Upstream/harbor
1
0
Fork 0
mirror of https://github.com/goharbor/harbor.git synced 2024-11-05 10:10:12 +01:00
Code Issues Projects Releases Wiki Activity
e1a7bfa32d
harbor/make/docker-compose.clair.tpl
Wenkai Yin fefb955cfe Drop all capabilities when starting containers 
Drop all capabilities when starting containers by modifying docker-compose files to avoid security issue

Signed-off-by: Wenkai Yin <yinw@vmware.com>
2018-11-23 15:38:21 +08:00

48 lines
979 B
Smarty
Raw Blame History

version: '2'
services:
core:
networks:
harbor-clair:
aliases:
- harbor-core
jobservice:
networks:
- harbor-clair
registry:
networks:
- harbor-clair
postgresql:
networks:
harbor-clair:
aliases:
- harbor-db
clair:
networks:
- harbor-clair
container_name: clair
image: goharbor/clair-photon:__clair_version__
restart: always
cap_drop:
- ALL
cap_add:
- DAC_OVERRIDE
- SETGID
- SETUID
cpu_quota: 50000
dns_search: .
depends_on:
- postgresql
volumes:
- ./common/config/clair/config.yaml:/etc/clair/config.yaml:z
- ./common/config/custom-ca-bundle.crt:/harbor_cust_cert/custom-ca-bundle.crt:z
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "clair"
env_file:
./common/config/clair/clair_env
networks:
harbor-clair:
external: false
Reference in New Issue View Git Blame Copy Permalink