-
Notifications
You must be signed in to change notification settings - Fork 33
Expand file tree
/
Copy pathdocker-compose.yml
More file actions
123 lines (120 loc) · 3.98 KB
/
docker-compose.yml
File metadata and controls
123 lines (120 loc) · 3.98 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
---
# Only used for local development and testing
services:
postgres:
image: postgres:16
ports:
- 5432:5432
environment:
- POSTGRES_USER=kms
- POSTGRES_DB=kms
- POSTGRES_PASSWORD=kms
- PGDATA=/tmp/postgres2
mysql:
image: mysql:8.0
ports:
- 3306:3306
environment:
- MYSQL_USER=kms
- MYSQL_PASSWORD=kms
- MYSQL_DATABASE=kms
- MYSQL_ROOT_PASSWORD=kms
percona:
image: percona/percona-xtradb-cluster:8.0
ports:
- 3307:3306
environment:
- MYSQL_ROOT_PASSWORD=kms
- MYSQL_DATABASE=kms
- MYSQL_USER=kms
- MYSQL_PASSWORD=kms
- CLUSTER_NAME=test-cluster
- PXC_STRICT_MODE=ENFORCING
mariadb:
image: mariadb:11.4
ports:
- 3308:3306
environment:
- MYSQL_ROOT_PASSWORD=kms
- MYSQL_DATABASE=kms
- MYSQL_USER=kms
- MYSQL_PASSWORD=kms
postgres-mtls:
image: postgres:16
ports:
- 5433:5432
environment:
- POSTGRES_USER=kms
- POSTGRES_DB=kms
- POSTGRES_PASSWORD=kms
- PGDATA=/var/lib/postgresql/data
volumes:
- ./test_data/certificates/client_server/db/postgres-server.crt:/var/lib/postgresql/certs-ro/server.crt:ro
- ./test_data/certificates/client_server/db/postgres-server.key:/var/lib/postgresql/certs-ro/server.key:ro
- ./test_data/certificates/client_server/ca/ca.crt:/var/lib/postgresql/certs-ro/ca.crt:ro
entrypoint:
- bash
- -lc
- |
set -euo pipefail
BIN_DIR=$$(ls -1d /usr/lib/postgresql/*/bin 2>/dev/null | head -n1)
if [ -n "$$BIN_DIR" ]; then
export PATH="$$BIN_DIR:$$PATH"
fi
# Copy TLS materials from read-only mounts to a writable location
cp /var/lib/postgresql/certs-ro/server.crt /var/lib/postgresql/server.crt
cp /var/lib/postgresql/certs-ro/server.key /var/lib/postgresql/server.key
cp /var/lib/postgresql/certs-ro/ca.crt /var/lib/postgresql/ca.crt
chown postgres:postgres /var/lib/postgresql/server.key /var/lib/postgresql/server.crt /var/lib/postgresql/ca.crt || true
chmod 600 /var/lib/postgresql/server.key || true
exec docker-entrypoint.sh postgres \
-c ssl=on \
-c ssl_cert_file=/var/lib/postgresql/server.crt \
-c ssl_key_file=/var/lib/postgresql/server.key \
-c ssl_ca_file=/var/lib/postgresql/ca.crt \
-c ssl_min_protocol_version=TLSv1.2 \
-c listen_addresses='*'
mysql-mtls:
image: mysql:8.0
ports:
- 3309:3306
environment:
- MYSQL_USER=kms
- MYSQL_PASSWORD=kms
- MYSQL_DATABASE=kms
- MYSQL_ROOT_PASSWORD=kms
volumes:
- ./test_data/certificates/client_server/db/mysql-server.crt:/etc/mysql/certs/server-cert.pem:ro
- ./test_data/certificates/client_server/db/mysql-server.key:/etc/mysql/certs/server-key.pem:ro
- ./test_data/certificates/client_server/ca/ca.crt:/etc/mysql/certs/ca.pem:ro
command: >
--require-secure-transport=ON
--ssl-cert=/etc/mysql/certs/server-cert.pem
--ssl-key=/etc/mysql/certs/server-key.pem
--ssl-ca=/etc/mysql/certs/ca.pem
redis:
image: redis:7.2
ports:
- 6379:6379
jaeger:
image: jaegertracing/all-in-one:1.55
ports:
- 16686:16686
environment:
- COLLECTOR_OTLP_ENABLED=true
# Minimal OTEL stack for integration tests:
# KMS -> otel-collector -> scrape collector Prometheus endpoint
otel-collector:
image: otel/opentelemetry-collector-contrib:0.144.0
command: [--config=/etc/otel-collector-config.yaml]
volumes:
- ./monitoring/ci-otel-collector-config.yaml:/etc/otel-collector-config.yaml:ro
environment:
# Kept for local setups that also export somewhere else; not used by test assertions.
- OTLP_ENDPOINT=jaeger:4317
- ENVIRONMENT=test
- KMS_VERSION=dev
ports:
- 4317:4317 # OTLP gRPC receiver (host)
- 4318:4318 # OTLP HTTP receiver (host)
- 8889:8889 # Prometheus metrics endpoint (host)