version: "3.0" # # updated: 2023-12-13 # stack: harbor # # # Default login: # admin / Harbor12345 # # To do after git clone, # # Fix rights for config files: # find conf/ -type f -exec chmod 0755 \{\} \; # # Setup permissions (with root): # chown -R root:root . # chown -R 10000:10000 datas/ca_download # chown -R 10000:10000 datas/job_logs # chown -R 10000:10000 datas/registry # chown -R 999:999 datas/database # chown -R 999:999 datas/redis # networks: harbor: name: harbor driver: bridge enable_ipv6: false services: harbor-log: extends: file: ./_vm/common.yml service: x-common user: 0:0 cap_add: - CHOWN - DAC_OVERRIDE - SETGID - SETUID container_name: harbor-log hostname: harbor-log image: goharbor/harbor-log:v2.7.4 restart: "no" ports: - 0.0.0.0:1514:10514 networks: - harbor labels: com.stack.name: "harbor" com.stack.service.name: "log" volumes: - ./conf/log/logrotate.conf:/etc/logrotate.d/logrotate.conf:ro - ./conf/log/rsyslog_docker.conf:/etc/rsyslog.d/rsyslog_docker.conf:ro - ./datas/var/log/harbor/:/var/log/docker/:rw deploy: resources: limits: memory: 1G pids: 8192 harbor-registry: extends: file: ./_vm/common.yml service: x-common user: 10000:10000 cap_add: - CHOWN - SETGID - SETUID container_name: harbor-registry hostname: harbor-registry image: goharbor/registry-photon:v2.7.4 restart: "no" depends_on: - harbor-log networks: - harbor labels: com.stack.name: "harbor" com.stack.service.name: "registry" volumes: - ./conf/shared/trust-certificates:/harbor_cust_cert:ro - ./conf/registry/:/etc/registry/:z - ./datas/secret/registry/root.crt:/etc/registry/root.crt:ro - ./datas/registry:/storage:rw deploy: resources: limits: memory: 1G pids: 8192 logging: driver: "syslog" options: syslog-address: "tcp://0.0.0.0:1514" tag: "registry" harbor-registryctl: extends: file: ./_vm/host.yml service: x-host user: 0:0 cap_add: - SETGID - SETUID - DAC_OVERRIDE - CHOWN - SYS_ADMIN - MKNOD - DAC_READ_SEARCH container_name: harbor-registryctl hostname: harbor-registryctl image: goharbor/harbor-registryctl:v2.7.4 restart: "no" depends_on: - harbor-log networks: - harbor env_file: - ./conf/common/env - ./conf/registryctl/env labels: com.stack.name: "harbor" com.stack.service.name: "registryctl" volumes: - ./conf/shared/trust-certificates:/harbor_cust_cert:ro - ./conf/registry/:/etc/registry/:z - ./conf/registryctl/config.yml:/etc/registryctl/config.yml:rw - ./datas/registry:/storage:rw deploy: resources: limits: memory: 1G pids: 8192 logging: driver: "syslog" options: syslog-address: "tcp://0.0.0.0:1514" tag: "registryctl" harbor-postgresql: extends: file: ./_vm/common.yml service: x-common user: 999:999 privileged: true cap_add: - CHOWN - DAC_OVERRIDE - SETGID - SETUID container_name: harbor-postgresql hostname: harbor-postgresql image: goharbor/harbor-db:v2.7.4 restart: "no" depends_on: - harbor-log networks: - harbor env_file: - ./conf/common/env - ./conf/db/env labels: com.stack.name: "harbor" com.stack.service.name: "postgresql" volumes: - ./datas/database:/var/lib/postgresql/data:rw tmpfs: - /run/postgresql:rw,size=64M deploy: resources: limits: memory: 1G pids: 8192 shm_size: '1gb' logging: driver: "syslog" options: syslog-address: "tcp://0.0.0.0:1514" tag: "postgresql" harbor-core: extends: file: ./_vm/host.yml service: x-host user: 0:0 cap_add: - SETGID - SETUID - DAC_OVERRIDE - CHOWN - SYS_ADMIN - MKNOD - DAC_READ_SEARCH container_name: harbor-core hostname: harbor-core image: goharbor/harbor-core:v2.7.4 restart: "no" networks: - harbor depends_on: - harbor-log - harbor-registry - harbor-redis - harbor-postgresql env_file: - ./conf/common/env - ./conf/core/env labels: com.stack.name: "harbor" com.stack.service.name: "core" volumes: - ./conf/shared/trust-certificates:/harbor_cust_cert:ro - ./conf/core/certificates/:/etc/core/certificates/:z - ./conf/core/app.conf:/etc/core/app.conf:ro - ./datas/secret/core/private_key.pem:/etc/core/private_key.pem:ro - ./datas/secret/keys/secretkey:/etc/core/key:ro - ./datas/ca_download/:/etc/core/ca/:rw - ./datas/:/data/:rw deploy: resources: limits: memory: 1G pids: 8192 logging: driver: "syslog" options: syslog-address: "tcp://0.0.0.0:1514" tag: "core" harbor-portal: extends: file: ./_vm/common.yml service: x-common user: 0:0 cap_add: - CHOWN - SETGID - SETUID - NET_BIND_SERVICE container_name: harbor-portal hostname: harbor-portal image: goharbor/harbor-portal:v2.7.4 restart: "no" networks: - harbor depends_on: - harbor-log labels: com.stack.name: "harbor" com.stack.service.name: "portal" volumes: - ./conf/portal/nginx.conf:/etc/nginx/nginx.conf:ro deploy: resources: limits: memory: 1G pids: 8192 logging: driver: "syslog" options: syslog-address: "tcp://0.0.0.0:1514" tag: "portal" harbor-jobservice: extends: file: ./_vm/host.yml service: x-host user: 10000:10000 cap_add: - SETGID - SETUID - DAC_OVERRIDE - CHOWN - SYS_ADMIN - MKNOD - DAC_READ_SEARCH container_name: harbor-jobservice hostname: harbor-jobservice image: goharbor/harbor-jobservice:v2.7.4 restart: "no" networks: - harbor depends_on: - harbor-core env_file: - ./conf/common/env - ./conf/jobservice/env labels: com.stack.name: "harbor" com.stack.service.name: "jobservice" volumes: - ./conf/shared/trust-certificates:/harbor_cust_cert:ro - ./conf/jobservice/config.yml:/etc/jobservice/config.yml:rw - ./datas/job_logs:/var/log/jobs:rw deploy: resources: limits: memory: 1G pids: 8192 logging: driver: "syslog" options: syslog-address: "tcp://0.0.0.0:1514" tag: "jobservice" harbor-redis: extends: file: ./_vm/common.yml service: x-common user: 999:999 cap_add: - CHOWN - SETGID - SETUID container_name: harbor-redis hostname: harbor-redis image: goharbor/redis-photon:v2.7.4 restart: "no" depends_on: - harbor-log networks: - harbor labels: com.stack.name: "harbor" com.stack.service.name: "redis" volumes: - /data/redis:/var/lib/redis:rw deploy: resources: limits: memory: 1G pids: 8192 logging: driver: "syslog" options: syslog-address: "tcp://0.0.0.0:1514" tag: "redis" harbor-proxy: extends: file: ./_vm/common.yml service: x-common user: 0:0 cap_add: - CHOWN - SETGID - SETUID - NET_BIND_SERVICE container_name: harbor-proxy hostname: harbor-proxy image: goharbor/nginx-photon:v2.7.4 restart: "no" ports: - 80:8080 - 443:8443 - 9090:9090 networks: - harbor depends_on: - harbor-registry - harbor-core - harbor-portal - harbor-log labels: com.stack.name: "harbor" com.stack.service.name: "proxy" volumes: - ./conf/shared/trust-certificates:/harbor_cust_cert:ro - ./datas/secret/cert:/etc/cert:ro - ./conf/nginx:/etc/nginx:rw deploy: resources: limits: memory: 1G pids: 8192 logging: driver: "syslog" options: syslog-address: "tcp://0.0.0.0:1514" tag: "proxy" harbor-trivy-adapter: extends: file: ./_vm/host.yml service: x-host user: 0:0 cap_add: - SETGID - SETUID - DAC_OVERRIDE - CHOWN - SYS_ADMIN - MKNOD - DAC_READ_SEARCH container_name: harbor-trivy-adapter hostname: harbor-trivy-adapter image: goharbor/trivy-adapter-photon:v2.7.4 restart: "no" ports: - 8888:8080 networks: - harbor depends_on: - harbor-log - harbor-redis env_file: ./conf/trivy-adapter/env labels: com.stack.name: "harbor" com.stack.service.name: "trivy-adapter" volumes: - ./conf/shared/trust-certificates:/harbor_cust_cert:ro - ./datas/trivy-adapter/trivy:/home/scanner/.cache/trivy:rw - ./datas/trivy-adapter/reports:/home/scanner/.cache/reports:rw tmpfs: - /tmp:rw,size=1G deploy: resources: limits: memory: 1G pids: 8192 logging: driver: "syslog" options: syslog-address: "tcp://0.0.0.0:1514" tag: "trivy-adapter" harbor-exporter: extends: file: ./_vm/host.yml service: x-host user: 0:0 cap_add: - SETGID - SETUID - DAC_OVERRIDE - CHOWN - SYS_ADMIN - MKNOD - DAC_READ_SEARCH container_name: harbor-exporter hostname: harbor-exporter image: goharbor/harbor-exporter:v2.7.4 restart: "no" networks: - harbor depends_on: - harbor-core - harbor-postgresql env_file: - ./conf/common/env - ./conf/exporter/env labels: com.stack.name: "harbor" com.stack.service.name: "exporter" volumes: - ./conf/shared/trust-certificates:/harbor_cust_cert:ro deploy: resources: limits: memory: 1G pids: 8192 logging: driver: "syslog" options: syslog-address: "tcp://0.0.0.0:1514" tag: "exporter"