61 lines
1.6 KiB
YAML
61 lines
1.6 KiB
YAML
services:
|
|
gateway:
|
|
image: liquidcode-tester-gateway:latest
|
|
container_name: liquidcode-tester-gateway
|
|
build:
|
|
context: .
|
|
dockerfile: src/LiquidCode.Tester.Gateway/Dockerfile
|
|
ports:
|
|
- "8080:8080"
|
|
environment:
|
|
- ASPNETCORE_ENVIRONMENT=Development
|
|
- Workers__Cpp=http://worker:8080
|
|
- Workers__Java=http://worker:8080
|
|
- Workers__Kotlin=http://worker:8080
|
|
- Workers__CSharp=http://worker:8080
|
|
- Workers__Python=http://worker:8080
|
|
networks:
|
|
- liquidcode-network
|
|
depends_on:
|
|
- worker
|
|
# Security hardening for Gateway
|
|
security_opt:
|
|
- no-new-privileges:true
|
|
cap_drop:
|
|
- ALL
|
|
|
|
worker:
|
|
image: liquidcode-tester-worker:latest
|
|
container_name: liquidcode-tester-worker
|
|
build:
|
|
context: .
|
|
dockerfile: src/LiquidCode.Tester.Worker/Dockerfile
|
|
ports:
|
|
- "8081:8080"
|
|
environment:
|
|
- ASPNETCORE_ENVIRONMENT=Development
|
|
networks:
|
|
- liquidcode-network
|
|
# Security hardening for Worker
|
|
security_opt:
|
|
- no-new-privileges:true
|
|
- apparmor=docker-default
|
|
cap_drop:
|
|
- ALL
|
|
cap_add:
|
|
- SYS_ADMIN # Required for Isolate namespaces
|
|
- SETUID # Required for Isolate to change user context
|
|
- SETGID # Required for Isolate to change group context
|
|
# Temporary filesystem for compilation and testing
|
|
tmpfs:
|
|
- /tmp:exec,size=4G
|
|
# Resource limits to prevent DoS
|
|
ulimits:
|
|
nproc: 1024 # Max processes
|
|
nofile: 2048 # Max open files
|
|
|
|
networks:
|
|
liquidcode-network:
|
|
driver: bridge
|
|
|