mirror of
https://github.com/goharbor/harbor.git
synced 2024-11-24 11:15:24 +01:00
6f335bdb1a
This change involves using non-root user to run the process of the docker images. Also made update in Dockerfile to make the containers support "read-only" and introduce "HEALTHCHECK". Note the "read-only" options are not enabled in docker-compose, to cover the very corner case when user wants to update the container filesystem manually. Remove read only option from docker-compose template by default
141 lines
3.2 KiB
Smarty
141 lines
3.2 KiB
Smarty
version: '2'
|
|
services:
|
|
log:
|
|
image: vmware/harbor-log:__version__
|
|
container_name: harbor-log
|
|
env_file:
|
|
- ./common/config/log/env
|
|
restart: always
|
|
volumes:
|
|
- /var/log/harbor/:/var/log/docker/:z
|
|
ports:
|
|
- 127.0.0.1:1514:10514
|
|
networks:
|
|
- harbor
|
|
registry:
|
|
image: vmware/registry:2.6.2-photon
|
|
container_name: registry
|
|
restart: always
|
|
volumes:
|
|
- /data/registry:/storage:z
|
|
- ./common/config/registry/:/etc/registry/:z
|
|
networks:
|
|
- harbor
|
|
environment:
|
|
- GODEBUG=netdns=cgo
|
|
command:
|
|
["serve", "/etc/registry/config.yml"]
|
|
depends_on:
|
|
- log
|
|
logging:
|
|
driver: "syslog"
|
|
options:
|
|
syslog-address: "tcp://127.0.0.1:1514"
|
|
tag: "registry"
|
|
mysql:
|
|
image: vmware/harbor-db:__version__
|
|
container_name: harbor-db
|
|
restart: always
|
|
volumes:
|
|
- /data/database:/var/lib/mysql:z
|
|
networks:
|
|
- harbor
|
|
env_file:
|
|
- ./common/config/db/env
|
|
depends_on:
|
|
- log
|
|
logging:
|
|
driver: "syslog"
|
|
options:
|
|
syslog-address: "tcp://127.0.0.1:1514"
|
|
tag: "mysql"
|
|
adminserver:
|
|
image: vmware/harbor-adminserver:__version__
|
|
container_name: harbor-adminserver
|
|
env_file:
|
|
- ./common/config/adminserver/env
|
|
restart: always
|
|
volumes:
|
|
- /data/config/:/etc/adminserver/config/:z
|
|
- /data/secretkey:/etc/adminserver/key:z
|
|
- /data/:/data/:z
|
|
networks:
|
|
- harbor
|
|
depends_on:
|
|
- log
|
|
logging:
|
|
driver: "syslog"
|
|
options:
|
|
syslog-address: "tcp://127.0.0.1:1514"
|
|
tag: "adminserver"
|
|
ui:
|
|
image: vmware/harbor-ui:__version__
|
|
container_name: harbor-ui
|
|
env_file:
|
|
- ./common/config/ui/env
|
|
restart: always
|
|
volumes:
|
|
- ./common/config/ui/app.conf:/etc/ui/app.conf:z
|
|
- ./common/config/ui/private_key.pem:/etc/ui/private_key.pem:z
|
|
- ./common/config/ui/certificates/:/etc/ui/certifates/
|
|
- /data/secretkey:/etc/ui/key:z
|
|
- /data/ca_download/:/etc/ui/ca/:z
|
|
- /data/psc/:/etc/ui/token/:z
|
|
networks:
|
|
- harbor
|
|
depends_on:
|
|
- log
|
|
- adminserver
|
|
- registry
|
|
logging:
|
|
driver: "syslog"
|
|
options:
|
|
syslog-address: "tcp://127.0.0.1:1514"
|
|
tag: "ui"
|
|
jobservice:
|
|
image: vmware/harbor-jobservice:__version__
|
|
container_name: harbor-jobservice
|
|
env_file:
|
|
- ./common/config/jobservice/env
|
|
restart: always
|
|
volumes:
|
|
- /data/job_logs:/var/log/jobs:z
|
|
- ./common/config/jobservice/app.conf:/etc/jobservice/app.conf:z
|
|
- /data/secretkey:/etc/jobservice/key:z
|
|
networks:
|
|
- harbor
|
|
depends_on:
|
|
- ui
|
|
- adminserver
|
|
logging:
|
|
driver: "syslog"
|
|
options:
|
|
syslog-address: "tcp://127.0.0.1:1514"
|
|
tag: "jobservice"
|
|
proxy:
|
|
image: vmware/nginx-photon:1.11.13
|
|
container_name: nginx
|
|
restart: always
|
|
volumes:
|
|
- ./common/config/nginx:/etc/nginx:z
|
|
networks:
|
|
- harbor
|
|
ports:
|
|
- 80:80
|
|
- 443:443
|
|
- 4443:4443
|
|
depends_on:
|
|
- mysql
|
|
- registry
|
|
- ui
|
|
- log
|
|
logging:
|
|
driver: "syslog"
|
|
options:
|
|
syslog-address: "tcp://127.0.0.1:1514"
|
|
tag: "proxy"
|
|
networks:
|
|
harbor:
|
|
external: false
|
|
|