postgresql-fdw/docker-compose.yml at main · programmerShinobi/postgresql-fdw · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
# =============================================================================
# PostgreSQL 17 — Development stack
# Tuned to be a polite neighbour on a 16 GB laptop running NestJS,
# Elasticsearch, Redis and other heavy services at the same time.
#
# Hard resource caps below prevent Postgres from ever starving the host.
# =============================================================================

services:
  postgres:
    build:
      context: .
      dockerfile: Dockerfile
      args:
        PG_MAJOR: "17"
    image: postgresql-fdw-dev:17
    container_name: ${COMPOSE_PROJECT_NAME:-local}-postgres
    restart: unless-stopped

    environment:
      POSTGRES_USER: ${POSTGRES_USER:-local_dev}
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:?Set POSTGRES_PASSWORD in .env}
      POSTGRES_DB: ${POSTGRES_DB:-local_db}
      # Use scram-sha-256 (stronger than md5) for host connections.
      POSTGRES_HOST_AUTH_METHOD: scram-sha-256
      POSTGRES_INITDB_ARGS: "--data-checksums --auth-host=scram-sha-256"
      # Set timezone so logs/timestamps match your locale.
      TZ: ${TZ:-Asia/Jakarta}
      PGTZ: ${TZ:-Asia/Jakarta}

    # Mirror your reference connection string: host port 15409 -> container 5432.
    ports:
      - "${POSTGRES_HOST_PORT:-15409}:5432"

    command:
      - "postgres"
      - "-c"
      - "config_file=/etc/postgresql/postgresql.conf"

    volumes:
      - pgdata:/var/lib/postgresql/data
      # Live-editable tuned config (no rebuild needed to change it).
      - ./config/postgresql.conf:/etc/postgresql/postgresql.conf:ro
      # Runs ONLY on first init (empty data dir): creates all extensions etc.
      - ./scripts/init:/docker-entrypoint-initdb.d:ro
      # Place to drop SQL examples / backups for manual use.
      - ./scripts/fdw-examples:/opt/fdw-examples:ro
      - ./scripts/migration:/opt/migration:ro
      - ./backups:/backups

    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER:-local_dev} -d ${POSTGRES_DB:-local_db}"]
      interval: 10s
      timeout: 5s
      retries: 5
      start_period: 40s

    # ---- Hard limits: Postgres can never exceed these on your laptop ----
    deploy:
      resources:
        limits:
          # ~1.5 GB ceiling keeps room for ES + Redis + NestJS.
          memory: ${PG_MEM_LIMIT:-1536M}
          cpus: "${PG_CPU_LIMIT:-2.0}"
        reservations:
          memory: 256M
    # For `docker compose` (non-swarm) the limits below are also honoured.
    mem_limit: ${PG_MEM_LIMIT:-1536M}
    cpus: ${PG_CPU_LIMIT:-2.0}
    memswap_limit: ${PG_MEMSWAP_LIMIT:-2048M}
    shm_size: ${PG_SHM_SIZE:-256m}

    stop_grace_period: 1m

    logging:
      driver: json-file
      options:
        max-size: "10m"
        max-file: "3"

    networks:
      - local_net

  # ===========================================================================
  # OPTIONAL services — each is gated behind a compose `profile`, so a plain
  # `make up` starts ONLY postgres and these consume ZERO CPU/RAM unless asked:
  #     make up-pooler | up-backup | up-ui | up-metrics | up-all
  # Anyone who needs a feature enables it; nobody pays for what they don't use.
  # ===========================================================================

  # --- Connection pooler (profile: pooler) -----------------------------------
  # Lets hundreds of app connections share Postgres' small max_connections.
  pgbouncer:
    image: edoburu/pgbouncer:v1.25.2-p0
    container_name: ${COMPOSE_PROJECT_NAME:-local}-pgbouncer
    profiles: ["pooler"]
    restart: unless-stopped
    depends_on:
      postgres:
        condition: service_healthy
    environment:
      DB_HOST: postgres
      DB_PORT: "5432"
      DB_USER: ${POSTGRES_USER:-local_dev}
      DB_PASSWORD: ${POSTGRES_PASSWORD:?Set POSTGRES_PASSWORD in .env}
      DB_NAME: ${POSTGRES_DB:-local_db}
      AUTH_TYPE: scram-sha-256
      POOL_MODE: ${PGBOUNCER_POOL_MODE:-transaction}
      MAX_CLIENT_CONN: ${PGBOUNCER_MAX_CLIENT_CONN:-200}
      DEFAULT_POOL_SIZE: ${PGBOUNCER_DEFAULT_POOL_SIZE:-20}
    ports:
      - "${PGBOUNCER_HOST_PORT:-6432}:6432"
    mem_limit: 96m
    cpus: 0.5
    networks: [local_net]
    logging:
      driver: json-file
      options: {max-size: "5m", max-file: "3"}

  # --- Scheduled backups (profile: backup) -----------------------------------
  # Periodic pg_dump (PG17 client) into ./backups with rotation/retention.
  backup:
    image: prodrigestivill/postgres-backup-local:17-alpine
    container_name: ${COMPOSE_PROJECT_NAME:-local}-backup
    profiles: ["backup"]
    restart: unless-stopped
    depends_on:
      postgres:
        condition: service_healthy
    environment:
      POSTGRES_HOST: postgres
      POSTGRES_PORT: "5432"
      POSTGRES_DB: ${POSTGRES_DB:-local_db}
      POSTGRES_USER: ${POSTGRES_USER:-local_dev}
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:?Set POSTGRES_PASSWORD in .env}
      SCHEDULE: ${BACKUP_SCHEDULE:-@daily}
      BACKUP_KEEP_DAYS: ${BACKUP_KEEP_DAYS:-7}
      BACKUP_KEEP_WEEKS: ${BACKUP_KEEP_WEEKS:-4}
      BACKUP_KEEP_MONTHS: ${BACKUP_KEEP_MONTHS:-3}
      TZ: ${TZ:-Asia/Jakarta}
    volumes:
      - ./backups:/backups
    mem_limit: 128m
    cpus: 0.5
    networks: [local_net]
    logging:
      driver: json-file
      options: {max-size: "5m", max-file: "3"}

  # --- Web admin UI (profile: ui) --------------------------------------------
  # Adminer: single-file, ultra-light DB UI (~native, tiny). http://localhost:8080
  adminer:
    image: adminer:5.4.2
    container_name: ${COMPOSE_PROJECT_NAME:-local}-adminer
    profiles: ["ui"]
    restart: unless-stopped
    depends_on:
      postgres:
        condition: service_healthy
    environment:
      ADMINER_DEFAULT_SERVER: postgres
      ADMINER_DESIGN: dracula
    ports:
      - "${ADMINER_HOST_PORT:-8080}:8080"
    mem_limit: 128m
    cpus: 0.5
    networks: [local_net]
    logging:
      driver: json-file
      options: {max-size: "5m", max-file: "3"}

  # --- Prometheus metrics exporter (profile: metrics) ------------------------
  # Exposes Postgres metrics at http://localhost:9187/metrics for Prometheus.
  postgres-exporter:
    image: prometheuscommunity/postgres-exporter:v0.19.1
    container_name: ${COMPOSE_PROJECT_NAME:-local}-exporter
    profiles: ["metrics"]
    restart: unless-stopped
    depends_on:
      postgres:
        condition: service_healthy
    environment:
      # Credentials kept out of the URI on purpose (see pre-commit secret guard).
      DATA_SOURCE_URI: "postgres:5432/${POSTGRES_DB:-local_db}?sslmode=disable"
      DATA_SOURCE_USER: ${POSTGRES_USER:-local_dev}
      DATA_SOURCE_PASS: ${POSTGRES_PASSWORD:?Set POSTGRES_PASSWORD in .env}
    ports:
      - "${EXPORTER_HOST_PORT:-9187}:9187"
    mem_limit: 96m
    cpus: 0.5
    networks: [local_net]
    logging:
      driver: json-file
      options: {max-size: "5m", max-file: "3"}

volumes:
  pgdata:
    name: ${COMPOSE_PROJECT_NAME:-local}_pgdata

networks:
  local_net:
    name: ${COMPOSE_PROJECT_NAME:-local}_net
    driver: bridge