Add j2 template for zitadel compose file (#180)

* Add j2 template for zitadel compose file --------- Co-authored-by: GitHub Actions <[email protected]>
datalens-tech · Jul 24, 2024 · b794b66 · b794b66
1 parent 32013ae
commit b794b66
Show file tree

Hide file tree

Showing 3 changed files with 214 additions and 8 deletions.
diff --git a/.github/workflows/update-compose.yml b/.github/workflows/update-compose.yml
@@ -26,10 +26,11 @@ jobs:
         run: |
           pip3 install --user --upgrade j2cli
           j2 --version  
-      - name: build docker-compose.yml & docker-compose-dev.yml
+      - name: build docker-compose.yml & docker-compose-dev.yml & docker-compose.zitadel.yml
         run: |
           j2 ./templates/docker-compose.j2 versions-config.json --format=json > ./docker-compose.yml
           DEV_MODE=true j2 ./templates/docker-compose.j2 versions-config.json --format=json > ./docker-compose-dev.yml
+          j2 ./templates/docker-compose.zitadel.j2 versions-config.json --format=json > ./docker-compose.zitadel.yml
       - name: run docker-compose.yml
         run: docker compose -f ./docker-compose.yml up -d
       - name: stop docker-compose.yml
@@ -41,7 +42,7 @@ jobs:
       - name: Commit compose files
         id: make-commit
         run: |
-            git add docker-compose.yml docker-compose-dev.yml
+            git add docker-compose.yml docker-compose-dev.yml docker-compose.zitadel.yml
             if ! git diff-index --quiet HEAD; then
                 git commit --message "update docker-compose.yml docker-compose-dev.yml"
                 git push

diff --git a/docker-compose.zitadel.yml b/docker-compose.zitadel.yml
@@ -29,7 +29,6 @@ services:
       AUTH_CLIENT_SECRET: "${BI_SERVICE_CLIENT_SECRET}"
       AUTH_APP_CLIENT_ID: "${DL_CLIENT_ID}"
       AUTH_APP_CLIENT_SECRET: "${DL_CLIENT_SECRET}"
-
     depends_on:
       - us
 
@@ -56,7 +55,6 @@ services:
       AUTH_CLIENT_SECRET: "${BI_SERVICE_CLIENT_SECRET}"
       AUTH_APP_CLIENT_ID: "${DL_CLIENT_ID}"
       AUTH_APP_CLIENT_SECRET: "${DL_CLIENT_SECRET}"
-
     depends_on:
       - us
       - pg-compeng
@@ -82,8 +80,6 @@ services:
     volumes:
       - ./metadata:/var/lib/postgresql/data
 
-
-
   us:
     container_name: datalens-us
     image: ghcr.io/datalens-tech/datalens-us:0.224.0
@@ -105,13 +101,11 @@ services:
       CLIENT_SECRET: "${DL_CLIENT_SECRET}"
       SERVICE_CLIENT_ID: "us"
       SERVICE_CLIENT_SECRET: "${US_SERVICE_CLIENT_SECRET}"
-
     extra_hosts:
       - "host.docker.internal:host-gateway"
     volumes:
       - ./certs:/certs
 
-
   zitadel-db:
     restart: 'always'
     image: postgres:16-alpine

diff --git a/templates/docker-compose.zitadel.j2 b/templates/docker-compose.zitadel.j2
@@ -0,0 +1,211 @@
+version: "3.7"
+
+services:
+  pg-compeng:
+    container_name: datalens-pg-compeng
+    image: postgres:13-alpine
+    environment:
+      POSTGRES_PASSWORD: "postgres"
+      POSTGRES_DB: postgres
+      POSTGRES_USER: postgres
+
+  control-api:
+    container_name: datalens-control-api
+    image: ghcr.io/datalens-tech/datalens-control-api:{{ controlApiVersion }}
+    environment:
+      BI_API_UWSGI_WORKERS_COUNT: 4
+      CONNECTOR_AVAILABILITY_VISIBLE: "clickhouse,postgres,chyt,ydb,mysql,greenplum"
+      RQE_FORCE_OFF: 1
+      DL_CRY_ACTUAL_KEY_ID: key_1
+      DL_CRY_KEY_VAL_ID_key_1: "h1ZpilcYLYRdWp7Nk8X1M1kBPiUi8rdjz9oBfHyUKIk="
+      RQE_SECRET_KEY: ""
+      US_HOST: "http://us:8083"
+      US_MASTER_TOKEN: "${US_MASTER_TOKEN}"
+
+      AUTH_TYPE: "ZITADEL"
+      AUTH_BASE_URL: "http://zitadel:8080"
+      AUTH_PROJECT_ID: "${ZITADEL_PROJECT_ID}"
+      AUTH_CLIENT_ID: "bi"
+      AUTH_CLIENT_SECRET: "${BI_SERVICE_CLIENT_SECRET}"
+      AUTH_APP_CLIENT_ID: "${DL_CLIENT_ID}"
+      AUTH_APP_CLIENT_SECRET: "${DL_CLIENT_SECRET}"
+
+{%- if "DEV_MODE"|env(false) %}
+    ports:
+      - 8081:8080
+{%- endif %}
+    depends_on:
+      - us
+
+  data-api:
+    container_name: datalens-data-api
+    image: ghcr.io/datalens-tech/datalens-data-api:{{ dataApiVersion }}
+    environment:
+      GUNICORN_WORKERS_COUNT: 5
+      RQE_FORCE_OFF: 1
+      CACHES_ON: 0
+      MUTATIONS_CACHES_ON: 0
+      RQE_SECRET_KEY: ""
+      DL_CRY_ACTUAL_KEY_ID: key_1
+      DL_CRY_KEY_VAL_ID_key_1: "h1ZpilcYLYRdWp7Nk8X1M1kBPiUi8rdjz9oBfHyUKIk="
+      BI_COMPENG_PG_ON: 1
+      BI_COMPENG_PG_URL: "postgresql://postgres:postgres@pg-compeng:5432/postgres"
+      US_HOST: "http://us:8083"
+      US_MASTER_TOKEN: "${US_MASTER_TOKEN}"
+
+      AUTH_TYPE: "ZITADEL"
+      AUTH_BASE_URL: "http://zitadel:8080"
+      AUTH_PROJECT_ID: "${ZITADEL_PROJECT_ID}"
+      AUTH_CLIENT_ID: "bi"
+      AUTH_CLIENT_SECRET: "${BI_SERVICE_CLIENT_SECRET}"
+      AUTH_APP_CLIENT_ID: "${DL_CLIENT_ID}"
+      AUTH_APP_CLIENT_SECRET: "${DL_CLIENT_SECRET}"
+
+
+{%- if "DEV_MODE"|env(false) %}
+    ports:
+      - 8082:8080
+{%- endif %}
+    depends_on:
+      - us
+      - pg-compeng
+
+  pg-demo-connection:
+    container_name: datalens-pg-demo-connection
+    image: postgres:13-alpine
+    environment:
+      POSTGRES_DB: demo
+      POSTGRES_USER: demo
+      POSTGRES_PASSWORD: demo
+    volumes:
+      - ./pg-demo-connection/init:/docker-entrypoint-initdb.d
+      - ./pg-demo-connection/data:/var/lib/postgresql/data
+
+  pg-us:
+    container_name: datalens-pg-us
+    image: postgres:13-alpine
+    environment:
+      POSTGRES_DB: us-db-ci_purgeable
+      POSTGRES_USER: us
+      POSTGRES_PASSWORD: us
+    volumes:
+      - ./metadata:/var/lib/postgresql/data
+{%- if "DEV_MODE"|env(false) %}
+    ports:
+      - "8086:5432"
+{%- endif %}
+
+  us:
+    container_name: datalens-us
+    image: ghcr.io/datalens-tech/datalens-us:{{ usVersion }}
+    depends_on:
+      - pg-us
+    environment:
+      APP_INSTALLATION: "opensource"
+      APP_ENV: "prod"
+      MASTER_TOKEN: "${US_MASTER_TOKEN}"
+      POSTGRES_DSN_LIST: ${METADATA_POSTGRES_DSN_LIST:-postgres://us:us@pg-us:5432/us-db-ci_purgeable}
+      SKIP_INSTALL_DB_EXTENSIONS: ${METADATA_SKIP_INSTALL_DB_EXTENSIONS:-0}
+      USE_DEMO_DATA: ${USE_DEMO_DATA:-1}
+      HC: ${HC:-0}
+      NODE_EXTRA_CA_CERTS: /certs/root.crt
+
+      ZITADEL: "true"
+      ZITADEL_URI: "http://zitadel:8080"
+      CLIENT_ID: "${DL_CLIENT_ID}"
+      CLIENT_SECRET: "${DL_CLIENT_SECRET}"
+      SERVICE_CLIENT_ID: "us"
+      SERVICE_CLIENT_SECRET: "${US_SERVICE_CLIENT_SECRET}"
+
+{%- if "DEV_MODE"|env(false) %}
+    ports:
+      - "8083:8083"
+{%- endif %}
+    extra_hosts:
+      - "host.docker.internal:host-gateway"
+    volumes:
+      - ./certs:/certs
+
+  zitadel-db:
+    restart: 'always'
+    image: postgres:16-alpine
+    environment:
+      POSTGRES_DB: zitadel
+      POSTGRES_USER: zit
+      POSTGRES_PASSWORD: zit
+    healthcheck:      
+      test: ["CMD-SHELL", "pg_isready", "-d", "zitadel", "-U", "zit"]
+      interval: '10s'
+      timeout: '30s'
+      retries: 5
+      start_period: '20s'
+    ports:
+      - "8087:5432"
+    volumes:
+      - ./zitadel-db:/var/lib/postgresql/data
+
+  zitadel:
+    restart: 'always'
+    image: 'ghcr.io/zitadel/zitadel:v2.54.1'
+    command: 'start-from-init --masterkeyFromEnv --tlsMode disabled'
+    environment:
+      - 'ZITADEL_MASTERKEY=${ZITADEL_MASTERKEY:?missed ZITADEL_MASTERKEY env}'
+      - 'ZITADEL_DATABASE_POSTGRES_HOST=zitadel-db'
+      - 'ZITADEL_DATABASE_POSTGRES_PORT=5432'
+      - 'ZITADEL_DATABASE_POSTGRES_DATABASE=zitadel'
+      - 'ZITADEL_DATABASE_POSTGRES_USER_USERNAME=zit'
+      - 'ZITADEL_DATABASE_POSTGRES_USER_PASSWORD=zit'
+      - 'ZITADEL_DATABASE_POSTGRES_USER_SSL_MODE=disable'
+      - 'ZITADEL_DATABASE_POSTGRES_ADMIN_USERNAME=zit'
+      - 'ZITADEL_DATABASE_POSTGRES_ADMIN_PASSWORD=zit'
+      - 'ZITADEL_DATABASE_POSTGRES_ADMIN_SSL_MODE=disable'
+      - 'ZITADEL_SYSTEMDEFAULTS_SECRETGENERATORS_PASSWORDSALTCOST=1'
+      - 'ZITADEL_EXTERNALSECURE=false'
+      - 'ZITADEL_EXTERNALPORT=${ZITADEL_EXTERNALPORT:-8080}'
+      - 'ZITADEL_EXTERNALDOMAIN=${ZITADEL_EXTERNALDOMAIN:-zitadel}'
+      - 'ZITADEL_FIRSTINSTANCE_PATPATH=/machinekey/zitadel-admin-sa.token'
+      - 'ZITADEL_FIRSTINSTANCE_ORG_MACHINE_MACHINE_USERNAME=zitadel-admin-sa'
+      - 'ZITADEL_FIRSTINSTANCE_ORG_MACHINE_MACHINE_NAME=Admin'
+      - 'ZITADEL_FIRSTINSTANCE_ORG_MACHINE_MACHINEKEY_TYPE=1'
+      - 'ZITADEL_FIRSTINSTANCE_ORG_MACHINE_PAT_EXPIRATIONDATE=9999-01-01T00:00:00Z'
+      - 'ZITADEL_DEFAULTINSTANCE_OIDCSETTINGS_ACCESSTOKENLIFETIME=0.25h'
+      - 'ZITADEL_DEFAULTINSTANCE_OIDCSETTINGS_REFRESHTOKENEXPIRATION=336h'      
+    depends_on:
+      zitadel-db:
+        condition: 'service_healthy'
+    ports:
+      - '8085:8080'
+    volumes:
+      - ./zitadel/machinekey:/machinekey:rw
+
+  datalens:
+    container_name: datalens-ui
+    image: ghcr.io/datalens-tech/datalens-ui:{{ uiVersion }}
+    ports:
+      - ${UI_PORT:-8080}:8080
+    depends_on:
+      - us
+      - control-api
+      - data-api
+      - pg-demo-connection
+    environment:
+      APP_MODE: "full"
+      APP_ENV: "production"
+      APP_INSTALLATION: "opensource"
+      AUTH_POLICY: "disabled"
+      US_ENDPOINT: "http://us:8083"
+      BI_API_ENDPOINT: "http://control-api:8080"
+      BI_DATA_ENDPOINT: "http://data-api:8080"
+      NODE_EXTRA_CA_CERTS: "/usr/local/share/ca-certificates/cert.pem"
+      HC: ${HC:-0}
+
+      ZITADEL: "true"
+      CLIENT_ID: "${DL_CLIENT_ID}"
+      CLIENT_SECRET: "${DL_CLIENT_SECRET}"
+      ZITADEL_PROJECT_ID: "${ZITADEL_PROJECT_ID}"
+      ZITADEL_URI: "http://localhost:8085"
+      ZITADEL_INTERNAL_URI: "http://zitadel:8080"
+      APP_HOST_URI: "http://localhost:8080"
+      ZITADEL_COOKIE_SECRET: ${ZITADEL_COOKIE_SECRET:?missed ZITADEL_COOKIE_SECRET env}"
+      SERVICE_CLIENT_ID: "charts"
+      SERVICE_CLIENT_SECRET: "${CHARTS_SERVICE_CLIENT_SECRET}"