-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdocker-compose.yaml
105 lines (96 loc) · 3.67 KB
/
docker-compose.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
# Docker Composition for LabCAS ML Serve
# ======================================
#
# A set of composed services to support LabCAS's Nuclei Detector
# Services
# --------
#
# What to run
services:
# ML Serve, based on Ray Serve
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# This is the core process.
mlserve:
image: ${EDRN_IMAGE_OWNER-edrndocker/}labcas-ml-serve:${EDRN_ML_SERVE_VERSION:-latest} # 'labcas-ml-serve:latest' # for using a local image
shm_size: '1g'
volumes:
# This is for developer convenience; normally the only interaction is through the 8080 port:
- ${PWD}/outputs:/usr/src/app/outputs
# Note: these next three lines shouldn't be used since it'll overshadow what's in the image:
- ${PWD}/deployments:/usr/src/app/deployments
- ${PWD}/configs:/usr/src/app/configs
- ${PWD}/src:/usr/src/app/src
- ${LABCAS_ARCHIVE_PATH:-/labcas-data/labcas-backend/archive/edrn}:/labcas-data/labcas-backend/archive/edrn
# - ${PWD}/test_archive:/labcas-data/labcas-backend/archive/edrn # For testing with local data
ports:
-
# Ray Serve (GCS server) port. This doesn't need to be published, but for development
# it might be handy to have external access to it.
target: 6378
published: ${EDRN_RAY_SERVE_PORT:-6378}
protocol: tcp
mode: host
-
# Dashboard port; nice and fancy
target: 8265
published: ${EDRN_RAY_DASHBOARD_PORT:-8265}
protocol: tcp
mode: host
-
# HTTP (not secure) port; this is the API endpoint
target: 8080
published: ${EDRN_HTTP_PORT:-8080}
protocol: tcp
mode: host
environment:
REDIS_HOST: kvstore
REDIS_PORT: 6379
# Feel free to override this in development to a local or tunneled solr. This value is what
# makes sense on edrn-docker:
SOLR_URL: https://edrn-labcas:8984/solr
restart: on-failure
depends_on:
- kvstore
labels:
org.label-schema.name: ML Serve
org.label-schema.description: Alphan Atinok's Nuclei Detector (powered by Ray Serve)
extra_hosts:
- "host.docker.internal:host-gateway"
# Redis
# ~~~~~
#
# Redis provides KV storage, caching, message queues, locking, etc.
kvstore:
image: redis:7.0.5-alpine
restart: on-failure
labels:
org.label-schema.name: LabCAS KV Store and Message Broker
org.label-schema.description: Key-Values storage, message queue, and in-memory cache provided by Redis
# HTTPS Support
# ~~~~~~~~~~~~~
#
# This provides an encrypted (TLS, https) endpoint over mlserve's unencrypted http endpoint.
tls-termination:
image: nasapds/proxycrypt:1.0.2
ports:
-
target: 443
published: ${EDRN_TLS_PORT:-9443}
protocol: tcp
mode: host
environment:
PROXY_URL: http://mlserve:8080
CERT_CN: ${CERT_CN:-edrn-docker.jpl.nasa.gov}
restart: on-failure
depends_on:
- mlserve
labels:
org.label-schema.name: HTTPS Endpoints
org.label-schema.description: JPL requires even internal TCP sockets be encrypted (powered by proxycrypt)
# Misc
# ----
#
# Only thing we have here is some Docker Compose metadata
version: '3.9'
# -*- mode: YAML; tab-width: 4 -*-