#timescaledb #dockerfile #for-use-with #hasura-deploy

README.md

Do yourself a favor and choose a base image OS from

Dockerslim (avg. size is 90% less than most distro from scratch):

gh repo clone docker-slim/docker-slim

Create a full image using tar

In general, start with a working machine that is running the distribution you’d like to package as a parent image, though that is not required for some tools like Debian’s Debootstrap, which you can also use to build Ubuntu images.

It can be as simple as this to create an Ubuntu parent image:

$ sudo debootstrap focal focal > /dev/null
$ sudo tar -C focal -c . | docker import - focal

sha256:81ec9a55a92a5618161f68ae691d092bf14d700129093158297b3d01593f4ee3

$ docker run focal cat /etc/lsb-release

DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=20.04
DISTRIB_CODENAME=focal
DISTRIB_DESCRIPTION="Ubuntu 20.04 LTS"

Create a simple parent image using scratch

You can use Docker’s reserved, minimal image, scratch, as a starting point for building containers. Using the scratch “image” signals to the build process that you want the next command in the Dockerfile to be the first filesystem layer in your image.

While scratch appears in Docker’s repository on the hub, you can’t pull it, run it, or tag any image with the name scratch. Instead, you can refer to it in your Dockerfile. For example, to create a minimal container using scratch:

# syntax=docker/dockerfile:1
FROM scratch
ADD hello /
CMD ["/hello"]

Assuming you built the “hello” executable example by using the source code at https://github.com/docker-library/hello-world, and you compiled it with the -static flag, you can build this Docker image using this docker build command:

 docker build --tag hello .

ALWAYS USE:

DOCKER_BUILDKIT=1  docker build .

docker-compose.override.yml

# build ssh-property access 1.0.2 -> 1.3+ Syntax Augmented.  Adding Docker Bake.
version: '3'

services:
  api:
    depends_on:
      - postgresql
      - elasticsearch
      - redis
    environment:
      POSTGRES_HOST: ${POSTGRES_HOST}
      POSTGRES_DB: ${POSTGRES_DB}
      POSTGRES_USER: ${POSTGRES_USER}
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
      POSTGRES_ADMIN_USER: ${POSTGRES_ADMIN_USER}
      POSTGRES_SSL: ${POSTGRES_SSL}
      POSTGRES_SSL_CERT: ${POSTGRES_SSL_CERT}
      POSTGRES_SSL_KEY: ${POSTGRES_SSL_KEY}
      POSTGRES_SSL_CA: ${POSTGRES_SSL_CA}
      ELASTIC_SEARCH_HOST: ${ELASTIC_SEARCH_HOST}
      ELASTIC_SEARCH_PROTOCOL: ${ELASTIC_SEARCH_PROTOCOL}
      ELASTIC_SEARCH_PORT: ${ELASTIC_SEARCH_PORT}
      ELASTIC_SEARCH_USER: ${ELASTIC_SEARCH_USER}
      ELASTIC_SEARCH_PASSWORD: ${ELASTIC_SEARCH_PASSWORD}
      REDIS_HOST: ${REDIS_HOST}
      REDIS_PORT: ${REDIS_PORT}
      REDIS_DBNUM: ${REDIS_DBNUM}
      REDIS_PASSWORD: ${REDIS_PASSWORD}
      REDIS_TLS: ${REDIS_TLS}

  # Use self-signed SSL certificates for testing
  # For production, please refer to docs/ssl-database.md
  postgresql:
    build:
      context: "."
      dockerfile: Dockerfile.postgresqlSSL
    ports:
      - "6543:5432"
    command: -c ssl=on -c ssl_cert_file=/var/lib/postgresql/server.crt -c ssl_key_file=/var/lib/postgresql/server.key
    environment:
      POSTGRES_DB: ${POSTGRES_DB}
      POSTGRES_USER: ${POSTGRES_USER}
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
      PGDATA: /var/lib/postgresql/data/pgdata
    volumes:
      - timescaledb-v1.7.1-pg12-data:/var/lib/postgresql/data/pgdata

  elasticsearch:
    build:
      context: "."
      dockerfile: Dockerfile.elasticsearch
    ports:
      - "9200:9200"
    environment:
      - http.host=0.0.0.0
      - transport.host=127.0.0.1

      # Enable authentication
      # If `xpack.security.enabled` is omitted or false, Elasticsearch won't verify the sent credentials
      # https://www.elastic.co/guide/en/elasticsearch/reference/current/security-settings.html#general-security-settings
      # https://www.elastic.co/guide/en/elasticsearch/reference/current/built-in-users.html
      - xpack.security.enabled=true
      - ELASTIC_PASSWORD=${ELASTIC_SEARCH_PASSWORD}
    volumes:
      - es-v7.3.2-data:/usr/share/elasticsearch/data

  redis:
    image: redis:5.0.1-alpine
    expose:
      - "6379"
    ports:
      - "6379:6379"
    volumes:
      - redis-v5.0.1-data:/data

volumes:
  timescaledb-v1.7.1-pg12-data:
  es-v7.3.2-data:
  redis-v5.0.1-data:

Dockerfile

FROM node:12.14-alpine

# Puppeteer installation process inspired by:
# https://github.com/GoogleChrome/puppeteer/issues/1793#issuecomment-442730223

ENV CHROME_BIN="/usr/bin/chromium-browser"

RUN apk --no-cache add \
  python \
  make \
  g++ \
  git \
  # Puppeteer/chromium
  udev \
  ttf-freefont \
  chromium

WORKDIR /usr/src/app

USER node

CMD [ "node", "server/start.js" ]

Dockerfile.elastisearch

FROM docker.elastic.co/elasticsearch/elasticsearch:7.3.2

RUN bin/elasticsearch-plugin install analysis-icu

CMD [ "docker-entrypoint.sh" ]

Dockerfile.postgresqlSSL

FROM timescale/timescaledb:1.7.1-pg12

# Certificates generated via `test/ssl/generate-cert.sh` script

COPY test/ssl/server.key /var/lib/postgresql/server.key
COPY test/ssl/server.crt /var/lib/postgresql/server.crt
RUN chown postgres /var/lib/postgresql/server.key && chmod 600 /var/lib/postgresql/server.key

Dockerfile.prod

# syntax = docker/dockerfile:1.0.2-experimental
# Using BuildKit for SSH, please refer to
# https://docs.docker.com/develop/develop-images/build_enhancements/#using-ssh-to-access-private-data-in-builds

FROM node:12.14-alpine

# Puppeteer installation process inspired by:
# https://github.com/GoogleChrome/puppeteer/issues/1793#issuecomment-442730223

ENV CHROME_BIN="/usr/bin/chromium-browser"

RUN apk --no-cache add \
  python \
  make \
  g++ \
  git \
  # needed for SSH using Docker BuildKit
  openssh-client \
  # Puppeteer/chromium
  udev \
  ttf-freefont \
  chromium

# Preparing to install private plugins from Github with SSH
RUN mkdir -p -m 0600 ~/.ssh && \
  ssh-keyscan github.com >> ~/.ssh/known_hosts

COPY package.json yarn.lock /tmp/
# Install app dependencies in dedicated steps to leverage layer caching
# SSH potentially needed for private plugins
RUN --mount=type=ssh cd /tmp && yarn
RUN mkdir -p /usr/src/app && cd /usr/src/app && ln -s /tmp/node_modules

# Copy app directory
COPY . /usr/src/app
WORKDIR /usr/src/app
RUN --mount=type=secret,id=env,dst=/usr/src/app/.env yarn plugins:prepare

CMD [ "node", "server/start.js" ]