✅ Working configuration: migrated to Docker, Kong gateway proxy functional, external Keycloak detected

.gitignore

@@ -15,6 +15,8 @@ pip-wheel-metadata/
 .venv/
 venv/
 .env/
+.idp_flag
+
 # Poetry / pipenv virtual envs
 .poetry/
 .pipenv/

Makefile

@@ -9,14 +9,14 @@ export $(shell sed -E 's/#.*//' .env | cut -d= -f1)
 endif
 
 # ─────────────  rest of your Makefile below  ─────────────
-compose = podman-compose -f dev-compose.yaml
+compose = docker compose -f dev-compose.yaml
 #
 
 # ----------------------------------------------------------
 #  Helpers
 # ----------------------------------------------------------
 create-proxy-net:
-	@podman network exists nginx-proxy || podman network create nginx-proxy
+	@docker network inspect nginx-proxy >/dev/null 2>&1 || docker network create nginx-proxy
 
 # probe external Keycloak once and cache the flag
 check-idp:
@@ -32,7 +32,7 @@ check-idp:
 #  Lifecycle targets
 # ----------------------------------------------------------
 build:            ## Build FastAPI image
-	podman build -t cmmc-fastapi:latest -f .container-images/fastapi.Dockerfile .
+	docker build -t cmmc-fastapi:latest -f .container-images/fastapi.Dockerfile .
 
 up: create-proxy-net check-idp ## Start stack (auto-starts Keycloak only if needed)
 	@if [ "`cat .idp_flag`" = "1" ]; then \
@@ -44,10 +44,15 @@ up: create-proxy-net check-idp ## Start stack (auto-starts Keycloak only if need
 down:            ## Stop stack
 	$(compose) down
 
+rebuild: down build up
+
 logs:            ## Tail logs
 	$(compose) logs -f
 
 test:            ## Run pytest
 	PYTHONPATH=. pytest -q
 
-.PHONY: build up down logs test create-proxy-net check-idp
+ps:
+	$(compose) ps
+
+.PHONY: build up down logs test create-proxy-net check-idp ps rebuild

dev-compose.yaml

@@ -35,9 +35,9 @@ services:
       KEYCLOAK_URL: "${KEYCLOAK_URL:-http://keycloak:8080}"
       KEYCLOAK_REALM: "cmmc-platform-dev"
       KEYCLOAK_CLIENT_ID: "frontend"
-    ports:
+    # ports:
-      # keep reachable only from localhost, not LAN
+    #   # keep reachable only from localhost, not LAN
-      - "127.0.0.1:8008:8000"
+    #   - "127.0.0.1:8008:8000"
     networks: [internal]
 
   # ──────────────────────────────

kong/kong.yml

@@ -1,23 +1,18 @@
 _format_version: "3.0"
 _transform: true
 
-#########################################################
-#  Upstream — FastAPI service running in podman-compose
-#########################################################
 services:
   - name: fastapi-svc
-    host: fastapi          # container alias on the internal network
+    host: fastapi
     port: 8000
     protocol: http
 
     routes:
-      # Public API
+      - name: fastapi-api
-      - name: api-root
         paths: ["/api/"]
         strip_path: true
         methods: ["GET", "POST", "PUT", "PATCH", "DELETE"]
         plugins:
-          # Enable CORS for local testing
           - name: cors
             config:
               origins: ["*"]
@@ -26,14 +21,28 @@ services:
               credentials: false
               max_age: 3600
 
-      # Health probe exposed at /gateway-health
+      - name: fastapi-health
-      - name: gateway-health
+        paths: ["/gateway-health", "/healthz"]
-        paths: ["/gateway-health"]
         strip_path: true
         methods: ["GET"]
 
+  - name: kong-meta
+    url: http://localhost:8001
+    routes:
+      - name: root-status
+        paths: ["/"]
+        strip_path: true
+        methods: ["GET"]
+    plugins:
+      - name: request-termination
+        config:
+          status_code: 200
+          content_type: application/json
+          body: '{"status":"Kong Gateway OK"}'
+
+
+
 plugins:
-  # Global rate-limit (optional; remove if you don’t need it yet)
   - name: rate-limiting
     config:
       second: 25