From d84d8191adec15f92150338fe430e49568c8d5e8 Mon Sep 17 00:00:00 2001 From: Astitva Sehgal <69433630+astitva1905@users.noreply.github.com> Date: Sun, 7 Apr 2024 13:40:02 +0530 Subject: [PATCH] Improves docker compose files (#660) - Separates networks of docker containers in order to improve isolation. - Improves docker container documentation --------- Co-authored-by: Astitva Co-authored-by: prasadtalasila --- client/config/local.js | 2 +- deploy/config/lib | 6 +++--- deploy/config/lib.docker | 2 +- docker/.env | 2 +- docker/README.md | 8 ++++---- docker/compose.local.yml | 27 +++++++++++++++++++++++++++ docker/compose.server.yml | 26 ++++++++++++++++++++++++++ docker/dev/.env | 8 ++++---- docker/dev/README.md | 17 +++++++++++++---- docker/dev/compose.dev.yml | 31 ++++++++++++++++++++++++++++--- servers/lib/config/.env.default | 6 +++--- 11 files changed, 111 insertions(+), 24 deletions(-) diff --git a/client/config/local.js b/client/config/local.js index 7c2fa66ce..c2508bf59 100644 --- a/client/config/local.js +++ b/client/config/local.js @@ -1,6 +1,6 @@ if (typeof window !== 'undefined') { window.env = { - REACT_APP_ENVIRONMENT: 'dev', + REACT_APP_ENVIRONMENT: 'local', REACT_APP_URL: 'http://localhost/', REACT_APP_URL_BASENAME: '', REACT_APP_URL_DTLINK: '/lab', diff --git a/deploy/config/lib b/deploy/config/lib index 51fb5d3b5..c5b41defe 100644 --- a/deploy/config/lib +++ b/deploy/config/lib @@ -1,6 +1,6 @@ PORT='4001' MODE='local' -LOCAL_PATH ='filepath' +LOCAL_PATH ='/Users//DTaaS/files' LOG_LEVEL='debug' -APOLLO_PATH='/lib' or '' -GRAPHQL_PLAYGROUND='false' or 'true' \ No newline at end of file +APOLLO_PATH='/lib' +GRAPHQL_PLAYGROUND='true' \ No newline at end of file diff --git a/deploy/config/lib.docker b/deploy/config/lib.docker index 7a5546478..c5b41defe 100644 --- a/deploy/config/lib.docker +++ b/deploy/config/lib.docker @@ -1,6 +1,6 @@ PORT='4001' MODE='local' -LOCAL_PATH ='/dtaas/libms/files' +LOCAL_PATH ='/Users//DTaaS/files' LOG_LEVEL='debug' APOLLO_PATH='/lib' GRAPHQL_PLAYGROUND='true' \ No newline at end of file diff --git a/docker/.env b/docker/.env index 07a7962a7..2845f723b 100644 --- a/docker/.env +++ b/docker/.env @@ -1,4 +1,4 @@ -DTAAS_DIR='/home/Desktop/DTaaS' +DTAAS_DIR='/Users//DTaaS' SERVER_DNS='foo.com' OAUTH_URL='https://gitlab.foo.com' CLIENT_ID='xx' diff --git a/docker/README.md b/docker/README.md index 1b7b506e1..d93aeb52c 100644 --- a/docker/README.md +++ b/docker/README.md @@ -43,7 +43,7 @@ accounts with specific usernames need to be created on gitlab. The first step is to finish the configuration for the traefik forward-auth container. -The details are in [server docs](../../docs/admin/servers/auth.md). +The details are in [server docs](../docs/admin/servers/auth.md). ### Docker Compose @@ -57,13 +57,13 @@ Edit all the fields according to your specific case. |:------------|:---------------|:---------------| | DTAAS_DIR | '/home/Desktop/DTaaS' | Full path to the DTaaS directory. This is an absolute path with no trailing slash. | | SERVER_DNS | _foo.com_ or _localhost_ | The server DNS, if you are deploying with a dedicated server. Remember not use http(s) at the beginning of the DNS string | - | BASE_URL | _gitlab.foo.com_ | The URL of your Gitlab instance | + | OAUTH_URL | _gitlab.foo.com_ | The URL of your Gitlab instance | | CLIENT_ID | 'xx' | The ID of your OAuth application | | CLIENT_SECRET | 'xx' | The Secret of your OAuth application | | OAUTH_SECRET | 'random-secret-string' | Any private random string | | username1 | 'user1' | The gitlab instance username of a user of DTaaS | | username2 | 'user2' | The gitlab instance username of a user of DTaaS | - | CLIENT_CONFIG | '/home/Desktop/DTaaS/deploy/config/client/env.js' | Full path to env.js file for client | + | CLIENT_CONFIG | '/Users//DTaaS/deploy/config/client/env.js' | Full path to env.js file for client | Note: The Server DNS can also be an IP address. However, for proper working it is neccessary to use the @@ -82,7 +82,7 @@ same convention (IP/DNS) in the `CLIENT_CONFIG` file as well. This file has to be configured properly. Further explanation on the client configuration is available in - [client config page](../../docs/admin/client/CLIENT.md). + [client config](../../docs/admin/client/CLIENT.md). ### Lib MS diff --git a/docker/compose.local.yml b/docker/compose.local.yml index 88c212671..d34efb3e6 100644 --- a/docker/compose.local.yml +++ b/docker/compose.local.yml @@ -2,6 +2,7 @@ version: '3' services: traefik: image: traefik:v2.10 + restart: unless-stopped command: - "--api.insecure=true" - "--providers.docker=true" @@ -12,9 +13,13 @@ services: - "80:80" volumes: - /var/run/docker.sock:/var/run/docker.sock + networks: + - frontend + - users libms: image: intocps/libms:latest + restart: unless-stopped volumes: - ${DTAAS_DIR}/deploy/config/lib.docker:/dtaas/libms/.env - ${DTAAS_DIR}/files:/dtaas/libms/files @@ -24,9 +29,12 @@ services: - "traefik.http.services.libms.loadbalancer.server.port=4001" - "traefik.http.routers.libms.rule= PathPrefix(`/lib`)" - "traefik.http.routers.libms.middlewares=traefik-forward-auth" + networks: + - frontend client: image: intocps/dtaas-web:latest + restart: unless-stopped volumes: - ${CLIENT_CONFIG}:/dtaas/client/build/env.js labels: @@ -35,9 +43,12 @@ services: - "traefik.http.services.client.loadbalancer.server.port=4000" - "traefik.http.routers.client.middlewares=traefik-forward-auth" - "traefik.http.routers.client.rule=PathPrefix(`/`)" + networks: + - frontend user1: image: mltooling/ml-workspace-minimal:0.13.2 + restart: unless-stopped volumes: - ${DTAAS_DIR}/files/common:/workspace/common - ${DTAAS_DIR}/files/${username1}:/workspace @@ -50,9 +61,12 @@ services: - "traefik.http.routers.u1.entryPoints=web" - "traefik.http.routers.u1.rule=PathPrefix(`/${username1}`) " - "traefik.http.routers.u1.middlewares=traefik-forward-auth" + networks: + - users user2: image: mltooling/ml-workspace-minimal:0.13.2 + restart: unless-stopped volumes: - ${DTAAS_DIR}/files/common:/workspace/common - ${DTAAS_DIR}/files/${username2}:/workspace @@ -65,9 +79,12 @@ services: - "traefik.http.routers.u2.entryPoints=web" - "traefik.http.routers.u2.rule=PathPrefix(`/${username2}`) " - "traefik.http.routers.u2.middlewares=traefik-forward-auth" + networks: + - users traefik-forward-auth: image: thomseddon/traefik-forward-auth:latest + restart: unless-stopped volumes: - ${DTAAS_DIR}/docker/conf.local:/conf environment: @@ -92,3 +109,13 @@ services: - "traefik.http.middlewares.traefik-forward-auth.forwardauth.address=http://traefik-forward-auth:4181" - "traefik.http.middlewares.traefik-forward-auth.forwardauth.authResponseHeaders=X-Forwarded-User" - "traefik.http.services.traefik-forward-auth.loadbalancer.server.port=4181" + + networks: + - frontend + - users + +networks: + frontend: + name: dtaas-frontend + users: + name: dtaas-users \ No newline at end of file diff --git a/docker/compose.server.yml b/docker/compose.server.yml index 9848d088a..6a1f4947b 100644 --- a/docker/compose.server.yml +++ b/docker/compose.server.yml @@ -2,6 +2,7 @@ version: '3' services: traefik: image: traefik:v2.10 + restart: unless-stopped command: - "--api.insecure=true" - "--providers.docker=true" @@ -12,9 +13,13 @@ services: - "80:80" volumes: - /var/run/docker.sock:/var/run/docker.sock + networks: + - frontend + - users libms: image: intocps/libms:latest + restart: unless-stopped volumes: - ${DTAAS_DIR}/deploy/config/lib.docker:/dtaas/libms/.env - ${DTAAS_DIR}/files:/dtaas/libms/files @@ -24,9 +29,12 @@ services: - "traefik.http.services.libms.loadbalancer.server.port=4001" - "traefik.http.routers.libms.rule=Host(`${SERVER_DNS}`)&&PathPrefix(`/lib`)" - "traefik.http.routers.libms.middlewares=traefik-forward-auth" + networks: + - frontend client: image: intocps/dtaas-web:latest + restart: unless-stopped volumes: - ${CLIENT_CONFIG}:/dtaas/client/build/env.js labels: @@ -35,9 +43,12 @@ services: - "traefik.http.services.client.loadbalancer.server.port=4000" - "traefik.http.routers.client.middlewares=traefik-forward-auth" - "traefik.http.routers.client.rule=Host(`${SERVER_DNS}`)&&PathPrefix(`/`)" + networks: + - frontend user1: image: mltooling/ml-workspace-minimal:0.13.2 + restart: unless-stopped volumes: - ${DTAAS_DIR}/files/common:/workspace/common - ${DTAAS_DIR}/files/${username1}:/workspace @@ -50,9 +61,12 @@ services: - "traefik.http.routers.u1.entryPoints=web" - "traefik.http.routers.u1.rule=Host(`${SERVER_DNS}`)&&PathPrefix(`/${username1}`)" - "traefik.http.routers.u1.middlewares=traefik-forward-auth" + networks: + - users user2: image: mltooling/ml-workspace-minimal:0.13.2 + restart: unless-stopped volumes: - ${DTAAS_DIR}/files/common:/workspace/common - ${DTAAS_DIR}/files/${username2}:/workspace @@ -65,9 +79,12 @@ services: - "traefik.http.routers.u2.entryPoints=web" - "traefik.http.routers.u2.rule=Host(`${SERVER_DNS}`)&&PathPrefix(`/${username2}`)" - "traefik.http.routers.u2.middlewares=traefik-forward-auth" + networks: + - users traefik-forward-auth: image: thomseddon/traefik-forward-auth:latest + restart: unless-stopped volumes: - ${DTAAS_DIR}/docker/conf.server:/conf environment: @@ -92,3 +109,12 @@ services: - "traefik.http.middlewares.traefik-forward-auth.forwardauth.address=http://traefik-forward-auth:4181" - "traefik.http.middlewares.traefik-forward-auth.forwardauth.authResponseHeaders=X-Forwarded-User" - "traefik.http.services.traefik-forward-auth.loadbalancer.server.port=4181" + networks: + - frontend + - users + +networks: + frontend: + name: dtaas-frontend + users: + name: dtaas-users \ No newline at end of file diff --git a/docker/dev/.env b/docker/dev/.env index 80b1ec640..a26b44659 100644 --- a/docker/dev/.env +++ b/docker/dev/.env @@ -1,9 +1,9 @@ -DTAAS_DIR='/home/Desktop/DTaaS' -SERVER_DNS='foo.com' -OAUTH_URL='https://gitlab.foo.com' +DTAAS_DIR='/Users//DTaaS' +SERVER_DNS='localhost' +OAUTH_URL='https://gitlab.com' CLIENT_ID='xx' CLIENT_SECRET='xx' OAUTH_SECRET='random-secret-string' -OAUTH_CONF_FILEPATH='/home/Desktop/DTaaS/docker/conf.local' +OAUTH_CONF_FILEPATH='/Users//DTaaS/docker/conf.local' username1='user1' username2='user2' diff --git a/docker/dev/README.md b/docker/dev/README.md index 450667fa7..9e14d5ba2 100644 --- a/docker/dev/README.md +++ b/docker/dev/README.md @@ -64,15 +64,24 @@ configuration files to be modified are given for each scenario. ### Development Environment -This scenario is for software developers: - -### Client Website & Lib Configuration +This scenario is for software developers. The configuration files to be updated are: +1. docker/dev/.env + please see [docker README](../README.md) for help + with updating this config file) +1. docker/conf.local + please see [server docs](../docs/admin/servers/auth.md) for help + with updating this config file) 1. client/config/local.js -1. deploy/config/lib.docker (optional) + please see [client config](../../docs/admin/client/CLIENT.md) for help + with updating this config file) +1. servers/lib/config/.env.default + please see [lib config](../../docs/admin/servers/lib/LIB-MS.md) for help + with updating this config file) +The docker commands need to be executed from this directory (`docker/dev`). The relevant docker commands are: ```bash diff --git a/docker/dev/compose.dev.yml b/docker/dev/compose.dev.yml index 02f206a9f..b108e632d 100644 --- a/docker/dev/compose.dev.yml +++ b/docker/dev/compose.dev.yml @@ -2,6 +2,7 @@ version: '3' services: traefik: image: traefik:v2.10 + restart: unless-stopped command: - "--api.insecure=true" - "--providers.docker=true" @@ -12,11 +13,15 @@ services: - "80:80" volumes: - /var/run/docker.sock:/var/run/docker.sock + networks: + - frontend + - users client: build: context: ${DTAAS_DIR}/ dockerfile: ${DTAAS_DIR}/docker/dev/client.dockerfile + restart: unless-stopped volumes: - "${DTAAS_DIR}/client/config/local.js:/dtaas/client/build/env.js" labels: @@ -25,14 +30,16 @@ services: - "traefik.http.services.client.loadbalancer.server.port=4000" - "traefik.http.routers.client.middlewares=traefik-forward-auth" - "traefik.http.routers.client.rule=PathPrefix(`/`)" + networks: + - frontend libms: - image: intocps/libms:latest build: context: ${DTAAS_DIR}/ - dockerfile: ${DTAAS_DIR}/docker/libms.dockerfile + dockerfile: ${DTAAS_DIR}/docker/dev/libms.dockerfile + restart: unless-stopped volumes: - - ${DTAAS_DIR}/deploy/config/lib.docker:/dtaas/libms/.env + - ${DTAAS_DIR}/servers/lib/config/.env.default:/dtaas/libms/.env - ${DTAAS_DIR}/files:/dtaas/libms/files labels: - "traefik.enable=true" @@ -40,9 +47,12 @@ services: - "traefik.http.services.libms.loadbalancer.server.port=4001" - "traefik.http.routers.libms.rule= PathPrefix(`/lib`)" - "traefik.http.routers.libms.middlewares=traefik-forward-auth" + networks: + - frontend user1: image: mltooling/ml-workspace-minimal:0.13.2 + restart: unless-stopped volumes: - ${DTAAS_DIR}/files/common:/workspace/common - ${DTAAS_DIR}/files/${username1}:/workspace @@ -55,9 +65,12 @@ services: - "traefik.http.routers.u1.entryPoints=web" - "traefik.http.routers.u1.rule=PathPrefix(`/${username1}`) " - "traefik.http.routers.u1.middlewares=traefik-forward-auth" + networks: + - users user2: image: mltooling/ml-workspace-minimal:0.13.2 + restart: unless-stopped volumes: - ${DTAAS_DIR}/files/common:/workspace/common - ${DTAAS_DIR}/files/${username2}:/workspace @@ -70,9 +83,12 @@ services: - "traefik.http.routers.u2.entryPoints=web" - "traefik.http.routers.u2.rule=PathPrefix(`/${username2}`) " - "traefik.http.routers.u2.middlewares=traefik-forward-auth" + networks: + - users traefik-forward-auth: image: thomseddon/traefik-forward-auth:latest + restart: unless-stopped volumes: - ${OAUTH_CONF_FILEPATH}:/conf environment: @@ -97,3 +113,12 @@ services: - "traefik.http.middlewares.traefik-forward-auth.forwardauth.address=http://traefik-forward-auth:4181" - "traefik.http.middlewares.traefik-forward-auth.forwardauth.authResponseHeaders=X-Forwarded-User" - "traefik.http.services.traefik-forward-auth.loadbalancer.server.port=4181" + networks: + - frontend + - users + +networks: + frontend: + name: dtaas-frontend + users: + name: dtaas-users \ No newline at end of file diff --git a/servers/lib/config/.env.default b/servers/lib/config/.env.default index 4e609862c..c5b41defe 100644 --- a/servers/lib/config/.env.default +++ b/servers/lib/config/.env.default @@ -1,6 +1,6 @@ PORT='4001' -MODE='local' or 'gitlab' +MODE='local' LOCAL_PATH ='/Users//DTaaS/files' LOG_LEVEL='debug' -APOLLO_PATH='/lib' or '' -GRAPHQL_PLAYGROUND='false' or 'true' +APOLLO_PATH='/lib' +GRAPHQL_PLAYGROUND='true' \ No newline at end of file