-
Notifications
You must be signed in to change notification settings - Fork 27
Expand file tree
/
Copy pathdocker-compose.yml
More file actions
146 lines (142 loc) · 5.62 KB
/
docker-compose.yml
File metadata and controls
146 lines (142 loc) · 5.62 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
services:
# PostgreSQL Database
postgres:
image: postgres:16-alpine
container_name: agent-manager-db
environment:
POSTGRES_DB: agentmanager
POSTGRES_USER: agentmanager
POSTGRES_PASSWORD: agentmanager
ports:
- "5432:5432"
volumes:
- postgres_data:/var/lib/postgresql/data
healthcheck:
test: ["CMD-SHELL", "pg_isready -U agentmanager"]
interval: 10s
timeout: 5s
retries: 5
networks:
- agent-manager
# Agent Manager Service (Go Backend)
agent-manager-service:
build:
context: ../agent-manager-service
dockerfile: Dockerfile.dev
container_name: agent-manager-service
ports:
- "9000:8080"
- "9243:9243"
environment:
# Database Configuration
- DB_HOST=postgres
- DB_PORT=5432
- DB_USER=agentmanager
- DB_PASSWORD=agentmanager
- DB_NAME=agentmanager
# Server Configuration
- SERVER_PORT=8080
# Kubernetes Configuration
- KUBECONFIG=/app/.kube/config
- IS_LOCAL_DEV_ENV=true
# JWT Configuration
- JWT_SIGNING_PRIVATE_KEY_PATH=/app/keys/private.pem
- JWT_SIGNING_PUBLIC_KEYS_CONFIG=/app/keys/public-keys-config.json
- JWT_SIGNING_ACTIVE_KEY_ID=key-1
- JWT_SIGNING_DEFAULT_EXPIRY=8760h
- JWT_SIGNING_ISSUER=agent-manager-service
- JWT_SIGNING_DEFAULT_ENVIRONMENT=default
# Optional: External Service URLs (add when needed)
# - OPENCHOREO_API_URL=http://host.docker.internal:8000
# - OPENSEARCH_URL=http://host.docker.internal:9200
- OBSERVER_URL=http://host.docker.internal:8085
- IDP_TOKEN_URL=http://thunder.amp.localhost:8080/oauth2/token
- IDP_CLIENT_ID=amp-api-client
- IDP_CLIENT_SECRET=amp-api-client-secret
# Key Manager / JWT validation configuration
# Accepts Thunder-issued tokens (client_credentials for publisher)
- KEY_MANAGER_ISSUER=Agent Management Platform Local,http://thunder.amp.localhost:8080
- KEY_MANAGER_AUDIENCE=localhost,amp-publisher-*,amp-api-client,amp-console-client
- AMP_VERSION=v0.8.0
- OPEN_CHOREO_BASE_URL=http://api.openchoreo.localhost:8195
# OpenBao/Vault Secret Management Configuration
# NOTE: Run ./deployments/scripts/port-forward.sh to forward OpenBao from k3d cluster
- SECRET_MANAGER_PROVIDER=openbao
- OPENBAO_URL=http://host.docker.internal:8200
- OPENBAO_TOKEN=root
- OPENBAO_PATH=secret
- OPENBAO_VERSION=v2
# Workflow Plane OpenBao (for git secrets and publisher credentials)
- WORKFLOW_PLANE_OPENBAO_URL=http://host.docker.internal:8201
- WORKFLOW_PLANE_OPENBAO_TOKEN=root
# Thunder API (for per-org publisher credential provisioning)
# Uses the system app's client_credentials with scope=system to get admin tokens.
# Leave THUNDER_BASE_URL empty to fall back to static amp-publisher-client credentials.
- THUNDER_BASE_URL=http://thunder.amp.localhost:8080
- THUNDER_CLIENT_ID=amp-system-client
- THUNDER_CLIENT_SECRET=amp-system-client-secret
# Encryption Configuration (AES-256-GCM, hex-encoded 32-byte key)
- ENCRYPTION_KEY=0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef
volumes:
# Mount source code for hot-reloading
- ../agent-manager-service:/app
# Use container-specific keys (not host) so paths are correct
- agent_manager_keys:/app/keys
# Exclude vendor and tmp directories from mount
- /app/vendor
- /app/tmp
- /app/.bin
depends_on:
postgres:
condition: service_healthy
networks:
- agent-manager
- k3d-openchoreo-local-setup # Connect to k3d cluster network for hostname resolution
extra_hosts:
- "host.docker.internal:host-gateway"
# OpenChoreo API uses Host-based routing via Kgateway on port 8080.
# The gateway routes requests based on the Host header, so we need the
# hostname to resolve to the host machine for proper routing.
- "api.openchoreo.localhost:host-gateway"
# Thunder IDP for OAuth2 token exchange (must match OpenChoreo's security.oidc config)
- "thunder.amp.localhost:host-gateway"
# API Platform Gateway runtime for agent endpoint access
- "api-platform-gateway.amp.localhost:host-gateway"
# Agent Manager Console (React Frontend)
agent-manager-console:
build:
context: ../console
dockerfile: Dockerfile.dev
container_name: agent-manager-console
ports:
- "3000:3000"
environment:
- AUTH_CLIENT_ID=null
- AUTH_BASE_URL=null
- SIGN_IN_REDIRECT_URL=null
- SIGN_OUT_REDIRECT_URL=null
- API_BASE_URL=http://localhost:9000
- DISABLE_AUTH=true
- OBS_API_BASE_URL=http://localhost:9098
- GUARDRAILS_CATALOG_URL=https://db720294-98fd-40f4-85a1-cc6a3b65bc9a-prod.e1-us-east-azure.choreoapis.dev/api-platform/policy-hub-api/policy-hub-public/v1.0/policies?categories=Guardrails
- GUARDRAILS_DEFINITION_BASE_URL=https://db720294-98fd-40f4-85a1-cc6a3b65bc9a-prod.e1-us-east-azure.choreoapis.dev/api-platform/policy-hub-api/policy-hub-public/v1.0/policies
volumes:
# Mount source code for hot-reloading with Vite HMR
- ../console:/app
# Exclude directories with platform-specific binaries (use container's Linux versions)
- console_node_modules:/app/node_modules
- console_common_temp:/app/common/temp
networks:
- agent-manager
depends_on:
- agent-manager-service
volumes:
postgres_data:
console_node_modules:
console_common_temp:
agent_manager_keys:
networks:
agent-manager:
driver: bridge
k3d-openchoreo-local-setup:
external: true