This change involves using non-root user to run the process of the
docker images. Also made update in Dockerfile to make the containers
support "read-only" and introduce "HEALTHCHECK". Note the "read-only"
options are not enabled in docker-compose, to cover the very corner
case when user wants to update the container filesystem manually.
Remove read only option from docker-compose template by default
This change reworked the vmware/harbor-db image to build it on top of
vmware/mariadb-photon.
Also made minor change in the entrypoint script of mariadb image to
execute upgrade script during bootstrap, and fix a file permission
issue in the bootstrap scripts.
The certificate verification is on system level before this commit. Moving it
to target level makes the configuration more flexible for different targets.
The following features are only enabled in integration mode, this commit moves
these to standalone Harbor:
- Content trust policy: only signed images can be pulled
- Vulnerability policy: only images whose severity is below the threshold can be pulled
- Automatic scan policy: automatic scan pushed images
