harbor/docker-compose.yml

403 lines
8.8 KiB
YAML

version: "3.0"
#
# updated: 2023-12-12
# stack: harbor
#
#
# Login: admin / bitnami
#
networks:
harbor:
name: harbor
driver: bridge
enable_ipv6: false
services:
harbor-registry:
extends:
file: ./_vm/common.yml
service: x-common
user: 0:0
cap_add:
- DAC_OVERRIDE
- FOWNER
- SETUID
- SETGID
- CHOWN
- SYS_ADMIN
- MKNOD
- SYS_CHROOT
container_name: harbor-registry
hostname: harbor-registry
image: docker.io/bitnami/harbor-registry:2
restart: "no"
networks:
- harbor
environment:
- REGISTRY_HTTP_SECRET=CHANGEME
labels:
com.stack.name: "harbor"
com.stack.service.name: "registry"
volumes:
- ./datas/registry:/storage:rw
- ./conf/registry:/etc/registry/:ro
deploy:
resources:
limits:
memory: 1G
pids: 8192
harbor-registryctl:
extends:
file: ../_vm/common.yml
service: x-common
user: 0:0
cap_add:
- DAC_OVERRIDE
- FOWNER
- SETUID
- SETGID
- CHOWN
- SYS_ADMIN
- MKNOD
- SYS_CHROOT
container_name: harbor-registryctl
hostname: harbor-registryctl
image: docker.io/bitnami/harbor-registryctl:2
restart: "no"
networks:
- harbor
environment:
- CORE_SECRET=CHANGEME
- JOBSERVICE_SECRET=CHANGEME
- REGISTRY_HTTP_SECRET=CHANGEME
labels:
com.stack.name: "harbor"
com.stack.service.name: "registryctl"
volumes:
- ./conf/registry:/etc/registry/:ro
- ./conf/registryctl/config.yml:/etc/registryctl/config.yml:ro
- ./datas/registry:/storage:rw
deploy:
resources:
limits:
memory: 1G
pids: 8192
harbor-postgresql:
extends:
file: ../_vm/common.yml
service: x-common
user: 0:0
cap_add:
- DAC_OVERRIDE
- FOWNER
- SETUID
- SETGID
- CHOWN
- SYS_ADMIN
- MKNOD
- SYS_CHROOT
container_name: harbor-postgresql
hostname: harbor-postgresql
image: docker.io/bitnami/postgresql:13
restart: "no"
networks:
- harbor
environment:
- POSTGRESQL_PASSWORD=bitnami
- POSTGRESQL_DATABASE=registry
labels:
com.stack.name: "harbor"
com.stack.service.name: "postgresql"
volumes:
- ./datas/postgresql:/bitnami/postgresql:rw
deploy:
resources:
limits:
memory: 1G
pids: 8192
harbor-core:
extends:
file: ../_vm/common.yml
service: x-common
user: 0:0
cap_add:
- DAC_OVERRIDE
- FOWNER
- SETUID
- SETGID
- CHOWN
- SYS_ADMIN
- MKNOD
- SYS_CHROOT
container_name: harbor-core
hostname: harbor-core
image: docker.io/bitnami/harbor-core:2
restart: "no"
networks:
- harbor
depends_on:
- harbor-registry
environment:
- CORE_KEY=CHANGEME
- _REDIS_URL_CORE=redis://harbor-redis:6379/0
- SYNC_REGISTRY=false
- CHART_CACHE_DRIVER=redis
- _REDIS_URL_REG=redis://harbor-redis:6379/1
- PORT=8080
- LOG_LEVEL=info
- EXT_ENDPOINT=http://0.0.0.0
- DATABASE_TYPE=postgresql
- REGISTRY_CONTROLLER_URL=http://harbor-registryctl:8080
- POSTGRESQL_HOST=harbor-postgresql
- POSTGRESQL_PORT=5432
- POSTGRESQL_DATABASE=registry
- POSTGRESQL_USERNAME=postgres
- POSTGRESQL_PASSWORD=bitnami
- POSTGRESQL_SSLMODE=disable
- REGISTRY_URL=http://harbor-registry:5000
- TOKEN_SERVICE_URL=http://harbor-core:8080/service/token
- HARBOR_ADMIN_PASSWORD=bitnami
- CORE_SECRET=CHANGEME
- JOBSERVICE_SECRET=CHANGEME
- ADMIRAL_URL=
- CORE_URL=http://harbor-core:8080
- JOBSERVICE_URL=http://harbor-jobservice:8080
- REGISTRY_STORAGE_PROVIDER_NAME=filesystem
- REGISTRY_CREDENTIAL_USERNAME=harbor_registry_user
- REGISTRY_CREDENTIAL_PASSWORD=harbor_registry_password
- READ_ONLY=false
- RELOAD_KEY=
labels:
com.stack.name: "harbor"
com.stack.service.name: "core"
volumes:
- ./conf/core/app.conf:/etc/core/app.conf:ro
- ./conf/core/private_key.pem:/etc/core/private_key.pem:ro
- ./datas/core:/data:rw
deploy:
resources:
limits:
memory: 1G
pids: 8192
harbor-portal:
extends:
file: ../_vm/common.yml
service: x-common
user: 0:0
cap_add:
- DAC_OVERRIDE
- FOWNER
- SETUID
- SETGID
- CHOWN
- SYS_ADMIN
- MKNOD
- SYS_CHROOT
container_name: harbor-portal
hostname: harbor-portal
image: docker.io/bitnami/harbor-portal:2
restart: "no"
networks:
- harbor
depends_on:
- harbor-core
labels:
com.stack.name: "harbor"
com.stack.service.name: "portal"
deploy:
resources:
limits:
memory: 1G
pids: 8192
harbor-jobservice:
extends:
file: ../_vm/common.yml
service: x-common
user: 0:0
cap_add:
- DAC_OVERRIDE
- FOWNER
- SETUID
- SETGID
- CHOWN
- SYS_ADMIN
- MKNOD
- SYS_CHROOT
container_name: harbor-jobservice
hostname: harbor-jobservice
image: docker.io/bitnami/harbor-jobservice:2
restart: "no"
networks:
- harbor
depends_on:
- harbor-redis
- harbor-core
environment:
- CORE_SECRET=CHANGEME
- JOBSERVICE_SECRET=CHANGEME
- CORE_URL=http://harbor-core:8080
- REGISTRY_CONTROLLER_URL=http://harbor-registryctl:8080
- REGISTRY_CREDENTIAL_USERNAME=harbor_registry_user
- REGISTRY_CREDENTIAL_PASSWORD=harbor_registry_password
labels:
com.stack.name: "harbor"
com.stack.service.name: "jobservice"
volumes:
- ./conf/jobservice/config.yml:/etc/jobservice/config.yml:ro
- ./datas/core:/data:rw
deploy:
resources:
limits:
memory: 1G
pids: 8192
harbor-redis:
extends:
file: ../_vm/common.yml
service: x-common
user: 0:0
cap_add:
- DAC_OVERRIDE
- FOWNER
- SETUID
- SETGID
- CHOWN
- SYS_ADMIN
- MKNOD
- SYS_CHROOT
container_name: harbor-redis
hostname: harbor-redis
image: docker.io/bitnami/redis:7.0
restart: "no"
networks:
- harbor
environment:
# ALLOW_EMPTY_PASSWORD is recommended only for development.
- ALLOW_EMPTY_PASSWORD=yes
- WORKDIR=/data
labels:
com.stack.name: "harbor"
com.stack.service.name: "redis"
volumes:
- ./datas/redis:/data:rw
deploy:
resources:
limits:
memory: 1G
pids: 8192
harbor-nginx:
extends:
file: ../_vm/common.yml
service: x-common
user: 0:0
cap_add:
- DAC_OVERRIDE
- FOWNER
- SETUID
- SETGID
- CHOWN
- SYS_ADMIN
- MKNOD
- SYS_CHROOT
container_name: harbor-nginx
hostname: harbor-nginx
image: docker.io/bitnami/nginx:1.25
restart: "no"
ports:
- '80:8080'
networks:
- harbor
depends_on:
- harbor-postgresql
- harbor-registry
- harbor-core
- harbor-portal
labels:
com.stack.name: "harbor"
com.stack.service.name: "nginx"
volumes:
- ./conf/proxy/nginx.conf:/opt/bitnami/nginx/conf/nginx.conf:ro
deploy:
resources:
limits:
memory: 1G
pids: 8192
harbor-adapter-trivy:
extends:
file: ../_vm/common.yml
service: x-common
user: 0:0
cap_add:
- DAC_OVERRIDE
- FOWNER
- SETUID
- SETGID
- CHOWN
- SYS_ADMIN
- MKNOD
- SYS_CHROOT
container_name: harbor-adapter-trivy
hostname: harbor-adapter-trivy
image: docker.io/bitnami/harbor-adapter-trivy:2
restart: "no"
ports:
- 8888:8080
networks:
- harbor
depends_on:
- harbor-redis
environment:
- SCANNER_REDIS_URL=redis://harbor-redis:6379
labels:
com.stack.name: "harbor"
com.stack.service.name: "adapter-trivy"
volumes:
- ./datas/harbor-adapter-trivy:/bitnami:rw
deploy:
resources:
limits:
memory: 1G
pids: 8192
# harbor-trivy:
# extends:
# file: ../_vm/common.yml
# service: x-common
# user: 0:0
# cap_add:
# - DAC_OVERRIDE
# - FOWNER
# - SETUID
# - SETGID
# - CHOWN
# - SYS_ADMIN
# - MKNOD
# - SYS_CHROOT
# container_name: harbor-trivy
# hostname: harbor-trivy
# image: bitnami/trivy:0
# restart: "no"
# networks:
# - harbor
# labels:
# com.stack.name: "harbor"
# com.stack.service.name: "trivy"
# volumes:
# - /var/run/docker.sock:/var/run/docker.sock:rw
# deploy:
# resources:
# limits:
# memory: 1G
# pids: 8192