https://cerbos.dev logo
Join Slack
Powered by
Hey! Looking to run Cerbos in `docker-compose` and...
# help
r
Hey! Looking to run Cerbos in 
docker-compose
and attempting to set a config for it, I can't seem to set the server config's yaml file through docker env variables. Is there a recommended approach here? yaml in the thread!
Docker compose:
Copy code
services:
  cerbos:
    image: <http://ghcr.io/cerbos/cerbos:0.21.0|ghcr.io/cerbos/cerbos:0.21.0>
    volumes:
      - '../authz-policies:/policies'
    ports:
      - '3592:3592'
      - '3593:3593'
    environment:
      - CERBOS_CONFIG=/conf.yaml
conf.yaml
lives at 
/authz-policies/conf.yaml
a
At a glance would the path be 
/policies/conf.yaml
?
Also the default config file in the container is:
Copy code
---
server:
  httpListenAddr: ":3592"
  grpcListenAddr: ":3593"

storage:
  driver: "disk"
  disk:
    directory: /policies
    watchForChanges: true
so you don’t need to set a conf file unless you need to set extra options
r
I'm attempting to set the admin API to true atm, I'll make sure my paths are right!
a
here is an example from a sample project
Copy code
cerbos:
    image: <http://ghcr.io/cerbos/cerbos:latest|ghcr.io/cerbos/cerbos:latest>
    ports:
      - "3592:3592"
      - "3593:3593"
    expose:
      - '3592'
      - '3593'
    volumes:
      - ./cerbos/policies:/policies
    restart: unless-stopped
if you want to change that, mount the conf file in the container and then set the 
CERBOS_CONFIG="/path-to-conf.yaml"
r
The simple path adjustment appears to do the trick, but now I'm receiving an error. Error and config below:
{"file":"config.yaml","error":"failed to unmarshal JSON: proto: (line 1:2): unknown field \"server\""}
seems to be the key error.
a
ah yes - the config file can’t be in the same directory as the policies (it will try to read it as a policy file)
Copy code
/mountedDir
/mountedDir/config.yaml
/mountedDir/policies/....policyfiles....
r
I see, essentially I landed on
Copy code
cerbos:
    image: <http://ghcr.io/cerbos/cerbos:0.21.0|ghcr.io/cerbos/cerbos:0.21.0>
    volumes:
      - '../authz-policies/config.yaml:/root/config.yaml'
      - '../authz-policies/policies:/policies'
    ports:
      - '3592:3592'
      - '3593:3593'
    environment:
      - CERBOS_CONFIG=/root/config.yaml
Thanks for the guidance!
Sorry, follow up question! I'm successfully authenticating the admin api now, but getting the following error from 
cerbosctl
when running
Copy code
docker run -it <http://ghcr.io/cerbos/cerbosctl:0.21.0|ghcr.io/cerbos/cerbosctl:0.21.0> \
    --server=localhost:3593 \
    --username=... \
    --password=... \
   --plaintext \
    decisions
Audit log backend does not support querying
a
Which audit backend have you set in your config? https://docs.cerbos.dev/cerbos/latest/configuration/audit.html
The local one needs to be enabled for querying
r
Of course haha, makes sense. Thanks!
a
we can make that error clearer - shall raise an issue
6 Views
Open in Slack
PreviousNext
Powered by