2019-05-06 10:32:00 +02:00
|
|
|
version: '2.3'
|
2018-11-15 04:09:57 +01:00
|
|
|
services:
|
|
|
|
log:
|
|
|
|
image: goharbor/harbor-log:{{version}}
|
2019-02-20 11:01:48 +01:00
|
|
|
container_name: harbor-log
|
2018-11-15 04:09:57 +01:00
|
|
|
restart: always
|
2019-02-20 11:01:48 +01:00
|
|
|
cap_drop:
|
|
|
|
- ALL
|
|
|
|
cap_add:
|
|
|
|
- CHOWN
|
|
|
|
- DAC_OVERRIDE
|
|
|
|
- SETGID
|
|
|
|
- SETUID
|
2018-11-15 04:09:57 +01:00
|
|
|
volumes:
|
2019-05-09 08:02:44 +02:00
|
|
|
- {{log_location}}/:/var/log/docker/:z
|
2020-03-13 07:58:45 +01:00
|
|
|
- type: bind
|
|
|
|
source: ./common/config/log/logrotate.conf
|
|
|
|
target: /etc/logrotate.d/logrotate.conf
|
|
|
|
- type: bind
|
|
|
|
source: ./common/config/log/rsyslog_docker.conf
|
|
|
|
target: /etc/rsyslog.d/rsyslog_docker.conf
|
2018-11-15 04:09:57 +01:00
|
|
|
ports:
|
|
|
|
- 127.0.0.1:1514:10514
|
|
|
|
networks:
|
|
|
|
- harbor
|
|
|
|
registry:
|
|
|
|
image: goharbor/registry-photon:{{reg_version}}
|
|
|
|
container_name: registry
|
|
|
|
restart: always
|
2019-02-20 11:01:48 +01:00
|
|
|
cap_drop:
|
|
|
|
- ALL
|
|
|
|
cap_add:
|
|
|
|
- CHOWN
|
|
|
|
- SETGID
|
|
|
|
- SETUID
|
2018-11-15 04:09:57 +01:00
|
|
|
volumes:
|
2019-05-09 08:02:44 +02:00
|
|
|
- {{data_volume}}/registry:/storage:z
|
|
|
|
- ./common/config/registry/:/etc/registry/:z
|
2019-05-08 14:32:29 +02:00
|
|
|
- type: bind
|
|
|
|
source: {{data_volume}}/secret/registry/root.crt
|
|
|
|
target: /etc/registry/root.crt
|
2020-04-26 09:00:51 +02:00
|
|
|
- type: bind
|
|
|
|
source: ./common/config/shared/trust-certificates
|
|
|
|
target: /harbor_cust_cert
|
2019-04-02 14:08:26 +02:00
|
|
|
{% if gcs_keyfile %}
|
2019-05-08 14:32:29 +02:00
|
|
|
- type: bind
|
|
|
|
source: {{gcs_keyfile}}
|
|
|
|
target: /etc/registry/gcs.key
|
2019-04-02 14:08:26 +02:00
|
|
|
{% endif %}
|
2020-02-11 06:47:55 +01:00
|
|
|
{%if internal_tls.enabled %}
|
2020-02-14 14:11:52 +01:00
|
|
|
- type: bind
|
2020-04-26 09:00:51 +02:00
|
|
|
source: {{internal_tls.core_crt_path}}
|
2020-02-14 14:11:52 +01:00
|
|
|
target: /harbor_cust_cert/core.crt
|
2019-05-08 14:32:29 +02:00
|
|
|
- type: bind
|
2020-02-11 06:47:55 +01:00
|
|
|
source: {{internal_tls.registry_crt_path}}
|
|
|
|
target: /etc/harbor/tls/registry.crt
|
|
|
|
- type: bind
|
|
|
|
source: {{internal_tls.registry_key_path}}
|
|
|
|
target: /etc/harbor/tls/registry.key
|
2019-03-12 12:09:01 +01:00
|
|
|
{% endif %}
|
2018-11-15 04:09:57 +01:00
|
|
|
networks:
|
|
|
|
- harbor
|
|
|
|
depends_on:
|
|
|
|
- log
|
|
|
|
logging:
|
|
|
|
driver: "syslog"
|
2019-10-17 06:00:51 +02:00
|
|
|
options:
|
2021-05-13 11:16:53 +02:00
|
|
|
syslog-address: "tcp://localhost:1514"
|
2018-11-15 04:09:57 +01:00
|
|
|
tag: "registry"
|
|
|
|
registryctl:
|
|
|
|
image: goharbor/harbor-registryctl:{{version}}
|
|
|
|
container_name: registryctl
|
|
|
|
env_file:
|
|
|
|
- ./common/config/registryctl/env
|
|
|
|
restart: always
|
2019-02-20 11:01:48 +01:00
|
|
|
cap_drop:
|
|
|
|
- ALL
|
|
|
|
cap_add:
|
|
|
|
- CHOWN
|
|
|
|
- SETGID
|
|
|
|
- SETUID
|
2018-11-15 04:09:57 +01:00
|
|
|
volumes:
|
2019-05-09 08:02:44 +02:00
|
|
|
- {{data_volume}}/registry:/storage:z
|
|
|
|
- ./common/config/registry/:/etc/registry/:z
|
2019-05-08 14:32:29 +02:00
|
|
|
- type: bind
|
|
|
|
source: ./common/config/registryctl/config.yml
|
|
|
|
target: /etc/registryctl/config.yml
|
|
|
|
- type: bind
|
2020-04-26 09:00:51 +02:00
|
|
|
source: ./common/config/shared/trust-certificates
|
|
|
|
target: /harbor_cust_cert
|
2020-04-29 09:04:16 +02:00
|
|
|
{% if gcs_keyfile %}
|
|
|
|
- type: bind
|
|
|
|
source: {{gcs_keyfile}}
|
|
|
|
target: /etc/registry/gcs.key
|
|
|
|
{% endif %}
|
2020-04-26 09:00:51 +02:00
|
|
|
{%if internal_tls.enabled %}
|
2020-02-11 06:47:55 +01:00
|
|
|
- type: bind
|
|
|
|
source: {{internal_tls.registryctl_crt_path}}
|
|
|
|
target: /etc/harbor/ssl/registryctl.crt
|
|
|
|
- type: bind
|
|
|
|
source: {{internal_tls.registryctl_key_path}}
|
|
|
|
target: /etc/harbor/ssl/registryctl.key
|
2019-05-05 09:24:52 +02:00
|
|
|
{% endif %}
|
2018-11-15 04:09:57 +01:00
|
|
|
networks:
|
|
|
|
- harbor
|
|
|
|
depends_on:
|
|
|
|
- log
|
|
|
|
logging:
|
|
|
|
driver: "syslog"
|
2019-10-17 06:00:51 +02:00
|
|
|
options:
|
2021-05-13 11:16:53 +02:00
|
|
|
syslog-address: "tcp://localhost:1514"
|
2018-11-15 04:09:57 +01:00
|
|
|
tag: "registryctl"
|
2019-08-26 09:04:57 +02:00
|
|
|
{% if external_database == False %}
|
2018-11-15 04:09:57 +01:00
|
|
|
postgresql:
|
|
|
|
image: goharbor/harbor-db:{{version}}
|
|
|
|
container_name: harbor-db
|
|
|
|
restart: always
|
2019-02-20 11:01:48 +01:00
|
|
|
cap_drop:
|
|
|
|
- ALL
|
|
|
|
cap_add:
|
|
|
|
- CHOWN
|
|
|
|
- DAC_OVERRIDE
|
|
|
|
- SETGID
|
|
|
|
- SETUID
|
2018-11-15 04:09:57 +01:00
|
|
|
volumes:
|
2019-05-09 08:02:44 +02:00
|
|
|
- {{data_volume}}/database:/var/lib/postgresql/data:z
|
2018-11-15 04:09:57 +01:00
|
|
|
networks:
|
|
|
|
harbor:
|
|
|
|
env_file:
|
|
|
|
- ./common/config/db/env
|
|
|
|
depends_on:
|
|
|
|
- log
|
|
|
|
logging:
|
|
|
|
driver: "syslog"
|
2019-10-17 06:00:51 +02:00
|
|
|
options:
|
2021-05-13 11:16:53 +02:00
|
|
|
syslog-address: "tcp://localhost:1514"
|
2018-11-15 04:09:57 +01:00
|
|
|
tag: "postgresql"
|
2021-06-02 12:12:45 +02:00
|
|
|
shm_size: '1gb'
|
2019-08-26 09:04:57 +02:00
|
|
|
{% endif %}
|
2018-11-15 04:09:57 +01:00
|
|
|
core:
|
|
|
|
image: goharbor/harbor-core:{{version}}
|
|
|
|
container_name: harbor-core
|
|
|
|
env_file:
|
|
|
|
- ./common/config/core/env
|
|
|
|
restart: always
|
2019-02-20 11:01:48 +01:00
|
|
|
cap_drop:
|
|
|
|
- ALL
|
|
|
|
cap_add:
|
|
|
|
- SETGID
|
|
|
|
- SETUID
|
2018-11-15 04:09:57 +01:00
|
|
|
volumes:
|
2019-05-09 08:02:44 +02:00
|
|
|
- {{data_volume}}/ca_download/:/etc/core/ca/:z
|
|
|
|
- {{data_volume}}/:/data/:z
|
|
|
|
- ./common/config/core/certificates/:/etc/core/certificates/:z
|
2019-05-08 14:32:29 +02:00
|
|
|
- type: bind
|
|
|
|
source: ./common/config/core/app.conf
|
|
|
|
target: /etc/core/app.conf
|
|
|
|
- type: bind
|
|
|
|
source: {{data_volume}}/secret/core/private_key.pem
|
|
|
|
target: /etc/core/private_key.pem
|
|
|
|
- type: bind
|
|
|
|
source: {{data_volume}}/secret/keys/secretkey
|
|
|
|
target: /etc/core/key
|
2020-04-26 09:00:51 +02:00
|
|
|
- type: bind
|
|
|
|
source: ./common/config/shared/trust-certificates
|
|
|
|
target: /harbor_cust_cert
|
2019-05-06 10:32:00 +02:00
|
|
|
{% if uaa_ca_file %}
|
|
|
|
- type: bind
|
|
|
|
source: {{uaa_ca_file}}
|
|
|
|
target: /etc/core/certificates/uaa_ca.pem
|
2020-02-11 06:47:55 +01:00
|
|
|
{% endif %}
|
|
|
|
{%if internal_tls.enabled %}
|
|
|
|
- type: bind
|
|
|
|
source: {{internal_tls.core_crt_path}}
|
|
|
|
target: /etc/harbor/ssl/core.crt
|
|
|
|
- type: bind
|
|
|
|
source: {{internal_tls.core_key_path}}
|
|
|
|
target: /etc/harbor/ssl/core.key
|
2019-05-06 10:32:00 +02:00
|
|
|
{% endif %}
|
2018-11-15 04:09:57 +01:00
|
|
|
networks:
|
|
|
|
harbor:
|
|
|
|
depends_on:
|
|
|
|
- log
|
|
|
|
- registry
|
2019-08-26 09:04:57 +02:00
|
|
|
{% if external_redis == False %}
|
|
|
|
- redis
|
|
|
|
{% endif %}
|
|
|
|
{% if external_database == False %}
|
|
|
|
- postgresql
|
|
|
|
{% endif %}
|
2018-11-15 04:09:57 +01:00
|
|
|
logging:
|
|
|
|
driver: "syslog"
|
2019-10-17 06:00:51 +02:00
|
|
|
options:
|
2021-05-13 11:16:53 +02:00
|
|
|
syslog-address: "tcp://localhost:1514"
|
2018-11-15 04:09:57 +01:00
|
|
|
tag: "core"
|
|
|
|
portal:
|
|
|
|
image: goharbor/harbor-portal:{{version}}
|
|
|
|
container_name: harbor-portal
|
|
|
|
restart: always
|
2019-02-20 11:01:48 +01:00
|
|
|
cap_drop:
|
|
|
|
- ALL
|
|
|
|
cap_add:
|
|
|
|
- CHOWN
|
|
|
|
- SETGID
|
|
|
|
- SETUID
|
|
|
|
- NET_BIND_SERVICE
|
2020-04-28 07:17:24 +02:00
|
|
|
volumes:
|
|
|
|
- type: bind
|
|
|
|
source: ./common/config/portal/nginx.conf
|
|
|
|
target: /etc/nginx/nginx.conf
|
|
|
|
{%if internal_tls.enabled %}
|
|
|
|
- type: bind
|
|
|
|
source: {{internal_tls.portal_crt_path}}
|
|
|
|
target: /etc/harbor/tls/portal.crt
|
|
|
|
- type: bind
|
|
|
|
source: {{internal_tls.portal_key_path}}
|
|
|
|
target: /etc/harbor/tls/portal.key
|
|
|
|
{% endif %}
|
2018-11-15 04:09:57 +01:00
|
|
|
networks:
|
|
|
|
- harbor
|
|
|
|
depends_on:
|
|
|
|
- log
|
|
|
|
logging:
|
|
|
|
driver: "syslog"
|
|
|
|
options:
|
2021-05-13 11:16:53 +02:00
|
|
|
syslog-address: "tcp://localhost:1514"
|
2018-11-15 04:09:57 +01:00
|
|
|
tag: "portal"
|
|
|
|
|
|
|
|
jobservice:
|
|
|
|
image: goharbor/harbor-jobservice:{{version}}
|
|
|
|
container_name: harbor-jobservice
|
|
|
|
env_file:
|
|
|
|
- ./common/config/jobservice/env
|
|
|
|
restart: always
|
2019-02-20 11:01:48 +01:00
|
|
|
cap_drop:
|
|
|
|
- ALL
|
|
|
|
cap_add:
|
|
|
|
- CHOWN
|
|
|
|
- SETGID
|
|
|
|
- SETUID
|
2018-11-15 04:09:57 +01:00
|
|
|
volumes:
|
2019-05-09 08:02:44 +02:00
|
|
|
- {{data_volume}}/job_logs:/var/log/jobs:z
|
2019-05-08 14:32:29 +02:00
|
|
|
- type: bind
|
2019-05-09 08:02:44 +02:00
|
|
|
source: ./common/config/jobservice/config.yml
|
|
|
|
target: /etc/jobservice/config.yml
|
2020-02-11 06:47:55 +01:00
|
|
|
- type: bind
|
2020-04-26 09:00:51 +02:00
|
|
|
source: ./common/config/shared/trust-certificates
|
|
|
|
target: /harbor_cust_cert
|
|
|
|
{%if internal_tls.enabled %}
|
2020-02-11 06:47:55 +01:00
|
|
|
- type: bind
|
|
|
|
source: {{internal_tls.job_service_crt_path}}
|
|
|
|
target: /etc/harbor/ssl/job_service.crt
|
|
|
|
- type: bind
|
|
|
|
source: {{internal_tls.job_service_key_path}}
|
|
|
|
target: /etc/harbor/ssl/job_service.key
|
|
|
|
{% endif %}
|
2018-11-15 04:09:57 +01:00
|
|
|
networks:
|
|
|
|
- harbor
|
|
|
|
depends_on:
|
|
|
|
- core
|
|
|
|
logging:
|
|
|
|
driver: "syslog"
|
|
|
|
options:
|
2021-05-13 11:16:53 +02:00
|
|
|
syslog-address: "tcp://localhost:1514"
|
2018-11-15 04:09:57 +01:00
|
|
|
tag: "jobservice"
|
2019-08-26 09:04:57 +02:00
|
|
|
{% if external_redis == False %}
|
2018-11-15 04:09:57 +01:00
|
|
|
redis:
|
|
|
|
image: goharbor/redis-photon:{{redis_version}}
|
|
|
|
container_name: redis
|
|
|
|
restart: always
|
2019-02-20 11:01:48 +01:00
|
|
|
cap_drop:
|
|
|
|
- ALL
|
|
|
|
cap_add:
|
|
|
|
- CHOWN
|
|
|
|
- SETGID
|
|
|
|
- SETUID
|
2018-11-15 04:09:57 +01:00
|
|
|
volumes:
|
2019-05-09 08:02:44 +02:00
|
|
|
- {{data_volume}}/redis:/var/lib/redis
|
2018-11-15 04:09:57 +01:00
|
|
|
networks:
|
|
|
|
harbor:
|
|
|
|
depends_on:
|
|
|
|
- log
|
|
|
|
logging:
|
|
|
|
driver: "syslog"
|
|
|
|
options:
|
2021-05-13 11:16:53 +02:00
|
|
|
syslog-address: "tcp://localhost:1514"
|
2018-11-15 04:09:57 +01:00
|
|
|
tag: "redis"
|
2019-08-26 09:04:57 +02:00
|
|
|
{% endif %}
|
2018-11-15 04:09:57 +01:00
|
|
|
proxy:
|
2019-08-26 09:04:57 +02:00
|
|
|
image: goharbor/nginx-photon:{{version}}
|
2018-11-15 04:09:57 +01:00
|
|
|
container_name: nginx
|
|
|
|
restart: always
|
2019-02-20 11:01:48 +01:00
|
|
|
cap_drop:
|
|
|
|
- ALL
|
|
|
|
cap_add:
|
|
|
|
- CHOWN
|
|
|
|
- SETGID
|
|
|
|
- SETUID
|
|
|
|
- NET_BIND_SERVICE
|
2018-11-15 04:09:57 +01:00
|
|
|
volumes:
|
2019-05-09 08:02:44 +02:00
|
|
|
- ./common/config/nginx:/etc/nginx:z
|
2019-03-12 12:09:01 +01:00
|
|
|
{% if protocol == 'https' %}
|
2019-08-09 09:17:10 +02:00
|
|
|
- {{data_volume}}/secret/cert:/etc/cert:z
|
2020-02-11 06:47:55 +01:00
|
|
|
{% endif %}
|
|
|
|
- type: bind
|
2020-04-26 09:00:51 +02:00
|
|
|
source: ./common/config/shared/trust-certificates
|
|
|
|
target: /harbor_cust_cert
|
|
|
|
{%if internal_tls.enabled %}
|
2020-02-11 06:47:55 +01:00
|
|
|
- type: bind
|
|
|
|
source: {{internal_tls.proxy_crt_path}}
|
|
|
|
target: /etc/harbor/tls/proxy.crt
|
|
|
|
- type: bind
|
|
|
|
source: {{internal_tls.proxy_key_path}}
|
|
|
|
target: /etc/harbor/tls/proxy.key
|
2019-03-12 12:09:01 +01:00
|
|
|
{% endif %}
|
2018-11-15 04:09:57 +01:00
|
|
|
networks:
|
|
|
|
- harbor
|
|
|
|
ports:
|
2019-07-29 09:52:17 +02:00
|
|
|
- {{http_port}}:8080
|
2019-04-16 05:20:13 +02:00
|
|
|
{% if protocol == 'https' %}
|
2019-07-29 09:52:17 +02:00
|
|
|
- {{https_port}}:8443
|
2019-04-16 05:20:13 +02:00
|
|
|
{% endif %}
|
2020-10-18 18:16:02 +02:00
|
|
|
{% if metric.enabled %}
|
|
|
|
- {{metric.port}}:9090
|
2019-04-16 05:20:13 +02:00
|
|
|
{% endif %}
|
2018-11-15 04:09:57 +01:00
|
|
|
depends_on:
|
|
|
|
- registry
|
|
|
|
- core
|
|
|
|
- portal
|
|
|
|
- log
|
|
|
|
logging:
|
|
|
|
driver: "syslog"
|
2019-10-17 06:00:51 +02:00
|
|
|
options:
|
2021-05-13 11:16:53 +02:00
|
|
|
syslog-address: "tcp://localhost:1514"
|
2018-11-15 04:09:57 +01:00
|
|
|
tag: "proxy"
|
2020-02-10 16:46:26 +01:00
|
|
|
{% if with_trivy %}
|
|
|
|
trivy-adapter:
|
|
|
|
container_name: trivy-adapter
|
|
|
|
image: goharbor/trivy-adapter-photon:{{trivy_adapter_version}}
|
|
|
|
restart: always
|
|
|
|
cap_drop:
|
|
|
|
- ALL
|
|
|
|
depends_on:
|
2020-08-13 05:26:59 +02:00
|
|
|
- log
|
|
|
|
{% if external_redis == False %}
|
2020-02-10 16:46:26 +01:00
|
|
|
- redis
|
|
|
|
{% endif %}
|
2020-08-13 05:26:59 +02:00
|
|
|
networks:
|
|
|
|
- harbor
|
2020-02-10 16:46:26 +01:00
|
|
|
volumes:
|
|
|
|
- type: bind
|
|
|
|
source: {{data_volume}}/trivy-adapter/trivy
|
|
|
|
target: /home/scanner/.cache/trivy
|
|
|
|
- type: bind
|
|
|
|
source: {{data_volume}}/trivy-adapter/reports
|
|
|
|
target: /home/scanner/.cache/reports
|
2020-04-16 04:52:03 +02:00
|
|
|
- type: bind
|
2020-04-26 09:00:51 +02:00
|
|
|
source: ./common/config/shared/trust-certificates
|
|
|
|
target: /harbor_cust_cert
|
2020-04-16 04:52:03 +02:00
|
|
|
{% if internal_tls.enabled %}
|
2020-03-17 10:30:25 +01:00
|
|
|
- type: bind
|
|
|
|
source: {{internal_tls.trivy_adapter_crt_path}}
|
|
|
|
target: /etc/harbor/ssl/trivy_adapter.crt
|
|
|
|
- type: bind
|
|
|
|
source: {{internal_tls.trivy_adapter_key_path}}
|
|
|
|
target: /etc/harbor/ssl/trivy_adapter.key
|
|
|
|
{% endif %}
|
2020-02-10 16:46:26 +01:00
|
|
|
logging:
|
|
|
|
driver: "syslog"
|
|
|
|
options:
|
2021-05-13 11:16:53 +02:00
|
|
|
syslog-address: "tcp://localhost:1514"
|
2020-02-10 16:46:26 +01:00
|
|
|
tag: "trivy-adapter"
|
|
|
|
env_file:
|
|
|
|
./common/config/trivy-adapter/env
|
|
|
|
{% endif %}
|
2020-11-17 13:14:11 +01:00
|
|
|
{% if metric.enabled %}
|
|
|
|
exporter:
|
|
|
|
image: goharbor/harbor-exporter:{{version}}
|
|
|
|
container_name: harbor-exporter
|
|
|
|
env_file:
|
|
|
|
- ./common/config/exporter/env
|
|
|
|
restart: always
|
|
|
|
networks:
|
|
|
|
- harbor
|
|
|
|
depends_on:
|
|
|
|
- core
|
|
|
|
{% if external_database == False %}
|
|
|
|
- postgresql
|
|
|
|
{% endif %}
|
2021-01-20 03:52:34 +01:00
|
|
|
volumes:
|
|
|
|
- type: bind
|
|
|
|
source: ./common/config/shared/trust-certificates
|
|
|
|
target: /harbor_cust_cert
|
2020-11-17 13:14:11 +01:00
|
|
|
logging:
|
|
|
|
driver: "syslog"
|
|
|
|
options:
|
2021-05-13 11:16:53 +02:00
|
|
|
syslog-address: "tcp://localhost:1514"
|
2020-11-17 13:14:11 +01:00
|
|
|
tag: "exporter"
|
|
|
|
{% endif %}
|
2018-11-15 04:09:57 +01:00
|
|
|
networks:
|
|
|
|
harbor:
|
|
|
|
external: false
|
2023-02-16 11:11:05 +01:00
|
|
|
|