feat: paramétrage docker-compose et surcharge pour dev avec gestion d…

…e secrets
dataforgoodfr · Feb 25, 2024 · 2ae639b · 2ae639b
1 parent 756447e
commit 2ae639b
Show file tree

Hide file tree

Showing 6 changed files with 151 additions and 0 deletions.
diff --git a/.dockerignore b/.dockerignore
@@ -0,0 +1,4 @@
+.git/
+.github/
+#data/
+docs/
diff --git a/docker-env/README.md b/docker-env/README.md
@@ -0,0 +1,51 @@
+
+# Docker
+
+## Build APP_BLOOM container
+### Default build
+```
+#> cd <project>
+#> docker build -t app_bloom -f docker-env/Dockerfile .
+```
+### Build with arguments
+The container can be build with default arguments so all following build arguments are optionals. However, some settings can be customized
+
+**Available build arguments** :
+* **FROM_IMAGE**: define the image "FROM" for the Dockerfile. Permit to test easely other python distributions .
+  * **Default: python:3.10-slim-bullseye**
+* **APP_DIR**: define the app home folder and working directory
+  * **Default: /source_code**
+* **POETRY_VERSION**: define poetry package version
+  * **Default: 1.4.0**
+* **CHROME_VERSION**: define the Chrome navigator version
+  * **Default: 112.0.5615.165-1**
+
+**Example:**
+```
+#> cd <project>
+#> docker build -t app_bloom --build-arg="FROM_IMAGE=python:3.12-slim-bullseye" --build-arg="POETRY_VERSION=1.7.0" --build-arg="APP_DIR=/app" -f docker-env/Dockerfile .
+```
+This example build the **app_bloom** container with an overrided **FROM_IMAGE** python 3.12 version, a **POETRY_VERSION** equals to 1.7.0 and an **APP_DIR** home folder path /app instead of /source_code
+
+# Run APP_BLOOM container
+## Environment variables
+The APP_BLOOM image uses several environment variables which are easy to miss. The variable required are:
+* `POSTGRES_USER`
+This environment variable is required for you to use the APP_BLOOM image. It must not be empty or undefined. This environment variable sets the name to use for PostgreSQL database connexion.
+* `POSTGRES_PASSWORD`
+This environment variable is required for you to use the APP_BLOOM image. It must not be empty or undefined. This environment variable sets the password to use for PostgreSQL database connexion.
+* `POSTGRES_HOSTNAME`
+This environment variable is required for you to use the APP_BLOOM image. It must not be empty or undefined. This environment variable sets the hostname server to use for PostgreSQL database connexion.
+* `POSTGRES_DB`
+This environment variable is required for you to use the APP_BLOOM image. It must not be empty or undefined. This environment variable sets the database name to use for PostgreSQL database connexion.
+* `POSTGRES_PORT`
+This environment variable is required for you to use the APP_BLOOM image. It must not be empty or undefined. This environment variable sets the database port to use for PostgreSQL database connexion.
+* `SPIRE_TOKEN`
+This environment variable is required for you to use the APP_BLOOM image. It must not be empty or undefined. This environment variable sets the *Spire Token* port to use for *Spire API* connexion.
+
+## Docker Secrets
+As an alternative to passing sensitive information via environment variables, `_FILE` may be appended to some of the previously listed environment variables, causing the initialization script to load the values for those variables from files present in the container. In particular, this can be used to load passwords from Docker secrets stored in `/run/secrets/<secret_name>` files.
+For example:
+```console
+$ docker run --name app_bloom -e [...] -e POSTGRES_PASSWORD_FILE=/run/secrets/postgres-passwd -v "/path/to/secrets/postgres-password:/run/secrets/postgres-passwd" -d app_bloom:latest
+```
diff --git a/docker-env/docker-compose-dev.yaml b/docker-env/docker-compose-dev.yaml
@@ -0,0 +1,14 @@
+version: "3.7"
+services:
+  app:
+      # Ajout du volume du code pour partager directement le code git dans le conteneur
+      volumes:
+        - ..:${APP_DIR:-/source_code}
+        #- ../alembic:/${APP_DIR:-/source_code}/alembic
+        #- ../bloom:/${APP_DIR:-/source_code}/bloom
+        #- ../Makefile:/${APP_DIR:-/source_code}/Makefile
+        - ./entrypoint.sh:/entrypoint.sh
+      #entrypoint: [""]
+      command: ["/bin/bash"]
+      stdin_open: true
+      tty: true
diff --git a/docker-env/docker-compose.yaml b/docker-env/docker-compose.yaml
@@ -0,0 +1,80 @@
+version: "3.7"
+services:
+  postgres:
+    container_name: ${POSTGRES_HOSTNAME:-postgres_bloom}
+    hostname: ${POSTGRES_HOSTNAME:-postgres_bloom}
+    environment:
+      POSTGRES_DB: ${POSTGRES_DB:-bloom_db}
+      POSTGRES_PASSWORD_FILE: /run/secrets/postgres_password
+      POSTGRES_USER: ${POSTGRES_USER:-boom_user}
+    image: ${POSTGIS_IMAGE:-postgis/postgis:14-3.3-alpine}
+    ports:
+      - ${POSTGRES_PORT_OUTSIDE_WHEN_DOCKER:-5432}:5432
+    networks:
+        - bloom_net
+    restart: unless-stopped
+    secrets:
+        - postgres_password
+
+  pgadmin:
+      container_name: pgadmin_bloom
+      image: dpage/pgadmin4
+      environment:
+        PGADMIN_DEFAULT_EMAIL: ${PGADMIN_DEFAULT_EMAIL:[email protected]}
+        PGADMIN_DEFAULT_PASSWORD: ${PGADMIN_DEFAULT_PASSWORD:-test}
+        PGADMIN_SERVER_JSON_FILE: /run/secrets/servers.json
+      ports:
+        - "${PGADMIN_PORT:-5080}:80"
+      networks:
+        - bloom_net
+      restart: unless-stopped
+      secrets:
+        - servers.json
+        - pgpassfile
+        #- postgresql.crt
+        #- postgresql.key
+
+  app:
+      container_name: app_bloom
+      hostname: app_bloom
+      build:
+        context: ..
+        dockerfile: docker-env/Dockerfile
+        args:
+            CHROME_VERSION: "112.0.5615.165-1"
+            APP_DIR: ${APP_DIR:-/source_code}
+            FROM_IMAGE: ${FROM_IMAGE:-python:3.10-slim-bullseye}
+      image: dataforgood/12_bloom
+      environment:
+        POSTGRES_USER: ${POSTGRES_USER:-boom_user}
+        POSTGRES_PASSWORD_FILE: /run/secrets/postgres_password
+        POSTGRES_HOSTNAME: ${POSTGRES_HOSTNAME:-postgres_bloom}
+        POSTGRES_DB: ${POSTGRES_DB:-bloom_db}
+        POSTGRES_PORT: ${POSTGRES_PORT:-5432}
+        SPIRE_TOKEN_FILE: /run/secrets/spire_token
+      volumes:
+        - ../data:${APP_DIR:-/source_code}/data
+      networks:
+        - bloom_net
+      restart: unless-stopped
+      secrets:
+        - postgres_password
+        - spire_token
+
+secrets:
+    postgres_password:
+        file: ${SECRET_POSTGRES_PASSWORD:-postgres_password}
+    servers.json:
+        file: ${SECRET_POSTGRES_SERVERS:-pgadmin-servers.json}
+    pgpassfile:
+        file: ${SECRET_POSTGRES_PASSFILE:-pgpassfile}
+    spire_token:
+        file: ${SECRET_POSTGRES_PASSFILE:-spire_token}
+    #postgresql.crt:
+    #    file: ${SECRET_POSTGRES_SSL_CERT:-./postgresql.crt}
+    #postgresql.key:
+    #    file: ${SECRET_POSTGRES_SSL_KEY:-./postgresql.key}
+
+networks:
+  bloom_net:
+    name: bloom_net
diff --git a/docker-env/postgres_password b/docker-env/postgres_password
@@ -0,0 +1 @@
+bloom
diff --git a/docker-env/spire_token b/docker-env/spire_token
@@ -0,0 +1 @@
+bloom