zitadel/docs/docs/guides/installation/loadbalancing-example/docker-compose.yaml

version: '3.8'
services:

  traefik:
    networks:
      - 'zitadel'
    image: "traefik:v2.7"
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - "./example-traefik.yaml:/etc/traefik/traefik.yaml"

  zitadel:
    restart: 'always'
    networks:
      - 'zitadel'
    image: 'ghcr.io/zitadel/zitadel:v2.0.0-v2-alpha.39-amd64'
    command: 'start-from-init --config /example-zitadel-config.yaml --config /example-zitadel-secrets.yaml --steps /example-zitadel-init-steps.yaml --masterkey "${ZITADEL_MASTERKEY}" --tlsMode external'
    depends_on:
      chown:
        condition: 'service_completed_successfully'

    volumes:
      - './example-zitadel-config.yaml:/example-zitadel-config.yaml:ro'
      - './example-zitadel-secrets.yaml:/example-zitadel-secrets.yaml:ro'
      - './example-zitadel-init-steps.yaml:/example-zitadel-init-steps.yaml:ro'
      - 'zitadel-certs:/crdb-certs:ro'

  chown:
    image: 'cockroachdb/cockroach:v22.1.0'
    entrypoint: [ '/bin/bash', '-c' ]
    command: [ 'cp /certs/ca.crt /zitadel-certs/ && cp /certs/client.root.crt /zitadel-certs/ && cp /certs/client.root.key /zitadel-certs/ && chown 1000:1000 /zitadel-certs/* && chmod 0400 /zitadel-certs/*' ]
    volumes:
      - 'certs:/certs:ro'
      - 'zitadel-certs:/zitadel-certs:rw'
    depends_on:
      my-cockroach-db:
        condition: 'service_healthy'

  my-cockroach-db:
    restart: 'always'
    networks:
      - 'zitadel'
    image: 'cockroachdb/cockroach:v22.1.0'
    command: 'start-single-node --advertise-addr my-cockroach-db'
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:8080/health?ready=1"]
      interval: '10s'
      timeout: '30s'
      retries: 5
      start_period: '20s'
    ports:
      - '9090:8080'
      - '26257:26257'
    volumes:
      - 'certs:/cockroach/certs:rw'
      - 'data:/cockroach/cockroach-data:rw'

networks:
  zitadel:

volumes:
  certs:
  zitadel-certs:
  data: