mirror of
https://github.com/goharbor/harbor.git
synced 2024-11-24 03:05:39 +01:00
6f335bdb1a
This change involves using non-root user to run the process of the docker images. Also made update in Dockerfile to make the containers support "read-only" and introduce "HEALTHCHECK". Note the "read-only" options are not enabled in docker-compose, to cover the very corner case when user wants to update the container filesystem manually. Remove read only option from docker-compose template by default
27 lines
636 B
Docker
27 lines
636 B
Docker
FROM vmware/photon:1.0
|
|
|
|
MAINTAINER wangyan@vmware.com
|
|
|
|
# The original script in the docker offical registry image.
|
|
RUN tdnf distro-sync -y \
|
|
&& tdnf erase vim -y \
|
|
&& tdnf install sudo -y \
|
|
&& tdnf clean all \
|
|
&& groupadd -r -g 10000 harbor && useradd --no-log-init -r -g 10000 -u 10000 harbor
|
|
|
|
COPY entrypoint.sh /
|
|
RUN chmod u+x /entrypoint.sh
|
|
|
|
RUN mkdir -p /etc/registry
|
|
COPY config.yml /etc/registry/config.yml
|
|
|
|
COPY binary/registry /usr/bin
|
|
RUN chmod u+x /usr/bin/registry
|
|
|
|
HEALTHCHECK CMD curl 127.0.0.1:5000/
|
|
|
|
VOLUME ["/var/lib/registry"]
|
|
EXPOSE 5000
|
|
ENTRYPOINT ["/entrypoint.sh"]
|
|
CMD ["/etc/registry/config.yml"]
|