Rafael Szuminski
02/06/2024, 11:17 PMDennis (Cerbos)
Rafael Szuminski
02/06/2024, 11:44 PMserver:
httpListenAddr: ":3592"
grpcListenAddr: ":3593"
cors: # CORS defines the CORS configuration for the server.
allowedHeaders: [ 'content-type', 'user-agent' ] # AllowedHeaders is the contents of the allowed-headers header.
allowedOrigins: [ '*' ] # AllowedOrigins is the contents of the allowed-origins header.
disabled: false # Disabled sets whether CORS is disabled.
maxAge: 10s # MaxAge is the max age of the CORS preflight check.
engine:
defaultPolicyVersion: "default"
auxData:
jwt:
disableVerification: true
storage:
driver: "disk"
disk:
directory: "/policies"
watchForChanges: true
telemetry:
disabled: true
Rafael Szuminski
02/06/2024, 11:46 PMcerbos:
image: ghcr.io/cerbos/cerbos:latest
command: "server --config=/conf/config.yaml"
ports:
- "3592:3592"
- "3593:3593"
volumes:
- ../cerbos/conf:/conf
- ../cerbos/policies:/policies
networks:
- xxxx_network
restart: unless-stopped
labels:
- "traefik.enable=true"
- "traefik.http.routers.cerbos.rule=Host(`xxx.xxx.com`)"
- "traefik.http.routers.cerbos.entrypoints=websecure"
- "traefik.http.routers.cerbos.tls.certresolver=myresolver"
- "traefik.http.services.cerbos.loadbalancer.server.port=3592"
Rafael Szuminski
02/06/2024, 11:54 PM{"log.level":"info","@timestamp":"2024-02-06T23:52:08.661Z","log.logger":"cerbos.server","message":"Shutting down"}
{"log.level":"info","@timestamp":"2024-02-06T23:52:08.661Z","log.logger":"cerbos.dir.watch","message":"Stopped watching directory for changes","dir":"/policies"}
{"log.level":"info","@timestamp":"2024-02-06T23:52:08.661Z","log.logger":"cerbos.http","message":"HTTP server stopped"}
{"log.level":"info","@timestamp":"2024-02-06T23:52:08.661Z","log.logger":"cerbos.grpc","message":"gRPC server stopped"}
{"log.level":"info","@timestamp":"2024-02-06T23:52:08.662Z","log.logger":"cerbos.server","message":"Shutdown complete"}
{"log.level":"info","@timestamp":"2024-02-06T23:52:08.662Z","log.logger":"cerbos.server","message":"maxprocs: No GOMAXPROCS change to reset"}
{"log.level":"info","@timestamp":"2024-02-06T23:52:22.030Z","log.logger":"cerbos.server","message":"maxprocs: Leaving GOMAXPROCS=20: CPU quota undefined"}
{"log.level":"info","@timestamp":"2024-02-06T23:52:22.030Z","log.logger":"cerbos.server","message":"Loading configuration from /conf/config.yaml"}
{"log.level":"info","@timestamp":"2024-02-06T23:52:22.032Z","log.logger":"cerbos.disk.store","message":"Initializing disk store from /policies"}
{"log.level":"info","@timestamp":"2024-02-06T23:52:22.107Z","log.logger":"cerbos.index","message":"Found 50 executable policies"}
{"log.level":"info","@timestamp":"2024-02-06T23:52:22.108Z","log.logger":"cerbos.telemetry","message":"Telemetry disabled"}
{"log.level":"info","@timestamp":"2024-02-06T23:52:22.108Z","log.logger":"cerbos.dir.watch","message":"Watching directory for changes","dir":"/policies"}
{"log.level":"info","@timestamp":"2024-02-06T23:52:22.108Z","log.logger":"cerbos.grpc","message":"Starting gRPC server at :3593"}
{"log.level":"info","@timestamp":"2024-02-06T23:52:22.109Z","log.logger":"cerbos.http","message":"Starting HTTP server at :3592"}
{"log.level":"info","@timestamp":"2024-02-06T23:53:38.309Z","log.logger":"cerbos.grpc","message":"Handled request","protocol":"grpc","grpc.component":"server","grpc.service":"cerbos.svc.v1.CerbosService","grpc.method":"CheckResources","grpc.method_type":"unary","cerbos":{"call_id":"01HP0DEV85Y1PPYA3Y74EWVTP1"},"http":{"x_forwarded_for":["172.19.0.5"]
Rafael Szuminski
02/06/2024, 11:55 PMRafael Szuminski
02/07/2024, 12:01 AMDennis (Cerbos)
Rafael Szuminski
02/07/2024, 12:02 AMDennis (Cerbos)
Rafael Szuminski
02/07/2024, 12:04 AMRafael Szuminski
02/07/2024, 12:05 AMDennis (Cerbos)
Dennis (Cerbos)
Rafael Szuminski
02/07/2024, 12:16 AMRafael Szuminski
02/07/2024, 12:18 AMRafael Szuminski
02/07/2024, 12:20 AMRafael Szuminski
02/07/2024, 12:21 AMDennis (Cerbos)
Rafael Szuminski
02/07/2024, 12:29 AMRafael Szuminski
02/07/2024, 12:41 AMdocker run --name cerbos-test -d -v ./conf:/conf -v ./policies:/policies -p 3592:3592 -p 3593:3593 cerbos/cerbos:latest server --config=/conf/config.yaml
and result is:
419776b826b7 cerbos/cerbos:latest "/cerbos server --co…" 37 seconds ago Up 37 seconds (health: starting) 0.0.0.0:3592-3593->3592-3593/tcp cerbos-test
Rafael Szuminski
02/07/2024, 12:42 AMDennis (Cerbos)
Rafael Szuminski
02/07/2024, 2:27 AMDennis (Cerbos)
Rafael Szuminski
02/07/2024, 6:20 AMdocker run --rm --name cerbos-test -d -v ./conf:/conf -v ./test_policies:/policies -p 3592:3592 -p 3593:3593 cerbos/cerbos:latest server --config=/conf/config.yaml
Rafael Szuminski
02/07/2024, 6:20 AMRafael Szuminski
02/07/2024, 6:25 AMdocker exec -it cerbos-test /bin/sh
Do you have any other means of attaching to the container?Dennis (Cerbos)
Dennis (Cerbos)
Charith (Cerbos)
cerbos:
image: ghcr.io/cerbos/cerbos:latest
healthcheck:
test: ["CMD", "/cerbos", "healthcheck"]
interval: 5s
Cerbos itself starts almost instantly. You can confirm this with curl localhost:3592/_cerbos/health
. It's the Docker Compose orchestrator that's adding the extra delay until all healthchecks are accounted.Rafael Szuminski
02/07/2024, 6:28 PM