gc-infra/iac/ansible/roles/kestra/templates/docker-compose.yml.j2

networks:
  internal:
  {{ traefik_public_net }}:
    external: true

services:
  postgres:
    image: postgres:17
    volumes:
      - {{ data_dir }}/data/db:/var/lib/postgresql/data
    environment:
      POSTGRES_DB: {{ kestra.db.name }}
      POSTGRES_USER: {{ kestra.db.user }}
      POSTGRES_PASSWORD: "{{ kestra.db.pass }}"
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -d '$${POSTGRES_DB}' -U $${POSTGRES_USER}"]
      interval: 30s
      timeout: 10s
      retries: 10
    networks:
      - internal
    deploy:
      mode: replicated
      replicas: 1

  kestra:
    image: kestra/kestra:v0.24.2
    entrypoint: /bin/bash
    # Note that this is meant for development only. Refer to the documentation for production deployments of Kestra which runs without a root user.
    user: "root"
    command:
      - -c
      - /app/kestra server standalone --worker-thread=128
    volumes:
      - {{ data_dir }}/data/data:/app/storage
      - /var/run/docker.sock:/var/run/docker.sock
      - /tmp/kestra-wd:/tmp/kestra-wd
    environment:
      KESTRA_CONFIGURATION: |
        datasources:
          postgres:
            url: jdbc:postgresql://postgres:5432/kestra
            driverClassName: org.postgresql.Driver
            username: {{ kestra.db.user }}
            password: {{ kestra.db.pass }}
        kestra:
          tutorialFlows:
            enabled: false
          traces:
            root: DEFAULT
          micronaut:
            metrics:
              export:
                otlp:
                  enabled: true
                  url: http://signoz_otel-collector:4318/v1/metrics
          otel:
            traces:
              exporter: otlp
            exporter:
              otlp:
                endpoint: http://signoz_otel-collector:4318
          server:
            basic-auth:
              username: {{ kestra.basic_auth.user }}
              password: {{ kestra.basic_auth.pass }} 
          repository:
            type: postgres
          storage:
            type: local
            local:
              base-path: "/app/storage"
          queue:
            type: postgres
          tasks:
            tmp-dir:
              path: /tmp/kestra-wd/tmp
          url: http://localhost:8080/
    networks:
      - {{ traefik_public_net }}
      - internal
    deploy:
      mode: replicated
      replicas: 1
      labels:
        - "traefik.enable=true"
        - "traefik.swarm.network={{ traefik_public_net }}"
        - "traefik.http.routers.kestra.rule=Host(`{{ subdomain }}.{{ main_domain }}`)"
        - "traefik.http.routers.kestra.entrypoints=https"
        - "traefik.http.routers.kestra.tls=true"
        - "traefik.http.routers.kestra.tls.certresolver=main"
        - "traefik.http.services.kestra.loadbalancer.server.port=8080"