Created
August 15, 2023 16:51
-
-
Save harshach/9ca1019d5f4c96a253dc8543c16ab757 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Copyright 2021 Collate | |
| # Licensed under the Apache License, Version 2.0 (the "License"); | |
| # you may not use this file except in compliance with the License. | |
| # You may obtain a copy of the License at | |
| # http://www.apache.org/licenses/LICENSE-2.0 | |
| # Unless required by applicable law or agreed to in writing, software | |
| # distributed under the License is distributed on an "AS IS" BASIS, | |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
| # See the License for the specific language governing permissions and | |
| # limitations under the License. | |
| version: "3.9" | |
| volumes: | |
| ingestion-volume-dag-airflow: | |
| ingestion-volume-dags: | |
| ingestion-volume-tmp: | |
| es-data: | |
| services: | |
| postgresql: | |
| container_name: openmetadata_postgresql | |
| image: docker.getcollate.io/openmetadata/postgresql:1.1.1 | |
| restart: always | |
| command: "--work_mem=10MB" | |
| environment: | |
| POSTGRES_USER: postgres | |
| POSTGRES_PASSWORD: password | |
| expose: | |
| - 5432 | |
| ports: | |
| - "5432:5432" | |
| volumes: | |
| - ./docker-volume/db-data-postgres:/var/lib/postgresql/data | |
| networks: | |
| - app_net | |
| healthcheck: | |
| test: psql -U postgres -tAc 'select 1' -d openmetadata_db | |
| interval: 15s | |
| timeout: 10s | |
| retries: 10 | |
| elasticsearch: | |
| container_name: openmetadata_elasticsearch | |
| image: docker.elastic.co/elasticsearch/elasticsearch:7.16.3 | |
| environment: | |
| - discovery.type=single-node | |
| - ES_JAVA_OPTS=-Xms1024m -Xmx1024m | |
| networks: | |
| - app_net | |
| ports: | |
| - "9200:9200" | |
| - "9300:9300" | |
| volumes: | |
| - es-data:/usr/share/elasticsearch/data | |
| execute-migrate-all: | |
| container_name: execute_migrate_all | |
| image: docker.getcollate.io/openmetadata/server:1.1.1 | |
| command: "./bootstrap/bootstrap_storage.sh migrate-all" | |
| environment: | |
| OPENMETADATA_CLUSTER_NAME: ${OPENMETADATA_CLUSTER_NAME:-openmetadata} | |
| SERVER_PORT: ${SERVER_PORT:-8585} | |
| SERVER_ADMIN_PORT: ${SERVER_ADMIN_PORT:-8586} | |
| LOG_LEVEL: ${LOG_LEVEL:-INFO} | |
| OPENMETADATA_DEBUG: ${OPENMETADATA_DEBUG:-false} | |
| # Migration | |
| MIGRATION_LIMIT_PARAM: ${MIGRATION_LIMIT_PARAM:-1200} | |
| # OpenMetadata Server Authentication Configuration | |
| AUTHORIZER_CLASS_NAME: ${AUTHORIZER_CLASS_NAME:-org.openmetadata.service.security.DefaultAuthorizer} | |
| AUTHORIZER_REQUEST_FILTER: ${AUTHORIZER_REQUEST_FILTER:-org.openmetadata.service.security.JwtFilter} | |
| AUTHORIZER_ADMIN_PRINCIPALS: ${AUTHORIZER_ADMIN_PRINCIPALS:-[admin]} | |
| AUTHORIZER_ALLOWED_REGISTRATION_DOMAIN: ${AUTHORIZER_ALLOWED_REGISTRATION_DOMAIN:-["all"]} | |
| AUTHORIZER_INGESTION_PRINCIPALS: ${AUTHORIZER_INGESTION_PRINCIPALS:-[ingestion-bot]} | |
| AUTHORIZER_PRINCIPAL_DOMAIN: ${AUTHORIZER_PRINCIPAL_DOMAIN:-"openmetadata.org"} | |
| AUTHORIZER_ENFORCE_PRINCIPAL_DOMAIN: ${AUTHORIZER_ENFORCE_PRINCIPAL_DOMAIN:-false} | |
| AUTHORIZER_ENABLE_SECURE_SOCKET: ${AUTHORIZER_ENABLE_SECURE_SOCKET:-false} | |
| AUTHENTICATION_PROVIDER: ${AUTHENTICATION_PROVIDER:-basic} | |
| CUSTOM_OIDC_AUTHENTICATION_PROVIDER_NAME: ${CUSTOM_OIDC_AUTHENTICATION_PROVIDER_NAME:-""} | |
| AUTHENTICATION_PUBLIC_KEYS: ${AUTHENTICATION_PUBLIC_KEYS:-[http://localhost:8585/api/v1/system/config/jwks]} | |
| AUTHENTICATION_AUTHORITY: ${AUTHENTICATION_AUTHORITY:-https://accounts.google.com} | |
| AUTHENTICATION_CLIENT_ID: ${AUTHENTICATION_CLIENT_ID:-""} | |
| AUTHENTICATION_CALLBACK_URL: ${AUTHENTICATION_CALLBACK_URL:-""} | |
| AUTHENTICATION_JWT_PRINCIPAL_CLAIMS: ${AUTHENTICATION_JWT_PRINCIPAL_CLAIMS:-[email,preferred_username,sub]} | |
| AUTHENTICATION_ENABLE_SELF_SIGNUP: ${AUTHENTICATION_ENABLE_SELF_SIGNUP:-true} | |
| # JWT Configuration | |
| RSA_PUBLIC_KEY_FILE_PATH: ${RSA_PUBLIC_KEY_FILE_PATH:-"./conf/public_key.der"} | |
| RSA_PRIVATE_KEY_FILE_PATH: ${RSA_PRIVATE_KEY_FILE_PATH:-"./conf/private_key.der"} | |
| JWT_ISSUER: ${JWT_ISSUER:-"open-metadata.org"} | |
| JWT_KEY_ID: ${JWT_KEY_ID:-"Gb389a-9f76-gdjs-a92j-0242bk94356"} | |
| # OpenMetadata Server Pipeline Service Client Configuration | |
| PIPELINE_SERVICE_CLIENT_ENDPOINT: ${PIPELINE_SERVICE_CLIENT_ENDPOINT:-http://ingestion:8080} | |
| PIPELINE_SERVICE_CLIENT_HEALTH_CHECK_INTERVAL: ${PIPELINE_SERVICE_CLIENT_HEALTH_CHECK_INTERVAL:-300} | |
| SERVER_HOST_API_URL: ${SERVER_HOST_API_URL:-http://openmetadata-server:8585/api} | |
| PIPELINE_SERVICE_CLIENT_VERIFY_SSL: ${PIPELINE_SERVICE_CLIENT_VERIFY_SSL:-"no-ssl"} | |
| PIPELINE_SERVICE_CLIENT_SSL_CERT_PATH: ${PIPELINE_SERVICE_CLIENT_SSL_CERT_PATH:-""} | |
| #Database configuration for postgresql | |
| DB_DRIVER_CLASS: ${DB_DRIVER_CLASS:-org.postgresql.Driver} | |
| DB_SCHEME: ${DB_SCHEME:-postgresql} | |
| DB_USE_SSL: ${DB_USE_SSL:-false} | |
| DB_USER: ${DB_USER:-openmetadata_user} | |
| DB_USER_PASSWORD: ${DB_USER_PASSWORD:-openmetadata_password} | |
| DB_HOST: ${DB_HOST:-postgresql} | |
| DB_PORT: ${DB_PORT:-5432} | |
| OM_DATABASE: ${OM_DATABASE:-openmetadata_db} | |
| # ElasticSearch Configurations | |
| ELASTICSEARCH_HOST: ${ELASTICSEARCH_HOST:- elasticsearch} | |
| ELASTICSEARCH_PORT: ${ELASTICSEARCH_PORT:-9200} | |
| ELASTICSEARCH_SCHEME: ${ELASTICSEARCH_SCHEME:-http} | |
| ELASTICSEARCH_USER: ${ELASTICSEARCH_USER:-""} | |
| ELASTICSEARCH_PASSWORD: ${ELASTICSEARCH_PASSWORD:-""} | |
| SEARCH_TYPE: ${SEARCH_TYPE:- "elasticsearch"} | |
| ELASTICSEARCH_TRUST_STORE_PATH: ${ELASTICSEARCH_TRUST_STORE_PATH:-""} | |
| ELASTICSEARCH_TRUST_STORE_PASSWORD: ${ELASTICSEARCH_TRUST_STORE_PASSWORD:-""} | |
| ELASTICSEARCH_CONNECTION_TIMEOUT_SECS: ${ELASTICSEARCH_CONNECTION_TIMEOUT_SECS:-5} | |
| ELASTICSEARCH_SOCKET_TIMEOUT_SECS: ${ELASTICSEARCH_SOCKET_TIMEOUT_SECS:-60} | |
| ELASTICSEARCH_KEEP_ALIVE_TIMEOUT_SECS: ${ELASTICSEARCH_KEEP_ALIVE_TIMEOUT_SECS:-600} | |
| ELASTICSEARCH_BATCH_SIZE: ${ELASTICSEARCH_BATCH_SIZE:-10} | |
| ELASTICSEARCH_INDEX_MAPPING_LANG: ${ELASTICSEARCH_INDEX_MAPPING_LANG:-EN} | |
| #eventMonitoringConfiguration | |
| EVENT_MONITOR: ${EVENT_MONITOR:-prometheus} | |
| EVENT_MONITOR_BATCH_SIZE: ${EVENT_MONITOR_BATCH_SIZE:-10} | |
| EVENT_MONITOR_PATH_PATTERN: ${EVENT_MONITOR_PATH_PATTERN:-["/api/v1/tables/*", "/api/v1/health-check"]} | |
| EVENT_MONITOR_LATENCY: ${EVENT_MONITOR_LATENCY:-[]} | |
| #pipelineServiceClientConfiguration | |
| PIPELINE_SERVICE_CLIENT_CLASS_NAME: ${PIPELINE_SERVICE_CLIENT_CLASS_NAME:-"org.openmetadata.service.clients.pipeline.airflow.AirflowRESTClient"} | |
| PIPELINE_SERVICE_IP_INFO_ENABLED: ${PIPELINE_SERVICE_IP_INFO_ENABLED:-false} | |
| PIPELINE_SERVICE_CLIENT_HOST_IP: ${PIPELINE_SERVICE_CLIENT_HOST_IP:-""} | |
| PIPELINE_SERVICE_CLIENT_SECRETS_MANAGER_LOADER: ${PIPELINE_SERVICE_CLIENT_SECRETS_MANAGER_LOADER:-"noop"} | |
| #airflow parameters | |
| AIRFLOW_USERNAME: ${AIRFLOW_USERNAME:-admin} | |
| AIRFLOW_PASSWORD: ${AIRFLOW_PASSWORD:-admin} | |
| AIRFLOW_TIMEOUT: ${AIRFLOW_TIMEOUT:-10} | |
| AIRFLOW_TRUST_STORE_PATH: ${AIRFLOW_TRUST_STORE_PATH:-""} | |
| AIRFLOW_TRUST_STORE_PASSWORD: ${AIRFLOW_TRUST_STORE_PASSWORD:-""} | |
| FERNET_KEY: ${FERNET_KEY:-jJ/9sz0g0OHxsfxOoSfdFdmk3ysNmPRnH3TUAbz3IHA=} | |
| #secretsManagerConfiguration | |
| SECRET_MANAGER: ${SECRET_MANAGER:-noop} | |
| #parameters: | |
| OM_SM_REGION: ${OM_SM_REGION:-""} | |
| OM_SM_ACCESS_KEY_ID: ${OM_SM_ACCESS_KEY_ID:-""} | |
| OM_SM_ACCESS_KEY: ${OM_SM_ACCESS_KEY:-""} | |
| #email configuration: | |
| OM_EMAIL_ENTITY: ${OM_EMAIL_ENTITY:-"OpenMetadata"} | |
| OM_SUPPORT_URL: ${OM_SUPPORT_URL:-"https://slack.open-metadata.org"} | |
| AUTHORIZER_ENABLE_SMTP : ${AUTHORIZER_ENABLE_SMTP:-false} | |
| OPENMETADATA_SERVER_URL: ${OPENMETADATA_SERVER_URL:-""} | |
| OPENMETADATA_SMTP_SENDER_MAIL: ${OPENMETADATA_SMTP_SENDER_MAIL:-""} | |
| SMTP_SERVER_ENDPOINT: ${SMTP_SERVER_ENDPOINT:-""} | |
| SMTP_SERVER_PORT: ${SMTP_SERVER_PORT:-""} | |
| SMTP_SERVER_USERNAME: ${SMTP_SERVER_USERNAME:-""} | |
| SMTP_SERVER_PWD: ${SMTP_SERVER_PWD:-""} | |
| SMTP_SERVER_STRATEGY: ${SMTP_SERVER_STRATEGY:-"SMTP_TLS"} | |
| #changeEventConfig | |
| OM_URI: ${OM_URI:- "http://localhost:8585"} | |
| #extensionConfiguration | |
| OM_RESOURCE_PACKAGES: ${OM_RESOURCE_PACKAGES:-[]} | |
| OM_EXTENSIONS: ${OM_EXTENSIONS:-[]} | |
| # Heap OPTS Configurations | |
| OPENMETADATA_HEAP_OPTS: ${OPENMETADATA_HEAP_OPTS:--Xmx1G -Xms1G} | |
| # Application Config | |
| OM_CUSTOM_LOGO_URL_PATH: ${OM_CUSTOM_LOGO_URL_PATH:-""} | |
| OM_CUSTOM_MONOGRAM_URL_PATH: ${OM_CUSTOM_MONOGRAM_URL_PATH:-""} | |
| OM_MAX_FAILED_LOGIN_ATTEMPTS: ${OM_MAX_FAILED_LOGIN_ATTEMPTS:-3} | |
| OM_LOGIN_ACCESS_BLOCK_TIME: ${OM_LOGIN_ACCESS_BLOCK_TIME:-600} | |
| OM_JWT_EXPIRY_TIME: ${OM_JWT_EXPIRY_TIME:-3600} | |
| # Mask passwords values in UI | |
| MASK_PASSWORDS_API: ${MASK_PASSWORDS_API:-false} | |
| #OpenMetadata Web Configuration | |
| WEB_CONF_URI_PATH: ${WEB_CONF_URI_PATH:-"/api"} | |
| #HSTS | |
| WEB_CONF_HSTS_ENABLED: ${WEB_CONF_HSTS_ENABLED:-false} | |
| WEB_CONF_HSTS_MAX_AGE: ${WEB_CONF_HSTS_MAX_AGE:-"365 days"} | |
| WEB_CONF_HSTS_INCLUDE_SUBDOMAINS: ${WEB_CONF_HSTS_INCLUDE_SUBDOMAINS:-"true"} | |
| WEB_CONF_HSTS_PRELOAD: ${WEB_CONF_HSTS_PRELOAD:-"true"} | |
| #Frame Options | |
| WEB_CONF_FRAME_OPTION_ENABLED: ${WEB_CONF_FRAME_OPTION_ENABLED:-false} | |
| WEB_CONF_FRAME_OPTION: ${WEB_CONF_FRAME_OPTION:-"SAMEORIGIN"} | |
| WEB_CONF_FRAME_ORIGIN: ${WEB_CONF_FRAME_ORIGIN:-""} | |
| #Content Type | |
| WEB_CONF_CONTENT_TYPE_OPTIONS_ENABLED: ${WEB_CONF_CONTENT_TYPE_OPTIONS_ENABLED:-false} | |
| #XSS-Protection | |
| WEB_CONF_XSS_PROTECTION_ENABLED: ${WEB_CONF_XSS_PROTECTION_ENABLED:-false} | |
| WEB_CONF_XSS_PROTECTION_ON: ${WEB_CONF_XSS_PROTECTION_ON:-true} | |
| WEB_CONF_XSS_PROTECTION_BLOCK: ${WEB_CONF_XSS_PROTECTION_BLOCK:-true} | |
| #CSP | |
| WEB_CONF_XSS_CSP_ENABLED: ${WEB_CONF_XSS_CSP_ENABLED:-false} | |
| WEB_CONF_XSS_CSP_POLICY: ${WEB_CONF_XSS_CSP_POLICY:-"default-src 'self'"} | |
| WEB_CONF_XSS_CSP_REPORT_ONLY_POLICY: ${WEB_CONF_XSS_CSP_REPORT_ONLY_POLICY:-""} | |
| depends_on: | |
| elasticsearch: | |
| condition: service_started | |
| postgresql: | |
| condition: service_healthy | |
| networks: | |
| - app_net | |
| openmetadata-server: | |
| container_name: openmetadata_server | |
| restart: always | |
| image: docker.getcollate.io/openmetadata/server:1.1.1 | |
| environment: | |
| OPENMETADATA_CLUSTER_NAME: ${OPENMETADATA_CLUSTER_NAME:-openmetadata} | |
| SERVER_PORT: ${SERVER_PORT:-8585} | |
| SERVER_ADMIN_PORT: ${SERVER_ADMIN_PORT:-8586} | |
| LOG_LEVEL: ${LOG_LEVEL:-INFO} | |
| OPENMETADATA_DEBUG: ${OPENMETADATA_DEBUG:-false} | |
| # OpenMetadata Server Authentication Configuration | |
| AUTHORIZER_CLASS_NAME: ${AUTHORIZER_CLASS_NAME:-org.openmetadata.service.security.DefaultAuthorizer} | |
| AUTHORIZER_REQUEST_FILTER: ${AUTHORIZER_REQUEST_FILTER:-org.openmetadata.service.security.JwtFilter} | |
| AUTHORIZER_ADMIN_PRINCIPALS: ${AUTHORIZER_ADMIN_PRINCIPALS:-[admin]} | |
| AUTHORIZER_ALLOWED_REGISTRATION_DOMAIN: ${AUTHORIZER_ALLOWED_REGISTRATION_DOMAIN:-["all"]} | |
| AUTHORIZER_INGESTION_PRINCIPALS: ${AUTHORIZER_INGESTION_PRINCIPALS:-[ingestion-bot]} | |
| AUTHORIZER_PRINCIPAL_DOMAIN: ${AUTHORIZER_PRINCIPAL_DOMAIN:-"openmetadata.org"} | |
| AUTHORIZER_ENFORCE_PRINCIPAL_DOMAIN: ${AUTHORIZER_ENFORCE_PRINCIPAL_DOMAIN:-false} | |
| AUTHORIZER_ENABLE_SECURE_SOCKET: ${AUTHORIZER_ENABLE_SECURE_SOCKET:-false} | |
| AUTHENTICATION_PROVIDER: ${AUTHENTICATION_PROVIDER:-basic} | |
| CUSTOM_OIDC_AUTHENTICATION_PROVIDER_NAME: ${CUSTOM_OIDC_AUTHENTICATION_PROVIDER_NAME:-""} | |
| AUTHENTICATION_PUBLIC_KEYS: ${AUTHENTICATION_PUBLIC_KEYS:-[http://localhost:8585/api/v1/system/config/jwks]} | |
| AUTHENTICATION_AUTHORITY: ${AUTHENTICATION_AUTHORITY:-https://accounts.google.com} | |
| AUTHENTICATION_CLIENT_ID: ${AUTHENTICATION_CLIENT_ID:-""} | |
| AUTHENTICATION_CALLBACK_URL: ${AUTHENTICATION_CALLBACK_URL:-""} | |
| AUTHENTICATION_JWT_PRINCIPAL_CLAIMS: ${AUTHENTICATION_JWT_PRINCIPAL_CLAIMS:-[email,preferred_username,sub]} | |
| AUTHENTICATION_ENABLE_SELF_SIGNUP: ${AUTHENTICATION_ENABLE_SELF_SIGNUP:-true} | |
| # JWT Configuration | |
| RSA_PUBLIC_KEY_FILE_PATH: ${RSA_PUBLIC_KEY_FILE_PATH:-"./conf/public_key.der"} | |
| RSA_PRIVATE_KEY_FILE_PATH: ${RSA_PRIVATE_KEY_FILE_PATH:-"./conf/private_key.der"} | |
| JWT_ISSUER: ${JWT_ISSUER:-"open-metadata.org"} | |
| JWT_KEY_ID: ${JWT_KEY_ID:-"Gb389a-9f76-gdjs-a92j-0242bk94356"} | |
| # OpenMetadata Server Pipeline Service Client Configuration | |
| PIPELINE_SERVICE_CLIENT_ENDPOINT: ${PIPELINE_SERVICE_CLIENT_ENDPOINT:-http://ingestion:8080} | |
| PIPELINE_SERVICE_CLIENT_HEALTH_CHECK_INTERVAL: ${PIPELINE_SERVICE_CLIENT_HEALTH_CHECK_INTERVAL:-300} | |
| SERVER_HOST_API_URL: ${SERVER_HOST_API_URL:-http://openmetadata-server:8585/api} | |
| PIPELINE_SERVICE_CLIENT_VERIFY_SSL: ${PIPELINE_SERVICE_CLIENT_VERIFY_SSL:-"no-ssl"} | |
| PIPELINE_SERVICE_CLIENT_SSL_CERT_PATH: ${PIPELINE_SERVICE_CLIENT_SSL_CERT_PATH:-""} | |
| #Database configuration for postgresql | |
| DB_DRIVER_CLASS: ${DB_DRIVER_CLASS:-org.postgresql.Driver} | |
| DB_SCHEME: ${DB_SCHEME:-postgresql} | |
| DB_USE_SSL: ${DB_USE_SSL:-false} | |
| DB_USER: ${DB_USER:-openmetadata_user} | |
| DB_USER_PASSWORD: ${DB_USER_PASSWORD:-openmetadata_password} | |
| DB_HOST: ${DB_HOST:-postgresql} | |
| DB_PORT: ${DB_PORT:-5432} | |
| OM_DATABASE: ${OM_DATABASE:-openmetadata_db} | |
| # ElasticSearch Configurations | |
| ELASTICSEARCH_HOST: ${ELASTICSEARCH_HOST:- elasticsearch} | |
| ELASTICSEARCH_PORT: ${ELASTICSEARCH_PORT:-9200} | |
| ELASTICSEARCH_SCHEME: ${ELASTICSEARCH_SCHEME:-http} | |
| ELASTICSEARCH_USER: ${ELASTICSEARCH_USER:-""} | |
| ELASTICSEARCH_PASSWORD: ${ELASTICSEARCH_PASSWORD:-""} | |
| SEARCH_TYPE: ${SEARCH_TYPE:- "elasticsearch"} | |
| ELASTICSEARCH_TRUST_STORE_PATH: ${ELASTICSEARCH_TRUST_STORE_PATH:-""} | |
| ELASTICSEARCH_TRUST_STORE_PASSWORD: ${ELASTICSEARCH_TRUST_STORE_PASSWORD:-""} | |
| ELASTICSEARCH_CONNECTION_TIMEOUT_SECS: ${ELASTICSEARCH_CONNECTION_TIMEOUT_SECS:-5} | |
| ELASTICSEARCH_SOCKET_TIMEOUT_SECS: ${ELASTICSEARCH_SOCKET_TIMEOUT_SECS:-60} | |
| ELASTICSEARCH_KEEP_ALIVE_TIMEOUT_SECS: ${ELASTICSEARCH_KEEP_ALIVE_TIMEOUT_SECS:-600} | |
| ELASTICSEARCH_BATCH_SIZE: ${ELASTICSEARCH_BATCH_SIZE:-10} | |
| ELASTICSEARCH_INDEX_MAPPING_LANG: ${ELASTICSEARCH_INDEX_MAPPING_LANG:-EN} | |
| #eventMonitoringConfiguration | |
| EVENT_MONITOR: ${EVENT_MONITOR:-prometheus} | |
| EVENT_MONITOR_BATCH_SIZE: ${EVENT_MONITOR_BATCH_SIZE:-10} | |
| EVENT_MONITOR_PATH_PATTERN: ${EVENT_MONITOR_PATH_PATTERN:-["/api/v1/tables/*", "/api/v1/health-check"]} | |
| EVENT_MONITOR_LATENCY: ${EVENT_MONITOR_LATENCY:-[]} | |
| #pipelineServiceClientConfiguration | |
| PIPELINE_SERVICE_CLIENT_CLASS_NAME: ${PIPELINE_SERVICE_CLIENT_CLASS_NAME:-"org.openmetadata.service.clients.pipeline.airflow.AirflowRESTClient"} | |
| PIPELINE_SERVICE_IP_INFO_ENABLED: ${PIPELINE_SERVICE_IP_INFO_ENABLED:-false} | |
| PIPELINE_SERVICE_CLIENT_HOST_IP: ${PIPELINE_SERVICE_CLIENT_HOST_IP:-""} | |
| PIPELINE_SERVICE_CLIENT_SECRETS_MANAGER_LOADER: ${PIPELINE_SERVICE_CLIENT_SECRETS_MANAGER_LOADER:-"noop"} | |
| #airflow parameters | |
| AIRFLOW_USERNAME: ${AIRFLOW_USERNAME:-admin} | |
| AIRFLOW_PASSWORD: ${AIRFLOW_PASSWORD:-admin} | |
| AIRFLOW_TIMEOUT: ${AIRFLOW_TIMEOUT:-10} | |
| AIRFLOW_TRUST_STORE_PATH: ${AIRFLOW_TRUST_STORE_PATH:-""} | |
| AIRFLOW_TRUST_STORE_PASSWORD: ${AIRFLOW_TRUST_STORE_PASSWORD:-""} | |
| FERNET_KEY: ${FERNET_KEY:-jJ/9sz0g0OHxsfxOoSfdFdmk3ysNmPRnH3TUAbz3IHA=} | |
| #secretsManagerConfiguration | |
| SECRET_MANAGER: ${SECRET_MANAGER:-noop} | |
| #parameters: | |
| OM_SM_REGION: ${OM_SM_REGION:-""} | |
| OM_SM_ACCESS_KEY_ID: ${OM_SM_ACCESS_KEY_ID:-""} | |
| OM_SM_ACCESS_KEY: ${OM_SM_ACCESS_KEY:-""} | |
| #email configuration: | |
| OM_EMAIL_ENTITY: ${OM_EMAIL_ENTITY:-"OpenMetadata"} | |
| OM_SUPPORT_URL: ${OM_SUPPORT_URL:-"https://slack.open-metadata.org"} | |
| AUTHORIZER_ENABLE_SMTP : ${AUTHORIZER_ENABLE_SMTP:-false} | |
| OPENMETADATA_SERVER_URL: ${OPENMETADATA_SERVER_URL:-""} | |
| OPENMETADATA_SMTP_SENDER_MAIL: ${OPENMETADATA_SMTP_SENDER_MAIL:-""} | |
| SMTP_SERVER_ENDPOINT: ${SMTP_SERVER_ENDPOINT:-""} | |
| SMTP_SERVER_PORT: ${SMTP_SERVER_PORT:-""} | |
| SMTP_SERVER_USERNAME: ${SMTP_SERVER_USERNAME:-""} | |
| SMTP_SERVER_PWD: ${SMTP_SERVER_PWD:-""} | |
| SMTP_SERVER_STRATEGY: ${SMTP_SERVER_STRATEGY:-"SMTP_TLS"} | |
| #changeEventConfig | |
| OM_URI: ${OM_URI:- "http://localhost:8585"} | |
| #extensionConfiguration | |
| OM_RESOURCE_PACKAGES: ${OM_RESOURCE_PACKAGES:-[]} | |
| OM_EXTENSIONS: ${OM_EXTENSIONS:-[]} | |
| # Heap OPTS Configurations | |
| OPENMETADATA_HEAP_OPTS: ${OPENMETADATA_HEAP_OPTS:--Xmx1G -Xms1G} | |
| # Application Config | |
| OM_CUSTOM_LOGO_URL_PATH: ${OM_CUSTOM_LOGO_URL_PATH:-""} | |
| OM_CUSTOM_MONOGRAM_URL_PATH: ${OM_CUSTOM_MONOGRAM_URL_PATH:-""} | |
| OM_MAX_FAILED_LOGIN_ATTEMPTS: ${OM_MAX_FAILED_LOGIN_ATTEMPTS:-3} | |
| OM_LOGIN_ACCESS_BLOCK_TIME: ${OM_LOGIN_ACCESS_BLOCK_TIME:-600} | |
| OM_JWT_EXPIRY_TIME: ${OM_JWT_EXPIRY_TIME:-3600} | |
| # Mask passwords values in UI | |
| MASK_PASSWORDS_API: ${MASK_PASSWORDS_API:-false} | |
| #OpenMetadata Web Configuration | |
| WEB_CONF_URI_PATH: ${WEB_CONF_URI_PATH:-"/api"} | |
| #HSTS | |
| WEB_CONF_HSTS_ENABLED: ${WEB_CONF_HSTS_ENABLED:-false} | |
| WEB_CONF_HSTS_MAX_AGE: ${WEB_CONF_HSTS_MAX_AGE:-"365 days"} | |
| WEB_CONF_HSTS_INCLUDE_SUBDOMAINS: ${WEB_CONF_HSTS_INCLUDE_SUBDOMAINS:-"true"} | |
| WEB_CONF_HSTS_PRELOAD: ${WEB_CONF_HSTS_PRELOAD:-"true"} | |
| #Frame Options | |
| WEB_CONF_FRAME_OPTION_ENABLED: ${WEB_CONF_FRAME_OPTION_ENABLED:-false} | |
| WEB_CONF_FRAME_OPTION: ${WEB_CONF_FRAME_OPTION:-"SAMEORIGIN"} | |
| WEB_CONF_FRAME_ORIGIN: ${WEB_CONF_FRAME_ORIGIN:-""} | |
| #Content Type | |
| WEB_CONF_CONTENT_TYPE_OPTIONS_ENABLED: ${WEB_CONF_CONTENT_TYPE_OPTIONS_ENABLED:-false} | |
| #XSS-Protection | |
| WEB_CONF_XSS_PROTECTION_ENABLED: ${WEB_CONF_XSS_PROTECTION_ENABLED:-false} | |
| WEB_CONF_XSS_PROTECTION_ON: ${WEB_CONF_XSS_PROTECTION_ON:-true} | |
| WEB_CONF_XSS_PROTECTION_BLOCK: ${WEB_CONF_XSS_PROTECTION_BLOCK:-true} | |
| #CSP | |
| WEB_CONF_XSS_CSP_ENABLED: ${WEB_CONF_XSS_CSP_ENABLED:-false} | |
| WEB_CONF_XSS_CSP_POLICY: ${WEB_CONF_XSS_CSP_POLICY:-"default-src 'self'"} | |
| WEB_CONF_XSS_CSP_REPORT_ONLY_POLICY: ${WEB_CONF_XSS_CSP_REPORT_ONLY_POLICY:-""} | |
| expose: | |
| - 8585 | |
| - 8586 | |
| ports: | |
| - "8585:8585" | |
| - "8586:8586" | |
| depends_on: | |
| elasticsearch: | |
| condition: service_started | |
| postgresql: | |
| condition: service_healthy | |
| execute-migrate-all: | |
| condition: service_completed_successfully | |
| networks: | |
| - app_net | |
| healthcheck: | |
| test: [ "CMD", "wget", "-q", "--spider", "http://localhost:8586/healthcheck" ] | |
| ingestion: | |
| container_name: openmetadata_ingestion | |
| image: docker.getcollate.io/openmetadata/ingestion:1.1.1 | |
| depends_on: | |
| elasticsearch: | |
| condition: service_started | |
| postgresql: | |
| condition: service_healthy | |
| openmetadata-server: | |
| condition: service_started | |
| environment: | |
| AIRFLOW__API__AUTH_BACKENDS: "airflow.api.auth.backend.basic_auth,airflow.api.auth.backend.session" | |
| AIRFLOW__CORE__EXECUTOR: LocalExecutor | |
| AIRFLOW__OPENMETADATA_AIRFLOW_APIS__DAG_GENERATED_CONFIGS: "/opt/airflow/dag_generated_configs" | |
| DB_HOST: ${AIRFLOW_DB_HOST:-postgresql} | |
| DB_PORT: ${AIRFLOW_DB_PORT:-5432} | |
| AIRFLOW_DB: ${AIRFLOW_DB:-airflow_db} | |
| DB_USER: ${AIRFLOW_DB_USER:-airflow_user} | |
| DB_SCHEME: ${AIRFLOW_DB_SCHEME:-postgresql+psycopg2} | |
| DB_PASSWORD: ${AIRFLOW_DB_PASSWORD:-airflow_pass} | |
| entrypoint: /bin/bash | |
| command: | |
| - "/opt/airflow/ingestion_dependency.sh" | |
| expose: | |
| - 8080 | |
| ports: | |
| - "8080:8080" | |
| networks: | |
| - app_net | |
| volumes: | |
| - ingestion-volume-dag-airflow:/opt/airflow/dag_generated_configs | |
| - ingestion-volume-dags:/opt/airflow/dags | |
| - ingestion-volume-tmp:/tmp | |
| networks: | |
| app_net: | |
| ipam: | |
| driver: default | |
| config: | |
| - subnet: "172.16.240.0/24" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment