Docker
Building Docker Containers
- Currently docker container is based upon Python 3.9 slim buster
make build_docker
or
docker build --network host -t policy-service:latest .
- The
make build
command will also convert the AdminUI into static files to frontend/adminui/dist/policyservice this will get added during the docker build phase.
You can also name it to match the OSDU images, for example:
cd app
docker build -t community.opengroup.org:5555/osdu/platform/security-and-compliance/policy .
make run
for running the policy-service in Docker. Keep in mind that environment variables are still required for the policy-service even running in Docker.make run
handles a lot of that for you.- Alternatively you could do something like this to run policy service in docker:
docker run -it --rm \
-e OPA_URL=http://host.docker.internal:8181 \
-e ENTITLEMENTS_BASE_URL=https://yourentitlementsservice \
-e ENTITLEMENTS_BASE_PATH=/api/entitlements/v2/groups \
-e LEGAL_BASE_URL=https://yourlegalservice \
-e TOKEN="your bearer token here" \
-e ENABLE_DEV_DIAGNOSTICS=1 \
-e ENABLE_ADMIN_UI=1 \
-e GOOGLE_CLOUD_PROJECT=your_google_project \
-e CLOUD_PROVIDER=gcp \
-e POLICY_BUCKET=your_policy_bucket_in_google_cloud \
-v $HOME/.config/gcloud:/root/.config/gcloud \
--name policy-service -p 8080:8080 policy-service:latest
Running OPA in Docker
- Get OPA image
make pull
or
docker pull openpolicyagent/opa --platform linux/amd64
- Start OPA
make opa
- Atlernatively run it in the foreground:
docker run --name opa -p 8181:8181 openpolicyagent/opa run --server
- Atlernatively run it in the background:
docker run -d --name opa -p 8181:8181 openpolicyagent/opa run --server
- Atlernatively run with debugging:
docker run --name opa -p 8181:8181 openpolicyagent/opa run --server --log-level debug
Running Policy Service in Docker
make run
or
docker run -it --rm \
-e OPA_URL=http://host.docker.internal:8181 \
-e ENTITLEMENTS_BASE_URL=ENTITLEMENTS_BASE_URL \
-e ENTITLEMENTS_BASE_PATH=ENTITLEMENTS_BASE_PATH \
-e LEGAL_BASE_URL=LEGAL_BASE_URL \
-e TOKEN="<access token>" \
-e ENABLE_DEV_DIAGNOSTICS=1 \
-e ENABLE_ADMIN_UI=1 \
-e CLOUD_PROVIDER=aws \
-e POLICY_BUCKET=$(POLICY_BUCKET) \
--name policy-service -p 8080:8080 policy-service:latest
Getting Already Built Containers from OSDU
Login with your community username and password.
docker login community.opengroup.org:5555
For the latest (on any branch)
docker pull community.opengroup.org:5555/osdu/platform/security-and-compliance/policy:latest
You can find complete list of containers in gitlab
Building from OSDU
Login with your community username and password.
docker login community.opengroup.org:5555