Docker Deployment

docker-compose.yml file:

#  Copyright 2023 Darkseal - GuinsooLab
#  Licensed under the Apache License, Version 2.0 (the "License");
#  you may not use this file except in compliance with the License.
#  You may obtain a copy of the License at
#  http://www.apache.org/licenses/LICENSE-2.0
#  Unless required by applicable law or agreed to in writing, software
#  distributed under the License is distributed on an "AS IS" BASIS,
#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
#  See the License for the specific language governing permissions and
#  limitations under the License.

version: "3.9"
volumes:
  ingestion-volume-dag-airflow:
  ingestion-volume-dags:
  ingestion-volume-tmp:
services:
  mysql:
    image: guinsoolab/darkseal-mysql:0.11.4.1
    container_name: darkseal_mysql
    restart: always
    depends_on:
      - elasticsearch
    environment:
      MYSQL_ROOT_PASSWORD: password
    expose:
      - 3306
    ports:
      - 3306:3306
    networks:
      local_app_net:
        ipv4_address: 172.16.239.10

  elasticsearch:
    image: guinsoolab/darkseal-elasticsearch:0.11.4.1
    container_name: darkseal_elasticsearch
    environment:
      - discovery.type=single-node
      - ES_JAVA_OPTS=-Xms1024m -Xmx1024m
    networks:
      local_app_net:
        ipv4_address: 172.16.239.11
    expose:
      - 9200
      - 9300
    ports:
      - 9200:9200
      - 9300:9300

  darkseal-server:
    image: guinsoolab/darkseal-server:0.11.4.1
    container_name: darkseal_server
    environment:
      ELASTICSEARCH_HOST: elasticsearch
      # Darkseal Server Authentication Configuration
      AUTHORIZER_CLASS_NAME: ${AUTHORIZER_CLASS_NAME:-org.openmetadata.catalog.security.NoopAuthorizer}
      AUTHORIZER_REQUEST_FILTER: ${AUTHORIZER_REQUEST_FILTER:-org.openmetadata.catalog.security.NoopFilter}
      AUTHORIZER_ADMIN_PRINCIPALS: ${AUTHORIZER_ADMIN_PRINCIPALS:-[admin]}
      AUTHORIZER_INGESTION_PRINCIPALS: ${AUTHORIZER_INGESTION_PRINCIPALS:-[ingestion-bot]}
      AUTHORIZER_PRINCIPAL_DOMAIN: ${AUTHORIZER_PRINCIPAL_DOMAIN:-""}
      AUTHORIZER_ENFORCE_PRINCIPAL_DOMAIN: ${AUTHORIZER_ENFORCE_PRINCIPAL_DOMAIN:-false}
      AUTHORIZER_ENABLE_SECURE_SOCKET: ${AUTHORIZER_ENABLE_SECURE_SOCKET:-false}
      AUTHENTICATION_PROVIDER: ${AUTHENTICATION_PROVIDER:-no-auth}
      CUSTOM_OIDC_AUTHENTICATION_PROVIDER_NAME: ${CUSTOM_OIDC_AUTHENTICATION_PROVIDER_NAME:-""}
      AUTHENTICATION_PUBLIC_KEYS: ${AUTHENTICATION_PUBLIC_KEYS:-[https://www.googleapis.com/oauth2/v3/certs]}
      AUTHENTICATION_AUTHORITY: ${AUTHENTICATION_AUTHORITY:-https://accounts.google.com}
      AUTHENTICATION_CLIENT_ID: ${AUTHENTICATION_CLIENT_ID:-""}
      AUTHENTICATION_CALLBACK_URL: ${AUTHENTICATION_CALLBACK_URL:-""}
      AUTHENTICATION_JWT_PRINCIPAL_CLAIMS: ${AUTHENTICATION_JWT_PRINCIPAL_CLAIMS:-[email,preferred_username,sub]}
      # Darkseal Server Airflow Configuration
      AIRFLOW_HOST: ${AIRFLOW_HOST:-http://ingestion:8080}
      SERVER_HOST_API_URL: ${SERVER_HOST_API_URL:-http://localhost:8585/api}
      # Darkseal Airflow Azure SSO Configuration
      AIRFLOW_AUTH_PROVIDER: ${AIRFLOW_AUTH_PROVIDER:-no-auth}
      OM_AUTH_AIRFLOW_AZURE_CLIENT_SECRET: ${OM_AUTH_AIRFLOW_AZURE_CLIENT_SECRET:-""}
      OM_AUTH_AIRFLOW_AZURE_AUTHORITY_URL: ${OM_AUTH_AIRFLOW_AZURE_AUTHORITY_URL:-""}
      OM_AUTH_AIRFLOW_AZURE_SCOPES: ${OM_AUTH_AIRFLOW_AZURE_SCOPES:-[]}
      OM_AUTH_AIRFLOW_AZURE_CLIENT_ID: ${OM_AUTH_AIRFLOW_AZURE_CLIENT_ID:-""}
      # Darkseal Airflow Google SSO Configuration
      OM_AUTH_AIRFLOW_GOOGLE_SECRET_KEY_PATH: ${OM_AUTH_AIRFLOW_GOOGLE_SECRET_KEY_PATH:- ""}
      OM_AUTH_AIRFLOW_GOOGLE_AUDIENCE: ${OM_AUTH_AIRFLOW_GOOGLE_AUDIENCE:-"https://www.googleapis.com/oauth2/v4/token"}
      # Darkseal Airflow Okta SSO Configuration
      OM_AUTH_AIRFLOW_OKTA_CLIENT_ID: ${OM_AUTH_AIRFLOW_OKTA_CLIENT_ID:-""}
      OM_AUTH_AIRFLOW_OKTA_ORGANIZATION_URL: ${OM_AUTH_AIRFLOW_OKTA_ORGANIZATION_URL:-""}
      OM_AUTH_AIRFLOW_OKTA_PRIVATE_KEY: ${OM_AUTH_AIRFLOW_OKTA_PRIVATE_KEY:-""}
      OM_AUTH_AIRFLOW_OKTA_SA_EMAIL: ${OM_AUTH_AIRFLOW_OKTA_SA_EMAIL:-""}
      OM_AUTH_AIRFLOW_OKTA_SCOPES: ${OM_AUTH_AIRFLOW_OKTA_SCOPES:-[]}
      # Darkseal Airflow Auth0 SSO Configuration
      OM_AUTH_AIRFLOW_AUTH0_CLIENT_ID: ${OM_AUTH_AIRFLOW_AUTH0_CLIENT_ID:-""}
      OM_AUTH_AIRFLOW_AUTH0_CLIENT_SECRET: ${OM_AUTH_AIRFLOW_AUTH0_CLIENT_SECRET:-""}
      OM_AUTH_AIRFLOW_AUTH0_DOMAIN_URL: ${OM_AUTH_AIRFLOW_AUTH0_DOMAIN_URL:-""}
      # Darkseal Airflow Custom OIDC SSO Configuration
      OM_AUTH_AIRFLOW_CUSTOM_OIDC_CLIENT_ID: ${OM_AUTH_AIRFLOW_CUSTOM_OIDC_CLIENT_ID:-""}
      OM_AUTH_AIRFLOW_CUSTOM_OIDC_SECRET_KEY: ${OM_AUTH_AIRFLOW_CUSTOM_OIDC_SECRET_KEY:-""}
      OM_AUTH_AIRFLOW_CUSTOM_OIDC_TOKEN_ENDPOINT_URL: ${OM_AUTH_AIRFLOW_CUSTOM_OIDC_TOKEN_ENDPOINT_URL:-""}
    expose:
      - 8585
      - 8586
      - 9200
      - 9300
      - 3306
    ports:
      - 8585:8585
      - 8586:8586
    depends_on:
      - elasticsearch
      - mysql
      - ingestion
    networks:
      local_app_net:
        ipv4_address: 172.16.239.13
    extra_hosts:
      - "localhost:172.16.239.10"
      - "elasticsearch:172.16.239.11"

  ingestion:
    image: guinsoolab/darkseal-ingestion:0.11.4.1
    container_name: darkseal_ingestion
    depends_on:
      - mysql
      - elasticsearch
    expose:
      - 8080
    ports:
      - 8080:8080
    networks:
      - local_app_net
    extra_hosts:
      - "localhost:172.16.239.10"
      - "localhost:172.16.239.11"
      - "localhost:172.16.239.13"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ingestion-volume-dag-airflow:/airflow/dag_generated_configs
      - ingestion-volume-dags:/airflow/dags
      - ingestion-volume-tmp:/tmp
networks:
  local_app_net:
    name: ometa_network
    ipam:
      driver: default
      config:
        - subnet: "172.16.239.0/24"

Just run as follow:

# wget https://raw.githubusercontent.com/GuinsooLab/darkseal/master/docker-compose.yml
docker compose up -d

Last updated