https://cerbos.dev logo
Title
s

Saul Martin

03/20/2023, 4:59 PM
Does anyone know best practices to add cerbos to a docker-compose file? I’m having issues getting the config.yml file added in 🙂
services:
  cerbos:
    image: <http://ghcr.io/cerbos/cerbos:0.25.0|ghcr.io/cerbos/cerbos:0.25.0>
    container_name: cerbos
    volumes:
      - ./illiquid_assets_api/api/cerbos/policies:/policies
    ports:
      - "3592:3592"
      - "3593:3593"
    command: server --config=/
    restart: unless-stopped
• illiquid_assets_api / api / cerbos / config.yml • illiquid_assets_api / api / cerbos / policies / policy.yml
o

oguzhan

03/20/2023, 5:05 PM
If you put your
config.yaml
under the
./illiquid_assets_api/api/cerbos/config
directory, something like this should work;
services:
  cerbos:
    image: <http://ghcr.io/cerbos/cerbos:0.25.0|ghcr.io/cerbos/cerbos:0.25.0>
    container_name: cerbos
    volumes:
      - ./illiquid_assets_api/api/cerbos/config:/config
      - ./illiquid_assets_api/api/cerbos/policies:/policies
    ports:
      - "3592:3592"
      - "3593:3593"
    restart: unless-stopped
    command:
      - "server"
      - "--config"
      - "/config/config.yaml"
s

Saul Martin

03/20/2023, 5:18 PM
It’s a silly issue but seems not to be working still
cerbos: error: --config: stat /config/config.yaml: no such file or directory
c

Charith (Cerbos)

03/20/2023, 5:22 PM
If you don't have a custom config file (which seems to be the case based on your original Docker compose file) then you don't need to define the
command
field. Just delete that and try again.
s

Saul Martin

03/20/2023, 5:32 PM
I do have a custom config.yml file in
/config/config.yaml
c

Charith (Cerbos)

03/20/2023, 5:34 PM
What does your Compose file look like now?
s

Saul Martin

03/20/2023, 5:41 PM
version: '3'

services:
  cerbos:
    image: <http://ghcr.io/cerbos/cerbos:0.25.0|ghcr.io/cerbos/cerbos:0.25.0>
    container_name: cerbos
    volumes:
      - ./illiquid_assets_api/api/cerbos/config:/config
      - ./illiquid_assets_api/api/cerbos/policies:/policies
    ports:
      - "3592:3592"
      - "3593:3593"
    restart: unless-stopped
    command:
      - "server"
      - "--config"
      - "/config/config.yaml"
  database:
    image: postgres:14.5
    container_name: database
    platform: linux/amd64
    restart: always
    environment:
      POSTGRES_USER: ${POSTGRES_USER}
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
      POSTGRES_DB: ${POSTGRES_DB}
    ports:
      - ${POSTGRES_PORT}:${POSTGRES_PORT}
    volumes:
      - db-data:/var/lib/postgresql/data
    networks:
      default:
        aliases:
          - postgres
  api:
    build: .
    container_name: api-server
    env_file:
      - .env
    ports:
      - "8006:8006"
volumes:
  db-data:
c

Charith (Cerbos)

03/20/2023, 5:54 PM
Hmm...I don't see anything obviously wrong in it. The file
illiquid_assets_api/api/cerbos/config/config.yaml
, really does exist, right? Is the extension correct (
yaml
vs
yml
is a common mistake) and does it have the correct permissions (i.e. world readable)
s

Saul Martin

03/20/2023, 6:17 PM
it is working now thanks! it seems I was using .yml for the config file . Thanks for the support!