dhi-docker-akvorado/docker/docker-compose-dev.yml

---
name: akvorado-dev
services:
  mock-oauth2-server:
    extends:
      file: versions.yml
      service: mock-oauth2-server
    ports:
      - 127.0.0.1:5556:8080/tcp
    environment:
      LOG_LEVEL: debug

  kafka:
    extends:
      file: versions.yml
      service: kafka
    environment:
      # KRaft settings
      KAFKA_NODE_ID: 1
      KAFKA_PROCESS_ROLES: controller,broker
      KAFKA_CONTROLLER_QUORUM_VOTERS: 1@kafka:9096
      KAFKA_GROUP_INITIAL_REBALANCE_DELAY_MS: 500
      # We have two sets of listeners: INTERNAL that is used from inside the docker
      # compose network and listens on "kafka" and EXTERNAL that is mapped to
      # the host network and listens on "localhost".
      #
      # Then, in each set, we have a plain text one and an OAuth-enabled one.
      KAFKA_LISTENERS: >-
        INTERNAL://:9092,
        OINTERNAL://:9093,
        EXTERNAL://:9094,
        OEXTERNAL://:9095,
        CONTROLLER://:9096
      KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: >-
        INTERNAL:PLAINTEXT,
        OINTERNAL:SASL_PLAINTEXT,
        EXTERNAL:PLAINTEXT,
        OEXTERNAL:SASL_PLAINTEXT,
        CONTROLLER:PLAINTEXT
      KAFKA_ADVERTISED_LISTENERS: >-
        INTERNAL://kafka:9092,
        OINTERNAL://kafka:9093,
        EXTERNAL://localhost:9092,
        OEXTERNAL://localhost:9093
      KAFKA_INTER_BROKER_LISTENER_NAME: INTERNAL
      KAFKA_CONTROLLER_LISTENER_NAMES: CONTROLLER
      # OAuth2 configuration
      KAFKA_LISTENER_NAME_OEXTERNAL_SASL_ENABLED_MECHANISMS: OAUTHBEARER
      KAFKA_LISTENER_NAME_OEXTERNAL_SASL_OAUTHBEARER_JWKS_ENDPOINT_URL: http://mock-oauth2-server:8080/default/jwks
      KAFKA_LISTENER_NAME_OEXTERNAL_SASL_OAUTHBEARER_EXPECTED_AUDIENCE: default
      KAFKA_LISTENER_NAME_OEXTERNAL_OAUTHBEARER_SASL_JAAS_CONFIG: >-
        org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required
        clientId=kafka-client
        clientSecret=kafka-client-secret
        unsecuredLoginStringClaim_sub="sub";
      KAFKA_LISTENER_NAME_OEXTERNAL_OAUTHBEARER_SASL_SERVER_CALLBACK_HANDLER_CLASS: org.apache.kafka.common.security.oauthbearer.OAuthBearerValidatorCallbackHandler
      KAFKA_LISTENER_NAME_OINTERNAL_SASL_ENABLED_MECHANISMS: OAUTHBEARER
      KAFKA_LISTENER_NAME_OINTERNAL_SASL_OAUTHBEARER_JWKS_ENDPOINT_URL: http://mock-oauth2-server:8080/default/jwks
      KAFKA_LISTENER_NAME_OINTERNAL_SASL_OAUTHBEARER_EXPECTED_AUDIENCE: default
      KAFKA_LISTENER_NAME_OINTERNAL_OAUTHBEARER_SASL_JAAS_CONFIG: >-
        org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required
        clientId=kafka-client
        clientSecret=kafka-client-secret
        unsecuredLoginStringClaim_sub="sub";
      KAFKA_LISTENER_NAME_OINTERNAL_OAUTHBEARER_SASL_SERVER_CALLBACK_HANDLER_CLASS: org.apache.kafka.common.security.oauthbearer.OAuthBearerValidatorCallbackHandler
      KAFKA_OPTS: >-
        -Dorg.apache.kafka.sasl.oauthbearer.allowed.urls=http://mock-oauth2-server:8080/default/jwks
      KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 1
      KAFKA_TRANSACTION_STATE_LOG_MIN_ISR: 1
      KAFKA_TRANSACTION_STATE_LOG_REPLICATION_FACTOR: 1
      KAFKA_SHARE_COORDINATOR_STATE_TOPIC_REPLICATION_FACTOR: 1
      KAFKA_SHARE_COORDINATOR_STATE_TOPIC_MIN_ISR: 1
      KAFKA_LOG_DIRS: /var/lib/kafka/data
    depends_on:
      - mock-oauth2-server
    ports:
      - 127.0.0.1:9092:9094/tcp
      - 127.0.0.1:9093:9095/tcp

  redis:
    extends:
      file: versions.yml
      service: redis
    ports:
      - 127.0.0.1:6379:6379/tcp

  postgres:
    extends:
      file: versions.yml
      service: postgres
    environment:
      POSTGRES_USER: akvorado
      POSTGRES_PASSWORD: akpass
      POSTGRES_DB: akvorado
    ports:
      - 127.0.0.1:5432:5432/tcp
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U akvorado -d akvorado"]
      interval: 5s
      timeout: 5s
      retries: 5

  mysql:
    extends:
      file: versions.yml
      service: mysql
    environment:
      MARIADB_ALLOW_EMPTY_ROOT_PASSWORD: "yes"
      MARIADB_USER: akvorado
      MARIADB_PASSWORD: akpass
      MARIADB_DATABASE: akvorado
    ports:
      - 127.0.0.1:3306:3306/tcp
    healthcheck:
      test: ['CMD', 'healthcheck.sh', '--connect', '--innodb_initialized']
      interval: 5s
      timeout: 5s
      retries: 5

  clickhouse: &clickhouse
    extends:
      file: versions.yml
      service: clickhouse
    environment:
      CLICKHOUSE_SKIP_USER_SETUP: 1
      CLICKHOUSE_ALWAYS_RUN_INITDB_SCRIPTS: 1
    cap_add:
      - SYS_NICE
    volumes:
      - ./clickhouse/standalone.xml:/etc/clickhouse-server/config.d/standalone.xml
      - ./clickhouse/test-db.sql:/docker-entrypoint-initdb.d/test-db.sql
    ports:
      - 127.0.0.1:8123:8123/tcp
      - 127.0.0.1:9000:9000/tcp
  clickhouse-1: &clickhouse-cluster
    <<: *clickhouse
    depends_on:
      - clickhouse-keeper-1
    volumes:
      - ./clickhouse/cluster.xml:/etc/clickhouse-server/config.d/cluster.xml
      - ./clickhouse/cluster-1.xml:/etc/clickhouse-server/config.d/cluster-1.xml
    ports:
      - 127.0.0.1:9001:9000/tcp
  clickhouse-2:
    <<: *clickhouse-cluster
    volumes:
      - ./clickhouse/cluster.xml:/etc/clickhouse-server/config.d/cluster.xml
      - ./clickhouse/cluster-2.xml:/etc/clickhouse-server/config.d/cluster-2.xml
    ports:
      - 127.0.0.1:9002:9000/tcp
  clickhouse-3:
    <<: *clickhouse-cluster
    volumes:
      - ./clickhouse/cluster.xml:/etc/clickhouse-server/config.d/cluster.xml
      - ./clickhouse/cluster-3.xml:/etc/clickhouse-server/config.d/cluster-3.xml
    ports:
      - 127.0.0.1:9003:9000/tcp
  clickhouse-4:
    <<: *clickhouse-cluster
    volumes:
      - ./clickhouse/cluster.xml:/etc/clickhouse-server/config.d/cluster.xml
      - ./clickhouse/cluster-4.xml:/etc/clickhouse-server/config.d/cluster-4.xml
    ports:
      - 127.0.0.1:9004:9000/tcp
  clickhouse-keeper-1:
    extends:
      file: versions.yml
      service: clickhouse-keeper
    volumes:
      - ./clickhouse/observability:/etc/clickhouse-keeper/keeper_config.d/observability.xml
      - ./clickhouse/keeper.xml:/etc/clickhouse-keeper/keeper_config.d/akvorado.xml

  srlinux:
    # The SR Linux container does not like to be restarted. If you get:
    #  Error: Peer netns reference is invalid.
    # Be sure to put it down before starting it.
    extends:
      file: versions.yml
      service: srlinux
    privileged: true
    user: root
    command: /opt/srlinux/bin/sr_linux
    ports:
      - 127.0.0.1:57400:57400/tcp
      - 127.0.0.1:57401:22/tcp

  vector:
    extends:
      file: versions.yml
      service: vector
    restart: "no"
    profiles: [ manual ]
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./vector.yaml:/etc/vector/vector.yaml:ro
      - ./vector.tests.yaml:/etc/vector/vector.tests.yaml:ro
    environment:
      VECTOR_CONFIG_DIR: /etc/vector