Docker Compose Deployment
On this page
Stack Overview
┌─────────────────────────────────────────────────────────────┐
│ docker-compose.infra.yml │
│ │
│ ┌─────────────┐ ┌─────────┐ ┌──────────┐ ┌────────┐ │
│ │ PostgreSQL │ │ Redis │ │ Kafka │ │ Vault │ │
│ │ :5432 │ │ :6379 │ │ :9092 │ │ :8200 │ │
│ └─────────────┘ └─────────┘ └──────────┘ └────────┘ │
└─────────────────────────────────────────────────────────────┘
│
▼
┌─────────────────────────────────────────────────────────────┐
│ docker-compose.services.yml │
│ │
│ gateway auth user realm rbac client mfa session │
│ notification admin-api │
└─────────────────────────────────────────────────────────────┘
│
▼
┌─────────────────────────────────────────────────────────────┐
│ Admin Console │
│ Next.js :3000 │
└─────────────────────────────────────────────────────────────┘
Infrastructure Stack
docker/docker-compose.infra.ymlyaml
services:
postgres:
image: postgres:16-alpine
environment:
POSTGRES_USER: opengate
POSTGRES_PASSWORD: opengate
POSTGRES_DB: opengate
volumes:
- postgres_data:/var/lib/postgresql/data
- ./init-databases.sh:/docker-entrypoint-initdb.d/init.sh
ports: ["5432:5432"]
healthcheck:
test: ["CMD-SHELL", "pg_isready -U opengate"]
interval: 5s
timeout: 5s
retries: 5
redis:
image: redis:7-alpine
command: redis-server --appendonly yes
ports: ["6379:6379"]
volumes:
- redis_data:/data
kafka:
image: confluentinc/cp-kafka:7.6.0
environment:
KAFKA_NODE_ID: 1
KAFKA_PROCESS_ROLES: broker,controller
KAFKA_CONTROLLER_QUORUM_VOTERS: 1@kafka:9093
KAFKA_LISTENERS: PLAINTEXT://0.0.0.0:9092,CONTROLLER://0.0.0.0:9093
KAFKA_ADVERTISED_LISTENERS: PLAINTEXT://localhost:9092
KAFKA_LOG_DIRS: /var/lib/kafka/data
CLUSTER_ID: MkU3OEVBNTcwNTJENDM2Qk
ports: ["9092:9092"]
volumes:
- kafka_data:/var/lib/kafka/data
vault:
image: hashicorp/vault:1.16
environment:
VAULT_DEV_ROOT_TOKEN_ID: root
VAULT_DEV_LISTEN_ADDRESS: 0.0.0.0:8200
cap_add: [IPC_LOCK]
ports: ["8200:8200"]
volumes:
postgres_data:
redis_data:
kafka_data:Starting Services
# 1. Start infrastructure
docker compose -f docker/docker-compose.infra.yml up -d
# 2. Wait for postgres to be ready
docker compose -f docker/docker-compose.infra.yml exec postgres pg_isready
# 3. Start IAM services
docker compose -f docker/docker-compose.services.yml up -d
# 4. Stream logs
docker compose -f docker/docker-compose.services.yml logs -f
# 5. Stop everything
docker compose -f docker/docker-compose.services.yml down
docker compose -f docker/docker-compose.infra.yml downHealth Checks
# Check all service health endpoints
for port in 8080 8081 8082 8083 8084 8085 8086 8087 8088 8089; do
echo -n "Port $port: "
curl -s http://localhost:$port/actuator/health | grep -o '"status":"[^"]*"' || echo "unreachable"
doneFlyway auto-migration
All Flyway migrations run automatically when each service starts. The master realm is seeded by the realm-service migration.
Database Initialisation
docker/init-databases.shbash
#!/bin/bash
set -e
psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL
CREATE DATABASE opengate_auth;
CREATE DATABASE opengate_users;
CREATE DATABASE opengate_realms;
CREATE DATABASE opengate_rbac;
CREATE DATABASE opengate_clients;
CREATE DATABASE opengate_notifications;
EOSQL| Database | Owner Service |
|---|---|
opengate_auth | opengate-auth-service |
opengate_users | opengate-user-service |
opengate_realms | opengate-realm-service |
opengate_rbac | opengate-rbac-service |
opengate_clients | opengate-client-service |
opengate_notifications | opengate-notification-service |