Skip to content

Instantly share code, notes, and snippets.

@dheerapat

dheerapat/docker.yaml

Last active January 28, 2026 05:32
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save dheerapat/db5909a9252d8a917c2ef772bbdfead7 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save dheerapat/db5909a9252d8a917c2ef772bbdfead7 to your computer and use it in GitHub Desktop.
Download ZIP
lakehouse-lakekeeper
Raw
docker.yaml
services:
postgres-db:
image: postgres:latest
container_name: postgres-db
environment:
POSTGRES_USER: admin
POSTGRES_PASSWORD: pass
POSTGRES_DB: postgres
TZ: UTC
ports:
- "5432:5432"
volumes:
- postgres-data:/var/lib/postgresql
restart: unless-stopped
healthcheck:
test: ["CMD-SHELL", "pg_isready -U admin -d postgres"]
interval: 5s
timeout: 5s
retries: 10
start_period: 10s
networks:
- iceberg_net
redis:
image: docker.io/library/redis:alpine
command: --save 60 1 --loglevel warning
restart: unless-stopped
healthcheck:
test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
interval: 30s
timeout: 3s
retries: 5
volumes:
- redis-data:/data
networks:
- iceberg_net
rustfs:
image: rustfs/rustfs:latest
container_name: rustfs_local
ports:
- "9000:9000"
- "9001:9001"
volumes:
- rustfs-data:/data
restart: unless-stopped
networks:
- iceberg_net
authentik-server:
image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.12.1}
command: server
environment:
- AUTHENTIK_POSTGRESQL__HOST=postgres-db
- AUTHENTIK_POSTGRESQL__NAME=postgres
- AUTHENTIK_POSTGRESQL__USER=admin
- AUTHENTIK_POSTGRESQL__PASSWORD=pass
- AUTHENTIK_POSTGRESQL__PORT=5432
- AUTHENTIK_REDIS__HOST=redis
- AUTHENTIK_SECRET_KEY=${AUTHENTIK_SECRET_KEY:-super_secret}
volumes:
- auth-data:/data
- templates:/templates
ports:
- "9090:9000"
- "9443:9443"
depends_on:
postgres-db:
condition: service_healthy
redis:
condition: service_healthy
networks:
- iceberg_net
authentik-worker:
image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.12.1}
command: worker
environment:
- AUTHENTIK_POSTGRESQL__HOST=postgres-db
- AUTHENTIK_POSTGRESQL__NAME=postgres
- AUTHENTIK_POSTGRESQL__USER=admin
- AUTHENTIK_POSTGRESQL__PASSWORD=pass
- AUTHENTIK_POSTGRESQL__PORT=5432
- AUTHENTIK_REDIS__HOST=redis
- AUTHENTIK_SECRET_KEY=${AUTHENTIK_SECRET_KEY:-super_secret}
user: root
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- auth-data:/data
- certs:/certs
- templates:/templates
depends_on:
postgres-db:
condition: service_healthy
networks:
- iceberg_net
lakekeeper:
image: &lakekeeper-image quay.io/lakekeeper/catalog:latest-main
pull_policy: always
environment: &lakekeeper-environment
- LAKEKEEPER__PG_ENCRYPTION_KEY=this-is-super-secret
- LAKEKEEPER__PG_DATABASE_URL_READ=postgresql://admin:pass@postgres-db:5432/postgres
- LAKEKEEPER__PG_DATABASE_URL_WRITE=postgresql://admin:pass@postgres-db:5432/postgres
- LAKEKEEPER__OPENFGA__ENDPOINT=http://openfga:8081
- LAKEKEEPER__AUTHZ_BACKEND=openfga
- LAKEKEEPER__OPENID_PROVIDER_URI=http://localhost:9090/application/o/lakekeeper/
- LAKEKEEPER__OPENID_AUDIENCE=lakekeeper-client-id
- LAKEKEEPER__UI__OPENID_CLIENT_ID=lakekeeper-client-id
- LAKEKEEPER__UI__OPENID_SCOPE=openid profile email
command: ["serve"]
healthcheck:
test: ["CMD", "/home/nonroot/lakekeeper", "healthcheck"]
interval: 5s
timeout: 10s
retries: 3
start_period: 5s
depends_on:
migrate:
condition: service_completed_successfully
authentik-server:
condition: service_started
extra_hosts:
- "localhost:host-gateway"
ports:
- "8181:8181"
networks:
- iceberg_net
migrate:
image: *lakekeeper-image
environment: *lakekeeper-environment
restart: "no"
command: ["migrate"]
depends_on:
postgres-db:
condition: service_healthy
openfga:
condition: service_healthy
networks:
- iceberg_net
openfga-db:
image: postgres:latest
container_name: openfga-db
environment:
- POSTGRES_PASSWORD=postgres
- POSTGRES_USER=postgres
- POSTGRES_DB=postgres
command: -c 'max_connections=500'
healthcheck:
test: ["CMD-SHELL", "pg_isready -U postgres -p 5432 -d postgres"]
interval: 2s
timeout: 10s
retries: 5
start_period: 10s
volumes:
- openfga-db-data:/var/lib/postgresql
networks:
- iceberg_net
openfga-migrate:
image: openfga/openfga:v1.8
command: migrate
environment:
- OPENFGA_DATASTORE_ENGINE=postgres
- OPENFGA_DATASTORE_URI=postgres://postgres:postgres@openfga-db:5432/postgres?sslmode=disable
networks:
- iceberg_net
depends_on:
openfga-db:
condition: service_healthy
openfga:
image: openfga/openfga:v1.8
container_name: openfga
command: run
depends_on:
openfga-db:
condition: service_healthy
openfga-migrate:
condition: service_completed_successfully
authentik-server:
condition: service_started
environment:
- OPENFGA_DATASTORE_ENGINE=postgres
- OPENFGA_DATASTORE_URI=postgres://postgres:postgres@openfga-db:5432/postgres?sslmode=disable
- OPENFGA_PLAYGROUND_ENABLED=false
- OPENFGA_AUTHN_METHOD=none
# - OPENFGA_AUTHN_METHOD=oidc
# - OPENFGA_AUTHN_OIDC_ISSUER=http://authentik-server:9000/application/o/lakekeeper/
# - OPENFGA_AUTHN_OIDC_AUDIENCE=openfga
networks:
- iceberg_net
healthcheck:
test: ["CMD", "/usr/local/bin/grpc_health_probe", "-addr=openfga:8081"]
interval: 5s
timeout: 30s
retries: 3
networks:
iceberg_net:
driver: bridge
volumes:
postgres-data:
driver: local
rustfs-data:
driver: local
redis-data:
driver: local
auth-data:
driver: local
certs:
driver: local
templates:
driver: local
openfga-db-data:
driver: local
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment