Ajouter docker-compose.yml

2023-12-12 21:13:25 +01:00 · 2023-12-12 21:13:25 +01:00 · 0c270f7029
commit 0c270f7029
parent 337b00b33a
1 changed files with 402 additions and 0 deletions
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -0,0 +1,402 @@
+version: "3.0"
+
+#
+# updated: 2023-12-12
+# stack:   harbor
+#
+
+#
+# Login: admin / bitnami
+#
+
+networks:
+  harbor:
+    name: harbor
+    driver: bridge
+    enable_ipv6: false
+
+services:
+
+  harbor-registry:
+    extends:
+      file: ../_vm/common.yml
+      service: x-common
+    user: 0:0
+    cap_add:
+      - DAC_OVERRIDE
+      - FOWNER
+      - SETUID
+      - SETGID
+      - CHOWN
+      - SYS_ADMIN
+      - MKNOD
+      - SYS_CHROOT
+    container_name: harbor-registry
+    hostname: harbor-registry
+    image: docker.io/bitnami/harbor-registry:2
+    restart: "no"
+    networks:
+      - harbor
+    environment:
+      - REGISTRY_HTTP_SECRET=CHANGEME
+    labels:
+      com.stack.name: "harbor"
+      com.stack.service.name: "registry"
+    volumes:
+      - ./datas/registry:/storage:rw
+      - ./conf/registry:/etc/registry/:ro
+    deploy:
+      resources:
+        limits:
+          memory: 1G
+          pids: 8192
+
+  harbor-registryctl:
+    extends:
+      file: ../_vm/common.yml
+      service: x-common
+    user: 0:0
+    cap_add:
+      - DAC_OVERRIDE
+      - FOWNER
+      - SETUID
+      - SETGID
+      - CHOWN
+      - SYS_ADMIN
+      - MKNOD
+      - SYS_CHROOT
+    container_name: harbor-registryctl
+    hostname: harbor-registryctl
+    image: docker.io/bitnami/harbor-registryctl:2
+    restart: "no"
+    networks:
+      - harbor
+    environment:
+      - CORE_SECRET=CHANGEME
+      - JOBSERVICE_SECRET=CHANGEME
+      - REGISTRY_HTTP_SECRET=CHANGEME
+    labels:
+      com.stack.name: "harbor"
+      com.stack.service.name: "registryctl"
+    volumes:
+      - ./conf/registry:/etc/registry/:ro
+      - ./conf/registryctl/config.yml:/etc/registryctl/config.yml:ro
+      - ./datas/registry:/storage:rw
+    deploy:
+      resources:
+        limits:
+          memory: 1G
+          pids: 8192
+
+  harbor-postgresql:
+    extends:
+      file: ../_vm/common.yml
+      service: x-common
+    user: 0:0
+    cap_add:
+      - DAC_OVERRIDE
+      - FOWNER
+      - SETUID
+      - SETGID
+      - CHOWN
+      - SYS_ADMIN
+      - MKNOD
+      - SYS_CHROOT
+    container_name: harbor-postgresql
+    hostname: harbor-postgresql
+    image: docker.io/bitnami/postgresql:13
+    restart: "no"
+    networks:
+      - harbor
+    environment:
+      - POSTGRESQL_PASSWORD=bitnami
+      - POSTGRESQL_DATABASE=registry
+    labels:
+      com.stack.name: "harbor"
+      com.stack.service.name: "postgresql"
+    volumes:
+      - ./datas/postgresql:/bitnami/postgresql:rw
+    deploy:
+      resources:
+        limits:
+          memory: 1G
+          pids: 8192
+
+  harbor-core:
+    extends:
+      file: ../_vm/common.yml
+      service: x-common
+    user: 0:0
+    cap_add:
+      - DAC_OVERRIDE
+      - FOWNER
+      - SETUID
+      - SETGID
+      - CHOWN
+      - SYS_ADMIN
+      - MKNOD
+      - SYS_CHROOT
+    container_name: harbor-core
+    hostname: harbor-core
+    image: docker.io/bitnami/harbor-core:2
+    restart: "no"
+    networks:
+      - harbor
+    depends_on:
+      - harbor-registry
+    environment:
+      - CORE_KEY=CHANGEME
+      - _REDIS_URL_CORE=redis://harbor-redis:6379/0
+      - SYNC_REGISTRY=false
+      - CHART_CACHE_DRIVER=redis
+      - _REDIS_URL_REG=redis://harbor-redis:6379/1
+      - PORT=8080
+      - LOG_LEVEL=info
+      - EXT_ENDPOINT=http://0.0.0.0
+      - DATABASE_TYPE=postgresql
+      - REGISTRY_CONTROLLER_URL=http://harbor-registryctl:8080
+      - POSTGRESQL_HOST=harbor-postgresql
+      - POSTGRESQL_PORT=5432
+      - POSTGRESQL_DATABASE=registry
+      - POSTGRESQL_USERNAME=postgres
+      - POSTGRESQL_PASSWORD=bitnami
+      - POSTGRESQL_SSLMODE=disable
+      - REGISTRY_URL=http://harbor-registry:5000
+      - TOKEN_SERVICE_URL=http://harbor-core:8080/service/token
+      - HARBOR_ADMIN_PASSWORD=bitnami
+      - CORE_SECRET=CHANGEME
+      - JOBSERVICE_SECRET=CHANGEME
+      - ADMIRAL_URL=
+      - CORE_URL=http://harbor-core:8080
+      - JOBSERVICE_URL=http://harbor-jobservice:8080
+      - REGISTRY_STORAGE_PROVIDER_NAME=filesystem
+      - REGISTRY_CREDENTIAL_USERNAME=harbor_registry_user
+      - REGISTRY_CREDENTIAL_PASSWORD=harbor_registry_password
+      - READ_ONLY=false
+      - RELOAD_KEY=
+    labels:
+      com.stack.name: "harbor"
+      com.stack.service.name: "core"
+    volumes:
+      - ./conf/core/app.conf:/etc/core/app.conf:ro
+      - ./conf/core/private_key.pem:/etc/core/private_key.pem:ro
+      - ./datas/core:/data:rw
+    deploy:
+      resources:
+        limits:
+          memory: 1G
+          pids: 8192
+
+  harbor-portal:
+    extends:
+      file: ../_vm/common.yml
+      service: x-common
+    user: 0:0
+    cap_add:
+      - DAC_OVERRIDE
+      - FOWNER
+      - SETUID
+      - SETGID
+      - CHOWN
+      - SYS_ADMIN
+      - MKNOD
+      - SYS_CHROOT
+    container_name: harbor-portal
+    hostname: harbor-portal
+    image: docker.io/bitnami/harbor-portal:2
+    restart: "no"
+    networks:
+      - harbor
+    depends_on:
+      - harbor-core
+    labels:
+      com.stack.name: "harbor"
+      com.stack.service.name: "portal"
+    deploy:
+      resources:
+        limits:
+          memory: 1G
+          pids: 8192
+
+  harbor-jobservice:
+    extends:
+      file: ../_vm/common.yml
+      service: x-common
+    user: 0:0
+    cap_add:
+      - DAC_OVERRIDE
+      - FOWNER
+      - SETUID
+      - SETGID
+      - CHOWN
+      - SYS_ADMIN
+      - MKNOD
+      - SYS_CHROOT
+    container_name: harbor-jobservice
+    hostname: harbor-jobservice
+    image: docker.io/bitnami/harbor-jobservice:2
+    restart: "no"
+    networks:
+      - harbor
+    depends_on:
+      - harbor-redis
+      - harbor-core
+    environment:
+      - CORE_SECRET=CHANGEME
+      - JOBSERVICE_SECRET=CHANGEME
+      - CORE_URL=http://harbor-core:8080
+      - REGISTRY_CONTROLLER_URL=http://harbor-registryctl:8080
+      - REGISTRY_CREDENTIAL_USERNAME=harbor_registry_user
+      - REGISTRY_CREDENTIAL_PASSWORD=harbor_registry_password
+    labels:
+      com.stack.name: "harbor"
+      com.stack.service.name: "jobservice"
+    volumes:
+      - ./conf/jobservice/config.yml:/etc/jobservice/config.yml:ro
+      - ./datas/core:/data:rw
+    deploy:
+      resources:
+        limits:
+          memory: 1G
+          pids: 8192
+
+  harbor-redis:
+    extends:
+      file: ../_vm/common.yml
+      service: x-common
+    user: 0:0
+    cap_add:
+      - DAC_OVERRIDE
+      - FOWNER
+      - SETUID
+      - SETGID
+      - CHOWN
+      - SYS_ADMIN
+      - MKNOD
+      - SYS_CHROOT
+    container_name: harbor-redis
+    hostname: harbor-redis
+    image: docker.io/bitnami/redis:7.0
+    restart: "no"
+    networks:
+      - harbor
+    environment:
+      # ALLOW_EMPTY_PASSWORD is recommended only for development.
+      - ALLOW_EMPTY_PASSWORD=yes
+      - WORKDIR=/data
+    labels:
+      com.stack.name: "harbor"
+      com.stack.service.name: "redis"
+    volumes:
+      - ./datas/redis:/data:rw
+    deploy:
+      resources:
+        limits:
+          memory: 1G
+          pids: 8192
+
+  harbor-nginx:
+    extends:
+      file: ../_vm/common.yml
+      service: x-common
+    user: 0:0
+    cap_add:
+      - DAC_OVERRIDE
+      - FOWNER
+      - SETUID
+      - SETGID
+      - CHOWN
+      - SYS_ADMIN
+      - MKNOD
+      - SYS_CHROOT
+    container_name: harbor-nginx
+    hostname: harbor-nginx
+    image: docker.io/bitnami/nginx:1.25
+    restart: "no"
+    ports:
+      - '80:8080'
+    networks:
+      - harbor
+    depends_on:
+      - harbor-postgresql
+      - harbor-registry
+      - harbor-core
+      - harbor-portal
+    labels:
+      com.stack.name: "harbor"
+      com.stack.service.name: "nginx"
+    volumes:
+      - ./conf/proxy/nginx.conf:/opt/bitnami/nginx/conf/nginx.conf:ro
+    deploy:
+      resources:
+        limits:
+          memory: 1G
+          pids: 8192
+
+  harbor-adapter-trivy:
+    extends:
+      file: ../_vm/common.yml
+      service: x-common
+    user: 0:0
+    cap_add:
+      - DAC_OVERRIDE
+      - FOWNER
+      - SETUID
+      - SETGID
+      - CHOWN
+      - SYS_ADMIN
+      - MKNOD
+      - SYS_CHROOT
+    container_name: harbor-adapter-trivy
+    hostname: harbor-adapter-trivy
+    image: docker.io/bitnami/harbor-adapter-trivy:2
+    restart: "no"
+    ports:
+      - 8888:8080
+    networks:
+      - harbor
+    depends_on:
+      - harbor-redis
+    environment:
+      - SCANNER_REDIS_URL=redis://harbor-redis:6379
+    labels:
+      com.stack.name: "harbor"
+      com.stack.service.name: "adapter-trivy"
+    volumes:
+      - ./datas/harbor-adapter-trivy:/bitnami:rw
+    deploy:
+      resources:
+        limits:
+          memory: 1G
+          pids: 8192
+
+  # harbor-trivy:
+  #   extends:
+  #     file: ../_vm/common.yml
+  #     service: x-common
+  #   user: 0:0
+  #   cap_add:
+  #     - DAC_OVERRIDE
+  #     - FOWNER
+  #     - SETUID
+  #     - SETGID
+  #     - CHOWN
+  #     - SYS_ADMIN
+  #     - MKNOD
+  #     - SYS_CHROOT
+  #   container_name: harbor-trivy
+  #   hostname: harbor-trivy
+  #   image: bitnami/trivy:0
+  #   restart: "no"
+  #   networks:
+  #     - harbor
+  #   labels:
+  #     com.stack.name: "harbor"
+  #     com.stack.service.name: "trivy"
+  #   volumes:
+  #     - /var/run/docker.sock:/var/run/docker.sock:rw
+  #   deploy:
+  #     resources:
+  #       limits:
+  #         memory: 1G
+  #         pids: 8192