Redesign
This commit is contained in:
Eric Gullickson
@@ -1,8 +1,8 @@
|
||||
services:
|
||||
# Traefik - Service Discovery and Load Balancing (replaces nginx-proxy)
|
||||
traefik:
|
||||
# Traefik - Service Discovery and Load Balancing
|
||||
mvp-traefik:
|
||||
image: traefik:v3.0
|
||||
container_name: traefik
|
||||
container_name: mvp-traefik
|
||||
restart: unless-stopped
|
||||
command:
|
||||
- --configFile=/etc/traefik/traefik.yml
|
||||
@@ -32,205 +32,8 @@ services:
|
||||
- "traefik.http.services.traefik-dashboard.loadbalancer.server.port=8080"
|
||||
- "traefik.http.middlewares.dashboard-auth.basicauth.users=admin:$$2y$$10$$foobar"
|
||||
|
||||
# Platform Services - Landing Page
|
||||
mvp-platform-landing:
|
||||
build:
|
||||
context: ./mvp-platform-services/landing
|
||||
dockerfile: Dockerfile
|
||||
args:
|
||||
VITE_AUTH0_DOMAIN: ${AUTH0_DOMAIN:-motovaultpro.us.auth0.com}
|
||||
VITE_AUTH0_CLIENT_ID: ${AUTH0_CLIENT_ID:-yspR8zdnSxmV8wFIghHynQ08iXAPoQJ3}
|
||||
VITE_TENANTS_API_URL: http://mvp-platform-tenants:8000
|
||||
container_name: mvp-platform-landing
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
VITE_AUTH0_DOMAIN: ${AUTH0_DOMAIN:-motovaultpro.us.auth0.com}
|
||||
VITE_AUTH0_CLIENT_ID: ${AUTH0_CLIENT_ID:-yspR8zdnSxmV8wFIghHynQ08iXAPoQJ3}
|
||||
VITE_TENANTS_API_URL: http://mvp-platform-tenants:8000
|
||||
networks:
|
||||
- frontend
|
||||
depends_on:
|
||||
- mvp-platform-tenants
|
||||
- traefik
|
||||
healthcheck:
|
||||
test: ["CMD-SHELL", "curl -s http://localhost:3000 || exit 1"]
|
||||
interval: 30s
|
||||
timeout: 10s
|
||||
retries: 3
|
||||
start_period: 20s
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.landing.rule=Host(`motovaultpro.com`)"
|
||||
- "traefik.http.routers.landing.tls=true"
|
||||
# - "traefik.http.routers.landing.middlewares=frontend-chain@file"
|
||||
- "traefik.http.routers.landing.priority=10"
|
||||
- "traefik.http.services.landing.loadbalancer.server.port=3000"
|
||||
- "traefik.http.services.landing.loadbalancer.healthcheck.path=/"
|
||||
- "traefik.http.services.landing.loadbalancer.healthcheck.interval=30s"
|
||||
- "traefik.http.services.landing.loadbalancer.passhostheader=true"
|
||||
|
||||
# Platform Services - Tenants API
|
||||
mvp-platform-tenants:
|
||||
build:
|
||||
context: ./mvp-platform-services/tenants
|
||||
dockerfile: docker/Dockerfile.api
|
||||
container_name: mvp-platform-tenants
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
# Core configuration (K8s pattern)
|
||||
NODE_ENV: production
|
||||
CONFIG_PATH: /app/config/production.yml
|
||||
SECRETS_DIR: /run/secrets
|
||||
SERVICE_NAME: mvp-platform-tenants
|
||||
# Database connection (temporary fix until k8s config loader implemented)
|
||||
DATABASE_URL: postgresql://platform_user:platform123@platform-postgres:5432/platform
|
||||
volumes:
|
||||
# Configuration files (K8s ConfigMap equivalent)
|
||||
- ./config/platform/production.yml:/app/config/production.yml:ro
|
||||
- ./config/shared/production.yml:/app/config/shared.yml:ro
|
||||
# Secrets (K8s Secrets equivalent)
|
||||
- ./secrets/platform/platform-db-password.txt:/run/secrets/postgres-password:ro
|
||||
- ./secrets/platform/tenants-api-key.txt:/run/secrets/api-key:ro
|
||||
- ./secrets/platform/allowed-service-tokens.txt:/run/secrets/allowed-service-tokens:ro
|
||||
networks:
|
||||
- backend
|
||||
- platform
|
||||
depends_on:
|
||||
- platform-postgres
|
||||
- platform-redis
|
||||
healthcheck:
|
||||
test:
|
||||
- CMD-SHELL
|
||||
- "python -c \"import urllib.request,sys;\ntry:\n with urllib.request.urlopen('http://localhost:8000/health', timeout=3) as r:\n sys.exit(0 if r.getcode()==200 else 1)\nexcept Exception:\n sys.exit(1)\n\""
|
||||
interval: 30s
|
||||
timeout: 10s
|
||||
retries: 3
|
||||
start_period: 30s
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.docker.network=motovaultpro_backend"
|
||||
- "traefik.http.routers.tenants-api.rule=Host(`admin.motovaultpro.com`) && PathPrefix(`/api/platform/tenants`)"
|
||||
- "traefik.http.routers.tenants-api.tls=true"
|
||||
# - "traefik.http.routers.tenants-api.middlewares=platform-chain@file"
|
||||
- "traefik.http.routers.tenants-api.priority=25"
|
||||
- "traefik.http.services.tenants-api.loadbalancer.server.port=8000"
|
||||
- "traefik.http.services.tenants-api.loadbalancer.healthcheck.path=/health"
|
||||
- "traefik.http.services.tenants-api.loadbalancer.healthcheck.interval=30s"
|
||||
- "traefik.http.services.tenants-api.loadbalancer.passhostheader=true"
|
||||
|
||||
# Platform Services - Vehicles API
|
||||
mvp-platform-vehicles-api:
|
||||
build:
|
||||
context: ./mvp-platform-services/vehicles
|
||||
dockerfile: docker/Dockerfile.api
|
||||
container_name: mvp-platform-vehicles-api
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
# Core configuration loaded from files
|
||||
NODE_ENV: production
|
||||
CONFIG_PATH: /app/config/production.yml
|
||||
SECRETS_DIR: /run/secrets
|
||||
SERVICE_NAME: mvp-platform-vehicles-api
|
||||
volumes:
|
||||
# Configuration files (K8s ConfigMap equivalent)
|
||||
- ./config/platform/production.yml:/app/config/production.yml:ro
|
||||
- ./config/shared/production.yml:/app/config/shared.yml:ro
|
||||
# Secrets (K8s Secrets equivalent)
|
||||
- ./secrets/platform/vehicles-db-password.txt:/run/secrets/postgres-password:ro
|
||||
- ./secrets/platform/vehicles-api-key.txt:/run/secrets/api-key:ro
|
||||
- ./secrets/platform/allowed-service-tokens.txt:/run/secrets/allowed-service-tokens:ro
|
||||
networks:
|
||||
- backend
|
||||
- platform
|
||||
depends_on:
|
||||
- mvp-platform-vehicles-db
|
||||
- mvp-platform-vehicles-redis
|
||||
healthcheck:
|
||||
test: ["CMD", "wget", "--quiet", "--tries=1", "--spider", "http://localhost:8000/health"]
|
||||
interval: 30s
|
||||
timeout: 10s
|
||||
retries: 3
|
||||
start_period: 30s
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.docker.network=motovaultpro_backend"
|
||||
- "traefik.http.routers.vehicles-api.rule=Host(`admin.motovaultpro.com`) && PathPrefix(`/api/platform/vehicles`)"
|
||||
# Removed temporary direct routes - admin-backend now handles API gateway
|
||||
- "traefik.http.routers.vehicles-api.tls=true"
|
||||
# - "traefik.http.routers.vehicles-api.middlewares=platform-chain@file"
|
||||
- "traefik.http.routers.vehicles-api.priority=25"
|
||||
- "traefik.http.services.vehicles-api.loadbalancer.server.port=8000"
|
||||
- "traefik.http.services.vehicles-api.loadbalancer.healthcheck.path=/health"
|
||||
- "traefik.http.services.vehicles-api.loadbalancer.healthcheck.interval=30s"
|
||||
- "traefik.http.services.vehicles-api.loadbalancer.passhostheader=true"
|
||||
|
||||
# Application Services - Backend API
|
||||
admin-backend:
|
||||
build:
|
||||
context: ./backend
|
||||
dockerfile: Dockerfile
|
||||
cache_from:
|
||||
- node:20-alpine
|
||||
container_name: admin-backend
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
# Core configuration (K8s pattern)
|
||||
NODE_ENV: production
|
||||
CONFIG_PATH: /app/config/production.yml
|
||||
SECRETS_DIR: /run/secrets
|
||||
volumes:
|
||||
# Configuration files (K8s ConfigMap equivalent)
|
||||
- ./config/app/production.yml:/app/config/production.yml:ro
|
||||
- ./config/shared/production.yml:/app/config/shared.yml:ro
|
||||
# Secrets (K8s Secrets equivalent)
|
||||
- ./secrets/app/postgres-password.txt:/run/secrets/postgres-password:ro
|
||||
- ./secrets/app/minio-access-key.txt:/run/secrets/minio-access-key:ro
|
||||
- ./secrets/app/minio-secret-key.txt:/run/secrets/minio-secret-key:ro
|
||||
- ./secrets/app/platform-vehicles-api-key.txt:/run/secrets/platform-vehicles-api-key:ro
|
||||
- ./secrets/app/auth0-client-secret.txt:/run/secrets/auth0-client-secret:ro
|
||||
- ./secrets/app/google-maps-api-key.txt:/run/secrets/google-maps-api-key:ro
|
||||
networks:
|
||||
- backend
|
||||
- database
|
||||
- platform
|
||||
- egress # External connectivity for Auth0 JWT validation
|
||||
depends_on:
|
||||
- admin-postgres
|
||||
- admin-redis
|
||||
- admin-minio
|
||||
- mvp-platform-vehicles-api
|
||||
- mvp-platform-tenants
|
||||
healthcheck:
|
||||
test:
|
||||
- CMD-SHELL
|
||||
- node -e "require('http').get('http://localhost:3001/health', r => process.exit(r.statusCode===200?0:1)).on('error', () => process.exit(1))"
|
||||
interval: 30s
|
||||
timeout: 10s
|
||||
retries: 3
|
||||
start_period: 40s
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.docker.network=motovaultpro_backend"
|
||||
# Main API router for admin tenant (correct multi-tenant architecture)
|
||||
- "traefik.http.routers.admin-api.rule=Host(`admin.motovaultpro.com`) && PathPrefix(`/api`)"
|
||||
- "traefik.http.routers.admin-api.tls=true"
|
||||
# - "traefik.http.routers.admin-api.middlewares=api-chain@file"
|
||||
- "traefik.http.routers.admin-api.priority=20"
|
||||
# Health check router for admin tenant (bypass auth)
|
||||
- "traefik.http.routers.admin-health.rule=Host(`admin.motovaultpro.com`) && Path(`/api/health`)"
|
||||
- "traefik.http.routers.admin-health.tls=true"
|
||||
# - "traefik.http.routers.admin-health.middlewares=health-check-chain@file"
|
||||
- "traefik.http.routers.admin-health.priority=30"
|
||||
# Service configuration
|
||||
- "traefik.http.services.admin-api.loadbalancer.server.port=3001"
|
||||
- "traefik.http.services.admin-api.loadbalancer.healthcheck.path=/health"
|
||||
- "traefik.http.services.admin-api.loadbalancer.healthcheck.interval=30s"
|
||||
- "traefik.http.services.admin-api.loadbalancer.healthcheck.timeout=10s"
|
||||
# Circuit breaker and retries
|
||||
- "traefik.http.services.admin-api.loadbalancer.passhostheader=true"
|
||||
|
||||
# Application Services - Frontend SPA
|
||||
admin-frontend:
|
||||
mvp-frontend:
|
||||
build:
|
||||
context: ./frontend
|
||||
dockerfile: Dockerfile
|
||||
@@ -242,7 +45,7 @@ services:
|
||||
VITE_AUTH0_CLIENT_ID: ${VITE_AUTH0_CLIENT_ID:-yspR8zdnSxmV8wFIghHynQ08iXAPoQJ3}
|
||||
VITE_AUTH0_AUDIENCE: ${VITE_AUTH0_AUDIENCE:-https://api.motovaultpro.com}
|
||||
VITE_API_BASE_URL: ${VITE_API_BASE_URL:-/api}
|
||||
container_name: admin-frontend
|
||||
container_name: mvp-frontend
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
VITE_TENANT_ID: ${TENANT_ID:-admin}
|
||||
@@ -253,7 +56,7 @@ services:
|
||||
networks:
|
||||
- frontend
|
||||
depends_on:
|
||||
- admin-backend
|
||||
- mvp-backend
|
||||
healthcheck:
|
||||
test: ["CMD-SHELL", "curl -s http://localhost:3000 || exit 1"]
|
||||
interval: 30s
|
||||
@@ -262,19 +65,83 @@ services:
|
||||
start_period: 20s
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.admin-app.rule=Host(`admin.motovaultpro.com`) && !PathPrefix(`/api`)"
|
||||
- "traefik.http.routers.admin-app.tls=true"
|
||||
# - "traefik.http.routers.admin-app.middlewares=frontend-chain@file"
|
||||
- "traefik.http.routers.admin-app.priority=10"
|
||||
- "traefik.http.services.admin-app.loadbalancer.server.port=3000"
|
||||
- "traefik.http.services.admin-app.loadbalancer.healthcheck.path=/"
|
||||
- "traefik.http.services.admin-app.loadbalancer.healthcheck.interval=30s"
|
||||
- "traefik.http.services.admin-app.loadbalancer.passhostheader=true"
|
||||
- "traefik.http.routers.mvp-frontend.rule=Host(`admin.motovaultpro.com`) && !PathPrefix(`/api`)"
|
||||
- "traefik.http.routers.mvp-frontend.entrypoints=websecure"
|
||||
- "traefik.http.routers.mvp-frontend.tls=true"
|
||||
- "traefik.http.routers.mvp-frontend.priority=10"
|
||||
- "traefik.http.services.mvp-frontend.loadbalancer.server.port=3000"
|
||||
- "traefik.http.services.mvp-frontend.loadbalancer.healthcheck.path=/"
|
||||
- "traefik.http.services.mvp-frontend.loadbalancer.healthcheck.interval=30s"
|
||||
- "traefik.http.services.mvp-frontend.loadbalancer.passhostheader=true"
|
||||
|
||||
# Application Services - Backend API
|
||||
mvp-backend:
|
||||
build:
|
||||
context: ./backend
|
||||
dockerfile: Dockerfile
|
||||
cache_from:
|
||||
- node:20-alpine
|
||||
container_name: mvp-backend
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
# Core configuration (K8s pattern)
|
||||
NODE_ENV: production
|
||||
CONFIG_PATH: /app/config/production.yml
|
||||
SECRETS_DIR: /run/secrets
|
||||
# Service references
|
||||
DATABASE_HOST: mvp-postgres
|
||||
REDIS_HOST: mvp-redis
|
||||
PLATFORM_VEHICLES_API_URL: http://mvp-platform:8000
|
||||
volumes:
|
||||
# Configuration files (K8s ConfigMap equivalent)
|
||||
- ./config/app/production.yml:/app/config/production.yml:ro
|
||||
- ./config/shared/production.yml:/app/config/shared.yml:ro
|
||||
# Secrets (K8s Secrets equivalent)
|
||||
- ./secrets/app/postgres-password.txt:/run/secrets/postgres-password:ro
|
||||
- ./secrets/app/platform-vehicles-api-key.txt:/run/secrets/platform-vehicles-api-key:ro
|
||||
- ./secrets/app/auth0-client-secret.txt:/run/secrets/auth0-client-secret:ro
|
||||
- ./secrets/app/google-maps-api-key.txt:/run/secrets/google-maps-api-key:ro
|
||||
# Filesystem storage for documents
|
||||
- ./data/documents:/app/data/documents
|
||||
networks:
|
||||
- backend
|
||||
- database
|
||||
depends_on:
|
||||
- mvp-postgres
|
||||
- mvp-redis
|
||||
- mvp-platform
|
||||
healthcheck:
|
||||
test:
|
||||
- CMD-SHELL
|
||||
- node -e "require('http').get('http://localhost:3001/health', r => process.exit(r.statusCode===200?0:1)).on('error', () => process.exit(1))"
|
||||
interval: 30s
|
||||
timeout: 10s
|
||||
retries: 3
|
||||
start_period: 40s
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.docker.network=motovaultpro_backend"
|
||||
# Main API router
|
||||
- "traefik.http.routers.mvp-backend.rule=Host(`admin.motovaultpro.com`) && PathPrefix(`/api`)"
|
||||
- "traefik.http.routers.mvp-backend.entrypoints=websecure"
|
||||
- "traefik.http.routers.mvp-backend.tls=true"
|
||||
- "traefik.http.routers.mvp-backend.priority=20"
|
||||
# Health check router (bypass auth)
|
||||
- "traefik.http.routers.mvp-backend-health.rule=Host(`admin.motovaultpro.com`) && Path(`/api/health`)"
|
||||
- "traefik.http.routers.mvp-backend-health.entrypoints=websecure"
|
||||
- "traefik.http.routers.mvp-backend-health.tls=true"
|
||||
- "traefik.http.routers.mvp-backend-health.priority=30"
|
||||
# Service configuration
|
||||
- "traefik.http.services.mvp-backend.loadbalancer.server.port=3001"
|
||||
- "traefik.http.services.mvp-backend.loadbalancer.healthcheck.path=/health"
|
||||
- "traefik.http.services.mvp-backend.loadbalancer.healthcheck.interval=30s"
|
||||
- "traefik.http.services.mvp-backend.loadbalancer.healthcheck.timeout=10s"
|
||||
- "traefik.http.services.mvp-backend.loadbalancer.passhostheader=true"
|
||||
|
||||
# Database Services - Application PostgreSQL
|
||||
admin-postgres:
|
||||
mvp-postgres:
|
||||
image: postgres:15-alpine
|
||||
container_name: admin-postgres
|
||||
container_name: mvp-postgres
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
POSTGRES_DB: motovaultpro
|
||||
@@ -282,7 +149,7 @@ services:
|
||||
POSTGRES_PASSWORD_FILE: /run/secrets/postgres-password
|
||||
POSTGRES_INITDB_ARGS: --encoding=UTF8
|
||||
volumes:
|
||||
- admin_postgres_data:/var/lib/postgresql/data
|
||||
- mvp_postgres_data:/var/lib/postgresql/data
|
||||
# Secrets (K8s Secrets equivalent)
|
||||
- ./secrets/app/postgres-password.txt:/run/secrets/postgres-password:ro
|
||||
networks:
|
||||
@@ -297,13 +164,13 @@ services:
|
||||
start_period: 30s
|
||||
|
||||
# Database Services - Application Redis
|
||||
admin-redis:
|
||||
mvp-redis:
|
||||
image: redis:7-alpine
|
||||
container_name: admin-redis
|
||||
container_name: mvp-redis
|
||||
restart: unless-stopped
|
||||
command: redis-server --appendonly yes
|
||||
volumes:
|
||||
- admin_redis_data:/data
|
||||
- mvp_redis_data:/data
|
||||
networks:
|
||||
- database
|
||||
ports:
|
||||
@@ -314,137 +181,53 @@ services:
|
||||
timeout: 5s
|
||||
retries: 5
|
||||
|
||||
# Database Services - Object Storage
|
||||
admin-minio:
|
||||
image: minio/minio:latest
|
||||
container_name: admin-minio
|
||||
# Platform Services - Vehicles API
|
||||
mvp-platform:
|
||||
build:
|
||||
context: ./mvp-platform-services/vehicles
|
||||
dockerfile: docker/Dockerfile.api
|
||||
container_name: mvp-platform
|
||||
restart: unless-stopped
|
||||
command: server /data --console-address ":9001"
|
||||
environment:
|
||||
MINIO_ROOT_USER_FILE: /run/secrets/minio-access-key
|
||||
MINIO_ROOT_PASSWORD_FILE: /run/secrets/minio-secret-key
|
||||
# Core configuration loaded from files
|
||||
NODE_ENV: production
|
||||
CONFIG_PATH: /app/config/production.yml
|
||||
SECRETS_DIR: /run/secrets
|
||||
SERVICE_NAME: mvp-platform
|
||||
# Service references (using shared infrastructure)
|
||||
DATABASE_HOST: mvp-postgres
|
||||
REDIS_HOST: mvp-redis
|
||||
volumes:
|
||||
- admin_minio_data:/data
|
||||
# Secrets (K8s Secrets equivalent)
|
||||
- ./secrets/app/minio-access-key.txt:/run/secrets/minio-access-key:ro
|
||||
- ./secrets/app/minio-secret-key.txt:/run/secrets/minio-secret-key:ro
|
||||
# Configuration files (K8s ConfigMap equivalent)
|
||||
- ./config/platform/production.yml:/app/config/production.yml:ro
|
||||
- ./config/shared/production.yml:/app/config/shared.yml:ro
|
||||
# Secrets (K8s Secrets equivalent) - using shared postgres password
|
||||
- ./secrets/app/postgres-password.txt:/run/secrets/postgres-password:ro
|
||||
networks:
|
||||
- backend
|
||||
- database
|
||||
ports:
|
||||
- "9000:9000" # Development access only
|
||||
- "9001:9001" # Console access
|
||||
depends_on:
|
||||
- mvp-postgres
|
||||
- mvp-redis
|
||||
healthcheck:
|
||||
test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"]
|
||||
test: ["CMD", "wget", "--quiet", "--tries=1", "--spider", "http://localhost:8000/health"]
|
||||
interval: 30s
|
||||
timeout: 20s
|
||||
timeout: 10s
|
||||
retries: 3
|
||||
start_period: 30s
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.docker.network=motovaultpro_backend"
|
||||
- "traefik.http.routers.mvp-platform.rule=Host(`admin.motovaultpro.com`) && PathPrefix(`/platform`)"
|
||||
- "traefik.http.routers.mvp-platform.entrypoints=websecure"
|
||||
- "traefik.http.routers.mvp-platform.tls=true"
|
||||
- "traefik.http.routers.mvp-platform.priority=25"
|
||||
- "traefik.http.services.mvp-platform.loadbalancer.server.port=8000"
|
||||
- "traefik.http.services.mvp-platform.loadbalancer.healthcheck.path=/health"
|
||||
- "traefik.http.services.mvp-platform.loadbalancer.healthcheck.interval=30s"
|
||||
- "traefik.http.services.mvp-platform.loadbalancer.passhostheader=true"
|
||||
|
||||
# Platform Infrastructure - PostgreSQL
|
||||
platform-postgres:
|
||||
image: postgres:15-alpine
|
||||
container_name: platform-postgres
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
POSTGRES_DB: platform
|
||||
POSTGRES_USER: platform_user
|
||||
POSTGRES_PASSWORD_FILE: /run/secrets/postgres-password
|
||||
POSTGRES_INITDB_ARGS: --encoding=UTF8
|
||||
volumes:
|
||||
- platform_postgres_data:/var/lib/postgresql/data
|
||||
- ./mvp-platform-services/tenants/sql/schema:/docker-entrypoint-initdb.d
|
||||
# Secrets (K8s Secrets equivalent)
|
||||
- ./secrets/platform/platform-db-password.txt:/run/secrets/postgres-password:ro
|
||||
networks:
|
||||
- platform
|
||||
ports:
|
||||
- "5434:5432" # Development access only
|
||||
healthcheck:
|
||||
test: ["CMD-SHELL", "pg_isready -U platform_user -d platform"]
|
||||
interval: 10s
|
||||
timeout: 5s
|
||||
retries: 5
|
||||
|
||||
# Platform Infrastructure - Redis
|
||||
platform-redis:
|
||||
image: redis:7-alpine
|
||||
container_name: platform-redis
|
||||
restart: unless-stopped
|
||||
command: redis-server --appendonly yes
|
||||
volumes:
|
||||
- platform_redis_data:/data
|
||||
networks:
|
||||
- platform
|
||||
ports:
|
||||
- "6381:6379" # Development access only
|
||||
healthcheck:
|
||||
test: ["CMD", "redis-cli", "ping"]
|
||||
interval: 10s
|
||||
timeout: 5s
|
||||
retries: 5
|
||||
|
||||
# Platform Services - Vehicles Database
|
||||
mvp-platform-vehicles-db:
|
||||
image: postgres:15-alpine
|
||||
container_name: mvp-platform-vehicles-db
|
||||
restart: unless-stopped
|
||||
command: 'postgres
|
||||
-c shared_buffers=4GB
|
||||
-c work_mem=256MB
|
||||
-c maintenance_work_mem=1GB
|
||||
-c effective_cache_size=12GB
|
||||
-c max_connections=100
|
||||
-c checkpoint_completion_target=0.9
|
||||
-c wal_buffers=256MB
|
||||
-c max_wal_size=8GB
|
||||
-c min_wal_size=2GB
|
||||
-c synchronous_commit=off
|
||||
-c full_page_writes=off
|
||||
-c fsync=off
|
||||
-c random_page_cost=1.1
|
||||
-c seq_page_cost=1
|
||||
-c max_worker_processes=8
|
||||
-c max_parallel_workers=8
|
||||
-c max_parallel_workers_per_gather=4
|
||||
-c max_parallel_maintenance_workers=4'
|
||||
environment:
|
||||
POSTGRES_DB: vehicles
|
||||
POSTGRES_USER: mvp_platform_user
|
||||
POSTGRES_PASSWORD_FILE: /run/secrets/postgres-password
|
||||
POSTGRES_INITDB_ARGS: --encoding=UTF8
|
||||
volumes:
|
||||
- platform_vehicles_data:/var/lib/postgresql/data
|
||||
- ./mvp-platform-services/vehicles/sql/schema:/docker-entrypoint-initdb.d
|
||||
# Secrets (K8s Secrets equivalent)
|
||||
- ./secrets/platform/vehicles-db-password.txt:/run/secrets/postgres-password:ro
|
||||
networks:
|
||||
- platform
|
||||
ports:
|
||||
- "5433:5432" # Development access only
|
||||
healthcheck:
|
||||
test: ["CMD-SHELL", "pg_isready -U mvp_platform_user -d vehicles"]
|
||||
interval: 10s
|
||||
timeout: 5s
|
||||
retries: 5
|
||||
|
||||
# Platform Services - Vehicles Redis
|
||||
mvp-platform-vehicles-redis:
|
||||
image: redis:7-alpine
|
||||
container_name: mvp-platform-vehicles-redis
|
||||
restart: unless-stopped
|
||||
command: redis-server --appendonly yes
|
||||
volumes:
|
||||
- platform_vehicles_redis_data:/data
|
||||
networks:
|
||||
- platform
|
||||
ports:
|
||||
- "6380:6379" # Development access only
|
||||
healthcheck:
|
||||
test: ["CMD", "redis-cli", "ping"]
|
||||
interval: 10s
|
||||
timeout: 5s
|
||||
retries: 5
|
||||
|
||||
# Network Definition - 4-Tier Isolation
|
||||
# Network Definition - Simplified
|
||||
networks:
|
||||
frontend:
|
||||
driver: bridge
|
||||
@@ -462,32 +245,15 @@ networks:
|
||||
|
||||
database:
|
||||
driver: bridge
|
||||
internal: true # Application data isolation
|
||||
internal: true # Data isolation
|
||||
labels:
|
||||
- "com.motovaultpro.network=database"
|
||||
- "com.motovaultpro.purpose=app-data-layer"
|
||||
|
||||
platform:
|
||||
driver: bridge
|
||||
internal: true # Platform microservices isolation
|
||||
labels:
|
||||
- "com.motovaultpro.network=platform"
|
||||
- "com.motovaultpro.purpose=platform-services"
|
||||
|
||||
egress:
|
||||
driver: bridge
|
||||
internal: false # External connectivity for Auth0, APIs
|
||||
labels:
|
||||
- "com.motovaultpro.network=egress"
|
||||
- "com.motovaultpro.purpose=external-api-access"
|
||||
- "com.motovaultpro.purpose=data-layer"
|
||||
|
||||
# Volume Definitions
|
||||
volumes:
|
||||
traefik_data: null
|
||||
platform_postgres_data: null
|
||||
platform_redis_data: null
|
||||
admin_postgres_data: null
|
||||
admin_redis_data: null
|
||||
admin_minio_data: null
|
||||
platform_vehicles_data: null
|
||||
platform_vehicles_redis_data: null
|
||||
mvp_postgres_data:
|
||||
name: mvp_postgres_data
|
||||
mvp_redis_data:
|
||||
name: mvp_redis_data
|
||||
|
||||
Reference in New Issue
Block a user