version: "3"
networks:
kong-ee:
volumes:
certs:
driver: local
redis_data:
driver: local
services:
###############################################################################
redis:
image: docker.io/bitnami/redis:6.2
container_name: redis
hostname: redis
restart: always
environment:
ALLOW_EMPTY_PASSWORD: "yes"
REDIS_DISABLE_COMMANDS: "FLUSHDB,FLUSHALL"
ports:
- '6379:6379'
volumes:
- 'redis_data:/bitnami/redis/data'
networks:
- kong-ee
###############################################################################
postgres:
hostname: postgres
image: docker.io/library/postgres:13
restart: always
container_name: postgres
ports:
- 5432:5432
networks:
- kong-ee
healthcheck:
test: [ "CMD", "pg_isready", "-U", "kong" ]
interval: 10s
timeout: 5s
retries: 10
environment:
POSTGRES_DB: kong
POSTGRES_USER: kong
POSTGRES_PASSWORD: kong
POSTGRES_HOST_AUTH_METHOD: trust
###############################################################################
bootstrap:
hostname: bootstrap
container_name: bootstrap
image: docker.io/kong/kong-gateway:2.4-alpine
command: "kong migrations bootstrap ; kong migrations up ; kong migrations finish"
depends_on:
postgres:
condition: service_healthy
environment:
KONG_AUDIT_LOG: "on"
KONG_PASSWORD: ${KONG_PASSWORD:-password}
KONG_LOG_LEVEL: debug
KONG_DATABASE: "postgres"
KONG_PG_HOST: postgres
KONG_PG_USER: ${KONG_PG_USER:-kong}
KONG_PG_PASSWORD: ${KONG_PG_PASSWORD:-kong}
KONG_PG_DATABASE: ${KONG_PG_DATABASE:-kong}
KONG_LICENSE_DATA: ${KONG_LICENSE_DATA}
links:
- postgres:postgres
networks:
- kong-ee
restart: on-failure
###############################################################################
certs:
hostname: certs
container_name: certs
image: docker.io/kong/kong-gateway:2.4-alpine
user: "${KONG_USER:-root}"
restart: "no"
command: "kong hybrid gen_cert /usr/local/kong/certs/cluster.crt /usr/local/kong/certs/cluster.key"
networks:
- kong-ee
depends_on:
- bootstrap
volumes:
- 'certs:/usr/local/kong/certs:z'
###############################################################################
cp:
hostname: cp
container_name: cp
image: kong/kong-gateway:2.4-alpine
user: "${KONG_USER:-root}"
restart: on-failure
networks:
- kong-ee
depends_on:
- redis
- certs
- postgres
- bootstrap
ports:
- "8001:8001/tcp"
- "8002:8002/tcp"
- "8003:8003/tcp"
- "8004:8004/tcp"
- "8005:8005/tcp"
- "8006:8006/tcp"
- "8444:8444/tcp"
- "8445:8445/tcp"
- "8446:8446/tcp"
- "8447:8447/tcp"
environment:
KONG_ROLE: control_plane
KONG_PASSWORD: ${KONG_PASSWORD:-password}
KONG_SMTP_MOCK: "on"
KONG_ENFORCE_RBAC: "on"
KONG_LICENSE_DATA: ${KONG_LICENSE_DATA}
KONG_ADMIN_GUI_AUTH: basic-auth
KONG_ADMIN_LISTEN: "0.0.0.0:8001, 0.0.0.0:8444 ssl"
KONG_ADMIN_GUI_URL: http://kong.plutarch.codectl.lab:8002
KONG_ADMIN_GUI_LISTEN: "0.0.0.0:8002, 0.0.0.0:8445 ssl"
KONG_ADMIN_GUI_SESSION_CONF: '{"storage": "kong", "secret": "mysecretpassword", "cookie_name": "admin_session", "cookie_samesite":"off", "cookie_secure":false}'
KONG_ADMIN_ACCESS_LOG: "/dev/stdout"
KONG_ADMIN_ERROR_LOG: "/dev/stderr"
KONG_PORTAL: "on"
KONG_PORTAL_AUTH: basic-auth
KONG_PORTAL_API_URL: http://kong.plutarch.codectl.lab:8004
KONG_PORTAL_API_LISTEN: "0.0.0.0:8004, 0.0.0.0:8447 ssl"
KONG_PORTAL_GUI_HOST: kong.plutarch.codectl.lab:8003
KONG_PORTAL_GUI_LISTEN: "0.0.0.0:8003, 0.0.0.0:8446 ssl"
KONG_PORTAL_GUI_PROTOCOL: http
KONG_PORTAL_SESSION_CONF: '{"storage": "kong", "secret": "mysecretpassword", "cookie_name": "portal_session", "cookie_samesite":"off", "cookie_secure": false}'
KONG_PORTAL_EMAILS_REPLY_TO: noreply@local.host
KONG_PORTAL_EMAILS_FROM: noreply@local.host
KONG_LOG_LEVEL: debug
KONG_AUDIT_LOG: "on"
KONG_PG_HOST: postgres
KONG_PG_USER: ${KONG_PG_USER:-kong}
KONG_PG_PASSWORD: ${KONG_PG_PASSWORD:-kong}
KONG_PG_DATABASE: ${KONG_PG_DATABASE:-kong}
KONG_DATABASE: "postgres"
KONG_LUA_SSL_TRUSTED_CERTIFICATE: /usr/local/kong/certs/cluster.crt
KONG_CLUSTER_CERT_KEY: /usr/local/kong/certs/cluster.key
KONG_CLUSTER_CERT: /usr/local/kong/certs/cluster.crt
KONG_PORTAL_API_ACCESS_LOG: "/dev/stderr"
KONG_PORTAL_API_ERROR_LOG: "/dev/stderr"
KONG_ANONYMOUS_REPORTS: "off"
KONG_VITALS: "on"
volumes:
- 'certs:/usr/local/kong/certs:ro'
###############################################################################
dp:
hostname: dp
container_name: dp
image: kong/kong-gateway:2.4-alpine
user: "${KONG_USER:-root}"
restart: on-failure
networks:
- kong-ee
depends_on:
- cp
- redis
- certs
- postgres
- bootstrap
ports:
- 8080:8080
- 8443:8443
- 8100:8100
environment:
KONG_ROLE: data_plane
KONG_PORTAL: "off"
KONG_DATABASE: "off"
KONG_STATUS_LISTEN: 0.0.0.0:8100
KONG_PROXY_LISTEN: "0.0.0.0:8080, 0.0.0.0:8443 ssl"
KONG_CLUSTER_CONTROL_PLANE: kong.plutarch.codectl.lab:8005
KONG_CLUSTER_TELEMETRY_ENDPOINT: kong.plutarch.codectl.lab:8006
KONG_LUA_SSL_TRUSTED_CERTIFICATE: /usr/local/kong/certs/cluster.crt
KONG_CLUSTER_CERT_KEY: /usr/local/kong/certs/cluster.key
KONG_CLUSTER_CERT: /usr/local/kong/certs/cluster.crt
KONG_LICENSE_DATA: ${KONG_LICENSE_DATA}
KONG_PROXY_ACCESS_LOG: "/dev/stdout"
KONG_PROXY_ERROR_LOG: "/dev/stderr"
KONG_LOG_LEVEL: debug
KONG_AUDIT_LOG: "on"
volumes:
- 'certs:/usr/local/kong/certs:ro'