# # Licensed to the Apache Software Foundation (ASF) under one or more # contributor license agreements. See the NOTICE file distributed with # this work for additional information regarding copyright ownership. # The ASF licenses this file to You under the Apache License, Version 2.0 # (the "License"); you may not use this file except in compliance with # the License. You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # version: "3.8" services: ## Redis apisix_redis: # The latest image is the latest stable version image: redis:latest restart: unless-stopped volumes: - ./t/certs:/certs command: "--tls-port 6380 \ --tls-cert-file /certs/mtls_server.crt \ --tls-key-file /certs/mtls_server.key \ --tls-ca-cert-file /certs/mtls_ca.crt \ --tls-auth-clients no \ --user alice on +@all ~* \\&* \\>somepassword" ports: - "6379:6379" - "6380:6380" networks: apisix_net: ## keycloak apisix_keycloak: container_name: apisix_keycloak image: quay.io/keycloak/keycloak:18.0.2 # use host network because in CAS auth, # keycloak needs to send back-channel POST to apisix. network_mode: host environment: KEYCLOAK_ADMIN: admin KEYCLOAK_ADMIN_PASSWORD: admin KC_HTTPS_CERTIFICATE_FILE: /opt/keycloak/conf/server.crt.pem KC_HTTPS_CERTIFICATE_KEY_FILE: /opt/keycloak/conf/server.key.pem restart: unless-stopped command: ["start-dev"] volumes: - /opt/keycloak-protocol-cas-18.0.2.jar:/opt/keycloak/providers/keycloak-protocol-cas-18.0.2.jar - ./ci/pod/keycloak/server.crt.pem:/opt/keycloak/conf/server.crt.pem - ./ci/pod/keycloak/server.key.pem:/opt/keycloak/conf/server.key.pem - ./ci/pod/keycloak/kcadm_configure_cas.sh:/tmp/kcadm_configure_cas.sh - ./ci/pod/keycloak/kcadm_configure_university.sh:/tmp/kcadm_configure_university.sh - ./ci/pod/keycloak/kcadm_configure_basic.sh:/tmp/kcadm_configure_basic.sh ## kafka-cluster zookeeper-server1: image: bitnami/zookeeper:3.6.0 env_file: - ci/pod/kafka/zookeeper-server/env/common.env restart: unless-stopped ports: - "2181:2181" networks: kafka_net: zookeeper-server2: image: bitnami/zookeeper:3.6.0 env_file: - ci/pod/kafka/zookeeper-server/env/common.env restart: unless-stopped ports: - "12181:12181" networks: kafka_net: kafka-server1: image: bitnami/kafka:2.8.1 env_file: - ci/pod/kafka/kafka-server/env/common.env environment: KAFKA_CFG_ZOOKEEPER_CONNECT: zookeeper-server1:2181 restart: unless-stopped ports: - "9092:9092" depends_on: - zookeeper-server1 - zookeeper-server2 networks: kafka_net: kafka-server2: image: bitnami/kafka:2.8.1 env_file: - ci/pod/kafka/kafka-server/env/common2.env environment: KAFKA_CFG_ZOOKEEPER_CONNECT: zookeeper-server2:2181 restart: unless-stopped ports: - "19092:19092" - "19094:19094" depends_on: - zookeeper-server1 - zookeeper-server2 networks: kafka_net: volumes: - ./ci/pod/kafka/kafka-server/kafka_jaas.conf:/opt/bitnami/kafka/config/kafka_jaas.conf:ro ## SkyWalking skywalking: image: apache/skywalking-oap-server:8.7.0-es6 restart: unless-stopped ports: - "1234:1234" - "11800:11800" - "12800:12800" networks: skywalk_net: ## OpenLDAP openldap: image: bitnami/openldap:2.5.8 environment: - LDAP_ADMIN_USERNAME=amdin - LDAP_ADMIN_PASSWORD=adminpassword - LDAP_USERS=user01,user02 - LDAP_PASSWORDS=password1,password2 - LDAP_ENABLE_TLS=yes - LDAP_TLS_CERT_FILE=/certs/localhost_slapd_cert.pem - LDAP_TLS_KEY_FILE=/certs/localhost_slapd_key.pem - LDAP_TLS_CA_FILE=/certs/apisix.crt ports: - "1389:1389" - "1636:1636" volumes: - ./t/certs:/certs ## Grafana Loki loki: image: grafana/loki:2.8.0 command: -config.file=/etc/loki/local-config.yaml -auth.enabled -querier.multi-tenant-queries-enabled ports: - "3100:3100" networks: - loki_net rocketmq_namesrv: image: apacherocketmq/rocketmq:4.6.0 container_name: rmqnamesrv restart: unless-stopped ports: - "9876:9876" command: sh mqnamesrv networks: rocketmq_net: rocketmq_broker: image: apacherocketmq/rocketmq:4.6.0 container_name: rmqbroker restart: unless-stopped ports: - "10909:10909" - "10911:10911" - "10912:10912" depends_on: - rocketmq_namesrv command: sh mqbroker -n rocketmq_namesrv:9876 -c ../conf/broker.conf networks: rocketmq_net: # Open Policy Agent opa: image: openpolicyagent/opa:0.35.0 restart: unless-stopped ports: - 8181:8181 command: run -s /example.rego /echo.rego /data.json /with_route.rego volumes: - type: bind source: ./ci/pod/opa/with_route.rego target: /with_route.rego - type: bind source: ./ci/pod/opa/example.rego target: /example.rego - type: bind source: ./ci/pod/opa/echo.rego target: /echo.rego - type: bind source: ./ci/pod/opa/data.json target: /data.json networks: opa_net: # Elasticsearch Logger Service elasticsearch-noauth: image: docker.elastic.co/elasticsearch/elasticsearch:8.12.0 restart: unless-stopped ports: - "9200:9200" - "9300:9300" environment: ES_JAVA_OPTS: -Xms512m -Xmx512m discovery.type: single-node xpack.security.enabled: 'false' elasticsearch-auth: image: docker.elastic.co/elasticsearch/elasticsearch:8.12.0 restart: unless-stopped ports: - "9201:9201" environment: ES_JAVA_OPTS: -Xms512m -Xmx512m discovery.type: single-node ELASTIC_USERNAME: elastic ELASTIC_PASSWORD: 123456 http.port: 9201 xpack.security.enabled: 'true' elasticsearch-auth-2: image: docker.elastic.co/elasticsearch/elasticsearch:9.0.2 restart: unless-stopped ports: - "9301:9201" environment: ES_JAVA_OPTS: -Xms512m -Xmx512m discovery.type: single-node ELASTIC_USERNAME: elastic ELASTIC_PASSWORD: 123456 http.port: 9201 xpack.security.enabled: 'true' elasticsearch-auth-3: image: docker.elastic.co/elasticsearch/elasticsearch:7.0.0 restart: unless-stopped ports: - "9401:9201" environment: ES_JAVA_OPTS: -Xms512m -Xmx512m discovery.type: single-node ELASTIC_USERNAME: elastic ELASTIC_PASSWORD: 123456 http.port: 9201 xpack.security.enabled: 'true' elasticsearch-auth-4: image: docker.elastic.co/elasticsearch/elasticsearch:6.7.0 restart: unless-stopped ports: - "9501:9201" environment: ES_JAVA_OPTS: -Xms512m -Xmx512m discovery.type: single-node ELASTIC_USERNAME: elastic ELASTIC_PASSWORD: 123456 http.port: 9201 xpack.security.enabled: 'true' # The function services of OpenFunction test-header: image: test-header-image:latest restart: unless-stopped ports: - "30583:8080" environment: CONTEXT_MODE: "self-host" FUNC_CONTEXT: "{\"name\":\"HelloWorld\",\"version\":\"v1.0.0\",\"port\":\"8080\",\"runtime\":\"Knative\"}" test-uri: image: test-uri-image:latest restart: unless-stopped ports: - "30584:8080" environment: CONTEXT_MODE: "self-host" FUNC_CONTEXT: "{\"name\":\"HelloWorld\",\"version\":\"v1.0.0\",\"port\":\"8080\",\"runtime\":\"Knative\"}" test-body: image: test-body-image:latest restart: unless-stopped ports: - "30585:8080" environment: CONTEXT_MODE: "self-host" FUNC_CONTEXT: "{\"name\":\"HelloWorld\",\"version\":\"v1.0.0\",\"port\":\"8080\",\"runtime\":\"Knative\"}" ## RedisCluster Enable TLS redis-node-0: image: docker.io/bitnami/redis-cluster:7.0 volumes: - ./t/certs:/certs environment: - 'ALLOW_EMPTY_PASSWORD=yes' - 'REDIS_NODES=redis-node-0 redis-node-1 redis-node-2' - 'REDIS_TLS_ENABLED=yes' - 'REDIS_TLS_CERT_FILE=/certs/mtls_server.crt' - 'REDIS_TLS_KEY_FILE=/certs/mtls_server.key' - 'REDIS_TLS_CA_FILE=/certs/mtls_ca.crt' - 'REDIS_TLS_AUTH_CLIENTS=no' ports: - '7000:6379' redis-node-1: image: docker.io/bitnami/redis-cluster:7.0 volumes: - ./t/certs:/certs environment: - 'ALLOW_EMPTY_PASSWORD=yes' - 'REDIS_NODES=redis-node-0 redis-node-1 redis-node-2' - 'REDIS_TLS_ENABLED=yes' - 'REDIS_TLS_CERT_FILE=/certs/mtls_server.crt' - 'REDIS_TLS_KEY_FILE=/certs/mtls_server.key' - 'REDIS_TLS_CA_FILE=/certs/mtls_ca.crt' - 'REDIS_TLS_AUTH_CLIENTS=no' ports: - '7001:6379' redis-node-2: image: docker.io/bitnami/redis-cluster:7.0 volumes: - ./t/certs:/certs depends_on: - redis-node-0 - redis-node-1 environment: - 'ALLOW_EMPTY_PASSWORD=yes' - 'REDIS_CLUSTER_REPLICAS=0' - 'REDIS_NODES=redis-node-0 redis-node-1 redis-node-2' - 'REDIS_CLUSTER_CREATOR=yes' - 'REDIS_TLS_ENABLED=yes' - 'REDIS_TLS_CERT_FILE=/certs/mtls_server.crt' - 'REDIS_TLS_KEY_FILE=/certs/mtls_server.key' - 'REDIS_TLS_CA_FILE=/certs/mtls_ca.crt' - 'REDIS_TLS_AUTH_CLIENTS=no' ports: - '7002:6379' graphql-demo: # the owner doesn't provide a semver tag image: npalm/graphql-java-demo:latest ports: - '8888:8080' vector: image: timberio/vector:0.29.1-debian container_name: vector volumes: - ./ci/pod/vector:/etc/vector/ - ./t/certs:/certs ports: - '3000:3000' #tcp logger - '8127:8127/udp' - '43000:43000' - '5140:5140' - "18088:18088" # For splunk logging tests - '5150:5150/udp' - "3001:3001" #http logger networks: vector_net: clickhouse: image: clickhouse/clickhouse-server:23.4.2-alpine container_name: clickhouse ports: - '8123:8123' networks: clickhouse_net: clickhouse2: image: clickhouse/clickhouse-server:23.4.2-alpine container_name: clickhouse2 ports: - '8124:8123' networks: clickhouse_net: otel-collector: image: otel/opentelemetry-collector-contrib volumes: - ./ci/pod/otelcol-contrib:/etc/otelcol-contrib:rw ports: - '4318:4318' networks: apisix_net: kafka_net: skywalk_net: rocketmq_net: opa_net: vector_net: clickhouse_net: loki_net: