mirror of
https://github.com/goharbor/harbor.git
synced 2025-01-01 13:37:47 +01:00
a1ad6374ae
Mount the ca bunlder into registry controller, and add them into os trust store that resolves the problem of garabe collection on ca enabled registry. Signed-off-by: wang yan <wangyan@vmware.com>
408 lines
9.4 KiB
Django/Jinja
408 lines
9.4 KiB
Django/Jinja
version: '2'
|
|
services:
|
|
log:
|
|
image: goharbor/harbor-log:{{version}}
|
|
container_name: harbor-log
|
|
restart: always
|
|
dns_search: .
|
|
cap_drop:
|
|
- ALL
|
|
cap_add:
|
|
- CHOWN
|
|
- DAC_OVERRIDE
|
|
- SETGID
|
|
- SETUID
|
|
volumes:
|
|
- {{log_location}}/:/var/log/docker/:z
|
|
- ./common/config/log/:/etc/logrotate.d/:z
|
|
ports:
|
|
- 127.0.0.1:1514:10514
|
|
networks:
|
|
- harbor
|
|
registry:
|
|
image: goharbor/registry-photon:{{reg_version}}
|
|
container_name: registry
|
|
restart: always
|
|
cap_drop:
|
|
- ALL
|
|
cap_add:
|
|
- CHOWN
|
|
- SETGID
|
|
- SETUID
|
|
volumes:
|
|
- {{data_volume}}/registry:/storage:z
|
|
- ./common/config/registry/:/etc/registry/:z
|
|
- {{data_volume}}/secret/registry/root.crt:/etc/registry/root.crt:z
|
|
{% if gcs_keyfile %}
|
|
- {{gcs_keyfile}}:/etc/registry/gcs.key
|
|
{% endif %}
|
|
{%if registry_custom_ca_bundle_path %}
|
|
- {{registry_custom_ca_bundle_path}}:/harbor_cust_cert/custom-ca-bundle.crt:z
|
|
{% endif %}
|
|
networks:
|
|
- harbor
|
|
{% if with_clair %}
|
|
- harbor-clair
|
|
{% endif %}
|
|
dns_search: .
|
|
depends_on:
|
|
- log
|
|
logging:
|
|
driver: "syslog"
|
|
options:
|
|
syslog-address: "tcp://127.0.0.1:1514"
|
|
tag: "registry"
|
|
registryctl:
|
|
image: goharbor/harbor-registryctl:{{version}}
|
|
container_name: registryctl
|
|
env_file:
|
|
- ./common/config/registryctl/env
|
|
restart: always
|
|
cap_drop:
|
|
- ALL
|
|
cap_add:
|
|
- CHOWN
|
|
- SETGID
|
|
- SETUID
|
|
volumes:
|
|
- {{data_volume}}/registry:/storage:z
|
|
- ./common/config/registry/:/etc/registry/:z
|
|
- ./common/config/registryctl/config.yml:/etc/registryctl/config.yml:z
|
|
{%if registry_custom_ca_bundle_path %}
|
|
- {{registry_custom_ca_bundle_path}}:/harbor_cust_cert/custom-ca-bundle.crt:z
|
|
{% endif %}
|
|
networks:
|
|
- harbor
|
|
dns_search: .
|
|
depends_on:
|
|
- log
|
|
logging:
|
|
driver: "syslog"
|
|
options:
|
|
syslog-address: "tcp://127.0.0.1:1514"
|
|
tag: "registryctl"
|
|
postgresql:
|
|
image: goharbor/harbor-db:{{version}}
|
|
container_name: harbor-db
|
|
restart: always
|
|
cap_drop:
|
|
- ALL
|
|
cap_add:
|
|
- CHOWN
|
|
- DAC_OVERRIDE
|
|
- SETGID
|
|
- SETUID
|
|
volumes:
|
|
- {{data_volume}}/database:/var/lib/postgresql/data:z
|
|
networks:
|
|
harbor:
|
|
{% if with_notary %}
|
|
harbor-notary:
|
|
aliases:
|
|
- harbor-db
|
|
{% endif %}
|
|
{% if with_clair %}
|
|
harbor-clair:
|
|
aliases:
|
|
- harbor-db
|
|
{% endif %}
|
|
dns_search: .
|
|
env_file:
|
|
- ./common/config/db/env
|
|
depends_on:
|
|
- log
|
|
logging:
|
|
driver: "syslog"
|
|
options:
|
|
syslog-address: "tcp://127.0.0.1:1514"
|
|
tag: "postgresql"
|
|
core:
|
|
image: goharbor/harbor-core:{{version}}
|
|
container_name: harbor-core
|
|
env_file:
|
|
- ./common/config/core/env
|
|
- ./common/config/core/config_env
|
|
restart: always
|
|
cap_drop:
|
|
- ALL
|
|
cap_add:
|
|
- SETGID
|
|
- SETUID
|
|
volumes:
|
|
- ./common/config/core/app.conf:/etc/core/app.conf:z
|
|
- ./common/config/core/certificates/:/etc/core/certificates/:z
|
|
- {{data_volume}}/secret/core/private_key.pem:/etc/core/private_key.pem:z
|
|
- {{data_volume}}/secret/keys/secretkey:/etc/core/key:z
|
|
- {{data_volume}}/ca_download/:/etc/core/ca/:z
|
|
- {{data_volume}}/psc/:/etc/core/token/:z
|
|
- {{data_volume}}/:/data/:z
|
|
networks:
|
|
harbor:
|
|
{% if with_notary %}
|
|
harbor-notary:
|
|
{% endif %}
|
|
{% if with_clair %}
|
|
harbor-clair:
|
|
aliases:
|
|
- harbor-core
|
|
{% endif %}
|
|
{% if with_chartmuseum %}
|
|
harbor-chartmuseum:
|
|
aliases:
|
|
- harbor-core
|
|
{% endif %}
|
|
dns_search: .
|
|
depends_on:
|
|
- log
|
|
- registry
|
|
logging:
|
|
driver: "syslog"
|
|
options:
|
|
syslog-address: "tcp://127.0.0.1:1514"
|
|
tag: "core"
|
|
portal:
|
|
image: goharbor/harbor-portal:{{version}}
|
|
container_name: harbor-portal
|
|
restart: always
|
|
cap_drop:
|
|
- ALL
|
|
cap_add:
|
|
- CHOWN
|
|
- SETGID
|
|
- SETUID
|
|
- NET_BIND_SERVICE
|
|
networks:
|
|
- harbor
|
|
dns_search: .
|
|
depends_on:
|
|
- log
|
|
- core
|
|
logging:
|
|
driver: "syslog"
|
|
options:
|
|
syslog-address: "tcp://127.0.0.1:1514"
|
|
tag: "portal"
|
|
|
|
jobservice:
|
|
image: goharbor/harbor-jobservice:{{version}}
|
|
container_name: harbor-jobservice
|
|
env_file:
|
|
- ./common/config/jobservice/env
|
|
restart: always
|
|
cap_drop:
|
|
- ALL
|
|
cap_add:
|
|
- CHOWN
|
|
- SETGID
|
|
- SETUID
|
|
volumes:
|
|
- {{data_volume}}/job_logs:/var/log/jobs:z
|
|
- ./common/config/jobservice/config.yml:/etc/jobservice/config.yml:z
|
|
networks:
|
|
- harbor
|
|
{% if with_clair %}
|
|
- harbor-clair
|
|
{% endif %}
|
|
dns_search: .
|
|
depends_on:
|
|
- redis
|
|
- core
|
|
logging:
|
|
driver: "syslog"
|
|
options:
|
|
syslog-address: "tcp://127.0.0.1:1514"
|
|
tag: "jobservice"
|
|
redis:
|
|
image: goharbor/redis-photon:{{redis_version}}
|
|
container_name: redis
|
|
restart: always
|
|
cap_drop:
|
|
- ALL
|
|
cap_add:
|
|
- CHOWN
|
|
- SETGID
|
|
- SETUID
|
|
volumes:
|
|
- {{data_volume}}/redis:/var/lib/redis
|
|
networks:
|
|
harbor:
|
|
{% if with_chartmuseum %}
|
|
harbor-chartmuseum:
|
|
aliases:
|
|
- redis
|
|
{% endif %}
|
|
dns_search: .
|
|
depends_on:
|
|
- log
|
|
logging:
|
|
driver: "syslog"
|
|
options:
|
|
syslog-address: "tcp://127.0.0.1:1514"
|
|
tag: "redis"
|
|
proxy:
|
|
image: goharbor/nginx-photon:{{redis_version}}
|
|
container_name: nginx
|
|
restart: always
|
|
cap_drop:
|
|
- ALL
|
|
cap_add:
|
|
- CHOWN
|
|
- SETGID
|
|
- SETUID
|
|
- NET_BIND_SERVICE
|
|
volumes:
|
|
- ./common/config/nginx:/etc/nginx:z
|
|
{% if protocol == 'https' %}
|
|
- {{cert_key_path}}:/etc/nginx/cert/server.key:z
|
|
- {{cert_path}}:/etc/nginx/cert/server.crt:z
|
|
{% endif %}
|
|
networks:
|
|
- harbor
|
|
{% if with_notary %}
|
|
- harbor-notary
|
|
{% endif %}
|
|
dns_search: .
|
|
ports:
|
|
- {{http_port}}:80
|
|
{% if protocol == 'https' %}
|
|
- {{https_port}}:443
|
|
{% endif %}
|
|
{% if with_notary %}
|
|
- 4443:4443
|
|
{% endif %}
|
|
depends_on:
|
|
- postgresql
|
|
- registry
|
|
- core
|
|
- portal
|
|
- log
|
|
logging:
|
|
driver: "syslog"
|
|
options:
|
|
syslog-address: "tcp://127.0.0.1:1514"
|
|
tag: "proxy"
|
|
{% if with_notary %}
|
|
notary-server:
|
|
image: goharbor/notary-server-photon:{{notary_version}}
|
|
container_name: notary-server
|
|
restart: always
|
|
networks:
|
|
- notary-sig
|
|
- harbor-notary
|
|
dns_search: .
|
|
volumes:
|
|
- ./common/config/notary:/etc/notary:z
|
|
- {{data_volume}}/secret/notary/notary-signer-ca.crt:/etc/notary/notary-signer-ca.crt:z
|
|
- {{data_volume}}/secret/registry/root.crt:/etc/notary/root.crt:z
|
|
env_file:
|
|
- ./common/config/notary/server_env
|
|
depends_on:
|
|
- postgresql
|
|
- notary-signer
|
|
logging:
|
|
driver: "syslog"
|
|
options:
|
|
syslog-address: "tcp://127.0.0.1:1514"
|
|
tag: "notary-server"
|
|
notary-signer:
|
|
image: goharbor/notary-signer-photon:{{notary_version}}
|
|
container_name: notary-signer
|
|
restart: always
|
|
networks:
|
|
harbor-notary:
|
|
notary-sig:
|
|
aliases:
|
|
- notarysigner
|
|
dns_search: .
|
|
volumes:
|
|
- ./common/config/notary:/etc/notary:z
|
|
- {{data_volume}}/secret/notary/notary-signer.crt:/etc/notary/notary-signer.crt:z
|
|
- {{data_volume}}/secret/notary/notary-signer.key:/etc/notary/notary-signer.key:z
|
|
env_file:
|
|
- ./common/config/notary/signer_env
|
|
depends_on:
|
|
- postgresql
|
|
logging:
|
|
driver: "syslog"
|
|
options:
|
|
syslog-address: "tcp://127.0.0.1:1514"
|
|
tag: "notary-signer"
|
|
{% endif %}
|
|
{% if with_clair %}
|
|
clair:
|
|
networks:
|
|
- harbor-clair
|
|
container_name: clair
|
|
image: goharbor/clair-photon:{{clair_version}}
|
|
restart: always
|
|
cap_drop:
|
|
- ALL
|
|
cap_add:
|
|
- DAC_OVERRIDE
|
|
- SETGID
|
|
- SETUID
|
|
cpu_quota: 50000
|
|
dns_search: .
|
|
depends_on:
|
|
- postgresql
|
|
volumes:
|
|
- ./common/config/clair/config.yaml:/etc/clair/config.yaml:z
|
|
{%if registry_custom_ca_bundle_path %}
|
|
- {{registry_custom_ca_bundle_path}}:/harbor_cust_cert/custom-ca-bundle.crt:z
|
|
{% endif %}
|
|
logging:
|
|
driver: "syslog"
|
|
options:
|
|
syslog-address: "tcp://127.0.0.1:1514"
|
|
tag: "clair"
|
|
env_file:
|
|
./common/config/clair/clair_env
|
|
{% endif %}
|
|
{% if with_chartmuseum %}
|
|
chartmuseum:
|
|
container_name: chartmuseum
|
|
image: goharbor/chartmuseum-photon:{{chartmuseum_version}}
|
|
restart: always
|
|
cap_drop:
|
|
- ALL
|
|
cap_add:
|
|
- CHOWN
|
|
- DAC_OVERRIDE
|
|
- SETGID
|
|
- SETUID
|
|
networks:
|
|
- harbor-chartmuseum
|
|
dns_search: .
|
|
depends_on:
|
|
- redis
|
|
volumes:
|
|
- {{data_volume}}/chart_storage:/chart_storage:z
|
|
- ./common/config/chartserver:/etc/chartserver:z
|
|
{%if registry_custom_ca_bundle_path %}
|
|
- {{registry_custom_ca_bundle_path}}:/harbor_cust_cert/custom-ca-bundle.crt:z
|
|
{% endif %}
|
|
logging:
|
|
driver: "syslog"
|
|
options:
|
|
syslog-address: "tcp://127.0.0.1:1514"
|
|
tag: "chartmuseum"
|
|
env_file:
|
|
./common/config/chartserver/env
|
|
{% endif %}
|
|
networks:
|
|
harbor:
|
|
external: false
|
|
{% if with_notary %}
|
|
harbor-notary:
|
|
external: false
|
|
notary-sig:
|
|
external: false
|
|
{% endif %}
|
|
{% if with_clair %}
|
|
harbor-clair:
|
|
external: false
|
|
{% endif %}
|
|
{% if with_chartmuseum %}
|
|
harbor-chartmuseum:
|
|
external: false
|
|
{% endif %} |