docker-compose.yml

version: "3.4"

services:
  welcome-page:
    image: registry-special.tenforce.com/special/demonstrator-welcome-page-frontend:v0.0.2

  mobile-frontend:
    image: registry-special.tenforce.com/special/mobile-frontend:1.0.0

  transparency-frontend:
    image: registry-special.tenforce.com/special/demonstrator-transparency-frontend:1.0.1

  transparency-backend:
    image: registry-special.tenforce.com/special/kafka-sse-proxy:1.0.0
    environment:
      BROKERS: "kafka:9092"
      TOPIC: checked-application-logs

  consent-management-frontend:
    image: registry-special.tenforce.com/special/demonstrator-consent-management-frontend:1.0.1

  consent-management-backend:
    image: registry-special.tenforce.com/special/consent-management-backend-mongo:0.0.2
    restart: on-failure
    environment:
      SERVER_HOST: consent-management-backend
      KAFKA_BROKER_LIST: "kafka:9092"
      CHANGE_LOGS_TOPIC: policies-audit
      FULL_POLICIES_TOPIC: full-policies
    depends_on:
      - mongo-rs-setup

  mongo-db:
    image: registry-special.tenforce.com/special/demonstrator-mongo-db:0.0.1
    volumes:
    - mongodb:/data

  mongo-rs-setup:
    image: registry-special.tenforce.com/special/demonstrator-mongo-rs-setup:0.0.1
    depends_on:
      - mongo-db

  policy-admin-frontend:
    image: registry-special.tenforce.com/special/demonstrator-policy-admin-frontend:1.0.3

  compliance-checker:
    image: registry-special.tenforce.com/special/compliance-checker:1.0.0
    environment:
      KAFKA_URL_LIST: "kafka:9092"
      KAFKA_CLIENT_ID: 1
      KAFKA_TOPIC_POLICY: "full-policies"
      KAFKA_TOPIC_ACCESS: "application-logs"
      KAFKA_TOPIC_CONSENT: "checked-application-logs"
    volumes:
      - ./use_cases:/policies

  rethinkdb:
    image: rethinkdb:2.3
    volumes:
      - ./use_cases:/policies

  log-generator:
    image: registry-special.tenforce.com/special/demonstrator-log-generator:1.0.6
    restart: always
    environment:
      RATE: 2s
      KAFKA_BROKER_LIST: kafka:9092
      KAFKA_TOPIC: application-logs
      KEYCLOAK_ENDPOINT: $KEYCLOAK_ENDPOINT
      KEYCLOAK_USER: demonstrator-generator
      KEYCLOAK_PASSWORD: $KEYCLOAK_GENERATOR_PASSWORD
      KEYCLOAK_CLIENT_ID: special-platform
      KEYCLOAK_CLIENT_SECRET: $KEYCLOAK_CLIENT_SECRET
      BACKEND_ENDPOINT: http://consent-management-backend

  pdg:
    build: ./personal-data-gateway
    volumes:
      - ./personal-data-gateway/app:/app # reload
    ports:
      - "8101:5000"

  # Kafka setup (should maybe go in external deployment)
  zookeeper:
    image: zookeeper:latest
    volumes:
      - zoodata:/data
      - zoolog:/datalog

  # Networking setup is not perfect yet and will most likely change slightly once
  # I get around to testing it with multiple nodes on swarm. For local dev the current setup works fine
  # TODO: save data in a volume (or mount from host)
  kafka:
    image: wurstmeister/kafka:2.11-2.0.1
    depends_on:
      - zookeeper
    environment:
      # HOSTNAME_COMMAND: "docker info | grep ^Name: | cut -d' ' -f 2"
      KAFKA_ADVERTISED_HOSTNAME: kafka
      KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181
      KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: INSIDE:PLAINTEXT,OUTSIDE:PLAINTEXT
      # KAFKA_ADVERTISED_LISTENERS: INSIDE://:9092,OUTSIDE://_{HOSTNAME_COMMAND}:9094
      KAFKA_ADVERTISED_LISTENERS: INSIDE://:9092,OUTSIDE://:9094
      KAFKA_LISTENERS: INSIDE://:9092,OUTSIDE://:9094
      KAFKA_INTER_BROKER_LISTENER_NAME: INSIDE
      KAFKA_CREATE_TOPICS: application-logs:1:1,full-policies:1:1:compact,policies-audit:1:1,checked-application-logs:1:1,data-portability-requests:1:1
    volumes:
      - kafkalogs:/kafka

  kong-database:
    image: cassandra:2.2.13
    volumes:
      - kong-database:/var/lib/cassandra

  kong-database-migrations:
    image: registry-special.tenforce.com/special/kong-database-migrations:v0.0.1
    depends_on:
      - kong-database
    environment:
      - KONG_DATABASE=cassandra
      - KONG_PG_HOST=kong-database
      - KONG_CASSANDRA_CONTACT_POINTS=kong-database
    command: ["./wait-for-it.sh", "kong-database:9042", "-t", "0", "--", "kong", "migrations", "bootstrap"]

  kong:
    image: registry-special.tenforce.com/special/kong:v0.0.2
    depends_on:
      - kong-database
      - kong-database-migrations
    environment:
      KONG_DATABASE: cassandra
      KONG_PG_HOST: kong-database
      KONG_CASSANDRA_CONTACT_POINTS: kong-database
      KONG_ADMIN_ACCESS_LOG: /dev/stdout
      KONG_ADMIN_ERROR_LOG: /dev/stderr
      KONG_ADMIN_LISTEN: "0.0.0.0:8001"
      KONG_ADMIN_LISTEN_SSL: "0.0.0.0:8444"
      KONG_PROXY_ACCESS_LOG: /dev/stdout
      KONG_PROXY_ERROR_LOG: /dev/stderr
      KONG_PLUGINS: oidc
      KONG_NGINX_PROXY_SET: "$$session_secret c3BlY2lhbC1wbGF0Zm9ybS1zZXNzaW9uLXNlY3JldA=="
    ports:
      - 8000:8000
    command: ["./wait-for-stop.sh", "-h", "kong-database-migrations", "--", "kong", "start"]

  kong-config:
    image: registry-special.tenforce.com/special/kong-configuration:v0.0.9
    environment:
      KEYCLOAK_ENDPOINT: $KEYCLOAK_ENDPOINT
    depends_on:
      - kong
    command: ["./wait-for-it.sh", "kong:8001", "-t", "120", "--", "gongfig", "import", "--url=http://kong:8001", "--file", "/config.json"]

  # Deactivated until we can put it behind the reverse proxy
  konga:
    image: pantsel/konga
    ports:
      - 1337:1337
    volumes:
      - konga-data:/app/kongadata
    environment:
      NODE_ENV: production

  # the personal data gateway
  personal-data-gateway:
    image: registry-special.tenforce.com/special/personal-data-gateway:0.0.1

  elasticsearch:
    image: docker.elastic.co/elasticsearch/elasticsearch:6.4.1
    environment:
      ES_JAVA_OPTS: "-Xmx1g -Xms1g"
    ulimits:
      nofile:
        soft: 65536
        hard: 65536
    volumes:
      - esdata:/usr/share/elasticsearch/data

  kibana:
    image: docker.elastic.co/kibana/kibana:6.4.1
    environment:
      SERVER_BASEPATH: "/kibana"
      SERVER_REWRITEBASEPATH: "true"
    logging:
      driver: none

  logstash-checked-application-logs:
    image: registry-special.tenforce.com/special/logstash-from-kafka:0.0.1
    environment:
      KAFKA_ENDPOINT: kafka:9092
      ELASTICSEARCH_ENDPOINT: elasticsearch
      SOURCE_TOPIC: checked-application-logs
      TARGET_INDEX: checked-application-logs

  logstash-policies-audit:
    image: registry-special.tenforce.com/special/logstash-from-kafka:0.0.1
    environment:
      KAFKA_ENDPOINT: kafka:9092
      ELASTICSEARCH_ENDPOINT: elasticsearch
      SOURCE_TOPIC: policies-audit
      TARGET_INDEX: policies-audit

  data-portability:
    image: registry-special.tenforce.com/special/data-portability:0.0.1
    ports:
      - 8123:8080
    environment:
      KAFKA_BROKER_LIST: "kafka:9092"

volumes:
  caddycert: {}
  kong-database:
    driver: local
  mongodb:
    driver: local
  kafkalogs:
    driver: local
  zoodata:
    driver: local
  zoolog:
    driver: local
  konga-data:
    driver: local
  esdata:
    driver: local

networks:
  default:
    external:
      name: special-demonstrator