Sample Docker Compose Deployment File
This topic contains a sample docker-compose.yml file to help you get started. This file is very basic and is not intended for production use. You will need to customize it according to your organization's internal testing environment.
gateway93
This topic contains a sample
docker-compose.yml
file to help you get started. This file is very basic and is not intended for production use. You will need to customize it according to your organization's internal testing environment. For use in a production environment, see Sample OpenShift Deployment Files instead. OpenShift is the recommended PaaS for production deployments.
Many lines in the sample file have been commented-out intentionally, to demonstrate the minimum configuration required by the Container Gateway. This minimal mode is suitable only for advanced users who have a derived image containing all the entities required by the Container Gateway. This mode uses the embedded database, with no Policy Manager access. For use in other scenarios (for example, dev/test), you need Policy Manager access and a standard RDBMS (MySQL). To enable these, uncomment the relevant sections to deploy to a less restrictive environment.
Example docker-compose.yml
Copy and paste the code below to create your own
docker-compose.yml
file, if you do not have one already. Always copy and paste as plain text, to avoid possible reformatting issues. It is recommended that you validate the content in your file before deploying (for example, using a validation site such as yamllint.com).
version: '2.2' services: api-gateway: image: caapim/gateway # cpus: 4 # mem_limit: 6g # memswap_limit: 6g # mem_swappiness: 0 ports: - "8080" - "8443" - "9443" # volumes: # - /opt/SecureSpan/Gateway/node/default/etc/bootstrap/services/restman environment: ACCEPT_LICENSE: "false" # SSG_ADMIN_USERNAME: "adminUser" # SSG_ADMIN_PASSWORD: "somepassword" # SSG_DATABASE_JDBC_URL: "jdbc:mysql://mysql-server:3306/ssg" # SSG_DATABASE_USER: "ssgdbuser" # SSG_DATABASE_PASSWORD: "dbpassword" # SSG_CLUSTER_HOST: "mycompany.host.com" # SSG_CLUSTER_PASSWORD: "clusterpassword" # SSG_JVM_HEAP: "4g" # EXTRA_JAVA_ARGS: "-XX:ParallelGCThreads=4 -Dcom.l7tech.bootstrap.autoTrustSslKey=trustAnchor,TrustedFor.SSL,TrustedFor.SAML_ISSUER" # # mysql-server: # image: mysql:5.7 # mem_limit: 512m # environment: # - MYSQL_RANDOM_ROOT_PASSWORD=true # - MYSQL_USER=ssgdbuser # - MYSQL_PASSWORD=dbpassword # - MYSQL_DATABASE=ssg # command: # - "--character-set-server=utf8" # - "--innodb_log_buffer_size=32M" # - "--innodb_log_file_size=80M" # - "--max_allowed_packet=8M"
By setting the
environment variable to “true”, you are indicating you have a valid and existing commercial license for CA API Gateway and you have reviewed and accepted the terms of the CA End User License Agreement (EULA), which governs your use of CA API Gateway.ACCEPT_LICENSE
- Themysql-serversection of thedocker-compose.ymlfile is governed by the official MySQL image on Docker Hub.. For more information, see MySQL on Docker Hub.
- Make sure theMYSQL_USER/PASSWORDmatches theSSG_DATABASE_USER/PASSWORD.
- When theSSG_DATABASE_USERis "root", you can remove and replace theMYSQL_USER/PASSWORD/DATABASE/RANDOM_ROOT_PASSWORDwithMYSQL_ROOT_PASSWORDthat matches theSSG_DATABASE_PASSWORD.
- Use-Dcom.l7tech.bootstrap.env.license.enable=trueif you want to use theSSG_LICENSEenv var to pass the gzip+base64 license string. However, the suggested way is to mount the license as a secret. For more information on how to do this, see secrets in the Docker Compose file.
- The-Dcom.l7tech.bootstrap.autoTrustSslKey=trustAnchor,TrustedFor.SSL,TrustedFor.SAML_ISSUERis for auto-trusting the public certificate of the .
- Update the
file by addingdocker-compose.yml
to the-Dcom.l7tech.server.transport.jms.topicMasterOnly=false
parameter to all the gateway service definitions to disable using only the master node to execute the policy. Save the changes and restart the containers.EXTRA_JAVA_ARGS