-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathdocker-compose.yml
More file actions
98 lines (88 loc) · 3.23 KB
/
docker-compose.yml
File metadata and controls
98 lines (88 loc) · 3.23 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
services:
shardseal:
build: .
image: shardseal:dev
container_name: shardseal
ports:
- "8080:8080" # S3 data-plane
- "${SHARDSEAL_ADMIN_HOST_PORT:-19090}:9090" # Admin API (admin listener inside container stays on 9090)
environment:
# Data-plane listen address
- SHARDSEAL_ADDR=:8080
# Enable Admin API on a separate port
- SHARDSEAL_ADMIN_ADDR=:9090
# Point to a mounted config file (optional)
- SHARDSEAL_CONFIG=/config/local.yaml
# Sealed mode (experimental)
# - SHARDSEAL_SEALED_ENABLED=true
# - SHARDSEAL_SEALED_VERIFY_ON_READ=false
# Integrity Scrubber (experimental)
# - SHARDSEAL_SCRUBBER_ENABLED=true
# - SHARDSEAL_SCRUBBER_INTERVAL=1h
# - SHARDSEAL_SCRUBBER_CONCURRENCY=2
# - SHARDSEAL_SCRUBBER_VERIFY_PAYLOAD=true # overrides inheritance from sealed.verifyOnRead
# Admin OIDC (optional)
# - SHARDSEAL_OIDC_ENABLED=true
# - SHARDSEAL_OIDC_ISSUER=https://auth.example.com/realms/dev
# - SHARDSEAL_OIDC_CLIENT_ID=shardseal-admin
# - SHARDSEAL_OIDC_AUDIENCE=shardseal-admin-api
# - SHARDSEAL_OIDC_JWKS_URL=https://auth.example.com/realms/dev/protocol/openid-connect/certs
# - SHARDSEAL_OIDC_ALLOW_UNAUTH_HEALTH=true
# - SHARDSEAL_OIDC_ALLOW_UNAUTH_VERSION=true
# Tracing (optional)
# - SHARDSEAL_TRACING_ENABLED=false
# - SHARDSEAL_TRACING_ENDPOINT=otel-collector:4317
# - SHARDSEAL_TRACING_PROTOCOL=grpc
# - SHARDSEAL_TRACING_SAMPLE=0.1
# - SHARDSEAL_TRACING_SERVICE=shardseal-dev
# Multipart GC (optional)
# - SHARDSEAL_GC_ENABLED=false
volumes:
- ./data:/home/app/data
- ./configs:/config:ro
restart: unless-stopped
networks:
- shardseal_net
# Optional monitoring stack (enable with: docker compose --profile monitoring up)
prometheus:
image: prom/prometheus:latest
container_name: shardseal-prometheus
profiles: ["monitoring"]
depends_on:
- shardseal
ports:
- "9091:9090" # Prometheus UI (avoid conflict with shardseal admin on 9090)
command:
- --config.file=/etc/prometheus/prometheus.yml
- --storage.tsdb.path=/prometheus
volumes:
- ./configs/monitoring/prometheus/prometheus.yml:/etc/prometheus/prometheus.yml:ro
- ./configs/monitoring/prometheus/rules.yml:/etc/prometheus/rules.yml:ro
- prom_data:/prometheus
restart: unless-stopped
networks:
- shardseal_net
grafana:
image: grafana/grafana:latest
container_name: shardseal-grafana
profiles: ["monitoring"]
depends_on:
- prometheus
ports:
- "3000:3000" # Grafana UI
environment:
- GF_SECURITY_ADMIN_USER=admin
- GF_SECURITY_ADMIN_PASSWORD=admin
# Add Prometheus datasource via UI (Settings -> Data sources), URL: http://prometheus:9090
# Optionally provision via mounted files if desired.
volumes:
# Optional: expose dashboard JSON for easy import via UI
- ./configs/monitoring/grafana/shardseal_overview.json:/var/lib/grafana/dashboards/shardseal_overview.json:ro
restart: unless-stopped
networks:
- shardseal_net
volumes:
prom_data: {}
networks:
shardseal_net:
driver: bridge