-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathdocker-compose.yaml
More file actions
150 lines (146 loc) · 5.89 KB
/
docker-compose.yaml
File metadata and controls
150 lines (146 loc) · 5.89 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
version: "3.4"
x-common-variables: &common-variables
CLUSTER_NODE:
REDIS_USERNAME: chproxy
REDIS_PASSWORD:
HYDROLIX_USERNAME:
HYDROLIX_PASSWORD:
GF_INSTALL_PLUGINS: "grafana-clickhouse-datasource 4.8.2"
volumes:
prometheus_data: {}
services:
keycloak:
image: quay.io/keycloak/keycloak:26.0
platform: linux/amd64
container_name: keycloak
command: start-dev --import-realm
environment:
KEYCLOAK_ADMIN: admin
KEYCLOAK_ADMIN_PASSWORD: admin
ports:
- 8080:8080
volumes:
- ./provisioning/keycloak/grafana-realm.json:/opt/keycloak/data/import/grafana-realm.json:ro
grafana:
extends:
file: .config/docker-compose-base.yaml
service: grafana
container_name: grafana-dashboards
depends_on:
- keycloak
environment:
<<: *common-variables
# --- OAuth2 / Keycloak ---
GF_SERVER_ROOT_URL: "http://localhost:3000/"
GF_AUTH_GENERIC_OAUTH_ENABLED: "true"
GF_AUTH_GENERIC_OAUTH_NAME: "Keycloak"
GF_AUTH_GENERIC_OAUTH_ICON: "signin"
GF_AUTH_GENERIC_OAUTH_CLIENT_ID: "grafana"
GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET: "grafana-client-secret"
GF_AUTH_GENERIC_OAUTH_SCOPES: "openid profile email roles"
GF_AUTH_GENERIC_OAUTH_AUTH_URL: "http://localhost:8080/realms/grafana/protocol/openid-connect/auth"
GF_AUTH_GENERIC_OAUTH_TOKEN_URL: "http://keycloak:8080/realms/grafana/protocol/openid-connect/token"
GF_AUTH_GENERIC_OAUTH_API_URL: "http://keycloak:8080/realms/grafana/protocol/openid-connect/userinfo"
GF_AUTH_GENERIC_OAUTH_ALLOW_SIGN_UP: "true"
GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH: "contains(roles[*], 'admin') && 'Admin' || contains(roles[*], 'editor') && 'Editor' || 'Viewer'"
GF_AUTH_GENERIC_OAUTH_EMAIL_ATTRIBUTE_PATH: "email"
GF_AUTH_GENERIC_OAUTH_LOGIN_ATTRIBUTE_PATH: "preferred_username"
GF_AUTH_GENERIC_OAUTH_NAME_ATTRIBUTE_PATH: "name"
GF_AUTH_GENERIC_OAUTH_USE_PKCE: "true"
GF_AUTH_SIGNOUT_REDIRECT_URL: "http://localhost:3000/login"
build:
args:
# grafana_version: 13.0.1
grafana_version: 12.3.1
# grafana_version: 12.0.2
# grafana_version: 11.5.4
# grafana_version: 10.4.16
development: true
anonymous_auth_enabled: "true"
clickhouse-server:
image: clickhouse/clickhouse-server:latest
container_name: clickhouse-server
ulimits:
nofile:
soft: 262144
hard: 262144
healthcheck:
test: ["CMD", "clickhouse-client", "--host", "clickhouse-server", "--query", "SELECT 1" ]
interval: 10s
timeout: 5s
retries: 10
start_period: 20s
volumes:
- ./testdata/containers:/testdata
environment:
CLICKHOUSE_ALWAYS_RUN_INITDB_SCRIPTS: "1"
CLICKHOUSE_SKIP_USER_SETUP: "0"
CLICKHOUSE_USER: testuser
CLICKHOUSE_PASSWORD: testpass
CLICKHOUSE_DEFAULT_ACCESS_MANAGEMENT: "1"
entrypoint:
- /bin/bash
- -c
- |
cp /testdata/tcconfig.xml /etc/clickhouse-server/config.d/tcconfig.xml
cp /testdata/initdb.sql /docker-entrypoint-initdb.d/initdb.sql
exec /entrypoint.sh "$@"
# Playwright e2e runner. Joins the grafana service's network namespace so
# the tests reach the dev Grafana on `localhost:3000`.
#
# The image is built once via `.config/playwright/Dockerfile` and bakes in
# Node 22, the npm dependencies (npm ci off package.json + package-lock.json)
# and the Chromium browser. Subsequent `docker compose run --rm playwright`
# invocations skip the install entirely — they start in seconds instead of
# the previous 4–5 minutes per run.
#
# Rebuild the image when package.json/package-lock.json changes (Docker
# invalidates the npm-ci layer automatically) or when bumping
# @playwright/test (so the bundled browser stays in sync):
#
# docker compose build playwright
#
# Run on-demand (the service does not start with `docker compose up` since
# there's no `command:` / `restart:` keeping it alive — use `run`):
#
# docker compose run --rm playwright # full suite
# docker compose run --rm playwright tests/configEditor.spec.ts # one spec
# docker compose run --rm playwright --grep "interpolated query" # ad-hoc
#
# CLICKHOUSE_* and HYDROLIX_* are declared empty so they pass through from
# the host shell when set — matching the pattern used by the grafana
# service's x-common-variables block.
playwright:
build:
context: .
dockerfile: .config/playwright/Dockerfile
container_name: playwright-e2e
# Share the grafana container's network namespace so `localhost:3000`
# inside this container reaches the dev grafana directly (no separate
# service DNS / port mapping needed). `depends_on` is also expressed
# via the shared network — when grafana isn't up, this would fail fast.
network_mode: "service:grafana"
depends_on:
- grafana
working_dir: /work
volumes:
- .:/work
# Anonymous volume preserves the image-baked node_modules through the
# `.:/work` bind mount. On first container start the volume is
# initialised from the image's /work/node_modules; on subsequent
# `--rm` runs it is re-initialised the same way (fast filesystem copy,
# not a fresh npm install), so we never hit the network for deps at
# test time and the host's macOS-built binaries never leak in.
- /work/node_modules
environment:
# Default to the dev compose grafana. Override from the host shell to
# point the suite at a non-compose Grafana, e.g.
# E2E_GRAFANA_URL=https://grafana.example/ docker compose run --rm playwright
E2E_GRAFANA_URL: "${E2E_GRAFANA_URL:-http://localhost:3000}"
PLAYWRIGHT_JUNIT_OUTPUT_FILE: /work/junit_report.xml
CI: "1"
CLICKHOUSE_HOSTNAME:
CLICKHOUSE_USERNAME:
CLICKHOUSE_PASSWORD:
HYDROLIX_USERNAME:
HYDROLIX_PASSWORD: