version: "3.0" # # updated: 2023-12-12 # stack: harbor # # # Login: admin / bitnami # networks: harbor: name: harbor driver: bridge enable_ipv6: false services: harbor-registry: extends: file: ../_vm/common.yml service: x-common user: 0:0 cap_add: - DAC_OVERRIDE - FOWNER - SETUID - SETGID - CHOWN - SYS_ADMIN - MKNOD - SYS_CHROOT container_name: harbor-registry hostname: harbor-registry image: docker.io/bitnami/harbor-registry:2 restart: "no" networks: - harbor environment: - REGISTRY_HTTP_SECRET=CHANGEME labels: com.stack.name: "harbor" com.stack.service.name: "registry" volumes: - ./datas/registry:/storage:rw - ./conf/registry:/etc/registry/:ro deploy: resources: limits: memory: 1G pids: 8192 harbor-registryctl: extends: file: ../_vm/common.yml service: x-common user: 0:0 cap_add: - DAC_OVERRIDE - FOWNER - SETUID - SETGID - CHOWN - SYS_ADMIN - MKNOD - SYS_CHROOT container_name: harbor-registryctl hostname: harbor-registryctl image: docker.io/bitnami/harbor-registryctl:2 restart: "no" networks: - harbor environment: - CORE_SECRET=CHANGEME - JOBSERVICE_SECRET=CHANGEME - REGISTRY_HTTP_SECRET=CHANGEME labels: com.stack.name: "harbor" com.stack.service.name: "registryctl" volumes: - ./conf/registry:/etc/registry/:ro - ./conf/registryctl/config.yml:/etc/registryctl/config.yml:ro - ./datas/registry:/storage:rw deploy: resources: limits: memory: 1G pids: 8192 harbor-postgresql: extends: file: ../_vm/common.yml service: x-common user: 0:0 cap_add: - DAC_OVERRIDE - FOWNER - SETUID - SETGID - CHOWN - SYS_ADMIN - MKNOD - SYS_CHROOT container_name: harbor-postgresql hostname: harbor-postgresql image: docker.io/bitnami/postgresql:13 restart: "no" networks: - harbor environment: - POSTGRESQL_PASSWORD=bitnami - POSTGRESQL_DATABASE=registry labels: com.stack.name: "harbor" com.stack.service.name: "postgresql" volumes: - ./datas/postgresql:/bitnami/postgresql:rw deploy: resources: limits: memory: 1G pids: 8192 harbor-core: extends: file: ../_vm/common.yml service: x-common user: 0:0 cap_add: - DAC_OVERRIDE - FOWNER - SETUID - SETGID - CHOWN - SYS_ADMIN - MKNOD - SYS_CHROOT container_name: harbor-core hostname: harbor-core image: docker.io/bitnami/harbor-core:2 restart: "no" networks: - harbor depends_on: - harbor-registry environment: - CORE_KEY=CHANGEME - _REDIS_URL_CORE=redis://harbor-redis:6379/0 - SYNC_REGISTRY=false - CHART_CACHE_DRIVER=redis - _REDIS_URL_REG=redis://harbor-redis:6379/1 - PORT=8080 - LOG_LEVEL=info - EXT_ENDPOINT=http://0.0.0.0 - DATABASE_TYPE=postgresql - REGISTRY_CONTROLLER_URL=http://harbor-registryctl:8080 - POSTGRESQL_HOST=harbor-postgresql - POSTGRESQL_PORT=5432 - POSTGRESQL_DATABASE=registry - POSTGRESQL_USERNAME=postgres - POSTGRESQL_PASSWORD=bitnami - POSTGRESQL_SSLMODE=disable - REGISTRY_URL=http://harbor-registry:5000 - TOKEN_SERVICE_URL=http://harbor-core:8080/service/token - HARBOR_ADMIN_PASSWORD=bitnami - CORE_SECRET=CHANGEME - JOBSERVICE_SECRET=CHANGEME - ADMIRAL_URL= - CORE_URL=http://harbor-core:8080 - JOBSERVICE_URL=http://harbor-jobservice:8080 - REGISTRY_STORAGE_PROVIDER_NAME=filesystem - REGISTRY_CREDENTIAL_USERNAME=harbor_registry_user - REGISTRY_CREDENTIAL_PASSWORD=harbor_registry_password - READ_ONLY=false - RELOAD_KEY= labels: com.stack.name: "harbor" com.stack.service.name: "core" volumes: - ./conf/core/app.conf:/etc/core/app.conf:ro - ./conf/core/private_key.pem:/etc/core/private_key.pem:ro - ./datas/core:/data:rw deploy: resources: limits: memory: 1G pids: 8192 harbor-portal: extends: file: ../_vm/common.yml service: x-common user: 0:0 cap_add: - DAC_OVERRIDE - FOWNER - SETUID - SETGID - CHOWN - SYS_ADMIN - MKNOD - SYS_CHROOT container_name: harbor-portal hostname: harbor-portal image: docker.io/bitnami/harbor-portal:2 restart: "no" networks: - harbor depends_on: - harbor-core labels: com.stack.name: "harbor" com.stack.service.name: "portal" deploy: resources: limits: memory: 1G pids: 8192 harbor-jobservice: extends: file: ../_vm/common.yml service: x-common user: 0:0 cap_add: - DAC_OVERRIDE - FOWNER - SETUID - SETGID - CHOWN - SYS_ADMIN - MKNOD - SYS_CHROOT container_name: harbor-jobservice hostname: harbor-jobservice image: docker.io/bitnami/harbor-jobservice:2 restart: "no" networks: - harbor depends_on: - harbor-redis - harbor-core environment: - CORE_SECRET=CHANGEME - JOBSERVICE_SECRET=CHANGEME - CORE_URL=http://harbor-core:8080 - REGISTRY_CONTROLLER_URL=http://harbor-registryctl:8080 - REGISTRY_CREDENTIAL_USERNAME=harbor_registry_user - REGISTRY_CREDENTIAL_PASSWORD=harbor_registry_password labels: com.stack.name: "harbor" com.stack.service.name: "jobservice" volumes: - ./conf/jobservice/config.yml:/etc/jobservice/config.yml:ro - ./datas/core:/data:rw deploy: resources: limits: memory: 1G pids: 8192 harbor-redis: extends: file: ../_vm/common.yml service: x-common user: 0:0 cap_add: - DAC_OVERRIDE - FOWNER - SETUID - SETGID - CHOWN - SYS_ADMIN - MKNOD - SYS_CHROOT container_name: harbor-redis hostname: harbor-redis image: docker.io/bitnami/redis:7.0 restart: "no" networks: - harbor environment: # ALLOW_EMPTY_PASSWORD is recommended only for development. - ALLOW_EMPTY_PASSWORD=yes - WORKDIR=/data labels: com.stack.name: "harbor" com.stack.service.name: "redis" volumes: - ./datas/redis:/data:rw deploy: resources: limits: memory: 1G pids: 8192 harbor-nginx: extends: file: ../_vm/common.yml service: x-common user: 0:0 cap_add: - DAC_OVERRIDE - FOWNER - SETUID - SETGID - CHOWN - SYS_ADMIN - MKNOD - SYS_CHROOT container_name: harbor-nginx hostname: harbor-nginx image: docker.io/bitnami/nginx:1.25 restart: "no" ports: - '80:8080' networks: - harbor depends_on: - harbor-postgresql - harbor-registry - harbor-core - harbor-portal labels: com.stack.name: "harbor" com.stack.service.name: "nginx" volumes: - ./conf/proxy/nginx.conf:/opt/bitnami/nginx/conf/nginx.conf:ro deploy: resources: limits: memory: 1G pids: 8192 harbor-adapter-trivy: extends: file: ../_vm/common.yml service: x-common user: 0:0 cap_add: - DAC_OVERRIDE - FOWNER - SETUID - SETGID - CHOWN - SYS_ADMIN - MKNOD - SYS_CHROOT container_name: harbor-adapter-trivy hostname: harbor-adapter-trivy image: docker.io/bitnami/harbor-adapter-trivy:2 restart: "no" ports: - 8888:8080 networks: - harbor depends_on: - harbor-redis environment: - SCANNER_REDIS_URL=redis://harbor-redis:6379 labels: com.stack.name: "harbor" com.stack.service.name: "adapter-trivy" volumes: - ./datas/harbor-adapter-trivy:/bitnami:rw deploy: resources: limits: memory: 1G pids: 8192 # harbor-trivy: # extends: # file: ../_vm/common.yml # service: x-common # user: 0:0 # cap_add: # - DAC_OVERRIDE # - FOWNER # - SETUID # - SETGID # - CHOWN # - SYS_ADMIN # - MKNOD # - SYS_CHROOT # container_name: harbor-trivy # hostname: harbor-trivy # image: bitnami/trivy:0 # restart: "no" # networks: # - harbor # labels: # com.stack.name: "harbor" # com.stack.service.name: "trivy" # volumes: # - /var/run/docker.sock:/var/run/docker.sock:rw # deploy: # resources: # limits: # memory: 1G # pids: 8192