kraoc/harbor
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
d538c389a8
harbor/docker-compose.yml

472 lines
10 KiB
YAML
Executable File
Raw Blame History

version: "3.0"
#
# updated: 2023-12-13
# stack: harbor
#
#
# Default login:
# admin / Harbor12345
#
# To do after git clone,
#
# Fix rights for config files:
# find conf/ -type f -exec chmod 0755 \{\} \;
#
# Setup permissions (with root):
# chown -R root:root .
# chown -R 10000:10000 datas/ca_download
# chown -R 10000:10000 datas/job_logs
# chown -R 10000:10000 datas/registry
# chown -R 999:999 datas/database
# chown -R 999:999 datas/redis
#
networks:
harbor:
name: harbor
driver: bridge
enable_ipv6: false
services:
harbor-log:
extends:
file: ./_vm/common.yml
service: x-common
user: 0:0
cap_add:
- CHOWN
- DAC_OVERRIDE
- SETGID
- SETUID
container_name: harbor-log
hostname: harbor-log
image: goharbor/harbor-log:v2.7.4
restart: "no"
ports:
- 0.0.0.0:1514:10514
networks:
- harbor
labels:
com.stack.name: "harbor"
com.stack.service.name: "log"
volumes:
- ./conf/log/logrotate.conf:/etc/logrotate.d/logrotate.conf:ro
- ./conf/log/rsyslog_docker.conf:/etc/rsyslog.d/rsyslog_docker.conf:ro
- ./datas/var/log/harbor/:/var/log/docker/:rw
deploy:
resources:
limits:
memory: 1G
pids: 8192
harbor-registry:
extends:
file: ./_vm/common.yml
service: x-common
user: 10000:10000
cap_add:
- CHOWN
- SETGID
- SETUID
container_name: harbor-registry
hostname: harbor-registry
image: goharbor/registry-photon:v2.7.4
restart: "no"
depends_on:
- harbor-log
networks:
- harbor
labels:
com.stack.name: "harbor"
com.stack.service.name: "registry"
volumes:
- ./conf/shared/trust-certificates:/harbor_cust_cert:ro
- ./conf/registry/:/etc/registry/:z
- ./datas/secret/registry/root.crt:/etc/registry/root.crt:ro
- ./datas/registry:/storage:rw
deploy:
resources:
limits:
memory: 1G
pids: 8192
logging:
driver: "syslog"
options:
syslog-address: "tcp://0.0.0.0:1514"
tag: "registry"
harbor-registryctl:
extends:
file: ./_vm/host.yml
service: x-host
user: 0:0
cap_add:
- SETGID
- SETUID
- DAC_OVERRIDE
- CHOWN
- SYS_ADMIN
- MKNOD
- DAC_READ_SEARCH
container_name: harbor-registryctl
hostname: harbor-registryctl
image: goharbor/harbor-registryctl:v2.7.4
restart: "no"
depends_on:
- harbor-log
networks:
- harbor
env_file:
- ./conf/common/env
- ./conf/registryctl/env
labels:
com.stack.name: "harbor"
com.stack.service.name: "registryctl"
volumes:
- ./conf/shared/trust-certificates:/harbor_cust_cert:ro
- ./conf/registry/:/etc/registry/:z
- ./conf/registryctl/config.yml:/etc/registryctl/config.yml:rw
- ./datas/registry:/storage:rw
deploy:
resources:
limits:
memory: 1G
pids: 8192
logging:
driver: "syslog"
options:
syslog-address: "tcp://0.0.0.0:1514"
tag: "registryctl"
harbor-postgresql:
extends:
file: ./_vm/common.yml
service: x-common
user: 999:999
privileged: true
cap_add:
- CHOWN
- DAC_OVERRIDE
- SETGID
- SETUID
container_name: harbor-postgresql
hostname: harbor-postgresql
image: goharbor/harbor-db:v2.7.4
restart: "no"
depends_on:
- harbor-log
networks:
- harbor
env_file:
- ./conf/common/env
- ./conf/db/env
labels:
com.stack.name: "harbor"
com.stack.service.name: "postgresql"
volumes:
- ./datas/database:/var/lib/postgresql/data:rw
tmpfs:
- /run/postgresql:rw,size=64M
deploy:
resources:
limits:
memory: 1G
pids: 8192
shm_size: '1gb'
logging:
driver: "syslog"
options:
syslog-address: "tcp://0.0.0.0:1514"
tag: "postgresql"
harbor-core:
extends:
file: ./_vm/host.yml
service: x-host
user: 0:0
cap_add:
- SETGID
- SETUID
- DAC_OVERRIDE
- CHOWN
- SYS_ADMIN
- MKNOD
- DAC_READ_SEARCH
container_name: harbor-core
hostname: harbor-core
image: goharbor/harbor-core:v2.7.4
restart: "no"
networks:
- harbor
depends_on:
- harbor-log
- harbor-registry
- harbor-redis
- harbor-postgresql
env_file:
- ./conf/common/env
- ./conf/core/env
labels:
com.stack.name: "harbor"
com.stack.service.name: "core"
volumes:
- ./conf/shared/trust-certificates:/harbor_cust_cert:ro
- ./conf/core/certificates/:/etc/core/certificates/:z
- ./conf/core/app.conf:/etc/core/app.conf:ro
- ./datas/secret/core/private_key.pem:/etc/core/private_key.pem:ro
- ./datas/secret/keys/secretkey:/etc/core/key:ro
- ./datas/ca_download/:/etc/core/ca/:rw
- ./datas/:/data/:rw
deploy:
resources:
limits:
memory: 1G
pids: 8192
logging:
driver: "syslog"
options:
syslog-address: "tcp://0.0.0.0:1514"
tag: "core"
harbor-portal:
extends:
file: ./_vm/common.yml
service: x-common
user: 0:0
cap_add:
- CHOWN
- SETGID
- SETUID
- NET_BIND_SERVICE
container_name: harbor-portal
hostname: harbor-portal
image: goharbor/harbor-portal:v2.7.4
restart: "no"
networks:
- harbor
depends_on:
- harbor-log
labels:
com.stack.name: "harbor"
com.stack.service.name: "portal"
volumes:
- ./conf/portal/nginx.conf:/etc/nginx/nginx.conf:ro
deploy:
resources:
limits:
memory: 1G
pids: 8192
logging:
driver: "syslog"
options:
syslog-address: "tcp://0.0.0.0:1514"
tag: "portal"
harbor-jobservice:
extends:
file: ./_vm/host.yml
service: x-host
user: 10000:10000
cap_add:
- SETGID
- SETUID
- DAC_OVERRIDE
- CHOWN
- SYS_ADMIN
- MKNOD
- DAC_READ_SEARCH
container_name: harbor-jobservice
hostname: harbor-jobservice
image: goharbor/harbor-jobservice:v2.7.4
restart: "no"
networks:
- harbor
depends_on:
- harbor-core
env_file:
- ./conf/common/env
- ./conf/jobservice/env
labels:
com.stack.name: "harbor"
com.stack.service.name: "jobservice"
volumes:
- ./conf/shared/trust-certificates:/harbor_cust_cert:ro
- ./conf/jobservice/config.yml:/etc/jobservice/config.yml:rw
- ./datas/job_logs:/var/log/jobs:rw
deploy:
resources:
limits:
memory: 1G
pids: 8192
logging:
driver: "syslog"
options:
syslog-address: "tcp://0.0.0.0:1514"
tag: "jobservice"
harbor-redis:
extends:
file: ./_vm/common.yml
service: x-common
user: 999:999
cap_add:
- CHOWN
- SETGID
- SETUID
container_name: harbor-redis
hostname: harbor-redis
image: goharbor/redis-photon:v2.7.4
restart: "no"
depends_on:
- harbor-log
networks:
- harbor
labels:
com.stack.name: "harbor"
com.stack.service.name: "redis"
volumes:
- /data/redis:/var/lib/redis:rw
deploy:
resources:
limits:
memory: 1G
pids: 8192
logging:
driver: "syslog"
options:
syslog-address: "tcp://0.0.0.0:1514"
tag: "redis"
harbor-proxy:
extends:
file: ./_vm/common.yml
service: x-common
user: 0:0
cap_add:
- CHOWN
- SETGID
- SETUID
- NET_BIND_SERVICE
container_name: harbor-proxy
hostname: harbor-proxy
image: goharbor/nginx-photon:v2.7.4
restart: "no"
ports:
- 80:8080
- 443:8443
- 9090:9090
networks:
- harbor
depends_on:
- harbor-registry
- harbor-core
- harbor-portal
- harbor-log
labels:
com.stack.name: "harbor"
com.stack.service.name: "proxy"
volumes:
- ./conf/shared/trust-certificates:/harbor_cust_cert:ro
- ./datas/secret/cert:/etc/cert:ro
- ./conf/nginx:/etc/nginx:rw
deploy:
resources:
limits:
memory: 1G
pids: 8192
logging:
driver: "syslog"
options:
syslog-address: "tcp://0.0.0.0:1514"
tag: "proxy"
harbor-trivy-adapter:
extends:
file: ./_vm/host.yml
service: x-host
user: 0:0
cap_add:
- SETGID
- SETUID
- DAC_OVERRIDE
- CHOWN
- SYS_ADMIN
- MKNOD
- DAC_READ_SEARCH
container_name: harbor-trivy-adapter
hostname: harbor-trivy-adapter
image: goharbor/trivy-adapter-photon:v2.7.4
restart: "no"
ports:
- 8888:8080
networks:
- harbor
depends_on:
- harbor-log
- harbor-redis
env_file:
./conf/trivy-adapter/env
labels:
com.stack.name: "harbor"
com.stack.service.name: "trivy-adapter"
volumes:
- ./conf/shared/trust-certificates:/harbor_cust_cert:ro
- ./datas/trivy-adapter/trivy:/home/scanner/.cache/trivy:rw
- ./datas/trivy-adapter/reports:/home/scanner/.cache/reports:rw
tmpfs:
- /tmp:rw,size=1G
deploy:
resources:
limits:
memory: 1G
pids: 8192
logging:
driver: "syslog"
options:
syslog-address: "tcp://0.0.0.0:1514"
tag: "trivy-adapter"
harbor-exporter:
extends:
file: ./_vm/host.yml
service: x-host
user: 0:0
cap_add:
- SETGID
- SETUID
- DAC_OVERRIDE
- CHOWN
- SYS_ADMIN
- MKNOD
- DAC_READ_SEARCH
container_name: harbor-exporter
hostname: harbor-exporter
image: goharbor/harbor-exporter:v2.7.4
restart: "no"
networks:
- harbor
depends_on:
- harbor-core
- harbor-postgresql
env_file:
- ./conf/common/env
- ./conf/exporter/env
labels:
com.stack.name: "harbor"
com.stack.service.name: "exporter"
volumes:
- ./conf/shared/trust-certificates:/harbor_cust_cert:ro
deploy:
resources:
limits:
memory: 1G
pids: 8192
logging:
driver: "syslog"
options:
syslog-address: "tcp://0.0.0.0:1514"
tag: "exporter"
Reference in New Issue View Git Blame Copy Permalink