Does anyone know best practices to add cerbos to a docker co Cerbos Community #help

Does anyone know best practices to add cerbos to a...

Saul Martin

03/20/2023, 4:59 PM

Does anyone know best practices to add cerbos to a docker-compose file? I’m having issues getting the config.yml file added in 🙂

Copy code

services:
  cerbos:
    image: <http://ghcr.io/cerbos/cerbos:0.25.0|ghcr.io/cerbos/cerbos:0.25.0>
    container_name: cerbos
    volumes:
      - ./illiquid_assets_api/api/cerbos/policies:/policies
    ports:
      - "3592:3592"
      - "3593:3593"
    command: server --config=/
    restart: unless-stopped

• illiquid_assets_api / api / cerbos / config.yml • illiquid_assets_api / api / cerbos / policies / policy.yml

oguzhan

03/20/2023, 5:05 PM

If you put your

config.yaml

under the

./illiquid_assets_api/api/cerbos/config

directory, something like this should work;

Copy code

services:
  cerbos:
    image: <http://ghcr.io/cerbos/cerbos:0.25.0|ghcr.io/cerbos/cerbos:0.25.0>
    container_name: cerbos
    volumes:
      - ./illiquid_assets_api/api/cerbos/config:/config
      - ./illiquid_assets_api/api/cerbos/policies:/policies
    ports:
      - "3592:3592"
      - "3593:3593"
    restart: unless-stopped
    command:
      - "server"
      - "--config"
      - "/config/config.yaml"

Saul Martin

03/20/2023, 5:18 PM

It’s a silly issue but seems not to be working still

Copy code

cerbos: error: --config: stat /config/config.yaml: no such file or directory

Charith (Cerbos)

03/20/2023, 5:22 PM

If you don't have a custom config file (which seems to be the case based on your original Docker compose file) then you don't need to define the

command

field. Just delete that and try again.

Saul Martin

03/20/2023, 5:32 PM

I do have a custom config.yml file in

/config/config.yaml

Charith (Cerbos)

03/20/2023, 5:34 PM

What does your Compose file look like now?

Saul Martin

03/20/2023, 5:41 PM

Copy code

version: '3'

services:
  cerbos:
    image: <http://ghcr.io/cerbos/cerbos:0.25.0|ghcr.io/cerbos/cerbos:0.25.0>
    container_name: cerbos
    volumes:
      - ./illiquid_assets_api/api/cerbos/config:/config
      - ./illiquid_assets_api/api/cerbos/policies:/policies
    ports:
      - "3592:3592"
      - "3593:3593"
    restart: unless-stopped
    command:
      - "server"
      - "--config"
      - "/config/config.yaml"
  database:
    image: postgres:14.5
    container_name: database
    platform: linux/amd64
    restart: always
    environment:
      POSTGRES_USER: ${POSTGRES_USER}
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
      POSTGRES_DB: ${POSTGRES_DB}
    ports:
      - ${POSTGRES_PORT}:${POSTGRES_PORT}
    volumes:
      - db-data:/var/lib/postgresql/data
    networks:
      default:
        aliases:
          - postgres
  api:
    build: .
    container_name: api-server
    env_file:
      - .env
    ports:
      - "8006:8006"
volumes:
  db-data:

Charith (Cerbos)

03/20/2023, 5:54 PM

Hmm...I don't see anything obviously wrong in it. The file

illiquid_assets_api/api/cerbos/config/config.yaml

, really does exist, right? Is the extension correct (

yaml

yml

is a common mistake) and does it have the correct permissions (i.e. world readable)

Saul Martin

03/20/2023, 6:17 PM

it is working now thanks! it seems I was using .yml for the config file . Thanks for the support!

👍 1

19 Views

Open in Slack

Previous Next