agentic-rtb-framework/docker-compose.yml at main · IABTechLab/agentic-rtb-framework · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
version: '3.8'

services:
  artf-agent:
    build:
      context: .
      dockerfile: Dockerfile
    ports:
      - "50051:50051"  # gRPC
      - "50052:50052"  # MCP
      - "8081:8081"    # Web UI
      - "8080:8080"    # Health checks
    environment:
      - GRPC_PORT=50051
      - MCP_PORT=50052
      - WEB_PORT=8081
      - HEALTH_PORT=8080
    command:
      - "--enable-grpc"
      - "--enable-mcp"
      - "--enable-web"
      - "--grpc-port=50051"
      - "--mcp-port=50052"
      - "--web-port=8081"
      - "--health-port=8080"
    healthcheck:
      test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:8080/health/ready"]
      interval: 10s
      timeout: 5s
      retries: 3
      start_period: 10s
    deploy:
      resources:
        limits:
          cpus: '0.5'
          memory: 256M
        reservations:
          cpus: '0.25'
          memory: 128M
    # Security settings per ARTF spec
    security_opt:
      - no-new-privileges:true
    read_only: true
    cap_drop:
      - ALL
    # Network isolation per ARTF spec
    networks:
      - artf-network

  # gRPC-only service variant
  artf-grpc:
    build:
      context: .
      dockerfile: Dockerfile
    profiles: ["grpc-only"]
    ports:
      - "50051:50051"
      - "8080:8080"
    command:
      - "--enable-grpc"
      - "--enable-mcp=false"
      - "--enable-web=false"
    healthcheck:
      test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:8080/health/ready"]
      interval: 10s
      timeout: 5s
      retries: 3
    security_opt:
      - no-new-privileges:true
    read_only: true
    cap_drop:
      - ALL
    networks:
      - artf-network

  # MCP-only service variant
  artf-mcp:
    build:
      context: .
      dockerfile: Dockerfile
    profiles: ["mcp-only"]
    ports:
      - "50052:50052"
      - "8080:8080"
    command:
      - "--enable-grpc=false"
      - "--enable-mcp"
      - "--enable-web=false"
    healthcheck:
      test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:8080/health/ready"]
      interval: 10s
      timeout: 5s
      retries: 3
    security_opt:
      - no-new-privileges:true
    read_only: true
    cap_drop:
      - ALL
    networks:
      - artf-network

networks:
  artf-network:
    driver: bridge
    internal: false  # Set to true for production to block external access