-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdocker-compose-kratos.yml
102 lines (96 loc) · 2.58 KB
/
docker-compose-kratos.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
services:
kratos:
image: oryd/kratos:v1.2
depends_on:
- kratos-postgresd
- kratos-migrate
- kratos-selfservice-ui-node
restart: unless-stopped
environment:
- DSN=postgres://kratos:secret@kratos-postgresd:5432/kratos?sslmode=disable&max_conns=20&max_idle_conns=4
env_file:
- .env
command: serve -c /etc/config/kratos/kratos.yml --watch-courier
volumes:
- .docker/kratos:/etc/config/kratos:ro
networks:
- intranet
- hydranet
- kratosnet
kratos-migrate:
image: oryd/kratos:v1.2
depends_on:
- kratos-postgresd
environment:
- DSN=postgres://kratos:secret@kratos-postgresd:5432/kratos?sslmode=disable&max_conns=20&max_idle_conns=4
env_file:
- .env
volumes:
- .docker/kratos:/etc/config/kratos:ro
command: -c /etc/config/kratos/kratos.yml migrate sql -e --yes
restart: on-failure
networks:
- intranet
kratos-postgresd:
image: postgres:16
networks:
- intranet
restart: always
volumes:
- kratos_db_data:/var/lib/postgresql/data
environment:
- POSTGRES_USER=kratos
- POSTGRES_PASSWORD=secret
- POSTGRES_DB=kratos
healthcheck:
test: ["CMD-SHELL", "pg_isready"]
interval: 10s
timeout: 5s
retries: 5
kratos-selfservice-ui-node:
image: oryd/kratos-selfservice-ui-node:v1.2.0
environment:
- PORT=4435
- SECURITY_MODE=jwks
- ORY_SDK_URL=http://kratos:4433
- KRATOS_PUBLIC_URL=http://kratos:4433
- KRATOS_ADMIN_URL=http://kratos:4434
- HYDRA_ADMIN_URL=http://hydra-admin:4445
- JWKS_URL=http://oathkeeper-kratos:4456/.well-known/jwks.json
env_file:
- .env
networks:
- intranet
- hydranet
restart: on-failure
oathkeeper-kratos:
image: oryd/oathkeeper:v0.40
depends_on:
- kratos
- kratos-selfservice-ui-node
networks:
- intranet
- traefiknet
command:
serve proxy -c "/etc/config/oathkeeper/oathkeeper.yml"
restart: on-failure
volumes:
- .docker/oathkeeper-kratos:/etc/config/oathkeeper:ro
labels:
- "traefik.enable=true"
- "traefik.docker.network=traefiknet"
- "traefik.http.routers.auth-example.rule=Host(`auth.example.localhost`)"
- "traefik.http.routers.auth-example.service=auth-example"
- "traefik.http.services.auth-example.loadbalancer.server.port=4455"
networks:
intranet:
kratosnet:
name: kratosnet
hydranet:
name: hydranet
external: true
traefiknet:
name: traefiknet
external: true
volumes:
kratos_db_data: