janus/docker-compose.yml at main · script3r/janus · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
services:
  spire-server:
    image: ghcr.io/spiffe/spire-server:1.8.0
    command: ["-config", "/opt/spire/conf/server/server.conf"]
    volumes:
      - ./conf/spire-server:/opt/spire/conf/server:ro
      - spire_data:/opt/spire/data
    networks:
      - spire_net
      - agent_net

  spire-agent:
    image: ghcr.io/spiffe/spire-agent:1.8.0
    command: ["-config", "/opt/spire/conf/agent/agent.conf", "-joinToken", "${JOIN_TOKEN}"]
    privileged: true
    pid: host
    restart: on-failure
    environment:
      - JOIN_TOKEN=${JOIN_TOKEN}
    volumes:
      - ./conf/spire-agent:/opt/spire/conf/agent:ro
      - /var/run/docker.sock:/var/run/docker.sock
      - spire_socket:/run/spire/sockets
      - spire_agent_data:/opt/spire/data
    networks:
      - spire_net
    depends_on:
      - spire-server

  iam-mock:
    build: .
    command: ["iam-mock"]
    networks:
      - egress_net

  janusd:
    build: .
    command: ["janusd"]
    privileged: true
    environment:
      - IAM_URL=http://iam-mock:8080
      - OPENAI_API_KEY=${OPENAI_API_KEY}
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - janus_uds:/run
      - janus_handover:/mnt/janus
      - spire_data:/opt/spire/data # Give janusd access to spire-server CLI
    networks:
      - agent_net
      - egress_net
    depends_on:
      - iam-mock
      - spire-server

  janus-net:
    build: .
    user: janus
    command: ["janus-net"]
    restart: always
    environment:
      - SPIFFE_ENDPOINT_SOCKET=unix:///run/spire/sockets/agent.sock
      - OPENAI_API_KEY=${OPENAI_API_KEY}
    volumes:
      - spire_socket:/run/spire/sockets
      - janus_handover:/mnt/janus:ro
    networks:
      - agent_net
      - egress_net
    depends_on:
      - spire-agent

  agent-demo:
    build: .
    user: janus
    read_only: true
    volumes:
      - type: tmpfs
        target: /tmp
      - type: tmpfs
        target: /scratch
        tmpfs:
          size: 512M
          mode: 0777
      - janus_uds:/run
      - janus_handover:/mnt/janus:ro
    command: ["janus-run", "sh", "-c", "echo \"Agent started with STATE: $$JANUS_STATE\" && sleep infinity"]
    restart: always
    environment:
      - HOME=/scratch
      - OPENAI_API_KEY=${OPENAI_API_KEY}
      - HTTP_PROXY=http://janus-net:3128
      - HTTPS_PROXY=http://janus-net:3128
      - http_proxy=http://janus-net:3128
      - https_proxy=http://janus-net:3128
      - NO_PROXY=localhost,127.0.0.1,janus-net,janusd
      - no_proxy=localhost,127.0.0.1,janus-net,janusd
    pid: host
    networks:
      - agent_net
    depends_on:
      - janusd
      - janus-net

  asset-server:
    build: .
    command: ["janus-net"]
    environment:
      - INGRESS_MODE=true
      - SPIFFE_ENDPOINT_SOCKET=unix:///run/spire/sockets/agent.sock
    volumes:
      - spire_socket:/run/spire/sockets:ro
    networks:
      - agent_net
      - egress_net
    depends_on:
      - spire-agent

networks:
  agent_net:
    internal: true
  egress_net:
  spire_net:

volumes:
  spire_socket:
  spire_data:
  spire_agent_data:
  janus_uds:
  janus_handover: