-
Notifications
You must be signed in to change notification settings - Fork 5
Expand file tree
/
Copy pathdocker-compose.yml
More file actions
213 lines (206 loc) · 7.61 KB
/
docker-compose.yml
File metadata and controls
213 lines (206 loc) · 7.61 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
services:
postgres:
image: postgres:17
container_name: matcher-postgres
restart: unless-stopped
environment:
POSTGRES_USER: ${POSTGRES_USER:-matcher}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-matcher_dev_password}
POSTGRES_DB: ${POSTGRES_DB:-matcher}
REPLICATOR_PASSWORD: ${REPLICATOR_PASSWORD:-replicator_secure_password}
ports:
- "5432:5432"
volumes:
- postgres_data:/var/lib/postgresql/data
- ./scripts/postgres/init-primary.sh:/docker-entrypoint-initdb.d/init-primary.sh:ro
command: >
postgres
-c wal_level=replica
-c max_wal_senders=3
-c max_replication_slots=3
-c hot_standby=on
healthcheck:
test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER:-matcher}"]
interval: 10s
timeout: 5s
retries: 5
start_period: 10s
postgres-replica:
image: postgres:17
container_name: matcher-postgres-replica
restart: unless-stopped
environment:
POSTGRES_USER: ${POSTGRES_USER:-matcher}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-matcher_dev_password}
POSTGRES_DB: ${POSTGRES_DB:-matcher}
PGUSER: ${POSTGRES_USER:-matcher}
PGPASSWORD: ${POSTGRES_PASSWORD:-matcher_dev_password}
REPLICATOR_PASSWORD: ${REPLICATOR_PASSWORD:-replicator_secure_password}
ports:
- "5433:5432"
volumes:
- postgres_replica_data:/var/lib/postgresql/data
- ./scripts/postgres/init-replica.sh:/init-replica.sh:ro
depends_on:
postgres:
condition: service_healthy
entrypoint: ["/bin/bash", "/init-replica.sh"]
healthcheck:
test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER:-matcher}"]
interval: 10s
timeout: 5s
retries: 10
start_period: 30s
redis:
image: valkey/valkey:8
container_name: matcher-redis
restart: unless-stopped
ports:
- "6379:6379"
volumes:
- redis_data:/data
healthcheck:
test: ["CMD", "valkey-cli", "ping"]
interval: 10s
timeout: 5s
retries: 5
rabbitmq:
image: rabbitmq:4.1.3-management-alpine
container_name: matcher-rabbitmq
restart: unless-stopped
environment:
RABBITMQ_DEFAULT_USER: ${RABBITMQ_USER:-matcher_admin}
RABBITMQ_DEFAULT_PASS: ${RABBITMQ_PASSWORD:-matcher_dev_password}
ports:
- "5672:5672"
- "15672:15672"
volumes:
- rabbitmq_data:/var/lib/rabbitmq
healthcheck:
test: ["CMD", "rabbitmq-diagnostics", "-q", "ping"]
interval: 10s
timeout: 5s
retries: 5
seaweedfs:
image: chrislusf/seaweedfs:3.80
container_name: matcher-seaweedfs
restart: unless-stopped
command: server -s3 -dir=/data -s3.config=/etc/seaweedfs/s3.json
ports:
- "8333:8333" # S3 API
- "9333:9333" # Master API
volumes:
- seaweedfs_data:/data
- ./config/seaweedfs-s3.json:/etc/seaweedfs/s3.json:ro
healthcheck:
test: ["CMD", "wget", "-q", "--spider", "http://127.0.0.1:9333/cluster/status"]
interval: 10s
timeout: 5s
retries: 10
start_period: 30s
# otel-lgtm:
# image: grafana/otel-lgtm:0.13.0
# container_name: matcher-otel-lgtm
# environment:
# GF_SECURITY_ADMIN_USER: ${GF_SECURITY_ADMIN_USER:-admin}
# GF_SECURITY_ADMIN_PASSWORD: ${GF_SECURITY_ADMIN_PASSWORD:-admin}
# ports:
# - "3030:3000"
# - "4317:4317"
# - "4318:4318"
app:
image: golang:1.26.2-alpine
container_name: matcher-app
restart: unless-stopped
working_dir: /app
depends_on:
postgres:
condition: service_healthy
postgres-replica:
condition: service_healthy
redis:
condition: service_healthy
rabbitmq:
condition: service_healthy
seaweedfs:
condition: service_healthy
environment:
# Override hosts to use Docker service names
POSTGRES_HOST: postgres
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-matcher_dev_password}
POSTGRES_REPLICA_HOST: postgres-replica
POSTGRES_REPLICA_PORT: 5432
REDIS_HOST: redis:6379
RABBITMQ_HOST: rabbitmq
RABBITMQ_USER: ${RABBITMQ_USER:-matcher_admin}
RABBITMQ_PASSWORD: ${RABBITMQ_PASSWORD:-matcher_dev_password}
RABBITMQ_HEALTH_URL: http://rabbitmq:15672
# Local-only compose uses RabbitMQ management over HTTP.
RABBITMQ_ALLOW_INSECURE_HEALTH_CHECK: ${RABBITMQ_ALLOW_INSECURE_HEALTH_CHECK:-true}
OTEL_EXPORTER_ENDPOINT: ${OTEL_EXPORTER_ENDPOINT:-localhost:4317}
OTEL_LIBRARY_NAME: ${OTEL_LIBRARY_NAME:-github.com/LerianStudio/matcher}
# Dev mode: allow internal HTTP endpoint for the compose seaweedfs service.
OBJECT_STORAGE_ENDPOINT: http://seaweedfs:8333
OBJECT_STORAGE_BUCKET: matcher-exports
OBJECT_STORAGE_ACCESS_KEY_ID: ${LOCAL_S3_ACCESS_KEY_ID:-any}
OBJECT_STORAGE_SECRET_ACCESS_KEY: ${LOCAL_S3_SECRET_ACCESS_KEY:-any}
OBJECT_STORAGE_ALLOW_INSECURE_ENDPOINT: "true"
ARCHIVAL_STORAGE_BUCKET: matcher-archives
EXPORT_WORKER_ENABLED: "true"
CLEANUP_WORKER_ENABLED: "true"
# Rate limiting — enabled at the lib-commons layer so the RateLimiter
# object is created at boot (ratelimit.New returns nil when
# RATE_LIMIT_ENABLED=false, which makes the runtime mutation path
# untestable). The systemplane key rate_limit.enabled defaults to
# false so dev traffic is not throttled by default; e2e tests flip it
# to true via PUT /system/matcher/rate_limit.enabled when they need
# to exercise throttling.
RATE_LIMIT_ENABLED: "true"
# Permissive per-tier maxes so if a test or manual session does flip
# rate_limit.enabled=true without squeezing the per-tier max, it
# still won't throttle normal-volume traffic. The e2e journey tests
# (see systemplane_settings_test.go) squeeze admin_max=1 explicitly
# and restore on cleanup.
RATE_LIMIT_MAX: "10000"
ADMIN_RATE_LIMIT_MAX: "10000"
EXPORT_RATE_LIMIT_MAX: "1000"
DISPATCH_RATE_LIMIT_MAX: "1000"
# Discovery / Fetcher — disabled by default; E2E discovery tests enable
# these via env vars before starting the stack (see make test-e2e-discovery).
FETCHER_ENABLED: "${FETCHER_ENABLED:-false}"
FETCHER_URL: "${FETCHER_URL:-http://host.docker.internal:14006}"
FETCHER_ALLOW_PRIVATE_IPS: "${FETCHER_ALLOW_PRIVATE_IPS:-false}"
FETCHER_DISCOVERY_INTERVAL_SEC: "${FETCHER_DISCOVERY_INTERVAL_SEC:-3600}"
# Systemplane
# Fail-fast: docker compose up errors out cleanly if the key is unset
# rather than silently starting the app with an insecure hardcoded default.
# See config/.config-map.example for generation and rotation guidance.
SYSTEMPLANE_SECRET_MASTER_KEY: ${SYSTEMPLANE_SECRET_MASTER_KEY:?SYSTEMPLANE_SECRET_MASTER_KEY is required (see config/.config-map.example)}
# Build settings
CGO_ENABLED: "0"
GOFLAGS: "-mod=mod"
ports:
- "4018:4018"
extra_hosts:
# Allows the container to reach services on the Docker host (e.g., the
# mock Fetcher server started by E2E tests). On Docker Desktop (macOS /
# Windows) `host.docker.internal` is resolved automatically; the
# host-gateway mapping ensures it also works on Linux.
- "host.docker.internal:host-gateway"
volumes:
- ./:/app
- go_build_cache:/root/.cache/go-build
command: >
sh -c '
if ! command -v air >/dev/null 2>&1; then
wget -qO- https://raw.githubusercontent.com/air-verse/air/master/install.sh | sh -s -- -b /usr/local/bin
fi &&
air -c .air.toml
'
volumes:
postgres_data:
postgres_replica_data:
redis_data:
rabbitmq_data:
seaweedfs_data:
go_build_cache: