forked from tony-sappe/hale-bopp
-
Notifications
You must be signed in to change notification settings - Fork 0
/
docker-compose.yml
131 lines (123 loc) · 3.5 KB
/
docker-compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
version: '3.7'
services:
jupyterhub:
build: jupyterhub
image: jupyterhub_img
container_name: jupyterhub
depends_on:
- database
- blob-store
- reverse-proxy
- oauth2
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- hub-data:/srv/jupyterhub
networks:
- hale-bopp-network
environment:
- DOCKER_JUPYTER_CONTAINER=jupyterlab_img
- DOCKER_NETWORK_NAME=hale-bopp-network
- CONTAINER_IDLE_TIMEOUT=600
- HUB_IP=jupyterhub
- HOST
- DATABASE_URL=postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB}
- BLOB_STORE_URL=http://blob-store:8000
- AWS_ACCESS_KEY_ID=$AWS_KEY_ID
- AWS_SECRET_ACCESS_KEY=$AWS_SECRET_KEY
- POSTGRES_HOST=${POSTGRES_HOST}
- POSTGRES_PORT=${POSTGRES_PORT}
- OAUTH_ACCESS_TOKEN_URL=${OAUTH_ACCESS_TOKEN_URL}
- OAUTH_AUTHORIZE_URL=${OAUTH_AUTHORIZE_URL}
- OAUTH_CALLBACK_URL=${OAUTH_CALLBACK_URL}
- OAUTH_CLIENT_ID=${CLIENT_ID}
- OAUTH_CLIENT_SECRET=${CLIENT_SECRET}
- OAUTH_USERDATA_URL=${USERDATA_URL}
- KEYCLOAK_LOGOUT_URL=${KEYCLOAK_LOGOUT_URL}
- OAUTH2_USERNAME_KEY=${OAUTH2_USERNAME_KEY}
labels:
- "traefik.http.routers.jupyterhub.rule=Host(`jupyterhub.docker.localhost`)"
restart: on-failure
jupyterlab:
# This service is really just to facilitate building the image with docker-compose build
# Don't waste time configuring the container here
build: jupyterlab
image: jupyterlab_img
container_name: jupyterlab
network_mode: none
command: echo
reverse-proxy:
image: traefik:v2.4
container_name: reverse_proxy
networks:
- hale-bopp-network
command: --api.insecure=true --providers.docker
ports:
- "80:80"
- "8080:8080"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
restart: on-failure
oauth2:
build: oauth2
image: oauth2_img
container_name: oauth2
networks:
- hale-bopp-network
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- keycloak-data:/srv/jupyterhub
environment:
- KEYCLOAK_USER=admin
- KEYCLOAK_PASSWORD=admin
- KEYCLOAK_FRONTEND_URL=http://oauth2.docker.localhost/auth
- HOST
labels:
- "traefik.http.routers.oauth2.rule=Host(`oauth2.docker.localhost`)"
- "traefik.http.services.oauth2.loadbalancer.server.port=8080"
restart: on-failure
database:
image: postgres:12.7-alpine
container_name: db
environment:
- USER=${POSTGRES_USER}
- POSTGRES_USER=${POSTGRES_USER}
- POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
- POSTGRES_DB=${POSTGRES_DB}
- HOST
volumes:
- type: volume
source: database-data
target: /var/lib/postgresql/data
networks:
- hale-bopp-network
blob-store:
build: blob-store
image: blobstore_img
container_name: blob-store
environment:
- ENDPOINT=blob-store
- REMOTE_MANAGEMENT_DISABLE=1
- S3BACKEND=file
- S3DATAPATH=/blob/data
- S3METADATAPATH=/blob/metadata
- SCALITY_ACCESS_KEY_ID=${AWS_KEY_ID}
- SCALITY_SECRET_ACCESS_KEY=${AWS_SECRET_KEY}
- HOST
volumes:
- type: volume
source: blob-data
target: /blob
networks:
- hale-bopp-network
volumes:
hub-data:
driver: local
keycloak-data:
driver: local
database-data:
driver: local
blob-data:
driver: local
networks:
hale-bopp-network:
external: true