Sensus/SensusInfra
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
SensusInfra/docker-compose.yml
Sergey Antropoff 8f4efd607d refactor: Remove SensusAgent and SensusWorker services from docker-compose 
- Remove sensus-agent service configuration
- Remove sensus-worker service configuration
- Keep only infrastructure services (Kafka, PostgreSQL, ClickHouse, etc.)
- Infrastructure now focuses purely on supporting services
- Applications (Agent/Worker) should be deployed separately

This change makes the infrastructure more modular and allows
independent deployment of applications and infrastructure.

Author: Сергей Антропов
Site: https://devops.org.ru
2025-09-10 17:25:17 +03:00

227 lines
8.5 KiB
YAML
Raw Blame History

# Автор: Сергей Антропов, сайт: https://devops.org.ru
# Назначение: Инфраструктура для SensusAgent и SensusWorker
# Включает: Kafka, KafkaUI, PostgreSQL, ClickHouse (2 реплики)
version: "3.9"
services:
# Zookeeper для Kafka
zookeeper:
image: confluentinc/cp-zookeeper:7.6.0
container_name: sensus-zookeeper
environment:
ZOOKEEPER_CLIENT_PORT: ${ZOOKEEPER_CLIENT_PORT:-2181}
ZOOKEEPER_TICK_TIME: ${ZOOKEEPER_TICK_TIME:-2000}
volumes:
- zookeeper-data:/var/lib/zookeeper/data
- zookeeper-logs:/var/lib/zookeeper/log
networks:
- sensus-network
restart: unless-stopped
healthcheck:
test: ["CMD", "bash", "-c", "echo 'ruok' | nc localhost 2181"]
interval: 30s
timeout: 10s
retries: 3
# Kafka брокер
kafka:
image: confluentinc/cp-kafka:7.6.0
container_name: sensus-kafka
depends_on:
zookeeper:
condition: service_healthy
environment:
KAFKA_BROKER_ID: 1
KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181
KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: PLAINTEXT:PLAINTEXT,PLAINTEXT_HOST:PLAINTEXT,SSL:SSL
KAFKA_LISTENERS: PLAINTEXT://0.0.0.0:29092,PLAINTEXT_HOST://0.0.0.0:9092,SSL://0.0.0.0:9093
KAFKA_ADVERTISED_LISTENERS: PLAINTEXT://kafka:29092,PLAINTEXT_HOST://10.99.0.90:9092,SSL://10.99.0.90:9093
KAFKA_INTER_BROKER_LISTENER_NAME: PLAINTEXT
KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 1
KAFKA_TRANSACTION_STATE_LOG_MIN_ISR: 1
KAFKA_TRANSACTION_STATE_LOG_REPLICATION_FACTOR: 1
KAFKA_AUTO_CREATE_TOPICS_ENABLE: ${KAFKA_AUTO_CREATE_TOPICS_ENABLE:-true}
KAFKA_NUM_PARTITIONS: ${KAFKA_NUM_PARTITIONS:-3}
KAFKA_DEFAULT_REPLICATION_FACTOR: ${KAFKA_DEFAULT_REPLICATION_FACTOR:-1}
KAFKA_LOG_RETENTION_HOURS: ${KAFKA_LOG_RETENTION_HOURS:-168}
KAFKA_LOG_SEGMENT_BYTES: ${KAFKA_LOG_SEGMENT_BYTES:-1073741824}
KAFKA_LOG_RETENTION_CHECK_INTERVAL_MS: ${KAFKA_LOG_RETENTION_CHECK_INTERVAL_MS:-300000}
# SSL настройки
KAFKA_SSL_KEYSTORE_LOCATION: /var/ssl/private/kafka.server.keystore.jks
KAFKA_SSL_KEYSTORE_PASSWORD: ${KAFKA_SSL_KEYSTORE_PASSWORD:-kafka123}
KAFKA_SSL_KEY_PASSWORD: ${KAFKA_SSL_KEY_PASSWORD:-kafka123}
KAFKA_SSL_TRUSTSTORE_LOCATION: /var/ssl/private/kafka.server.truststore.jks
KAFKA_SSL_TRUSTSTORE_PASSWORD: ${KAFKA_SSL_TRUSTSTORE_PASSWORD:-kafka123}
KAFKA_SSL_CLIENT_AUTH: ${KAFKA_SSL_CLIENT_AUTH:-none}
KAFKA_SSL_ENDPOINT_IDENTIFICATION_ALGORITHM: ${KAFKA_SSL_ENDPOINT_IDENTIFICATION_ALGORITHM:-https}
volumes:
- kafka-data:/var/lib/kafka/data
- ./kafka-ssl:/var/ssl/private:ro
ports:
- "${KAFKA_EXTERNAL_PORT:-9092}:9092"
- "${KAFKA_SSL_PORT:-9093}:9093"
networks:
- sensus-network
restart: unless-stopped
healthcheck:
test: ["CMD", "kafka-broker-api-versions", "--bootstrap-server", "localhost:9092"]
interval: 30s
timeout: 10s
retries: 3
# Kafka UI для мониторинга
kafka-ui:
image: provectuslabs/kafka-ui:latest
container_name: sensus-kafka-ui
depends_on:
kafka:
condition: service_healthy
environment:
KAFKA_CLUSTERS_0_NAME: ${KAFKA_CLUSTERS_0_NAME:-sensus-cluster}
KAFKA_CLUSTERS_0_BOOTSTRAPSERVERS: ${KAFKA_CLUSTERS_0_BOOTSTRAPSERVERS:-kafka:29092}
KAFKA_CLUSTERS_0_ZOOKEEPER: ${KAFKA_CLUSTERS_0_ZOOKEEPER:-zookeeper:2181}
KAFKA_CLUSTERS_0_PROPERTIES_SECURITY_PROTOCOL: ${KAFKA_CLUSTERS_0_PROPERTIES_SECURITY_PROTOCOL:-PLAINTEXT}
KAFKA_CLUSTERS_0_PROPERTIES_SSL_TRUSTSTORE_LOCATION: ${KAFKA_CLUSTERS_0_PROPERTIES_SSL_TRUSTSTORE_LOCATION:-/var/ssl/private/kafka.server.truststore.jks}
KAFKA_CLUSTERS_0_PROPERTIES_SSL_TRUSTSTORE_PASSWORD: ${KAFKA_CLUSTERS_0_PROPERTIES_SSL_TRUSTSTORE_PASSWORD:-kafka123}
DYNAMIC_CONFIG_ENABLED: ${DYNAMIC_CONFIG_ENABLED:-true}
# Авторизация Kafka UI
AUTH_TYPE: ${KAFKA_UI_AUTH_TYPE:-LOGIN_FORM}
SPRING_SECURITY_USER_NAME: ${KAFKA_UI_USERNAME:-admin}
SPRING_SECURITY_USER_PASSWORD: ${KAFKA_UI_PASSWORD:-admin}
SPRING_SECURITY_USER_ROLES: ${KAFKA_UI_USER_ROLES:-ADMIN}
volumes:
- ./kafka-ssl:/var/ssl/private:ro
ports:
- "${KAFKA_UI_PORT:-8080}:8080"
networks:
- sensus-network
restart: unless-stopped
# PostgreSQL для хранения метаданных и конфигураций
postgres:
image: postgres:16-alpine
container_name: sensus-postgres
environment:
POSTGRES_DB: ${POSTGRES_DB:-sensus}
POSTGRES_USER: ${POSTGRES_USER:-sensus}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
POSTGRES_INITDB_ARGS: ${POSTGRES_INITDB_ARGS:---encoding=UTF-8 --lc-collate=C --lc-ctype=C}
# SSL настройки PostgreSQL
POSTGRES_SSL_MODE: ${POSTGRES_SSL_MODE:-require}
POSTGRES_SSL_CERT_FILE: ${POSTGRES_SSL_CERT_FILE:-/var/lib/postgresql/ssl/server.crt}
POSTGRES_SSL_KEY_FILE: ${POSTGRES_SSL_KEY_FILE:-/var/lib/postgresql/ssl/server.key}
POSTGRES_SSL_CA_FILE: ${POSTGRES_SSL_CA_FILE:-/var/lib/postgresql/ssl/ca.crt}
volumes:
- postgres-data:/var/lib/postgresql/data
- ./init-scripts:/docker-entrypoint-initdb.d:ro
- ./postgres-ssl:/var/lib/postgresql/ssl:ro
ports:
- "${POSTGRES_PORT:-5432}:5432"
networks:
- sensus-network
restart: unless-stopped
healthcheck:
test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER:-sensus} -d ${POSTGRES_DB:-sensus}"]
interval: 30s
timeout: 10s
retries: 3
# ClickHouse - первая реплика
clickhouse-1:
image: clickhouse/clickhouse-server:24.8-alpine
container_name: sensus-clickhouse-1
environment:
CLICKHOUSE_DB: ${CLICKHOUSE_DB:-sensus_metrics}
CLICKHOUSE_USER: ${CLICKHOUSE_USER:-sensus}
CLICKHOUSE_PASSWORD: ${CLICKHOUSE_PASSWORD}
CLICKHOUSE_DEFAULT_ACCESS_MANAGEMENT: ${CLICKHOUSE_DEFAULT_ACCESS_MANAGEMENT:-1}
CLICKHOUSE_SECURE: ${CLICKHOUSE_SECURE:-true}
volumes:
- clickhouse-1-data:/var/lib/clickhouse
- ./clickhouse-config:/etc/clickhouse-server/config.d:ro
- ./clickhouse-users:/etc/clickhouse-server/users.d:ro
ports:
- "${CLICKHOUSE_1_PORT:-8123}:8123"
- "${CLICKHOUSE_1_HTTP_PORT:-9000}:9000"
networks:
- sensus-network
restart: unless-stopped
healthcheck:
test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:8123/ping"]
interval: 30s
timeout: 10s
retries: 3
# ClickHouse - вторая реплика
clickhouse-2:
image: clickhouse/clickhouse-server:24.8-alpine
container_name: sensus-clickhouse-2
environment:
CLICKHOUSE_DB: ${CLICKHOUSE_DB:-sensus_metrics}
CLICKHOUSE_USER: ${CLICKHOUSE_USER:-sensus}
CLICKHOUSE_PASSWORD: ${CLICKHOUSE_PASSWORD}
CLICKHOUSE_DEFAULT_ACCESS_MANAGEMENT: ${CLICKHOUSE_DEFAULT_ACCESS_MANAGEMENT:-1}
CLICKHOUSE_SECURE: ${CLICKHOUSE_SECURE:-true}
volumes:
- clickhouse-2-data:/var/lib/clickhouse
- ./clickhouse-config:/etc/clickhouse-server/config.d:ro
- ./clickhouse-users:/etc/clickhouse-server/users.d:ro
ports:
- "${CLICKHOUSE_2_PORT:-8124}:8123"
- "${CLICKHOUSE_2_HTTP_PORT:-9001}:9000"
networks:
- sensus-network
restart: unless-stopped
healthcheck:
test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:8123/ping"]
interval: 30s
timeout: 10s
retries: 3
# Nginx балансировщик нагрузки для ClickHouse
clickhouse-lb:
image: nginx:1.25-alpine
container_name: sensus-clickhouse-lb
depends_on:
clickhouse-1:
condition: service_healthy
clickhouse-2:
condition: service_healthy
volumes:
- ./nginx/clickhouse-lb.conf:/etc/nginx/nginx.conf:ro
ports:
- "${CLICKHOUSE_LB_HTTP_PORT:-8125}:80"
- "${CLICKHOUSE_LB_TCP_PORT:-9002}:9000"
networks:
- sensus-network
restart: unless-stopped
healthcheck:
test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:80/health"]
interval: 30s
timeout: 10s
retries: 3
volumes:
zookeeper-data:
driver: local
zookeeper-logs:
driver: local
kafka-data:
driver: local
postgres-data:
driver: local
clickhouse-1-data:
driver: local
clickhouse-2-data:
driver: local
networks:
sensus-network:
name: sensus-network
driver: bridge
ipam:
config:
- subnet: 172.20.0.0/16
Reference in New Issue View Git Blame Copy Permalink