Konfig/docker-compose.prod.yml at dev · codec404/Konfig · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
# Production overrides — use with:
#   docker compose -f docker-compose.yml -f docker-compose.prod.yml up -d
#
# Key changes vs dev:
#   - Frontend served on port 80 (not 3001)
#   - Dev-only tools (Kafka UI, pgAdmin, Grafana, Prometheus) have no host-facing ports
#     (still reachable inside the Docker network; open your OCI Security List only for 22/80/443)
#   - All core services have explicit restart: unless-stopped

services:
  # ── Web ─────────────────────────────────────────────────────────────────

  web-frontend:
    ports: []      # Caddy handles 80/443
    restart: unless-stopped

  web-backend:
    restart: unless-stopped

  web-postgres:
    restart: unless-stopped

  # ── C++ Core ─────────────────────────────────────────────────────────────
  # gRPC services are internal-only; no host port exposure in prod.
  # They are reachable inside config-network (web-backend -> api-service:8081 etc.)

  api-service:
    ports: []
    restart: unless-stopped

  distribution-service:
    ports: []
    restart: unless-stopped

  validation-service:
    ports: []
    restart: unless-stopped

  # ── Infrastructure ───────────────────────────────────────────────────────

  postgres:
    ports: []        # no external exposure in prod
    restart: unless-stopped

  redis:
    ports: []        # no external exposure in prod
    restart: unless-stopped

  zookeeper:
    ports: []
    restart: unless-stopped

  kafka:
    ports: []        # internal-only; clients use kafka:9092 inside Docker network
    restart: unless-stopped

  # ── Monitoring (internal-only in prod) ──────────────────────────────────

  statsd-exporter:
    ports: []
    restart: unless-stopped

  prometheus:
    ports: []
    restart: unless-stopped

  grafana:
    ports: []
    restart: unless-stopped

  # ── Dev-only tools (disabled in prod) ────────────────────────────────────

  kafka-ui:
    ports: []

  pgadmin:
    ports: []

  dev-container:
    profiles:
      - dev    # won't start unless --profile dev is passed