Skip to content

Docker

Building Docker Containers

  • Currently docker container is based upon Python 3.9 slim buster
  • make build_docker or
docker build --network host -t policy-service:latest .
  • The make build command will also convert the AdminUI into static files to frontend/adminui/dist/policyservice this will get added during the docker build phase.

You can also name it to match the OSDU images, for example:

cd app
docker build -t community.opengroup.org:5555/osdu/platform/security-and-compliance/policy .
  • make run for running the policy-service in Docker. Keep in mind that environment variables are still required for the policy-service even running in Docker. make run handles a lot of that for you.
  • Alternatively you could do something like this to run policy service in docker:
docker run  -it --rm \
    -e OPA_URL=http://host.docker.internal:8181 \
    -e ENTITLEMENTS_BASE_URL=https://yourentitlementsservice \
    -e ENTITLEMENTS_BASE_PATH=/api/entitlements/v2/groups \
    -e LEGAL_BASE_URL=https://yourlegalservice \
    -e TOKEN="your bearer token here" \
    -e ENABLE_DEV_DIAGNOSTICS=1 \
    -e ENABLE_ADMIN_UI=1 \
    -e GOOGLE_CLOUD_PROJECT=your_google_project \
    -e CLOUD_PROVIDER=gcp \
    -e POLICY_BUCKET=your_policy_bucket_in_google_cloud \
    -v $HOME/.config/gcloud:/root/.config/gcloud \
    --name policy-service -p 8080:8080 policy-service:latest

Running OPA in Docker

  1. Get OPA image make pull or 
docker pull openpolicyagent/opa --platform linux/amd64
  1. Start OPA
  2. make opa
  3. Atlernatively run it in the foreground:
docker run --name opa -p 8181:8181 openpolicyagent/opa run --server
  • Atlernatively run it in the background:
docker run -d --name opa -p 8181:8181 openpolicyagent/opa run --server
  • Atlernatively run with debugging:
docker run --name opa -p 8181:8181 openpolicyagent/opa run --server --log-level debug

Running Policy Service in Docker

  • make run or 
docker run  -it --rm \
    -e OPA_URL=http://host.docker.internal:8181 \
    -e ENTITLEMENTS_BASE_URL=ENTITLEMENTS_BASE_URL \
    -e ENTITLEMENTS_BASE_PATH=ENTITLEMENTS_BASE_PATH \
    -e LEGAL_BASE_URL=LEGAL_BASE_URL \
    -e TOKEN="<access token>" \
    -e ENABLE_DEV_DIAGNOSTICS=1 \
    -e ENABLE_ADMIN_UI=1 \
    -e CLOUD_PROVIDER=aws \
    -e POLICY_BUCKET=$(POLICY_BUCKET) \
    --name policy-service -p 8080:8080 policy-service:latest

Getting Already Built Containers from OSDU

Login with your community username and password.

docker login community.opengroup.org:5555

For the latest (on any branch)

docker pull community.opengroup.org:5555/osdu/platform/security-and-compliance/policy:latest

You can find complete list of containers in gitlab

Building from OSDU

Login with your community username and password.

docker login community.opengroup.org:5555