all: runs all stacks.admin: runs admin application.catalogo: runs catalogo application.subscription: runs subscription application.mysql: runs only mysql.elastic: runs only elasticsearch.elk: runs ELK stack (elastic, logstash, filebeat, kibana).kafka: runs only Kafka dependencies.kafka-connect: runs only Kafka-connect.keycloak: runs only Keycloak.rabbitmq: runs only RabbitMQ.
Running docker compose with profiles:
COMPOSE_PROFILES=a,b,c docker compose upThe command to get all the stack up is:
./up.sh elastic,kafka,keycloak,rabbitmq,mysqlAfter that you can optionally run the applications with:
./up.sh admin,catalogo,subscriptionThe admin in the command is required because of the depends_on instruction in the app container.
-
Why Keycloak uses a bind mount instead volume? R: We are running Keycloak with H2 embedded database with file storage. With the Docker volume the Keycloak wasn´t able to start, keeping in a restarting loop with the exception
java.nio.file.AccessDeniedException: /opt/keycloak/data/h2/keycloakdb.trace.db. To fix this, instead of using Docker volume we had to use Docker bind mount to a folder with permission 777. -
Why don´t use single docker-compose file? R: It's just a matter of organization and personal taste. To me a single file with all this containers wasn't manageable.
-
Why override
/etc/hostsfor the keycloak container? R: This configuration just make the standard access to the keycloak with the hostkeycloak.internal. -
Why the keycloak container overrides container hostname to
keycloak.internal? R: This configuration is needed because the Keycloak can be accessed from inside and outside of the docker network. From the outside we could just point to the hostkeycloak.internaland will be fine. From the inside of the network without the container hostname override we would have to use the hostkeycloakwhich is the id of the container which is a different hostname from the configuration of the keycloak it self (keycloak.internal). This difference affects theissproperty of the JWT known byissuerand breaks the authentication.