3d053e32ee
* Use Nginx + Basic Auth to secure OSS Airbyte * use local passwords * Use gradle builds * K8s setup and source values from ENV * note about disabling * add back defaults * custom 401 page * update http message * update docs * remove kube files * additional doc updates * Add a test suite * fix failure exit codes * doc updates * Add docs * bump to re-test * add more sleep in tests for CI * better sleep in test * Update docs/operator-guides/security.md Co-authored-by: Davin Chia <davinchia@gmail.com> * PR updates * test comment * change test host on CI * update tests and nginx to boot without backend * proxy updates for docker DNS * simpler test for uptime * acceptance test skips PWs * remove resolver madness * fixup tests * more proxy_pass revert * update acceptance test exit codes * relax test expectations * add temporal mount back for testing * Update docs/operator-guides/security.md Co-authored-by: swyx <shawnthe1@gmail.com> * Update airbyte-proxy/401.html Co-authored-by: swyx <shawnthe1@gmail.com> * more doc updates * Octavia CLI uses Basic Auth (#17982) * [WIP] Octavia CLI uses Basic Auth * readme * augustin: add basic auth headers to clien * augustin: add basic auth headers to client * tests passing * lint * docs * Move monkey patch to test * coerce headers into strings * monkey patch get_basic_auth_token Co-authored-by: alafanechere <augustin.lafanechere@gmail.com> * fix launch permissions * Keep worker port internal * more readme Co-authored-by: Davin Chia <davinchia@gmail.com> Co-authored-by: swyx <shawnthe1@gmail.com> Co-authored-by: alafanechere <augustin.lafanechere@gmail.com>
240 lines
9.5 KiB
YAML
240 lines
9.5 KiB
YAML
version: "3.7"
|
|
#https://github.com/compose-spec/compose-spec/blob/master/spec.md#using-extensions-as-fragments
|
|
x-logging: &default-logging
|
|
options:
|
|
max-size: "100m"
|
|
max-file: "5"
|
|
driver: json-file
|
|
services:
|
|
# hook in case we need to add init behavior
|
|
# every root service (no depends_on) should depend on init
|
|
init:
|
|
image: airbyte/init:${VERSION}
|
|
logging: *default-logging
|
|
container_name: init
|
|
command: /bin/sh -c "./scripts/create_mount_directories.sh /local_parent ${HACK_LOCAL_ROOT_PARENT} ${LOCAL_ROOT}"
|
|
environment:
|
|
- LOCAL_ROOT=${LOCAL_ROOT}
|
|
- HACK_LOCAL_ROOT_PARENT=${HACK_LOCAL_ROOT_PARENT}
|
|
volumes:
|
|
- ${HACK_LOCAL_ROOT_PARENT}:/local_parent
|
|
bootloader:
|
|
image: airbyte/bootloader:${VERSION}
|
|
logging: *default-logging
|
|
container_name: airbyte-bootloader
|
|
environment:
|
|
- AIRBYTE_VERSION=${VERSION}
|
|
- CONFIG_DATABASE_PASSWORD=${CONFIG_DATABASE_PASSWORD:-}
|
|
- CONFIG_DATABASE_URL=${CONFIG_DATABASE_URL:-}
|
|
- CONFIG_DATABASE_USER=${CONFIG_DATABASE_USER:-}
|
|
- DATABASE_PASSWORD=${DATABASE_PASSWORD}
|
|
- DATABASE_URL=${DATABASE_URL}
|
|
- DATABASE_USER=${DATABASE_USER}
|
|
- LOG_LEVEL=${LOG_LEVEL}
|
|
- RUN_DATABASE_MIGRATION_ON_STARTUP=${RUN_DATABASE_MIGRATION_ON_STARTUP}
|
|
networks:
|
|
- airbyte_internal
|
|
db:
|
|
image: airbyte/db:${VERSION}
|
|
logging: *default-logging
|
|
container_name: airbyte-db
|
|
restart: unless-stopped
|
|
environment:
|
|
- CONFIG_DATABASE_PASSWORD=${CONFIG_DATABASE_PASSWORD:-}
|
|
- CONFIG_DATABASE_URL=${CONFIG_DATABASE_URL:-}
|
|
- CONFIG_DATABASE_USER=${CONFIG_DATABASE_USER:-}
|
|
- DATABASE_PASSWORD=${DATABASE_PASSWORD}
|
|
- DATABASE_URL=${DATABASE_URL}
|
|
- DATABASE_USER=${DATABASE_USER}
|
|
- POSTGRES_PASSWORD=${DATABASE_PASSWORD}
|
|
- POSTGRES_USER=${DATABASE_USER}
|
|
volumes:
|
|
- db:/var/lib/postgresql/data
|
|
networks:
|
|
- airbyte_internal
|
|
worker:
|
|
image: airbyte/worker:${VERSION}
|
|
logging: *default-logging
|
|
container_name: airbyte-worker
|
|
restart: unless-stopped
|
|
environment:
|
|
- AIRBYTE_VERSION=${VERSION}
|
|
- AUTO_DISABLE_FAILING_CONNECTIONS=${AUTO_DISABLE_FAILING_CONNECTIONS}
|
|
- CONFIG_DATABASE_PASSWORD=${CONFIG_DATABASE_PASSWORD:-}
|
|
- CONFIG_DATABASE_URL=${CONFIG_DATABASE_URL:-}
|
|
- CONFIG_DATABASE_USER=${CONFIG_DATABASE_USER:-}
|
|
- CONFIGS_DATABASE_MINIMUM_FLYWAY_MIGRATION_VERSION=${CONFIGS_DATABASE_MINIMUM_FLYWAY_MIGRATION_VERSION:-}
|
|
- CONFIG_ROOT=${CONFIG_ROOT}
|
|
- DATABASE_PASSWORD=${DATABASE_PASSWORD}
|
|
- DATABASE_URL=${DATABASE_URL}
|
|
- DATABASE_USER=${DATABASE_USER}
|
|
- DEPLOYMENT_MODE=${DEPLOYMENT_MODE}
|
|
- INTERNAL_API_HOST=${INTERNAL_API_HOST}
|
|
- JOBS_DATABASE_MINIMUM_FLYWAY_MIGRATION_VERSION=${JOBS_DATABASE_MINIMUM_FLYWAY_MIGRATION_VERSION:-}
|
|
- JOB_MAIN_CONTAINER_CPU_LIMIT=${JOB_MAIN_CONTAINER_CPU_LIMIT}
|
|
- JOB_MAIN_CONTAINER_CPU_REQUEST=${JOB_MAIN_CONTAINER_CPU_REQUEST}
|
|
- JOB_MAIN_CONTAINER_MEMORY_LIMIT=${JOB_MAIN_CONTAINER_MEMORY_LIMIT}
|
|
- JOB_MAIN_CONTAINER_MEMORY_REQUEST=${JOB_MAIN_CONTAINER_MEMORY_REQUEST}
|
|
- LOCAL_DOCKER_MOUNT=${LOCAL_DOCKER_MOUNT}
|
|
- LOCAL_ROOT=${LOCAL_ROOT}
|
|
- LOG_LEVEL=${LOG_LEVEL}
|
|
- LOG_CONNECTOR_MESSAGES=${LOG_CONNECTOR_MESSAGES}
|
|
- MAX_CHECK_WORKERS=${MAX_CHECK_WORKERS}
|
|
- MAX_DISCOVER_WORKERS=${MAX_DISCOVER_WORKERS}
|
|
- MAX_SPEC_WORKERS=${MAX_SPEC_WORKERS}
|
|
- MAX_SYNC_WORKERS=${MAX_SYNC_WORKERS}
|
|
- NORMALIZATION_JOB_MAIN_CONTAINER_MEMORY_LIMIT=${NORMALIZATION_JOB_MAIN_CONTAINER_MEMORY_LIMIT}
|
|
- NORMALIZATION_JOB_MAIN_CONTAINER_MEMORY_REQUEST=${NORMALIZATION_JOB_MAIN_CONTAINER_MEMORY_REQUEST}
|
|
- NORMALIZATION_JOB_MAIN_CONTAINER_CPU_LIMIT=${NORMALIZATION_JOB_MAIN_CONTAINER_CPU_LIMIT}
|
|
- NORMALIZATION_JOB_MAIN_CONTAINER_CPU_REQUEST=${NORMALIZATION_JOB_MAIN_CONTAINER_CPU_REQUEST}
|
|
- SECRET_PERSISTENCE=${SECRET_PERSISTENCE}
|
|
- SYNC_JOB_MAX_ATTEMPTS=${SYNC_JOB_MAX_ATTEMPTS}
|
|
- SYNC_JOB_MAX_TIMEOUT_DAYS=${SYNC_JOB_MAX_TIMEOUT_DAYS}
|
|
- TEMPORAL_HOST=${TEMPORAL_HOST}
|
|
- TRACKING_STRATEGY=${TRACKING_STRATEGY}
|
|
- WEBAPP_URL=${WEBAPP_URL}
|
|
- WORKSPACE_DOCKER_MOUNT=${WORKSPACE_DOCKER_MOUNT}
|
|
- WORKSPACE_ROOT=${WORKSPACE_ROOT}
|
|
- METRIC_CLIENT=${METRIC_CLIENT}
|
|
- OTEL_COLLECTOR_ENDPOINT=${OTEL_COLLECTOR_ENDPOINT}
|
|
- JOB_ERROR_REPORTING_STRATEGY=${JOB_ERROR_REPORTING_STRATEGY}
|
|
- JOB_ERROR_REPORTING_SENTRY_DSN=${JOB_ERROR_REPORTING_SENTRY_DSN}
|
|
- ACTIVITY_MAX_ATTEMPT=${ACTIVITY_MAX_ATTEMPT}
|
|
- ACTIVITY_INITIAL_DELAY_BETWEEN_ATTEMPTS_SECONDS=${ACTIVITY_INITIAL_DELAY_BETWEEN_ATTEMPTS_SECONDS}
|
|
- ACTIVITY_MAX_DELAY_BETWEEN_ATTEMPTS_SECONDS=${ACTIVITY_MAX_DELAY_BETWEEN_ATTEMPTS_SECONDS}
|
|
- WORKFLOW_FAILURE_RESTART_DELAY_SECONDS=${WORKFLOW_FAILURE_RESTART_DELAY_SECONDS}
|
|
- USE_STREAM_CAPABLE_STATE=${USE_STREAM_CAPABLE_STATE}
|
|
- MICRONAUT_ENVIRONMENTS=${WORKERS_MICRONAUT_ENVIRONMENTS}
|
|
volumes:
|
|
- /var/run/docker.sock:/var/run/docker.sock
|
|
- workspace:${WORKSPACE_ROOT}
|
|
- ${LOCAL_ROOT}:${LOCAL_ROOT}
|
|
ports:
|
|
- 9000
|
|
networks:
|
|
- airbyte_internal
|
|
server:
|
|
image: airbyte/server:${VERSION}
|
|
logging: *default-logging
|
|
container_name: airbyte-server
|
|
restart: unless-stopped
|
|
environment:
|
|
- AIRBYTE_ROLE=${AIRBYTE_ROLE:-}
|
|
- AIRBYTE_VERSION=${VERSION}
|
|
- CONFIG_DATABASE_PASSWORD=${CONFIG_DATABASE_PASSWORD:-}
|
|
- CONFIG_DATABASE_URL=${CONFIG_DATABASE_URL:-}
|
|
- CONFIG_DATABASE_USER=${CONFIG_DATABASE_USER:-}
|
|
- CONFIGS_DATABASE_MINIMUM_FLYWAY_MIGRATION_VERSION=${CONFIGS_DATABASE_MINIMUM_FLYWAY_MIGRATION_VERSION:-}
|
|
- CONFIG_ROOT=${CONFIG_ROOT}
|
|
- DATABASE_PASSWORD=${DATABASE_PASSWORD}
|
|
- DATABASE_URL=${DATABASE_URL}
|
|
- DATABASE_USER=${DATABASE_USER}
|
|
- JOB_MAIN_CONTAINER_CPU_LIMIT=${JOB_MAIN_CONTAINER_CPU_LIMIT}
|
|
- JOB_MAIN_CONTAINER_CPU_REQUEST=${JOB_MAIN_CONTAINER_CPU_REQUEST}
|
|
- JOB_MAIN_CONTAINER_MEMORY_LIMIT=${JOB_MAIN_CONTAINER_MEMORY_LIMIT}
|
|
- JOB_MAIN_CONTAINER_MEMORY_REQUEST=${JOB_MAIN_CONTAINER_MEMORY_REQUEST}
|
|
- JOBS_DATABASE_MINIMUM_FLYWAY_MIGRATION_VERSION=${JOBS_DATABASE_MINIMUM_FLYWAY_MIGRATION_VERSION:-}
|
|
- LOG_LEVEL=${LOG_LEVEL}
|
|
- NEW_SCHEDULER=${NEW_SCHEDULER}
|
|
- SECRET_PERSISTENCE=${SECRET_PERSISTENCE}
|
|
- TEMPORAL_HOST=${TEMPORAL_HOST}
|
|
- TRACKING_STRATEGY=${TRACKING_STRATEGY}
|
|
- JOB_ERROR_REPORTING_STRATEGY=${JOB_ERROR_REPORTING_STRATEGY}
|
|
- JOB_ERROR_REPORTING_SENTRY_DSN=${JOB_ERROR_REPORTING_SENTRY_DSN}
|
|
- WEBAPP_URL=${WEBAPP_URL}
|
|
- WORKER_ENVIRONMENT=${WORKER_ENVIRONMENT}
|
|
- WORKSPACE_ROOT=${WORKSPACE_ROOT}
|
|
- GITHUB_STORE_BRANCH=${GITHUB_STORE_BRANCH}
|
|
ports:
|
|
- 8001
|
|
volumes:
|
|
- workspace:${WORKSPACE_ROOT}
|
|
- data:${CONFIG_ROOT}
|
|
- ${LOCAL_ROOT}:${LOCAL_ROOT}
|
|
networks:
|
|
- airbyte_internal
|
|
webapp:
|
|
image: airbyte/webapp:${VERSION}
|
|
logging: *default-logging
|
|
container_name: airbyte-webapp
|
|
restart: unless-stopped
|
|
ports:
|
|
- 80
|
|
environment:
|
|
- AIRBYTE_ROLE=${AIRBYTE_ROLE:-}
|
|
- AIRBYTE_VERSION=${VERSION}
|
|
- API_URL=${API_URL:-}
|
|
- INTERNAL_API_HOST=${INTERNAL_API_HOST}
|
|
- OPENREPLAY=${OPENREPLAY:-}
|
|
- PAPERCUPS_STORYTIME=${PAPERCUPS_STORYTIME:-}
|
|
- TRACKING_STRATEGY=${TRACKING_STRATEGY}
|
|
networks:
|
|
- airbyte_internal
|
|
airbyte-temporal:
|
|
image: airbyte/temporal:${VERSION}
|
|
logging: *default-logging
|
|
container_name: airbyte-temporal
|
|
restart: unless-stopped
|
|
environment:
|
|
- DB=postgresql
|
|
- DB_PORT=${DATABASE_PORT}
|
|
- DYNAMIC_CONFIG_FILE_PATH=config/dynamicconfig/development.yaml
|
|
- LOG_LEVEL=${LOG_LEVEL}
|
|
- POSTGRES_PWD=${DATABASE_PASSWORD}
|
|
- POSTGRES_SEEDS=${DATABASE_HOST}
|
|
- POSTGRES_USER=${DATABASE_USER}
|
|
volumes:
|
|
- ./temporal/dynamicconfig:/etc/temporal/config/dynamicconfig
|
|
networks:
|
|
- airbyte_internal
|
|
airbyte-cron:
|
|
image: airbyte/cron:${VERSION}
|
|
logging: *default-logging
|
|
container_name: airbyte-cron
|
|
restart: unless-stopped
|
|
environment:
|
|
- AIRBYTE_VERSION=${VERSION}
|
|
- CONFIGS_DATABASE_MINIMUM_FLYWAY_MIGRATION_VERSION=${CONFIGS_DATABASE_MINIMUM_FLYWAY_MIGRATION_VERSION}
|
|
- DATABASE_PASSWORD=${DATABASE_PASSWORD}
|
|
- DATABASE_URL=${DATABASE_URL}
|
|
- DATABASE_USER=${DATABASE_USER}
|
|
- DEPLOYMENT_MODE=${DEPLOYMENT_MODE}
|
|
- LOG_LEVEL=${LOG_LEVEL}
|
|
- REMOTE_CONNECTOR_CATALOG_URL=${REMOTE_CONNECTOR_CATALOG_URL}
|
|
- TEMPORAL_HISTORY_RETENTION_IN_DAYS=${TEMPORAL_HISTORY_RETENTION_IN_DAYS}
|
|
- UPDATE_DEFINITIONS_CRON_ENABLED=${UPDATE_DEFINITIONS_CRON_ENABLED}
|
|
- WORKSPACE_ROOT=${WORKSPACE_ROOT}
|
|
- MICRONAUT_ENVIRONMENTS=${CRON_MICRONAUT_ENVIRONMENTS}
|
|
volumes:
|
|
- workspace:${WORKSPACE_ROOT}
|
|
networks:
|
|
- airbyte_internal
|
|
airbyte-proxy:
|
|
image: airbyte/proxy:${VERSION}
|
|
container_name: airbyte-proxy
|
|
ports:
|
|
- 8000:8000
|
|
- 8001:8001
|
|
environment:
|
|
- BASIC_AUTH_USERNAME=${BASIC_AUTH_USERNAME}
|
|
- BASIC_AUTH_PASSWORD=${BASIC_AUTH_PASSWORD}
|
|
networks:
|
|
- airbyte_internal
|
|
- airbyte_public
|
|
depends_on:
|
|
- webapp
|
|
- server
|
|
volumes:
|
|
workspace:
|
|
name: ${WORKSPACE_DOCKER_MOUNT}
|
|
# the data volume is only needed for backward compatibility; when users upgrade
|
|
# from an old Airbyte version that relies on file-based configs, the server needs
|
|
# to read this volume to copy their configs to the database
|
|
data:
|
|
name: ${DATA_DOCKER_MOUNT}
|
|
db:
|
|
name: ${DB_DOCKER_MOUNT}
|
|
networks:
|
|
airbyte_public:
|
|
airbyte_internal:
|