MATOMO_URL
- NEXT_PUBLIC_MATOMO_SITE_ID
- OPENAI_API_KEY
- ELYSIUM_USERNAME
- ELYSIUM_PASSWORD
- N_WORKERS=0
ports:
- 3000
x-kubernetes:
imagePullPolicy: IfNotPresent
annotations:
maayanlab.cloud/ingress: ${PUBLIC_URL}
labels:
- "traefik.enable=true"
- "traefik.http.routers.app.rule=Host(`${SERVER_NAME}`)"
- "traefik.http.services.app.loadbalancer.server.port=3000"
- "traefik.http.routers.app.tls=true"
- "traefik.http.routers.app.tls.certresolver=letsencrypt-prod"
- "traefik.http.routers.app.tls.domains[0].main=${SERVER_NAME}"
- "traefik.http.routers.app.middlewares=app-headers@docker"
- "traefik.http.middlewares.app-headers.headers.accesscontrolallowmethods=HEAD,GET,POST,OPTIONS"
- "traefik.http.middlewares.app-headers.headers.accesscontrolallowheaders=*"
- "traefik.http.middlewares.app-headers.headers.accesscontrolalloworiginlist=*"
- "traefik.http.middlewares.app-headers.headers.accesscontrolmaxage=100"
- "traefik.http.middlewares.app-headers.headers.addvaryheader=true"
- "traefik.http.middlewares.app-headers.headers.customrequestheaders.X-Forwarded-Proto=https"
logging: *default-logging
# the workers should be replicated,
# they deal with creating "Resolved" entries for submitted Processes.
pwb-worker:
image: maayanlab/playbook-partnership:0.71.7
build:
context: .
dockerfile: Dockerfile
target: app
platform: linux/amd64
x-kubernetes:
imagePullPolicy: IfNotPresent
deploy:
# this can be safely replicated as necessary
replicas: 2
command: ["npm", "run", "start:worker"]
environment:
- PUBLIC_URL
- DATABASE_URL
- NEXTAUTH_SECRET
- ELYSIUM_USERNAME
- ELYSIUM_PASSWORD
- N_WORKERS=5
logging: *default-logging
# the database is used by everything it can be provisioned with
# dbmate (`dbmate up`)
pwb-pg:
image: postgres:15
environment:
- POSTGRES_DB
- POSTGRES_USER
- POSTGRES_PASSWORD
ports:
- 5432:5432
volumes:
- pwb-pg:/var/lib/postgresql/data
logging: *default-logging
# app-dev serves a dev version of the app
app-dev:
image: maayanlab/playbook-partnership:0.71.7
build:
context: .
dockerfile: Dockerfile
target: app
init: true
cap_add:
- SYS_ADMIN
platform: linux/amd64
deploy:
# this can be safely replicated if necessary but an ingress will be required
replicas: 0
environment:
- PUBLIC_URL
- LANDING_PAGE
- NEXTAUTH_SECRET
- NEXTAUTH_GOOGLE
- NEXTAUTH_ORCID
- NEXTAUTH_KEYCLOAK
- EMAIL_SERVER
- EMAIL_FROM
- DATABASE_URL
- NEXT_PUBLIC_MATOMO_URL
- NEXT_PUBLIC_MATOMO_SITE_ID
- OPENAI_API_KEY
- N_WORKERS
x-kubernetes:
exclude: true
labels:
- "traefik.enable=true"
- "traefik.http.routers.app-dev.rule=Host(`dev.${SERVER_NAME}`)"
- "traefik.http.services.app-dev.loadbalancer.server.port=3000"
- "traefik.http.routers.app-dev.tls=true"
- "traefik.http.routers.app-dev.tls.certresolver=letsencrypt-prod"
- "traefik.http.routers.app-dev.tls.domains[0].main=dev.${SERVER_NAME}"
logging: *default-logging
# a playbook-partnership development environment
# doesn't run in production, just for convenience
dev:
image: maayanlab/playbook-partnership:0.71.7-dev
build:
context: .
dockerfile: Dockerfile
target: dev
x-kubernetes:
exclude: true
ports:
- 3000:3000
deploy:
replicas: 0
user: "${DOCKER_USER}"
volumes:
- ./:/app
logging: *default-logging
volumes:
pwb-pg:
x-kubernetes:
size: 5Gi
class: ${KUBE_STORAGE_CLASS:-}