diff --git a/README.md b/README.md index 213cb55..2cd451c 100644 --- a/README.md +++ b/README.md @@ -79,9 +79,9 @@ after it, you are able to exec some ansbible-runs like: if everything works fine, plz push the created docker container with: - docker login dev-docker-registry-01.smardigo.digital - docker tag XXXXXXXX dev-docker-registry-01.smardigo.digital/awx/awx-custom-ee:latest - docker push dev-docker-registry-01.smardigo.digital/awx/awx-custom-ee + docker login dev-harbor-01.smardigo.digital + docker tag XXXXXXXX dev-harbor-01.smardigo.digital/awx/awx-custom-ee:latest + docker push dev-harbor-01.smardigo.digital/awx/awx-custom-ee diff --git a/ansible-builder/README.md b/ansible-builder/README.md index ff6f5e9..4a9fadf 100644 --- a/ansible-builder/README.md +++ b/ansible-builder/README.md @@ -1,6 +1,6 @@ # Execution Environment for AWX - ansible-builder build --tag dev-docker-registry-01.smardigo.digital/awx/awx-custom-ee:latest - docker login dev-docker-registry-01.smardigo.digital - docker tag XXXXXXXX dev-docker-registry-01.smardigo.digital/awx/awx-custom-ee:latest - docker push dev-docker-registry-01.smardigo.digital/awx/awx-custom-ee + ansible-builder build --tag dev-harbor-01.smardigo.digital/awx/awx-custom-ee:latest + docker login dev-harbor-01.smardigo.digital + docker tag XXXXXXXX dev-harbor-01.smardigo.digital/awx/awx-custom-ee:latest + docker push dev-harbor-01.smardigo.digital/awx/awx-custom-ee diff --git a/docker/dregsy/config.yaml b/docker/dregsy/config.yaml index b6da153..9a8363b 100644 --- a/docker/dregsy/config.yaml +++ b/docker/dregsy/config.yaml @@ -48,7 +48,7 @@ tasks: registry: docker.dev-at.de auth: eyJ1c2VybmFtZSI6ImFkbWluIiwicGFzc3dvcmQiOiJRNHB6aWhWRFl3eUthZEM3NmxiNCJ9Cg== target: - registry: dev-docker-registry-01.smardigo.digital + registry: dev-harbor-01.smardigo.digital auth: eyJ1c2VybmFtZSI6InJvYm90JGFuc2libGUiLCJwYXNzd29yZCI6IlAwRmJkb2tSc3V0V2lvVWl2cmI5TzVET05HY2FHNk1KIn0K # 'mappings' is a list of 'from':'to' pairs that define mappings of image @@ -84,7 +84,7 @@ tasks: registry: docker.dev-at.de auth: eyJ1c2VybmFtZSI6ImFkbWluIiwicGFzc3dvcmQiOiJRNHB6aWhWRFl3eUthZEM3NmxiNCJ9Cg== target: - registry: dev-docker-registry-01.smardigo.digital + registry: dev-harbor-01.smardigo.digital auth: eyJ1c2VybmFtZSI6InJvYm90JGFuc2libGUiLCJwYXNzd29yZCI6IlAwRmJkb2tSc3V0V2lvVWl2cmI5TzVET05HY2FHNk1KIn0K mappings: - from: smardigo/sensw-app @@ -107,7 +107,7 @@ tasks: registry: docker.dev-at.de auth: eyJ1c2VybmFtZSI6ImFkbWluIiwicGFzc3dvcmQiOiJRNHB6aWhWRFl3eUthZEM3NmxiNCJ9Cg== target: - registry: dev-docker-registry-01.smardigo.digital + registry: dev-harbor-01.smardigo.digital auth: eyJ1c2VybmFtZSI6InJvYm90JGFuc2libGUiLCJwYXNzd29yZCI6IlAwRmJkb2tSc3V0V2lvVWl2cmI5TzVET05HY2FHNk1KIn0K mappings: - from: smardigo/ssp-connect-app diff --git a/group_vars/all/plain.yml b/group_vars/all/plain.yml index 6364bcb..b3704f5 100644 --- a/group_vars/all/plain.yml +++ b/group_vars/all/plain.yml @@ -119,11 +119,11 @@ docker_compose_path: "/usr/bin/docker-compose" service_base_path: '/etc/smardigo' # TODO we need a company email addresses -gitea_admin_email: "sven.ketelsen@netgo.de" -lets_encrypt_email: "sven.ketelsen@netgo.de" -docker_admin_email: "sven.ketelsen@netgo.de" -connect_admin_email: "sven.ketelsen@netgo.de" -keycloak_admin_email: "sven.ketelsen@netgo.de" +gitea_admin_email: "nso.devops@netgo.de" +lets_encrypt_email: "nso.devops@netgo.de" +docker_admin_email: "nso.devops@netgo.de" +connect_admin_email: "nso.devops@netgo.de" +keycloak_admin_email: "nso.devops@netgo.de" http_port: "80" https_port: "443" diff --git a/group_vars/keycloak/plain.yml b/group_vars/keycloak/plain.yml index b1b85d3..0eeba68 100644 --- a/group_vars/keycloak/plain.yml +++ b/group_vars/keycloak/plain.yml @@ -34,18 +34,18 @@ keycloak: { ], clients: [ { - clientId: '{{ docker_registry_oidc_client_id }}', - name: '{{ docker_registry_oidc_client_id }}', + clientId: '{{ harbor_oidc_client_id }}', + name: '{{ harbor_oidc_client_id }}', admin_url: '', root_url: '', redirect_uris: ' [ - "{{ http_s }}://{{ stage }}-docker-registry-01.{{ domain }}/*", + "{{ http_s }}://{{ shared_service_harbor_hostname }}/*", ]', - secret: '{{ docker_registry_oidc_client_secret }}', + secret: '{{ harbor_oidc_client_secret }}', web_origins: ' [ - "{{ http_s }}://{{ stage }}-docker-registry-01.{{ domain }}", + "{{ http_s }}://{{ shared_service_harbor_hostname }}", ]', } ] diff --git a/group_vars/management/plain.yml b/group_vars/management/plain.yml index 7647b33..db29f05 100644 --- a/group_vars/management/plain.yml +++ b/group_vars/management/plain.yml @@ -2,7 +2,7 @@ hetzner_server_type: cx21 -connect_image_version: "latest" +connect_image_version: "8.5.8" connect_admin_username: "{{ management_admin_username }}" connect_admin_password: "{{ management_admin_password }}" diff --git a/group_vars/stage_dev/plain.yml b/group_vars/stage_dev/plain.yml index bedcb34..5165d47 100644 --- a/group_vars/stage_dev/plain.yml +++ b/group_vars/stage_dev/plain.yml @@ -28,8 +28,8 @@ shared_service_logstash_01: "{{ stage_server_infos | list | first | default('-') }}" -shared_service_docker_ip: "{{ stage_server_infos - | selectattr('name', 'match', stage + '-docker-registry-01' ) +shared_service_harbor_ip: "{{ stage_server_infos + | selectattr('name', 'match', stage + '-harbor-01' ) | map(attribute='private_ip') | list | first @@ -155,7 +155,7 @@ shared_service_kube_prometheus_hostname: "{{ stage }}-kube-prometheus.{{ domain shared_service_pdns_hostname: "{{ stage }}-pdns-01.{{ domain }}" shared_service_webdav_hostname: "{{ stage }}-webdav-01.{{ domain }}" shared_service_keycloak_hostname: "{{ stage }}-keycloak-01.{{ domain }}" -shared_service_docker_registry_hostname: "{{ stage }}-docker-registry-01.{{ domain }}" +shared_service_harbor_hostname: "{{ stage }}-harbor-01.{{ domain }}" management_service_connect_hostname: "{{ stage }}-management-01-connect.{{ domain }}" @@ -191,8 +191,8 @@ shared_service_hosts: [ name: "{{ shared_service_postgres_01_hostname }}" }, { - ip: "{{ shared_service_docker_ip }}", - name: "{{ shared_service_docker_registry_hostname }}" + ip: "{{ shared_service_harbor_ip }}", + name: "{{ shared_service_harbor_hostname }}" }, { ip: "{{ shared_service_mail_ip }}", @@ -259,12 +259,12 @@ elastic_stack_network: { dev-elastic-stack-elastic-03: "{{ shared_service_elastic_03 }}", } -docker_registry_oidc_realm: "docker" -docker_registry_oidc_client_id: "docker-registry" +harbor_oidc_realm: "docker" +harbor_oidc_client_id: "harbor" postgres_listen_addresses: "listen_addresses = 'localhost,{{ stage_server_ip }},{{ stage_private_server_ip }}'" -connect_image_version: "latest" +connect_image_version: "8.5.8" iam_image_version: "latest" management_oidc_realm: "management" @@ -300,8 +300,8 @@ harbor_admin_username: "{{ harbor_admin_username_vault }}" harbor_admin_password: "{{ harbor_admin_password_vault }}" harbor_postgresql_password: "{{ harbor_postgresql_password_vault }}" -docker_registry_username: "{{ docker_registry_username_vault }}" -docker_registry_token: "{{ docker_registry_token_vault }}" +harbor_username: "{{ docker_registry_username_vault }}" +harbor_token: "{{ docker_registry_token_vault }}" elastic_admin_username: "{{ elastic_admin_username_vault }}" elastic_admin_password: "{{ elastic_admin_password_vault }}" @@ -326,5 +326,5 @@ argocd_server_admin_password: "{{ argocd_server_admin_password_vault }}" netgo_msteams_hook_alerting: "{{ netgo_msteams_hook_alerting_vault }}" -docker_registry_oidc_client_secret: "{{ docker_registry_oidc_client_secret_vault }}" +harbor_oidc_client_secret: "{{ docker_registry_oidc_client_secret_vault }}" management_oidc_client_secret: "{{ management_oidc_client_secret_vault }}" diff --git a/group_vars/stage_qa/plain.yml b/group_vars/stage_qa/plain.yml index 318cfd2..f3eeaa9 100644 --- a/group_vars/stage_qa/plain.yml +++ b/group_vars/stage_qa/plain.yml @@ -28,8 +28,8 @@ shared_service_logstash_01: "{{ stage_server_infos | list | first | default('-') }}" -shared_service_docker_ip: "{{ stage_server_infos - | selectattr('name', 'match', stage + '-docker-registry-01' ) +shared_service_harbor_ip: "{{ stage_server_infos + | selectattr('name', 'match', stage + '-harbor-01' ) | map(attribute='private_ip') | list | first @@ -155,7 +155,7 @@ shared_service_kube_prometheus_hostname: "{{ stage }}-kube-prometheus.{{ domain shared_service_pdns_hostname: "{{ stage }}-pdns-01.{{ domain }}" shared_service_webdav_hostname: "{{ stage }}-webdav-01.{{ domain }}" shared_service_keycloak_hostname: "{{ stage }}-keycloak-01.{{ domain }}" -shared_service_docker_registry_hostname: "{{ stage }}-docker-registry-01.{{ domain }}" +shared_service_harbor_hostname: "{{ stage }}-harbor-01.{{ domain }}" management_service_connect_hostname: "{{ stage }}-management-01-connect.{{ domain }}" @@ -191,8 +191,8 @@ shared_service_hosts: [ name: "{{ shared_service_postgres_01_hostname }}" }, { - ip: "{{ shared_service_docker_ip }}", - name: "{{ shared_service_docker_registry_hostname }}" + ip: "{{ shared_service_harbor_ip }}", + name: "{{ shared_service_harbor_hostname }}" }, { ip: "{{ shared_service_mail_ip }}", @@ -259,12 +259,12 @@ elastic_stack_network: { qa-elastic-stack-elastic-03: "{{ shared_service_elastic_03 }}", } -docker_registry_oidc_realm: "docker" -docker_registry_oidc_client_id: "docker-registry" +harbor_oidc_realm: "docker" +harbor_oidc_client_id: "harbor" postgres_listen_addresses: "listen_addresses = 'localhost,{{ stage_server_ip }},{{ stage_private_server_ip }}'" -connect_image_version: "latest" +connect_image_version: "8.5.8" iam_image_version: "latest" management_oidc_realm: "management" @@ -300,8 +300,8 @@ harbor_admin_username: "{{ harbor_admin_username_vault }}" harbor_admin_password: "{{ harbor_admin_password_vault }}" harbor_postgresql_password: "{{ harbor_postgresql_password_vault }}" -docker_registry_username: "{{ docker_registry_username_vault }}" -docker_registry_token: "{{ docker_registry_token_vault }}" +harbor_username: "{{ docker_registry_username_vault }}" +harbor_token: "{{ docker_registry_token_vault }}" elastic_admin_username: "{{ elastic_admin_username_vault }}" elastic_admin_password: "{{ elastic_admin_password_vault }}" @@ -326,5 +326,5 @@ argocd_server_admin_password: "{{ argocd_server_admin_password_vault }}" netgo_msteams_hook_alerting: "{{ netgo_msteams_hook_alerting_vault }}" -docker_registry_oidc_client_secret: "{{ docker_registry_oidc_client_secret_vault }}" +harbor_oidc_client_secret: "{{ docker_registry_oidc_client_secret_vault }}" management_oidc_client_secret: "{{ management_oidc_client_secret_vault }}" diff --git a/group_vars/stage_qa/vault.yml b/group_vars/stage_qa/vault.yml index f4d2c94..4b13e8f 100644 --- a/group_vars/stage_qa/vault.yml +++ b/group_vars/stage_qa/vault.yml @@ -1,85 +1,82 @@ $ANSIBLE_VAULT;1.1;AES256 -63356234316338353566626562643535363235383432383961373931343331326564326661343736 -3666366335386237363664333361393132376532373163320a356564393039336637623263376437 -38333365323231333264616432313736376332633064396363313261316331646338656638363633 -3934373337306464630a333736623135613034666436313066643839333936646637616366316337 -63343561383066386237366335643634633439373961353332306264363930626362323932303834 -33383365633036326232393430323561623631346539336331386365386132386237313839393534 -66666463643739376665356439316435383135613166323736323434623337663733646662383939 -66393966666237623538643966633566396232313530356335393730646439336661633935383632 -65656634643064303937383261306636396435333136366661633462363766623831333635643834 -62383130363237633935643035363538313035363830376161373239626662663335616362303966 -36626162623138386430303138393138356431653635663437626532666330656135386336333164 -39633462343538353534633065383132363261313164323763363634343631373630346531613532 -37376331386335336161373132383834613835613266653130633231643239333437346563333966 -36393536633165396637653534346231633662626334613432313032383631613164633566643433 -37656134323365336562396238383062656161386262623831366135343532303436633265396534 -66653166633864653338613231633661366338323865316663313961373664643166656338666265 -37333763626238613432393564363936373263663436633330366161653139386437326636653264 -63366461663064306561363134333734363336353736613336613032633065323238306461633266 -33663439336664303565646332666239373234393561393137323537646234306564613438373834 -36653566616364663835666230373738643035383835396235653236643038646130356339383963 -35633837376635303235653866313530353761626366353435336135623863666231636663656163 -33326664343732623363663466613936346636633163653330643532303434336265393064346631 -38613464383834316239633336313131653132653433633062666563396136623236656337646563 -39666535356530373632633835646635396663343562303561656134316233646439633130663730 -66363565623461393835656437626661643263353237636132363664646434623066343566643065 -66346334613866623636353365663933653439323162646137376361356238336563376338663861 -37393362616361303365636132666562346638616439643435363430636435313161386336343233 -62303630623231623466383533353961383835613333636266343531623766316462643539663833 -63353830363564386536383866633530646636323234353962353861333939323138623430303165 -33636436313932326162356363346130383433353466326133336161653865653565363861393835 -35646238336161613463343362303861336366613065366231313032636664653837663237383230 -35356339656332353130343137616562356362353765653865396336306532663833356633643630 -38633639326535643665303630323235356534626633383838343962613963353339393638386265 -36396237366331643866356361376534386532333134623965343637313835663635383934663838 -30653935316633326265633833616432323761643730326265313638623835666663666466306339 -38303161363935643936663865636230626533616337386665646363623666356532646237393261 -30313938633361613364306138376339306561393937663831303233323731383666653936613939 -34633863353834376463356630336233383837313538643161626439613939346334396533396466 -37643333393063613666646438363033333937383262616334376266306234313861656663653034 -36303436356261333135313030653931653239363031396130373431646363653035353461373537 -61303765393831396337363033356535313433623539626433363634343637336564613338363138 -33663937643732336231313462623163386264383436306435643235306133316336376236393330 -31643833376261363863666638623130393531363938393064643463316566326637633965666337 -31616238376235343238336236396234643666346431356232616461343138613534653538326131 -36313866303733666534326332366338353337333531663036646566376462363461393038333766 -30633030333732613732633836386530313065633164623131326433636635393838663666373163 -38623237373962393336663330666133326261383162303130303464366462366261366436396534 -36373865616335626664333164663538366162333366386232323566303237396266626539313333 -34313731653261613138333738643462373931393561646131653931333865386434656637633134 -64646462623966356134626431376636613864343538373264623436336236623031313033383763 -62346534643938323565393866333035636535376461316336356531306439666633356261393135 -62653862373731393934363338633434376430313063356666376438383032353935363132313239 -30386263633333323862323832333561386439616463363365653230373838326137353830373336 -30653635353166356463643038303335633839326430666632366237363233376334333334623839 -39306636323435613039633738306364386366623435333263303139376236356130636566343764 -30666230376532336539326538646331353638653766656365656662383538626138656231633231 -64303461613161323230306131323434633632306661666133643330323066373131376466373536 -62346434323863343530613663656538366463373432653562333238613563323434626236353363 -63656464376331653835643533313162656665386163636236333963363835376464306230316339 -33386464656637633339666665383933613239353130386533643632363936366564636666616166 -32626539623661666564313761363631343439326265393633306138373362323330333063643632 -61396565333365663031316566306334646162303361346466336635336134353835353537613939 -36353662373666653036366434323063346634653431396630396665623334636266326565643435 -31666134396363663833303936623630623634356334633762623739666365613034366536356264 -35353963643339636638306463363137646132366561666164373735336635373464616361613036 -33393138663730343865386531303462616535663363653034396234376130613133613165333466 -39303132323037366262363865313334663662396365393730316132366564633131356230306531 -30333565333762323836663538623539326364646333376565616636333231396664663364666465 -30303166393231393831373837383333653465643135323664346432353434653436326266343730 -35643633646233363434393936343362636563316433663434306434356563616666626132363463 -65323638646131383337316430393435383930393863383066373232313531313039616564353662 -38323136343138366633643535323035376239383466633664323662326565613734636136343233 -35653663633166653264363562666533323035306539666362363566633732363233613366303736 -64356666326533626662393633653438643938343734663536653365346464306432323137386433 -32366235303539363031636364333037343137333230383239626663326535313139663139613434 -66633630333335366165356534303333373739653431643335333837306533313263333762626431 -33383938623336663236646362616231663462303533333639303835356233663035613034303264 -31383938393530376665373066623462663366643864646538623162326538313837623832616339 -38323861653832386365613333303430383065323330666565343264353465306231303935363762 -38303263623339326433333566313134623735366366656465643766663664343663326261373130 -65366137626464656633376536346561633266343735363262326362353061323838383536643761 -63666331313362626232656237303564613734643034623330656235656234613033336662306230 -37626535653235353862626264373039343132646538306638666635623531623235633665643533 -36633333653566656163 +39643163623762306538313033363736393930643464336238313265666231353662396663323237 +3639623961663831363065336335313636343839313034620a626330393237336265333738333132 +32633461373037646166356563363365356631333431616662353633646637346561306331343163 +3130333631666165300a343830303464393337393939666637366630626331373763313730656262 +65356531353331303635636330316164336532393262396636643630656664343439393631363561 +30356635656664303563336134386531313365613030306539663964346262363739363731393932 +34643266626338613236383031343336613039363062663437366162613235633666343364393839 +34636630393632633037313931646330626163343066323965306230353230666433346664653731 +65656438353434393864353334666564343030366234663862313830393333353239373033326363 +63313231326637383164646266356337643734363339616133613562663033633363616137363131 +32356138313134653533623865343066353061653363313738326164373734653532383632616536 +33623834663130656630386138616233336165656438636534353836656135353339376665343934 +38313530393762353733646232386533663264663038326530323533396239393731336638666239 +36373033366135373139616636316562333931313138613136663136366538636638333431623562 +39303032336165623066373431343438333964623636636666376437666239373164303430333464 +30356466313661383837393164393539616133396564636565373865363962356230353562346138 +65633030373339626262643066396432653535613731306130383763333434343539326339653831 +35616265316533653834336138316530353338616337333964363061343731373836353731656535 +30613638656265633334393035633435623666373033393538313338383964363638626438373731 +61313561656664616631653134623965336263323463666433346561646435346330323935643861 +31386662393637363733376566663666373332343437643630616663376235376436613861313931 +38626562656333343365353461383132353636666162663836633831643335663766643433323038 +35613332353639343339363865663236333336386238306534343065343430346236323865383637 +38363039346461613564653734303839633631386632386230636232656462373963326366306464 +66303233613765343262346237666362613362326635663831626238633936656438623737333966 +36636539343536366335303235313966306666343537626462343331653534386537653530613939 +39343331613639316237306362633261646161333231643532346430313134636664663732383161 +61643766396463636334323031346433393362323165346435383366356263623030623334356331 +39323032323562336135353166656163626439613166373532366439643634346336633436323035 +37646334346131313034623233323032616566383261303632653262646565343330363934313939 +30343632333465373939376530636466666134666333363431353761316164363465336138373866 +35633866323230326462343264666266363965383734313066643733613231656463326166343635 +37633237636134623836363739356331623933613363636238653633363462626336373761353433 +66623361326464643534636438393763396363343038353833353339656338313731326432393134 +61633533663161373161373165326634363736383965383230626461646539623163646532356237 +63613838616436626462666561376434366365633239643933386232653265396363383666376137 +38636263646561363933626366623263313331353932393636343936376164393265646165633130 +39363764626238643432646338353534323737663361303336376463306439383461366232393533 +30633533333937313338343630326632373831333562633634356366376535303932663361633165 +65626237363332313830393231373537343561633233616462626561333563306431316238616364 +32653363383438303232346561353266646536316632353531616436396636346166376530383563 +66396330303465626239653637323539376261373831616439363864376430396530636430623330 +35323165663366653961303732336239656265383361343839663332616161663137373939383664 +37383731653034336336656165386265613937636434393964643266613233663663383034616261 +30613666343034343134343332306363666339643838316639373334376132666632346438656164 +36326364383731366138636131346165653737383965323166393633623764613063623338636237 +38363033663634376632346539623938323261313235616531393466623039616639616430663737 +38303537346636373665386539653565313632356233333031656434633766376139346361373639 +63313063353465316434303866643639313030326363383135303536623662326261353831326537 +33616234333836376631326133356564616563623334373037333161333933323333386662303239 +37316238656436396266663066393431646464333162343833303132383862616237383637303131 +34386630643637316636373564636261626130643963643632343334373630356539303332333730 +38643866356261383738633861373138653835373632666533366432383436383431653433636434 +33623966633261383164633836336466336431666161346232333765663264333265666163303137 +66623066363861656366663033336330613066356534663963396337623664383031663630353638 +35626563653761386332383539626539633134396538313564303636343864306233653636656133 +31336330383039353238346137633835643134656132353463666535393862383962626632336566 +33616533356331386631343937303636383237613035376265316239623864356434386130353233 +31393266363236356635613731303463626161663732326231386430393135623735386562323634 +62303163313730336464313362336366396664666136376230386332656534383631636534656337 +33333039356531336266303231613235396633323837613438303935356134626235623966316635 +32353034326566353461386461663339313232653031383630376562346531633764396135646535 +63613834616333373462386333656633623139643531313130623237383437356431613136376432 +33643963313036663835396531663930643932303563386430633962346565653138366264363234 +64333134336161333563333830313333343037656533303261393839343163303535313830653938 +36306638653133633038323662333138663233366661646135643663396332386639316265346664 +30333234313731303265356539373066326238623234326633376136326361633734316335313639 +32643038363163366232656536386336643661636431643639373732623335303366363130383961 +38306163626336613438366335303464306238663966313439656534383430623036316237356138 +61633766306336386438373037366637313031333132653935326564346531663430656632393334 +61383461366539613462646162656333663536343339323639613466353133313364326236313764 +33383938613262343564663339366165633362323432663961666666393561346639656639306335 +64633230623164323432323534386637336433643164326336396462383134633533306630366234 +64643563623966333632656137373865306365663633386466643530383761323332613665663731 +37393234333231326235656636376132326530363730353231386262383262366565383539383034 +66346434353562303033346536393762343363643635346332623366396265393264343130333864 +33616665376139356534633964623536636430346631313161313839313433326639376663326534 +34363536393065353832323761643830303764356363363136346331383363383437306431663739 +61333663313164346634633236373464303439663365336265653332306365626136666563326664 +38313665653464313266373435303433636636666539396535316539363733366365663137356161 +36383136333834613466323837666564663066646330303266633465386634396134 diff --git a/roles/awx/tasks/awx-config.yml b/roles/awx/tasks/awx-config.yml index dbd7dd3..bd3f258 100644 --- a/roles/awx/tasks/awx-config.yml +++ b/roles/awx/tasks/awx-config.yml @@ -275,33 +275,33 @@ tags: - awx_config -- name: "Search credentials <{{ shared_service_docker_registry_hostname }}>" +- name: "Search credentials <{{ shared_service_harbor_hostname }}>" include_tasks: awx-config-get-typ-id.yml vars: awx_rest_api_type: credentials awx_search_key: name - awx_search_name: "{{ shared_service_docker_registry_hostname }}" + awx_search_name: "{{ shared_service_harbor_hostname }}" tags: - awx_config -- name: "Update awx_credential_docker_registry_id" +- name: "Update awx_credential_harbor_id" set_fact: - awx_credential_docker_registry_id: "{{ awx_type_id }}" + awx_credential_harbor_id: "{{ awx_type_id }}" when: - awx_type_id != "None" tags: - awx_config -- name: "Add credentials <{{ shared_service_docker_registry_hostname }}>" +- name: "Add credentials <{{ shared_service_harbor_hostname }}>" vars: - name: "{{ shared_service_docker_registry_hostname }}" - description: "{{ shared_service_docker_registry_hostname }}" + name: "{{ shared_service_harbor_hostname }}" + description: "{{ shared_service_harbor_hostname }}" user_id: "{{ ansible_awx_user_id }}" credential_type_id: "{{ awx_credential_type_container_registry_id }}" credential_type_name: "Container Registry" - host: "{{ shared_service_docker_registry_hostname }}" - username: "{{ docker_registry_username }}" - password: "{{ docker_registry_token }}" + host: "{{ shared_service_harbor_hostname }}" + username: "{{ harbor_username }}" + password: "{{ harbor_token }}" uri: url: "{{ awx_base_url }}/api/v2/credentials/" method: POST @@ -317,23 +317,23 @@ status_code: 201 register: response changed_when: response.status == 201 - when: awx_credential_docker_registry_id is not defined + when: awx_credential_harbor_id is not defined tags: - awx_config -- name: "Search credentials <{{ shared_service_docker_registry_hostname }}>" +- name: "Search credentials <{{ shared_service_harbor_hostname }}>" include_tasks: awx-config-get-typ-id.yml vars: awx_rest_api_type: credentials awx_search_key: name - awx_search_name: "{{ shared_service_docker_registry_hostname }}" - when: awx_credential_docker_registry_id is not defined + awx_search_name: "{{ shared_service_harbor_hostname }}" + when: awx_credential_harbor_id is not defined tags: - awx_config -- name: "Update awx_credential_docker_registry_id" +- name: "Update awx_credential_harbor_id" set_fact: - awx_credential_docker_registry_id: "{{ awx_type_id }}" + awx_credential_harbor_id: "{{ awx_type_id }}" when: - awx_type_id != "None" tags: @@ -367,8 +367,8 @@ vars: name: "hetzner-ansible" description: "hetzner-ansible" - image: "{{ shared_service_docker_registry_hostname }}/awx/awx-custom-ee" - credential: "{{ awx_credential_docker_registry_id }}" + image: "{{ shared_service_harbor_hostname }}/awx/awx-custom-ee" + credential: "{{ awx_credential_harbor_id }}" pull: "always" uri: url: "{{ awx_base_url }}/api/v2/execution_environments/" diff --git a/roles/common/configs/docker/config.json.j2 b/roles/common/configs/docker/config.json.j2 index bd6463d..66e6a1f 100644 --- a/roles/common/configs/docker/config.json.j2 +++ b/roles/common/configs/docker/config.json.j2 @@ -1,7 +1,7 @@ { "auths": { - "{{ shared_service_docker_registry_hostname }}": { - "auth": "{{ [docker_registry_username, docker_registry_token] | join(":") | string | b64encode }}" + "{{ shared_service_harbor_hostname }}": { + "auth": "{{ [harbor_username, harbor_token] | join(":") | string | b64encode }}" } } } \ No newline at end of file diff --git a/roles/connect-wordpress/defaults/main.yml b/roles/connect-wordpress/defaults/main.yml index 8320b96..13d7218 100644 --- a/roles/connect-wordpress/defaults/main.yml +++ b/roles/connect-wordpress/defaults/main.yml @@ -1,4 +1,4 @@ --- -wordpress_image_name: "{{ shared_service_docker_registry_hostname }}/smardigo/wordpress" +wordpress_image_name: "{{ shared_service_harbor_hostname }}/smardigo/wordpress" wordpress_image_version: '1.3.1' diff --git a/roles/connect/defaults/main.yml b/roles/connect/defaults/main.yml index efa568a..04c915b 100644 --- a/roles/connect/defaults/main.yml +++ b/roles/connect/defaults/main.yml @@ -1,7 +1,6 @@ --- -connect_image_name: "{{ shared_service_docker_registry_hostname }}/smardigo/connect-whitelabel-app" -connect_image_version: 'latest' +connect_image_name: "{{ shared_service_harbor_hostname }}/smardigo/connect-whitelabel-app" # TODO inject by management portal connect_admin_username: "connect-admin" diff --git a/roles/harbor/defaults/main.yml b/roles/harbor/defaults/main.yml index b96ac4e..a934ef0 100644 --- a/roles/harbor/defaults/main.yml +++ b/roles/harbor/defaults/main.yml @@ -5,10 +5,7 @@ harbor_version: v2.4.1 harbor_hostname: '{{ stage_server_domain }}' harbor_external_url: 'https://{{ stage_server_domain }}' -harbor_admin_username: '{{ harbor_admin_username_vault }}' -harbor_admin_password: '{{ harbor_admin_password_vault }}' - -traefik_id: '{{ inventory_hostname }}-harbor' +harbor_id: '{{ inventory_hostname }}-harbor' harbor_dockercompose_customized: services: @@ -23,20 +20,20 @@ harbor_dockercompose_customized: ports: [] # not exposing ports - already used by traefik labels: - "traefik.enable=true" - - "traefik.http.middlewares.{{ traefik_id }}.headers.customrequestheaders.X-Forwarded-Proto=https" - - "traefik.http.routers.{{ traefik_id }}.service={{ traefik_id }}" - - "traefik.http.routers.{{ traefik_id }}.rule=Host(`{{ harbor_hostname }}`)" - - "traefik.http.routers.{{ traefik_id }}.entrypoints=websecure" - - "traefik.http.routers.{{ traefik_id }}.tls=true" - - "traefik.http.routers.{{ traefik_id }}.tls.certresolver=letsencrypt" - - "traefik.http.services.{{ traefik_id }}.loadbalancer.server.port=8080" - - "traefik.http.middlewares.{{ traefik_id }}-monitor.headers.customrequestheaders.X-Forwarded-Proto=https" - - "traefik.http.routers.{{ traefik_id }}-monitor.service={{ traefik_id }}-monitor" - - "traefik.http.routers.{{ traefik_id }}-monitor.rule=Host(`{{ harbor_hostname }}`)" - - "traefik.http.routers.{{ traefik_id }}-monitor.entrypoints=monitoring-harbor" - - "traefik.http.routers.{{ traefik_id }}-monitor.tls=true" - - "traefik.http.routers.{{ traefik_id }}-monitor.tls.certresolver=letsencrypt" - - "traefik.http.services.{{ traefik_id }}-monitor.loadbalancer.server.port=9090" + - "traefik.http.middlewares.{{ harbor_id }}.headers.customrequestheaders.X-Forwarded-Proto=https" + - "traefik.http.routers.{{ harbor_id }}.service={{ harbor_id }}" + - "traefik.http.routers.{{ harbor_id }}.rule=Host(`{{ harbor_hostname }}`)" + - "traefik.http.routers.{{ harbor_id }}.entrypoints=websecure" + - "traefik.http.routers.{{ harbor_id }}.tls=true" + - "traefik.http.routers.{{ harbor_id }}.tls.certresolver=letsencrypt" + - "traefik.http.services.{{ harbor_id }}.loadbalancer.server.port=8080" + - "traefik.http.middlewares.{{ harbor_id }}-monitor.headers.customrequestheaders.X-Forwarded-Proto=https" + - "traefik.http.routers.{{ harbor_id }}-monitor.service={{ harbor_id }}-monitor" + - "traefik.http.routers.{{ harbor_id }}-monitor.rule=Host(`{{ harbor_hostname }}`)" + - "traefik.http.routers.{{ harbor_id }}-monitor.entrypoints=monitoring-harbor" + - "traefik.http.routers.{{ harbor_id }}-monitor.tls=true" + - "traefik.http.routers.{{ harbor_id }}-monitor.tls.certresolver=letsencrypt" + - "traefik.http.services.{{ harbor_id }}-monitor.loadbalancer.server.port=9090" networks: front-tier: external: true @@ -44,14 +41,14 @@ harbor_dockercompose_customized: harbor_base_configuration: email_host: '{{ shared_service_mail_hostname }}' email_port: 25 - email_from: '{{ ansible_fqdn }}@{{ shared_service_mail_hostname }}' + email_from: '{{ harbor_id }}@{{ domain }}' email_password: '' email_username: '' email_insecure: true auth_mode: oidc_auth - oidc_name: docker + oidc_name: "{{ harbor_oidc_realm }}" oidc_endpoint: 'https://{{ shared_service_keycloak_hostname }}/auth/realms/docker' - oidc_client_id: docker-registry + oidc_client_id: "{{ harbor_oidc_client_id }}" oidc_groups_claim: groups oidc_scope: openid oidc_verify_cert: true @@ -87,7 +84,7 @@ harbor_robot_tokens: name: ansible level: system description: 'smardigo docker pull credentials' - secret: '{{ docker_registry_token }}' + secret: '{{ harbor_token }}' disable: false duration: -1 editable: true diff --git a/roles/harbor/tasks/configure.yml b/roles/harbor/tasks/configure.yml index 8341055..a2a85d0 100644 --- a/roles/harbor/tasks/configure.yml +++ b/roles/harbor/tasks/configure.yml @@ -1,56 +1,19 @@ --- -- name: "harbor BASE settings" - block: - - name: "BLOCK: Login with keycloak-admin" - include_role: - name: keycloak - tasks_from: _authenticate - - - name: "GET available clients from <<{{ harbor_base_configuration.oidc_name }}>>-realm" - delegate_to: localhost - become: False - uri: - url: "{{ keycloak_server_url }}/auth/admin/realms/{{ harbor_base_configuration.oidc_name }}/clients" - method: GET - headers: - Content-Type: "application/json" - Authorization: "Bearer {{ access_token }}" - status_code: [200] - register: realm_clients - - # available clients: get needed ID - - set_fact: - id_of_client: '{{ ( realm_clients.json | selectattr("clientId","equalto", harbor_base_configuration.oidc_client_id ) | first ).id }}' - - - name: "BLOCK: GET client-secret for client <<{{ harbor_base_configuration.oidc_client_id }}>> in realm <<{{ harbor_base_configuration.oidc_name }}>>" - delegate_to: localhost - become: False - uri: - url: "{{ keycloak_server_url }}/auth/admin/realms/{{ harbor_base_configuration.oidc_name }}/clients/{{ id_of_client }}/client-secret" - method: GET - headers: - Content-Type: "application/json" - Authorization: "Bearer {{ access_token }}" - status_code: [200] - register: client_secret - - - set_fact: - dict: - oidc_client_secret: '{{ client_secret.json.value }}' - - - set_fact: - harbor_base_configuration_merged: '{{ harbor_base_configuration | combine( dict ,recursive=True ) }}' - - - name: "BLOCK: Configure harbor BASE settings" - include_tasks: configure_base_config.yml - vars: - base_configuration: '{{ harbor_base_configuration_merged }}' - args: - apply: - tags: - - harbor-configure-base -# end of block for base settings +#- name: "harbor BASE settings" +# block: +# - set_fact: +# harbor_base_configuration_merged: '{{ harbor_base_configuration | combine( dict ,recursive=True ) }}' + +# - name: "BLOCK: Configure harbor BASE settings" +# include_tasks: configure_base_config.yml +# vars: +# base_configuration: '{{ harbor_base_configuration_merged }}' +# args: +# apply: +# tags: +# - harbor-configure-base +## end of block for base settings - name: "Create object of templated harbor projects" set_fact: diff --git a/roles/iam/defaults/main.yml b/roles/iam/defaults/main.yml index 3a566e2..ef8c35d 100644 --- a/roles/iam/defaults/main.yml +++ b/roles/iam/defaults/main.yml @@ -1,4 +1,4 @@ --- -iam_image_name: '{{ shared_service_docker_registry_hostname }}/smardigo/iam-app' +iam_image_name: '{{ shared_service_harbor_hostname }}/smardigo/iam-app' iam_image_version: 'latest' diff --git a/roles/keycloak/defaults/main.yml b/roles/keycloak/defaults/main.yml index fb9b8ef..c8af49f 100644 --- a/roles/keycloak/defaults/main.yml +++ b/roles/keycloak/defaults/main.yml @@ -4,4 +4,4 @@ service_port_keycloak_external: "8110" keycloak_version: "14.0.0.1" -keycloak_image: "{{ shared_service_docker_registry_hostname }}/smardigo/keycloak" +keycloak_image: "{{ shared_service_harbor_hostname }}/smardigo/keycloak" diff --git a/roles/keycloak/tasks/main.yml b/roles/keycloak/tasks/main.yml index 97276c5..0880cf2 100644 --- a/roles/keycloak/tasks/main.yml +++ b/roles/keycloak/tasks/main.yml @@ -54,12 +54,12 @@ current_owner: "{{ docker_owner }}" current_group: "{{ docker_group }}" -- name: "Update {{ inventory_hostname }}" - shell: docker-compose pull - args: - chdir: '{{ service_base_path }}/{{ inventory_hostname }}' - tags: - - update_deployment +#- name: "Update {{ inventory_hostname }}" +# shell: docker-compose pull +# args: +# chdir: '{{ service_base_path }}/{{ inventory_hostname }}' +# tags: +# - update_deployment - name: "Start {{ inventory_hostname }}" shell: docker-compose up -d @@ -169,12 +169,3 @@ tags: - create_groups - update_realms - -#- name: "Activate event listeners" -# shell: | -# docker exec {{ keycloak_id }} /bin/sh -c "/opt/jboss/keycloak/bin/kcadm.sh config credentials --server http://localhost:8080/auth --realm master --user $KEYCLOAK_USER --password $KEYCLOAK_PASSWORD" -# docker exec {{ keycloak_id }} /bin/sh -c "/opt/jboss/keycloak/bin/kcadm.sh update events/config -s 'eventsEnabled=true' -s 'adminEventsEnabled=true' -s 'eventsListeners+=metrics-listener'" -# docker exec {{ keycloak_id }} /bin/sh -c "usr/bin/rm -f /opt/jboss/.keycloak/kcadm.config" -# tags: -# - update_deployment -# - configure_container diff --git a/roles/keycloak/templates/keycloak-realm-create-client.json.j2 b/roles/keycloak/templates/keycloak-realm-create-client.json.j2 index 8ce27a8..a3e7803 100644 --- a/roles/keycloak/templates/keycloak-realm-create-client.json.j2 +++ b/roles/keycloak/templates/keycloak-realm-create-client.json.j2 @@ -57,7 +57,7 @@ "protocolMapper": "oidc-group-membership-mapper", "consentRequired": false, "config": { - "full.path": "true", + "full.path": "false", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "groups", diff --git a/roles/kubernetes/apps/defaults/main.yml b/roles/kubernetes/apps/defaults/main.yml index 67bf791..3901fe6 100644 --- a/roles/kubernetes/apps/defaults/main.yml +++ b/roles/kubernetes/apps/defaults/main.yml @@ -106,7 +106,7 @@ k8s_argocd_helm__release_values: hostAliases: - ip: "{{ shared_service_docker_ip }}" hostnames: - - "{{ shared_service_docker_registry_hostname }}" + - "{{ shared_service_harbor_hostname }}" - ip: "{{ shared_service_keycloak_ip }}" hostnames: - "{{ shared_service_keycloak_hostname }}" diff --git a/roles/kubernetes/namespace/defaults/main.yml b/roles/kubernetes/namespace/defaults/main.yml index 7c23cd2..83c8a53 100644 --- a/roles/kubernetes/namespace/defaults/main.yml +++ b/roles/kubernetes/namespace/defaults/main.yml @@ -1,4 +1,4 @@ --- k8s_namespace: "default" -k8s_docker_registry_key: "{{ stage }}-docker-registry-key" +k8s_docker_registry_key: "{{ stage }}-harbor-key" diff --git a/roles/kubernetes/namespace/templates/docker-secret.json.j2 b/roles/kubernetes/namespace/templates/docker-secret.json.j2 index bd6463d..66e6a1f 100644 --- a/roles/kubernetes/namespace/templates/docker-secret.json.j2 +++ b/roles/kubernetes/namespace/templates/docker-secret.json.j2 @@ -1,7 +1,7 @@ { "auths": { - "{{ shared_service_docker_registry_hostname }}": { - "auth": "{{ [docker_registry_username, docker_registry_token] | join(":") | string | b64encode }}" + "{{ shared_service_harbor_hostname }}": { + "auth": "{{ [harbor_username, harbor_token] | join(":") | string | b64encode }}" } } } \ No newline at end of file diff --git a/roles/pdns/defaults/main.yml b/roles/pdns/defaults/main.yml index 8c1bdf0..9f6ecb0 100644 --- a/roles/pdns/defaults/main.yml +++ b/roles/pdns/defaults/main.yml @@ -1,9 +1,9 @@ --- -pdns_image_name: "{{ shared_service_docker_registry_hostname }}/smardigo/pdns-authoritative" +pdns_image_name: "{{ shared_service_harbor_hostname }}/smardigo/pdns-authoritative" pdns_image_version: "1.0.0" -pdns_recursor_image_name: "{{ shared_service_docker_registry_hostname }}/smardigo/pdns-recursor" +pdns_recursor_image_name: "{{ shared_service_harbor_hostname }}/smardigo/pdns-recursor" pdns_recursor_image_version: "1.0.0" pdns_admin_image_name: "ngoduykhanh/powerdns-admin" diff --git a/roles/webdav/defaults/main.yaml b/roles/webdav/defaults/main.yaml index 0a9aaf5..3099499 100644 --- a/roles/webdav/defaults/main.yaml +++ b/roles/webdav/defaults/main.yaml @@ -1,4 +1,4 @@ --- -webdav_image_name: "{{ shared_service_docker_registry_hostname }}/smardigo/smardigo-webdav-app" +webdav_image_name: "{{ shared_service_harbor_hostname }}/smardigo/smardigo-webdav-app" webdav_image_version: "8.4.1" diff --git a/scripts/update-docker-image.sh b/scripts/update-docker-image.sh index 70812da..5bb3e4e 100644 --- a/scripts/update-docker-image.sh +++ b/scripts/update-docker-image.sh @@ -7,7 +7,7 @@ # update-docker-image.sh qa smardigo sensw sensw-app latest FROM="docker.dev-at.de/$2/$4:$5" -TO="$1-docker-registry-01.smardigo.digital/$3/$4:$5" +TO="$1-harbor-01.smardigo.digital/$3/$4:$5" echo echo updating $TO with image from $FROM diff --git a/stage-dev b/stage-dev index f4541ad..67ee1d6 100644 --- a/stage-dev +++ b/stage-dev @@ -16,7 +16,7 @@ dev-elastic-stack-elastic-03 dev-gitea-01 [harbor] -dev-docker-registry-01 +dev-harbor-01 [iam] dev-iam-01 diff --git a/stage-qa b/stage-qa index be56472..3cd85b8 100644 --- a/stage-qa +++ b/stage-qa @@ -16,7 +16,7 @@ qa-elastic-stack-elastic-03 qa-gitea-01 [harbor] -qa-docker-registry-01 +qa-harbor-01 [iam] qa-iam-01 diff --git a/templates/harbor/harbor/docker-compose.yml.j2 b/templates/harbor/harbor/docker-compose.yml.j2 deleted file mode 100644 index bbc648d..0000000 --- a/templates/harbor/harbor/docker-compose.yml.j2 +++ /dev/null @@ -1,375 +0,0 @@ -version: '2.3' -services: - log: - image: goharbor/harbor-log:v2.3.0 - container_name: harbor-log - restart: always - dns_search: . - cap_drop: - - ALL - cap_add: - - CHOWN - - DAC_OVERRIDE - - SETGID - - SETUID - volumes: - - /var/log/harbor/:/var/log/docker/:z - - type: bind - source: ./common/config/log/logrotate.conf - target: /etc/logrotate.d/logrotate.conf - - type: bind - source: ./common/config/log/rsyslog_docker.conf - target: /etc/rsyslog.d/rsyslog_docker.conf - ports: - - 127.0.0.1:1514:10514 - networks: - - harbor - registry: - image: goharbor/registry-photon:v2.3.0 - container_name: registry - restart: always - cap_drop: - - ALL - cap_add: - - CHOWN - - SETGID - - SETUID - volumes: - - /data/registry:/storage:z - - ./common/config/registry/:/etc/registry/:z - - type: bind - source: /data/secret/registry/root.crt - target: /etc/registry/root.crt - - type: bind - source: ./common/config/shared/trust-certificates - target: /harbor_cust_cert - networks: - - harbor - dns_search: . - depends_on: - - log - logging: - driver: "syslog" - options: - syslog-address: "tcp://localhost:1514" - tag: "registry" - registryctl: - image: goharbor/harbor-registryctl:v2.3.0 - container_name: registryctl - env_file: - - ./common/config/registryctl/env - restart: always - cap_drop: - - ALL - cap_add: - - CHOWN - - SETGID - - SETUID - volumes: - - /data/registry:/storage:z - - ./common/config/registry/:/etc/registry/:z - - type: bind - source: ./common/config/registryctl/config.yml - target: /etc/registryctl/config.yml - - type: bind - source: ./common/config/shared/trust-certificates - target: /harbor_cust_cert - networks: - - harbor - dns_search: . - depends_on: - - log - logging: - driver: "syslog" - options: - syslog-address: "tcp://localhost:1514" - tag: "registryctl" - postgresql: - image: goharbor/harbor-db:v2.3.0 - container_name: harbor-db - restart: always - cap_drop: - - ALL - cap_add: - - CHOWN - - DAC_OVERRIDE - - SETGID - - SETUID - volumes: - - /data/database:/var/lib/postgresql/data:z - networks: - harbor: - dns_search: . - env_file: - - ./common/config/db/env - depends_on: - - log - logging: - driver: "syslog" - options: - syslog-address: "tcp://localhost:1514" - tag: "postgresql" - shm_size: '1gb' - core: - image: goharbor/harbor-core:v2.3.0 - container_name: harbor-core - env_file: - - ./common/config/core/env - restart: always - cap_drop: - - ALL - cap_add: - - SETGID - - SETUID - volumes: - - /data/ca_download/:/etc/core/ca/:z - - /data/:/data/:z - - ./common/config/core/certificates/:/etc/core/certificates/:z - - type: bind - source: ./common/config/core/app.conf - target: /etc/core/app.conf - - type: bind - source: /data/secret/core/private_key.pem - target: /etc/core/private_key.pem - - type: bind - source: /data/secret/keys/secretkey - target: /etc/core/key - - type: bind - source: ./common/config/shared/trust-certificates - target: /harbor_cust_cert - networks: - harbor: - harbor-chartmuseum: - aliases: - - harbor-core - dns_search: . - depends_on: - - log - - registry - - redis - - postgresql - logging: - driver: "syslog" - options: - syslog-address: "tcp://localhost:1514" - tag: "core" - extra_hosts: - - dev-keycloak-01.smardigo.digital:10.1.0.2 - - dev-mail-01.smardigo.digital:10.2.0.2 - portal: - image: goharbor/harbor-portal:v2.3.0 - container_name: harbor-portal - restart: always - cap_drop: - - ALL - cap_add: - - CHOWN - - SETGID - - SETUID - - NET_BIND_SERVICE - volumes: - - type: bind - source: ./common/config/portal/nginx.conf - target: /etc/nginx/nginx.conf - networks: - - harbor - dns_search: . - depends_on: - - log - logging: - driver: "syslog" - options: - syslog-address: "tcp://localhost:1514" - tag: "portal" - - jobservice: - image: goharbor/harbor-jobservice:v2.3.0 - container_name: harbor-jobservice - env_file: - - ./common/config/jobservice/env - restart: always - cap_drop: - - ALL - cap_add: - - CHOWN - - SETGID - - SETUID - volumes: - - /data/job_logs:/var/log/jobs:z - - type: bind - source: ./common/config/jobservice/config.yml - target: /etc/jobservice/config.yml - - type: bind - source: ./common/config/shared/trust-certificates - target: /harbor_cust_cert - networks: - - harbor - dns_search: . - depends_on: - - core - logging: - driver: "syslog" - options: - syslog-address: "tcp://localhost:1514" - tag: "jobservice" - redis: - image: goharbor/redis-photon:v2.3.0 - container_name: redis - restart: always - cap_drop: - - ALL - cap_add: - - CHOWN - - SETGID - - SETUID - volumes: - - /data/redis:/var/lib/redis - networks: - harbor: - harbor-chartmuseum: - aliases: - - redis - dns_search: . - depends_on: - - log - logging: - driver: "syslog" - options: - syslog-address: "tcp://localhost:1514" - tag: "redis" - proxy: - image: goharbor/nginx-photon:v2.3.0 - container_name: nginx - restart: always - cap_drop: - - ALL - cap_add: - - CHOWN - - SETGID - - SETUID - - NET_BIND_SERVICE - volumes: - - ./common/config/nginx:/etc/nginx:z - - type: bind - source: ./common/config/shared/trust-certificates - target: /harbor_cust_cert - networks: - - harbor - - front-tier - dns_search: . -# ports: -# - 80:8080 -# - 9090:9090 - depends_on: - - registry - - core - - portal - - log - logging: - driver: "syslog" - options: - syslog-address: "tcp://localhost:1514" - tag: "proxy" - labels: - - "traefik.enable=true" - - "traefik.http.middlewares.dev-docker-registry-01-harbor.headers.customrequestheaders.X-Forwarded-Proto=https" - - "traefik.http.routers.dev-docker-registry-01-harbor.service=dev-docker-registry-01-harbor" - - "traefik.http.routers.dev-docker-registry-01-harbor.rule=Host(`dev-docker-registry-01.smardigo.digital`)" - - "traefik.http.routers.dev-docker-registry-01-harbor.entrypoints=websecure" - - "traefik.http.routers.dev-docker-registry-01-harbor.tls=true" - - "traefik.http.routers.dev-docker-registry-01-harbor.tls.certresolver=letsencrypt" - - "traefik.http.services.dev-docker-registry-01-harbor.loadbalancer.server.port=8080" - - "traefik.http.middlewares.dev-docker-registry-01-harbor-monitor.headers.customrequestheaders.X-Forwarded-Proto=https" - - "traefik.http.routers.dev-docker-registry-01-harbor-monitor.service=dev-docker-registry-01-harbor-monitor" - - "traefik.http.routers.dev-docker-registry-01-harbor-monitor.rule=Host(`dev-docker-registry-01.smardigo.digital`)" - - "traefik.http.routers.dev-docker-registry-01-harbor-monitor.entrypoints=monitoring-harbor" - - "traefik.http.routers.dev-docker-registry-01-harbor-monitor.tls=true" - - "traefik.http.routers.dev-docker-registry-01-harbor-monitor.tls.certresolver=letsencrypt" - - "traefik.http.services.dev-docker-registry-01-harbor-monitor.loadbalancer.server.port=9090" - - trivy-adapter: - container_name: trivy-adapter - image: goharbor/trivy-adapter-photon:v2.3.0 - restart: always - cap_drop: - - ALL - dns_search: . - depends_on: - - log - - redis - networks: - - harbor - volumes: - - type: bind - source: /data/trivy-adapter/trivy - target: /home/scanner/.cache/trivy - - type: bind - source: /data/trivy-adapter/reports - target: /home/scanner/.cache/reports - - type: bind - source: ./common/config/shared/trust-certificates - target: /harbor_cust_cert - logging: - driver: "syslog" - options: - syslog-address: "tcp://localhost:1514" - tag: "trivy-adapter" - env_file: - ./common/config/trivy-adapter/env - chartmuseum: - container_name: chartmuseum - image: goharbor/chartmuseum-photon:v2.3.0 - restart: always - cap_drop: - - ALL - cap_add: - - CHOWN - - DAC_OVERRIDE - - SETGID - - SETUID - networks: - - harbor-chartmuseum - dns_search: . - depends_on: - - log - volumes: - - /data/chart_storage:/chart_storage:z - - ./common/config/chartserver:/etc/chartserver:z - - type: bind - source: ./common/config/shared/trust-certificates - target: /harbor_cust_cert - logging: - driver: "syslog" - options: - syslog-address: "tcp://localhost:1514" - tag: "chartmuseum" - env_file: - ./common/config/chartserver/env - exporter: - image: goharbor/harbor-exporter:v2.3.0 - container_name: harbor-exporter - env_file: - - ./common/config/exporter/env - restart: always - networks: - - harbor - dns_search: . - depends_on: - - core - - postgresql - volumes: - - type: bind - source: ./common/config/shared/trust-certificates - target: /harbor_cust_cert - logging: - driver: "syslog" - options: - syslog-address: "tcp://localhost:1514" - tag: "exporter" -networks: - harbor: - external: false - harbor-chartmuseum: - external: false - front-tier: - external: true \ No newline at end of file