|
1 | 1 | # Name of your application. Used to uniquely configure containers. |
2 | | -service: my-app |
| 2 | +service: btaa-data-api |
3 | 3 |
|
4 | 4 | # Name of the container image. |
5 | | -image: my-user/my-app |
| 5 | +image: ghcr.io/ewlarson/btaa-data-api |
| 6 | + |
| 7 | +builder: |
| 8 | + arch: amd64 |
| 9 | + |
| 10 | +ssh: |
| 11 | + user: <%= ENV['KAMAL_SSH_USER'] %> |
6 | 12 |
|
7 | 13 | # Deploy to these servers. |
8 | 14 | servers: |
9 | 15 | web: |
10 | | - - 192.168.0.1 |
11 | | - # job: |
12 | | - # hosts: |
13 | | - # - 192.168.0.1 |
14 | | - # cmd: bin/jobs |
| 16 | + hosts: |
| 17 | + - <%= ENV['KAMAL_HOST'] %> |
| 18 | + cmd: uvicorn main:app --host 0.0.0.0 --port 8000 |
| 19 | + |
| 20 | + worker: |
| 21 | + hosts: |
| 22 | + - <%= ENV['KAMAL_HOST'] %> |
| 23 | + cmd: celery -A app.tasks.worker worker --loglevel=INFO |
| 24 | + |
| 25 | + flower: |
| 26 | + hosts: |
| 27 | + - <%= ENV['KAMAL_HOST'] %> |
| 28 | + cmd: celery -A app.tasks.worker flower --port=5555 |
15 | 29 |
|
16 | 30 | # Enable SSL auto certification via Let's Encrypt and allow for multiple apps on a single web server. |
17 | 31 | # Remove this section when using multiple web servers and ensure you terminate SSL at your load balancer. |
18 | 32 | # |
19 | 33 | # Note: If using Cloudflare, set encryption mode in SSL/TLS setting to "Full" to enable CF-to-app encryption. |
20 | 34 | proxy: |
21 | 35 | ssl: true |
22 | | - host: app.example.com |
23 | | - # Proxy connects to your container on port 80 by default. |
24 | | - # app_port: 3000 |
| 36 | + host: <%= ENV['KAMAL_HOST'] %> |
| 37 | + app_port: 8000 |
| 38 | + healthcheck: |
| 39 | + path: /api/docs |
25 | 40 |
|
26 | 41 | # Credentials for your image host. |
27 | 42 | registry: |
28 | | - # Specify the registry server, if you're not using Docker Hub |
29 | | - # server: registry.digitalocean.com / ghcr.io / ... |
30 | | - username: my-user |
31 | | - |
32 | | - # Always use an access token rather than real password (pulled from .kamal/secrets). |
| 43 | + server: ghcr.io |
| 44 | + username: <%= ENV['KAMAL_REGISTRY_USERNAME'] %> |
33 | 45 | password: |
34 | 46 | - KAMAL_REGISTRY_PASSWORD |
35 | 47 |
|
36 | | -# Configure builder setup. |
37 | | -builder: |
38 | | - arch: amd64 |
39 | | - # Pass in additional build args needed for your Dockerfile. |
40 | | - # args: |
41 | | - # RUBY_VERSION: <%= ENV["RBENV_VERSION"] || ENV["rvm_ruby_string"] || "#{RUBY_ENGINE}-#{RUBY_ENGINE_VERSION}" %> |
| 48 | +# ───────────────── ENV passed into *every* container ──────────────── |
| 49 | +env: |
| 50 | + clear: |
| 51 | + ELASTICSEARCH_URL: http://btaa-data-api-elasticsearch:9200 |
| 52 | + REDIS_URL: redis://btaa-data-api-redis:6379/0 |
| 53 | + CELERY_BROKER_URL: redis://btaa-data-api-redis:6379/0 |
| 54 | + CELERY_RESULT_BACKEND: redis://btaa-data-api-redis:6379/1 |
| 55 | + ELASTICSEARCH_INDEX: btaa_data_api |
| 56 | + REDIS_TTL: "604800" |
| 57 | + LOG_LEVEL: DEBUG |
| 58 | + ENDPOINT_CACHE: "true" |
| 59 | + GAZETTEER_CACHE_TTL: "3600" |
| 60 | + APP_MODE: production |
| 61 | + APPLICATION_URL: https://<%= ENV['KAMAL_HOST'] %> |
| 62 | + PYTHONUNBUFFERED: "1" |
| 63 | + PYTHONPATH: /app |
42 | 64 |
|
43 | | -# Inject ENV variables into containers (secrets come from .kamal/secrets). |
44 | | -# |
45 | | -# env: |
46 | | -# clear: |
47 | | -# DB_HOST: 192.168.0.2 |
48 | | -# secret: |
49 | | -# - RAILS_MASTER_KEY |
50 | | - |
51 | | -# Aliases are triggered with "bin/kamal <alias>". You can overwrite arguments on invocation: |
52 | | -# "bin/kamal app logs -r job" will tail logs from the first server in the job section. |
53 | | -# |
54 | | -# aliases: |
55 | | -# shell: app exec --interactive --reuse "bash" |
| 65 | + secret: |
| 66 | + - POSTGRES_PASSWORD |
| 67 | + - DATABASE_URL |
| 68 | + - OPENAI_API_KEY |
| 69 | + - OPENAI_MODEL |
| 70 | + - ADMIN_USERNAME |
| 71 | + - ADMIN_PASSWORD |
56 | 72 |
|
57 | | -# Use a different ssh user than root |
58 | | -# |
59 | | -# ssh: |
60 | | -# user: app |
| 73 | +# ────────────── Accessories (one per Compose service) ────────────── |
| 74 | +accessories: |
| 75 | + elasticsearch: |
| 76 | + image: docker.elastic.co/elasticsearch/elasticsearch:9.0.0 |
| 77 | + roles: [web, worker, flower] |
| 78 | + env: |
| 79 | + clear: |
| 80 | + discovery.type: single-node |
| 81 | + xpack.security.enabled: "false" |
| 82 | + ES_JAVA_OPTS: "-Xms2g -Xmx2g" |
| 83 | + cluster.routing.allocation.disk.threshold_enabled: "true" |
| 84 | + # only listen on localhost |
| 85 | + port: "127.0.0.1:9200:9200" |
| 86 | + directories: |
| 87 | + - esdata:/usr/share/elasticsearch/data |
61 | 88 |
|
62 | | -# Use a persistent storage volume. |
63 | | -# |
64 | | -# volumes: |
65 | | -# - "app_storage:/app/storage" |
| 89 | + paradedb: |
| 90 | + image: paradedb/paradedb:0.18.11 |
| 91 | + roles: [web, worker, flower] |
| 92 | + env: |
| 93 | + clear: |
| 94 | + POSTGRES_USER: postgres |
| 95 | + POSTGRES_DB: btaa_ogm_api |
| 96 | + secret: |
| 97 | + - POSTGRES_PASSWORD |
66 | 98 |
|
67 | | -# Bridge fingerprinted assets, like JS and CSS, between versions to avoid |
68 | | -# hitting 404 on in-flight requests. Combines all files from new and old |
69 | | -# version inside the asset_path. |
70 | | -# |
71 | | -# asset_path: /app/public/assets |
| 99 | + # only listen on localhost |
| 100 | + port: "127.0.0.1:5432:5432" |
| 101 | + directories: |
| 102 | + - pgdata:/var/lib/postgresql/data |
72 | 103 |
|
73 | | -# Configure rolling deploys by setting a wait time between batches of restarts. |
74 | | -# |
75 | | -# boot: |
76 | | -# limit: 10 # Can also specify as a percentage of total hosts, such as "25%" |
77 | | -# wait: 2 |
| 104 | + redis: |
| 105 | + image: redis:7.4.6-alpine |
| 106 | + roles: [web, worker, flower] |
| 107 | + cmd: redis-server --appendonly yes |
| 108 | + directories: |
| 109 | + - redisdata:/data |
78 | 110 |
|
79 | | -# Use accessory services (secrets come from .kamal/secrets). |
80 | | -# |
81 | | -# accessories: |
82 | | -# db: |
83 | | -# image: mysql:8.0 |
84 | | -# host: 192.168.0.2 |
85 | | -# port: 3306 |
86 | | -# env: |
87 | | -# clear: |
88 | | -# MYSQL_ROOT_HOST: '%' |
89 | | -# secret: |
90 | | -# - MYSQL_ROOT_PASSWORD |
91 | | -# files: |
92 | | -# - config/mysql/production.cnf:/etc/mysql/my.cnf |
93 | | -# - db/production.sql:/docker-entrypoint-initdb.d/setup.sql |
94 | | -# directories: |
95 | | -# - data:/var/lib/mysql |
96 | | -# redis: |
97 | | -# image: valkey/valkey:8 |
98 | | -# host: 192.168.0.2 |
99 | | -# port: 6379 |
100 | | -# directories: |
101 | | -# - data:/data |
| 111 | +volumes: |
| 112 | + - esdata |
| 113 | + - pgdata |
| 114 | + - redisdata |
0 commit comments