-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathdocker-compose.yml
More file actions
121 lines (115 loc) · 3.65 KB
/
Copy pathdocker-compose.yml
File metadata and controls
121 lines (115 loc) · 3.65 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
version: '3.8'
services:
# Platform DB — stores teams, users, resources, pings, onboarding_events
postgres_platform:
image: postgres:16-alpine
container_name: instant_platform_db
environment:
POSTGRES_DB: instant_platform
POSTGRES_USER: instant
POSTGRES_PASSWORD: instant
ports:
- "5432:5432"
volumes:
- postgres_platform_data:/var/lib/postgresql/data
healthcheck:
test: ["CMD-SHELL", "pg_isready -U instant -d instant_platform"]
interval: 5s
timeout: 5s
retries: 5
# Customer DB — where provisioned db_{token} databases are created (Phase 2+)
# Kept separate so a compromised customer DB never touches platform metadata.
postgres_customers:
image: postgres:16-alpine
container_name: instant_customers_db
environment:
POSTGRES_DB: instant_customers
POSTGRES_USER: instant_cust
POSTGRES_PASSWORD: instant_cust
ports:
- "5433:5432"
volumes:
- postgres_customers_data:/var/lib/postgresql/data
healthcheck:
test: ["CMD-SHELL", "pg_isready -U instant_cust -d instant_customers"]
interval: 5s
timeout: 5s
retries: 5
# Platform Redis — rate limiting, session state, CLI device-flow, onboarding JWTs
redis:
image: redis:7-alpine
container_name: instant_redis
ports:
- "6379:6379"
command: redis-server --maxmemory 256mb --maxmemory-policy allkeys-lru
healthcheck:
test: ["CMD", "redis-cli", "ping"]
interval: 5s
timeout: 3s
retries: 5
# Consumer Redis — hosts user-provisioned cache resources (Phase 3)
# ACL-based namespace isolation: each token gets its own keyspace prefix.
# Separate from platform Redis so a compromised cache never touches rate-limit state.
redis_consumer:
image: redis:7-alpine
container_name: instant_redis_consumer
ports:
- "6380:6379"
command: >
redis-server
--maxmemory 512mb
--maxmemory-policy allkeys-lru
--aclfile /usr/local/etc/redis/users.acl
volumes:
- redis_consumer_data:/data
- ./config/redis-consumer-acl.conf:/usr/local/etc/redis/users.acl:ro
healthcheck:
test: ["CMD", "redis-cli", "ping"]
interval: 5s
timeout: 3s
retries: 5
# Consumer MongoDB — hosts user-provisioned NoSQL databases (Phase 4)
# Each provisioned token gets its own database (implicit creation on first insert).
# Separate from platform Postgres so customer data never touches platform metadata.
mongodb:
image: mongo:7
container_name: instant_mongodb
ports:
- "27017:27017"
environment:
MONGO_INITDB_ROOT_USERNAME: instant_admin
MONGO_INITDB_ROOT_PASSWORD: instant_admin
volumes:
- mongodb_data:/data/db
healthcheck:
test: ["CMD", "mongosh", "--quiet", "--eval", "db.adminCommand('ping').ok"]
interval: 10s
timeout: 5s
retries: 5
start_period: 20s
# Website — static docs/landing page served by nginx
# API URLs in the website point to the local API (http://localhost:8080)
# In production, set API_BASE_URL=https://instant.dev before building
website:
build:
context: ./website
dockerfile: Dockerfile
container_name: instant_website
ports:
- "3000:80"
environment:
# Local: point at the API container
# Change to https://instant.dev for production
API_BASE_URL: "http://localhost:8080"
depends_on:
- redis
healthcheck:
test: ["CMD", "wget", "-qO-", "http://localhost/healthz"]
interval: 10s
timeout: 5s
retries: 3
volumes:
postgres_platform_data:
postgres_customers_data:
redis_consumer_data:
mongodb_data: