harbor/make/docker-compose.notary.tpl
Wenkai Yin fefb955cfe Drop all capabilities when starting containers
Drop all capabilities when starting containers by modifying docker-compose files to avoid security issue

Signed-off-by: Wenkai Yin <yinw@vmware.com>
2018-11-23 15:38:21 +08:00

69 lines
1.4 KiB
Smarty

version: '2'
services:
core:
networks:
- harbor-notary
proxy:
networks:
- harbor-notary
postgresql:
networks:
harbor-notary:
aliases:
- harbor-db
notary-server:
image: goharbor/notary-server-photon:__notary_version__
container_name: notary-server
restart: always
cap_drop:
- ALL
cap_add:
- SETGID
- SETUID
networks:
- notary-sig
- harbor-notary
dns_search: .
volumes:
- ./common/config/notary:/etc/notary:z
env_file:
- ./common/config/notary/server_env
depends_on:
- postgresql
- notary-signer
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "notary-server"
notary-signer:
image: goharbor/notary-signer-photon:__notary_version__
container_name: notary-signer
restart: always
cap_drop:
- ALL
cap_add:
- SETGID
- SETUID
networks:
harbor-notary:
notary-sig:
aliases:
- notarysigner
dns_search: .
volumes:
- ./common/config/notary:/etc/notary:z
env_file:
- ./common/config/notary/signer_env
depends_on:
- postgresql
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "notary-signer"
networks:
harbor-notary:
external: false
notary-sig:
external: false