From 0c270f702986ffb3db2cc848196f4b44b3bcdf62 Mon Sep 17 00:00:00 2001 From: Olivier Date: Tue, 12 Dec 2023 21:13:25 +0100 Subject: [PATCH] Ajouter docker-compose.yml --- docker-compose.yml | 402 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 402 insertions(+) create mode 100644 docker-compose.yml diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..a8337ff --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,402 @@ +version: "3.0" + +# +# updated: 2023-12-12 +# stack: harbor +# + +# +# Login: admin / bitnami +# + +networks: + harbor: + name: harbor + driver: bridge + enable_ipv6: false + +services: + + harbor-registry: + extends: + file: ../_vm/common.yml + service: x-common + user: 0:0 + cap_add: + - DAC_OVERRIDE + - FOWNER + - SETUID + - SETGID + - CHOWN + - SYS_ADMIN + - MKNOD + - SYS_CHROOT + container_name: harbor-registry + hostname: harbor-registry + image: docker.io/bitnami/harbor-registry:2 + restart: "no" + networks: + - harbor + environment: + - REGISTRY_HTTP_SECRET=CHANGEME + labels: + com.stack.name: "harbor" + com.stack.service.name: "registry" + volumes: + - ./datas/registry:/storage:rw + - ./conf/registry:/etc/registry/:ro + deploy: + resources: + limits: + memory: 1G + pids: 8192 + + harbor-registryctl: + extends: + file: ../_vm/common.yml + service: x-common + user: 0:0 + cap_add: + - DAC_OVERRIDE + - FOWNER + - SETUID + - SETGID + - CHOWN + - SYS_ADMIN + - MKNOD + - SYS_CHROOT + container_name: harbor-registryctl + hostname: harbor-registryctl + image: docker.io/bitnami/harbor-registryctl:2 + restart: "no" + networks: + - harbor + environment: + - CORE_SECRET=CHANGEME + - JOBSERVICE_SECRET=CHANGEME + - REGISTRY_HTTP_SECRET=CHANGEME + labels: + com.stack.name: "harbor" + com.stack.service.name: "registryctl" + volumes: + - ./conf/registry:/etc/registry/:ro + - ./conf/registryctl/config.yml:/etc/registryctl/config.yml:ro + - ./datas/registry:/storage:rw + deploy: + resources: + limits: + memory: 1G + pids: 8192 + + harbor-postgresql: + extends: + file: ../_vm/common.yml + service: x-common + user: 0:0 + cap_add: + - DAC_OVERRIDE + - FOWNER + - SETUID + - SETGID + - CHOWN + - SYS_ADMIN + - MKNOD + - SYS_CHROOT + container_name: harbor-postgresql + hostname: harbor-postgresql + image: docker.io/bitnami/postgresql:13 + restart: "no" + networks: + - harbor + environment: + - POSTGRESQL_PASSWORD=bitnami + - POSTGRESQL_DATABASE=registry + labels: + com.stack.name: "harbor" + com.stack.service.name: "postgresql" + volumes: + - ./datas/postgresql:/bitnami/postgresql:rw + deploy: + resources: + limits: + memory: 1G + pids: 8192 + + harbor-core: + extends: + file: ../_vm/common.yml + service: x-common + user: 0:0 + cap_add: + - DAC_OVERRIDE + - FOWNER + - SETUID + - SETGID + - CHOWN + - SYS_ADMIN + - MKNOD + - SYS_CHROOT + container_name: harbor-core + hostname: harbor-core + image: docker.io/bitnami/harbor-core:2 + restart: "no" + networks: + - harbor + depends_on: + - harbor-registry + environment: + - CORE_KEY=CHANGEME + - _REDIS_URL_CORE=redis://harbor-redis:6379/0 + - SYNC_REGISTRY=false + - CHART_CACHE_DRIVER=redis + - _REDIS_URL_REG=redis://harbor-redis:6379/1 + - PORT=8080 + - LOG_LEVEL=info + - EXT_ENDPOINT=http://0.0.0.0 + - DATABASE_TYPE=postgresql + - REGISTRY_CONTROLLER_URL=http://harbor-registryctl:8080 + - POSTGRESQL_HOST=harbor-postgresql + - POSTGRESQL_PORT=5432 + - POSTGRESQL_DATABASE=registry + - POSTGRESQL_USERNAME=postgres + - POSTGRESQL_PASSWORD=bitnami + - POSTGRESQL_SSLMODE=disable + - REGISTRY_URL=http://harbor-registry:5000 + - TOKEN_SERVICE_URL=http://harbor-core:8080/service/token + - HARBOR_ADMIN_PASSWORD=bitnami + - CORE_SECRET=CHANGEME + - JOBSERVICE_SECRET=CHANGEME + - ADMIRAL_URL= + - CORE_URL=http://harbor-core:8080 + - JOBSERVICE_URL=http://harbor-jobservice:8080 + - REGISTRY_STORAGE_PROVIDER_NAME=filesystem + - REGISTRY_CREDENTIAL_USERNAME=harbor_registry_user + - REGISTRY_CREDENTIAL_PASSWORD=harbor_registry_password + - READ_ONLY=false + - RELOAD_KEY= + labels: + com.stack.name: "harbor" + com.stack.service.name: "core" + volumes: + - ./conf/core/app.conf:/etc/core/app.conf:ro + - ./conf/core/private_key.pem:/etc/core/private_key.pem:ro + - ./datas/core:/data:rw + deploy: + resources: + limits: + memory: 1G + pids: 8192 + + harbor-portal: + extends: + file: ../_vm/common.yml + service: x-common + user: 0:0 + cap_add: + - DAC_OVERRIDE + - FOWNER + - SETUID + - SETGID + - CHOWN + - SYS_ADMIN + - MKNOD + - SYS_CHROOT + container_name: harbor-portal + hostname: harbor-portal + image: docker.io/bitnami/harbor-portal:2 + restart: "no" + networks: + - harbor + depends_on: + - harbor-core + labels: + com.stack.name: "harbor" + com.stack.service.name: "portal" + deploy: + resources: + limits: + memory: 1G + pids: 8192 + + harbor-jobservice: + extends: + file: ../_vm/common.yml + service: x-common + user: 0:0 + cap_add: + - DAC_OVERRIDE + - FOWNER + - SETUID + - SETGID + - CHOWN + - SYS_ADMIN + - MKNOD + - SYS_CHROOT + container_name: harbor-jobservice + hostname: harbor-jobservice + image: docker.io/bitnami/harbor-jobservice:2 + restart: "no" + networks: + - harbor + depends_on: + - harbor-redis + - harbor-core + environment: + - CORE_SECRET=CHANGEME + - JOBSERVICE_SECRET=CHANGEME + - CORE_URL=http://harbor-core:8080 + - REGISTRY_CONTROLLER_URL=http://harbor-registryctl:8080 + - REGISTRY_CREDENTIAL_USERNAME=harbor_registry_user + - REGISTRY_CREDENTIAL_PASSWORD=harbor_registry_password + labels: + com.stack.name: "harbor" + com.stack.service.name: "jobservice" + volumes: + - ./conf/jobservice/config.yml:/etc/jobservice/config.yml:ro + - ./datas/core:/data:rw + deploy: + resources: + limits: + memory: 1G + pids: 8192 + + harbor-redis: + extends: + file: ../_vm/common.yml + service: x-common + user: 0:0 + cap_add: + - DAC_OVERRIDE + - FOWNER + - SETUID + - SETGID + - CHOWN + - SYS_ADMIN + - MKNOD + - SYS_CHROOT + container_name: harbor-redis + hostname: harbor-redis + image: docker.io/bitnami/redis:7.0 + restart: "no" + networks: + - harbor + environment: + # ALLOW_EMPTY_PASSWORD is recommended only for development. + - ALLOW_EMPTY_PASSWORD=yes + - WORKDIR=/data + labels: + com.stack.name: "harbor" + com.stack.service.name: "redis" + volumes: + - ./datas/redis:/data:rw + deploy: + resources: + limits: + memory: 1G + pids: 8192 + + harbor-nginx: + extends: + file: ../_vm/common.yml + service: x-common + user: 0:0 + cap_add: + - DAC_OVERRIDE + - FOWNER + - SETUID + - SETGID + - CHOWN + - SYS_ADMIN + - MKNOD + - SYS_CHROOT + container_name: harbor-nginx + hostname: harbor-nginx + image: docker.io/bitnami/nginx:1.25 + restart: "no" + ports: + - '80:8080' + networks: + - harbor + depends_on: + - harbor-postgresql + - harbor-registry + - harbor-core + - harbor-portal + labels: + com.stack.name: "harbor" + com.stack.service.name: "nginx" + volumes: + - ./conf/proxy/nginx.conf:/opt/bitnami/nginx/conf/nginx.conf:ro + deploy: + resources: + limits: + memory: 1G + pids: 8192 + + harbor-adapter-trivy: + extends: + file: ../_vm/common.yml + service: x-common + user: 0:0 + cap_add: + - DAC_OVERRIDE + - FOWNER + - SETUID + - SETGID + - CHOWN + - SYS_ADMIN + - MKNOD + - SYS_CHROOT + container_name: harbor-adapter-trivy + hostname: harbor-adapter-trivy + image: docker.io/bitnami/harbor-adapter-trivy:2 + restart: "no" + ports: + - 8888:8080 + networks: + - harbor + depends_on: + - harbor-redis + environment: + - SCANNER_REDIS_URL=redis://harbor-redis:6379 + labels: + com.stack.name: "harbor" + com.stack.service.name: "adapter-trivy" + volumes: + - ./datas/harbor-adapter-trivy:/bitnami:rw + deploy: + resources: + limits: + memory: 1G + pids: 8192 + + # harbor-trivy: + # extends: + # file: ../_vm/common.yml + # service: x-common + # user: 0:0 + # cap_add: + # - DAC_OVERRIDE + # - FOWNER + # - SETUID + # - SETGID + # - CHOWN + # - SYS_ADMIN + # - MKNOD + # - SYS_CHROOT + # container_name: harbor-trivy + # hostname: harbor-trivy + # image: bitnami/trivy:0 + # restart: "no" + # networks: + # - harbor + # labels: + # com.stack.name: "harbor" + # com.stack.service.name: "trivy" + # volumes: + # - /var/run/docker.sock:/var/run/docker.sock:rw + # deploy: + # resources: + # limits: + # memory: 1G + # pids: 8192