agentkern/docker-compose.yml at main · AgentKern/agentkern · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
# AgentKern Docker Compose - Development Environment
#
# ⚠️  SECURITY WARNING: This file is for DEVELOPMENT ONLY.
# ⚠️  DO NOT use in production. For production deployments:
#     - Use Kubernetes/Docker Swarm with proper secrets management
#     - Set all secrets via environment variables or secret stores
#     - Never commit secrets to version control
#
# Usage:
#   1. Copy .env.example to .env and set your values
#   2. Run: docker-compose up -d

services:
  # ===========================================
  # AgentKern Server (Modular Monolith)
  # ===========================================
  server:
    build:
      context: .
      dockerfile: apps/server/Dockerfile
    ports:
      - "${SERVER_PORT:-3000}:3000"
    environment:
      - PORT=3000
      # Database connection - use environment variables (DO NOT hardcode in production)
      - DATABASE_URL=postgres://${POSTGRES_USER:-agentkern}:${POSTGRES_PASSWORD:-dev_only_password}@postgres:5432/${POSTGRES_DB:-agentkern_dev}
      - REDIS_URL=redis://redis:6379
      # JWT Secret - MUST be set in production (min 32 characters)
      # ⚠️  The default value below is ONLY for development!
      - JWT_SECRET=${JWT_SECRET:-dev-only-secret-REPLACE-IN-PRODUCTION-MIN-32-CHARS}
      - RUST_LOG=${RUST_LOG:-info}
      - AGENTKERN_ENV=${AGENTKERN_ENV:-development}
    depends_on:
      postgres:
        condition: service_healthy
      redis:
        condition: service_healthy
    restart: unless-stopped

  # ===========================================
  # Infrastructure (Dev/Test)
  # ===========================================
  postgres:
    image: postgres:17
    environment:
      # ⚠️  Development credentials - override in .env for local dev
      # ⚠️  Production MUST use proper secrets management
      POSTGRES_USER: ${POSTGRES_USER:-agentkern}
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-dev_only_password}
      POSTGRES_DB: ${POSTGRES_DB:-agentkern_dev}
    ports:
      - "${POSTGRES_PORT:-5432}:5432"
    healthcheck:
      test: ["CMD", "pg_isready", "-U", "${POSTGRES_USER:-agentkern}"]
      interval: 5s
      timeout: 5s
      retries: 5
    restart: unless-stopped
    # Security: Limit volumes in production
    volumes:
      - postgres_data:/var/lib/postgresql/data

  redis:
    image: redis:7-alpine
    ports:
      - "${REDIS_PORT:-6379}:6379"
    healthcheck:
      test: ["CMD", "redis-cli", "ping"]
      interval: 5s
      timeout: 5s
      retries: 5
    restart: unless-stopped
    # Security: Add password in production
    # command: redis-server --requirepass ${REDIS_PASSWORD}

networks:
  default:
    name: agentkern-network

volumes:
  postgres_data:
    driver: local