gitea-admin
/
hetzner-ansible
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

feat: consolidation for harbor

Browse Source 
- dev-docker-registry-01 -> dev-harbor-01
- qa-docker-registry-01 -> qa-harbor-01
master
Sven Ketelsen 4 years ago
parent d1b41daa87
commit 44c7509e11
28 changed files with 198 additions and 626 deletions
Show Stats Download Patch File Download Diff File

6
README.md
Unescape Escape View File

@ -79,9 +79,9 @@ after it, you are able to exec some ansbible-runs like:
if everything works fine, plz push the created docker container with:
docker login dev-docker-registry-01.smardigo.digital
docker tag XXXXXXXX dev-docker-registry-01.smardigo.digital/awx/awx-custom-ee:latest
docker push dev-docker-registry-01.smardigo.digital/awx/awx-custom-ee
docker login dev-harbor-01.smardigo.digital
docker tag XXXXXXXX dev-harbor-01.smardigo.digital/awx/awx-custom-ee:latest
docker push dev-harbor-01.smardigo.digital/awx/awx-custom-ee

8
ansible-builder/README.md
Unescape Escape View File

@ -1,6 +1,6 @@
# Execution Environment for AWX
ansible-builder build --tag dev-docker-registry-01.smardigo.digital/awx/awx-custom-ee:latest
docker login dev-docker-registry-01.smardigo.digital
docker tag XXXXXXXX dev-docker-registry-01.smardigo.digital/awx/awx-custom-ee:latest
docker push dev-docker-registry-01.smardigo.digital/awx/awx-custom-ee
ansible-builder build --tag dev-harbor-01.smardigo.digital/awx/awx-custom-ee:latest
docker login dev-harbor-01.smardigo.digital
docker tag XXXXXXXX dev-harbor-01.smardigo.digital/awx/awx-custom-ee:latest
docker push dev-harbor-01.smardigo.digital/awx/awx-custom-ee

6
docker/dregsy/config.yaml
Unescape Escape View File

@ -48,7 +48,7 @@ tasks:
registry: docker.dev-at.de
auth: eyJ1c2VybmFtZSI6ImFkbWluIiwicGFzc3dvcmQiOiJRNHB6aWhWRFl3eUthZEM3NmxiNCJ9Cg==
target:
registry: dev-docker-registry-01.smardigo.digital
registry: dev-harbor-01.smardigo.digital
auth: eyJ1c2VybmFtZSI6InJvYm90JGFuc2libGUiLCJwYXNzd29yZCI6IlAwRmJkb2tSc3V0V2lvVWl2cmI5TzVET05HY2FHNk1KIn0K
# 'mappings' is a list of 'from':'to' pairs that define mappings of image
@ -84,7 +84,7 @@ tasks:
registry: docker.dev-at.de
auth: eyJ1c2VybmFtZSI6ImFkbWluIiwicGFzc3dvcmQiOiJRNHB6aWhWRFl3eUthZEM3NmxiNCJ9Cg==
target:
registry: dev-docker-registry-01.smardigo.digital
registry: dev-harbor-01.smardigo.digital
auth: eyJ1c2VybmFtZSI6InJvYm90JGFuc2libGUiLCJwYXNzd29yZCI6IlAwRmJkb2tSc3V0V2lvVWl2cmI5TzVET05HY2FHNk1KIn0K
mappings:
- from: smardigo/sensw-app
@ -107,7 +107,7 @@ tasks:
registry: docker.dev-at.de
auth: eyJ1c2VybmFtZSI6ImFkbWluIiwicGFzc3dvcmQiOiJRNHB6aWhWRFl3eUthZEM3NmxiNCJ9Cg==
target:
registry: dev-docker-registry-01.smardigo.digital
registry: dev-harbor-01.smardigo.digital
auth: eyJ1c2VybmFtZSI6InJvYm90JGFuc2libGUiLCJwYXNzd29yZCI6IlAwRmJkb2tSc3V0V2lvVWl2cmI5TzVET05HY2FHNk1KIn0K
mappings:
- from: smardigo/ssp-connect-app

10
group_vars/all/plain.yml
Unescape Escape View File

@ -119,11 +119,11 @@ docker_compose_path: "/usr/bin/docker-compose"
service_base_path: '/etc/smardigo'
# TODO we need a company email addresses
gitea_admin_email: "sven.ketelsen@netgo.de"
lets_encrypt_email: "sven.ketelsen@netgo.de"
docker_admin_email: "sven.ketelsen@netgo.de"
connect_admin_email: "sven.ketelsen@netgo.de"
keycloak_admin_email: "sven.ketelsen@netgo.de"
gitea_admin_email: "nso.devops@netgo.de"
lets_encrypt_email: "nso.devops@netgo.de"
docker_admin_email: "nso.devops@netgo.de"
connect_admin_email: "nso.devops@netgo.de"
keycloak_admin_email: "nso.devops@netgo.de"
http_port: "80"
https_port: "443"

10
group_vars/keycloak/plain.yml
Unescape Escape View File

@ -34,18 +34,18 @@ keycloak: {
],
clients: [
{
clientId: '{{ docker_registry_oidc_client_id }}',
name: '{{ docker_registry_oidc_client_id }}',
clientId: '{{ harbor_oidc_client_id }}',
name: '{{ harbor_oidc_client_id }}',
admin_url: '',
root_url: '',
redirect_uris: '
[
"{{ http_s }}://{{ stage }}-docker-registry-01.{{ domain }}/*",
"{{ http_s }}://{{ shared_service_harbor_hostname }}/*",
]',
secret: '{{ docker_registry_oidc_client_secret }}',
secret: '{{ harbor_oidc_client_secret }}',
web_origins: '
[
"{{ http_s }}://{{ stage }}-docker-registry-01.{{ domain }}",
"{{ http_s }}://{{ shared_service_harbor_hostname }}",
]',
}
]

2
group_vars/management/plain.yml
Unescape Escape View File

@ -2,7 +2,7 @@
hetzner_server_type: cx21
connect_image_version: "latest"
connect_image_version: "8.5.8"
connect_admin_username: "{{ management_admin_username }}"
connect_admin_password: "{{ management_admin_password }}"

22
group_vars/stage_dev/plain.yml
Unescape Escape View File

@ -28,8 +28,8 @@ shared_service_logstash_01: "{{ stage_server_infos
| list
| first
| default('-') }}"
shared_service_docker_ip: "{{ stage_server_infos
| selectattr('name', 'match', stage + '-docker-registry-01' )
shared_service_harbor_ip: "{{ stage_server_infos
| selectattr('name', 'match', stage + '-harbor-01' )
| map(attribute='private_ip')
| list
| first
@ -155,7 +155,7 @@ shared_service_kube_prometheus_hostname: "{{ stage }}-kube-prometheus.{{ domain
shared_service_pdns_hostname: "{{ stage }}-pdns-01.{{ domain }}"
shared_service_webdav_hostname: "{{ stage }}-webdav-01.{{ domain }}"
shared_service_keycloak_hostname: "{{ stage }}-keycloak-01.{{ domain }}"
shared_service_docker_registry_hostname: "{{ stage }}-docker-registry-01.{{ domain }}"
shared_service_harbor_hostname: "{{ stage }}-harbor-01.{{ domain }}"
management_service_connect_hostname: "{{ stage }}-management-01-connect.{{ domain }}"
@ -191,8 +191,8 @@ shared_service_hosts: [
name: "{{ shared_service_postgres_01_hostname }}"
},
{
ip: "{{ shared_service_docker_ip }}",
name: "{{ shared_service_docker_registry_hostname }}"
ip: "{{ shared_service_harbor_ip }}",
name: "{{ shared_service_harbor_hostname }}"
},
{
ip: "{{ shared_service_mail_ip }}",
@ -259,12 +259,12 @@ elastic_stack_network: {
dev-elastic-stack-elastic-03: "{{ shared_service_elastic_03 }}",
}
docker_registry_oidc_realm: "docker"
docker_registry_oidc_client_id: "docker-registry"
harbor_oidc_realm: "docker"
harbor_oidc_client_id: "harbor"
postgres_listen_addresses: "listen_addresses = 'localhost,{{ stage_server_ip }},{{ stage_private_server_ip }}'"
connect_image_version: "latest"
connect_image_version: "8.5.8"
iam_image_version: "latest"
management_oidc_realm: "management"
@ -300,8 +300,8 @@ harbor_admin_username: "{{ harbor_admin_username_vault }}"
harbor_admin_password: "{{ harbor_admin_password_vault }}"
harbor_postgresql_password: "{{ harbor_postgresql_password_vault }}"
docker_registry_username: "{{ docker_registry_username_vault }}"
docker_registry_token: "{{ docker_registry_token_vault }}"
harbor_username: "{{ docker_registry_username_vault }}"
harbor_token: "{{ docker_registry_token_vault }}"
elastic_admin_username: "{{ elastic_admin_username_vault }}"
elastic_admin_password: "{{ elastic_admin_password_vault }}"
@ -326,5 +326,5 @@ argocd_server_admin_password: "{{ argocd_server_admin_password_vault }}"
netgo_msteams_hook_alerting: "{{ netgo_msteams_hook_alerting_vault }}"
docker_registry_oidc_client_secret: "{{ docker_registry_oidc_client_secret_vault }}"
harbor_oidc_client_secret: "{{ docker_registry_oidc_client_secret_vault }}"
management_oidc_client_secret: "{{ management_oidc_client_secret_vault }}"

22
group_vars/stage_qa/plain.yml
Unescape Escape View File

@ -28,8 +28,8 @@ shared_service_logstash_01: "{{ stage_server_infos
| list
| first
| default('-') }}"
shared_service_docker_ip: "{{ stage_server_infos
| selectattr('name', 'match', stage + '-docker-registry-01' )
shared_service_harbor_ip: "{{ stage_server_infos
| selectattr('name', 'match', stage + '-harbor-01' )
| map(attribute='private_ip')
| list
| first
@ -155,7 +155,7 @@ shared_service_kube_prometheus_hostname: "{{ stage }}-kube-prometheus.{{ domain
shared_service_pdns_hostname: "{{ stage }}-pdns-01.{{ domain }}"
shared_service_webdav_hostname: "{{ stage }}-webdav-01.{{ domain }}"
shared_service_keycloak_hostname: "{{ stage }}-keycloak-01.{{ domain }}"
shared_service_docker_registry_hostname: "{{ stage }}-docker-registry-01.{{ domain }}"
shared_service_harbor_hostname: "{{ stage }}-harbor-01.{{ domain }}"
management_service_connect_hostname: "{{ stage }}-management-01-connect.{{ domain }}"
@ -191,8 +191,8 @@ shared_service_hosts: [
name: "{{ shared_service_postgres_01_hostname }}"
},
{
ip: "{{ shared_service_docker_ip }}",
name: "{{ shared_service_docker_registry_hostname }}"
ip: "{{ shared_service_harbor_ip }}",
name: "{{ shared_service_harbor_hostname }}"
},
{
ip: "{{ shared_service_mail_ip }}",
@ -259,12 +259,12 @@ elastic_stack_network: {
qa-elastic-stack-elastic-03: "{{ shared_service_elastic_03 }}",
}
docker_registry_oidc_realm: "docker"
docker_registry_oidc_client_id: "docker-registry"
harbor_oidc_realm: "docker"
harbor_oidc_client_id: "harbor"
postgres_listen_addresses: "listen_addresses = 'localhost,{{ stage_server_ip }},{{ stage_private_server_ip }}'"
connect_image_version: "latest"
connect_image_version: "8.5.8"
iam_image_version: "latest"
management_oidc_realm: "management"
@ -300,8 +300,8 @@ harbor_admin_username: "{{ harbor_admin_username_vault }}"
harbor_admin_password: "{{ harbor_admin_password_vault }}"
harbor_postgresql_password: "{{ harbor_postgresql_password_vault }}"
docker_registry_username: "{{ docker_registry_username_vault }}"
docker_registry_token: "{{ docker_registry_token_vault }}"
harbor_username: "{{ docker_registry_username_vault }}"
harbor_token: "{{ docker_registry_token_vault }}"
elastic_admin_username: "{{ elastic_admin_username_vault }}"
elastic_admin_password: "{{ elastic_admin_password_vault }}"
@ -326,5 +326,5 @@ argocd_server_admin_password: "{{ argocd_server_admin_password_vault }}"
netgo_msteams_hook_alerting: "{{ netgo_msteams_hook_alerting_vault }}"
docker_registry_oidc_client_secret: "{{ docker_registry_oidc_client_secret_vault }}"
harbor_oidc_client_secret: "{{ docker_registry_oidc_client_secret_vault }}"
management_oidc_client_secret: "{{ management_oidc_client_secret_vault }}"

165
group_vars/stage_qa/vault.yml
Unescape Escape View File

@ -1,85 +1,82 @@
$ANSIBLE_VAULT;1.1;AES256
63356234316338353566626562643535363235383432383961373931343331326564326661343736
3666366335386237363664333361393132376532373163320a356564393039336637623263376437
38333365323231333264616432313736376332633064396363313261316331646338656638363633
3934373337306464630a333736623135613034666436313066643839333936646637616366316337
63343561383066386237366335643634633439373961353332306264363930626362323932303834
33383365633036326232393430323561623631346539336331386365386132386237313839393534
66666463643739376665356439316435383135613166323736323434623337663733646662383939
66393966666237623538643966633566396232313530356335393730646439336661633935383632
65656634643064303937383261306636396435333136366661633462363766623831333635643834
62383130363237633935643035363538313035363830376161373239626662663335616362303966
36626162623138386430303138393138356431653635663437626532666330656135386336333164
39633462343538353534633065383132363261313164323763363634343631373630346531613532
37376331386335336161373132383834613835613266653130633231643239333437346563333966
36393536633165396637653534346231633662626334613432313032383631613164633566643433
37656134323365336562396238383062656161386262623831366135343532303436633265396534
66653166633864653338613231633661366338323865316663313961373664643166656338666265
37333763626238613432393564363936373263663436633330366161653139386437326636653264
63366461663064306561363134333734363336353736613336613032633065323238306461633266
33663439336664303565646332666239373234393561393137323537646234306564613438373834
36653566616364663835666230373738643035383835396235653236643038646130356339383963
35633837376635303235653866313530353761626366353435336135623863666231636663656163
33326664343732623363663466613936346636633163653330643532303434336265393064346631
38613464383834316239633336313131653132653433633062666563396136623236656337646563
39666535356530373632633835646635396663343562303561656134316233646439633130663730
66363565623461393835656437626661643263353237636132363664646434623066343566643065
66346334613866623636353365663933653439323162646137376361356238336563376338663861
37393362616361303365636132666562346638616439643435363430636435313161386336343233
62303630623231623466383533353961383835613333636266343531623766316462643539663833
63353830363564386536383866633530646636323234353962353861333939323138623430303165
33636436313932326162356363346130383433353466326133336161653865653565363861393835
35646238336161613463343362303861336366613065366231313032636664653837663237383230
35356339656332353130343137616562356362353765653865396336306532663833356633643630
38633639326535643665303630323235356534626633383838343962613963353339393638386265
36396237366331643866356361376534386532333134623965343637313835663635383934663838
30653935316633326265633833616432323761643730326265313638623835666663666466306339
38303161363935643936663865636230626533616337386665646363623666356532646237393261
30313938633361613364306138376339306561393937663831303233323731383666653936613939
34633863353834376463356630336233383837313538643161626439613939346334396533396466
37643333393063613666646438363033333937383262616334376266306234313861656663653034
36303436356261333135313030653931653239363031396130373431646363653035353461373537
61303765393831396337363033356535313433623539626433363634343637336564613338363138
33663937643732336231313462623163386264383436306435643235306133316336376236393330
31643833376261363863666638623130393531363938393064643463316566326637633965666337
31616238376235343238336236396234643666346431356232616461343138613534653538326131
36313866303733666534326332366338353337333531663036646566376462363461393038333766
30633030333732613732633836386530313065633164623131326433636635393838663666373163
38623237373962393336663330666133326261383162303130303464366462366261366436396534
36373865616335626664333164663538366162333366386232323566303237396266626539313333
34313731653261613138333738643462373931393561646131653931333865386434656637633134
64646462623966356134626431376636613864343538373264623436336236623031313033383763
62346534643938323565393866333035636535376461316336356531306439666633356261393135
62653862373731393934363338633434376430313063356666376438383032353935363132313239
30386263633333323862323832333561386439616463363365653230373838326137353830373336
30653635353166356463643038303335633839326430666632366237363233376334333334623839
39306636323435613039633738306364386366623435333263303139376236356130636566343764
30666230376532336539326538646331353638653766656365656662383538626138656231633231
64303461613161323230306131323434633632306661666133643330323066373131376466373536
62346434323863343530613663656538366463373432653562333238613563323434626236353363
63656464376331653835643533313162656665386163636236333963363835376464306230316339
33386464656637633339666665383933613239353130386533643632363936366564636666616166
32626539623661666564313761363631343439326265393633306138373362323330333063643632
61396565333365663031316566306334646162303361346466336635336134353835353537613939
36353662373666653036366434323063346634653431396630396665623334636266326565643435
31666134396363663833303936623630623634356334633762623739666365613034366536356264
35353963643339636638306463363137646132366561666164373735336635373464616361613036
33393138663730343865386531303462616535663363653034396234376130613133613165333466
39303132323037366262363865313334663662396365393730316132366564633131356230306531
30333565333762323836663538623539326364646333376565616636333231396664663364666465
30303166393231393831373837383333653465643135323664346432353434653436326266343730
35643633646233363434393936343362636563316433663434306434356563616666626132363463
65323638646131383337316430393435383930393863383066373232313531313039616564353662
38323136343138366633643535323035376239383466633664323662326565613734636136343233
35653663633166653264363562666533323035306539666362363566633732363233613366303736
64356666326533626662393633653438643938343734663536653365346464306432323137386433
32366235303539363031636364333037343137333230383239626663326535313139663139613434
66633630333335366165356534303333373739653431643335333837306533313263333762626431
33383938623336663236646362616231663462303533333639303835356233663035613034303264
31383938393530376665373066623462663366643864646538623162326538313837623832616339
38323861653832386365613333303430383065323330666565343264353465306231303935363762
38303263623339326433333566313134623735366366656465643766663664343663326261373130
65366137626464656633376536346561633266343735363262326362353061323838383536643761
63666331313362626232656237303564613734643034623330656235656234613033336662306230
37626535653235353862626264373039343132646538306638666635623531623235633665643533
36633333653566656163
39643163623762306538313033363736393930643464336238313265666231353662396663323237
3639623961663831363065336335313636343839313034620a626330393237336265333738333132
32633461373037646166356563363365356631333431616662353633646637346561306331343163
3130333631666165300a343830303464393337393939666637366630626331373763313730656262
65356531353331303635636330316164336532393262396636643630656664343439393631363561
30356635656664303563336134386531313365613030306539663964346262363739363731393932
34643266626338613236383031343336613039363062663437366162613235633666343364393839
34636630393632633037313931646330626163343066323965306230353230666433346664653731
65656438353434393864353334666564343030366234663862313830393333353239373033326363
63313231326637383164646266356337643734363339616133613562663033633363616137363131
32356138313134653533623865343066353061653363313738326164373734653532383632616536
33623834663130656630386138616233336165656438636534353836656135353339376665343934
38313530393762353733646232386533663264663038326530323533396239393731336638666239
36373033366135373139616636316562333931313138613136663136366538636638333431623562
39303032336165623066373431343438333964623636636666376437666239373164303430333464
30356466313661383837393164393539616133396564636565373865363962356230353562346138
65633030373339626262643066396432653535613731306130383763333434343539326339653831
35616265316533653834336138316530353338616337333964363061343731373836353731656535
30613638656265633334393035633435623666373033393538313338383964363638626438373731
61313561656664616631653134623965336263323463666433346561646435346330323935643861
31386662393637363733376566663666373332343437643630616663376235376436613861313931
38626562656333343365353461383132353636666162663836633831643335663766643433323038
35613332353639343339363865663236333336386238306534343065343430346236323865383637
38363039346461613564653734303839633631386632386230636232656462373963326366306464
66303233613765343262346237666362613362326635663831626238633936656438623737333966
36636539343536366335303235313966306666343537626462343331653534386537653530613939
39343331613639316237306362633261646161333231643532346430313134636664663732383161
61643766396463636334323031346433393362323165346435383366356263623030623334356331
39323032323562336135353166656163626439613166373532366439643634346336633436323035
37646334346131313034623233323032616566383261303632653262646565343330363934313939
30343632333465373939376530636466666134666333363431353761316164363465336138373866
35633866323230326462343264666266363965383734313066643733613231656463326166343635
37633237636134623836363739356331623933613363636238653633363462626336373761353433
66623361326464643534636438393763396363343038353833353339656338313731326432393134
61633533663161373161373165326634363736383965383230626461646539623163646532356237
63613838616436626462666561376434366365633239643933386232653265396363383666376137
38636263646561363933626366623263313331353932393636343936376164393265646165633130
39363764626238643432646338353534323737663361303336376463306439383461366232393533
30633533333937313338343630326632373831333562633634356366376535303932663361633165
65626237363332313830393231373537343561633233616462626561333563306431316238616364
32653363383438303232346561353266646536316632353531616436396636346166376530383563
66396330303465626239653637323539376261373831616439363864376430396530636430623330
35323165663366653961303732336239656265383361343839663332616161663137373939383664
37383731653034336336656165386265613937636434393964643266613233663663383034616261
30613666343034343134343332306363666339643838316639373334376132666632346438656164
36326364383731366138636131346165653737383965323166393633623764613063623338636237
38363033663634376632346539623938323261313235616531393466623039616639616430663737
38303537346636373665386539653565313632356233333031656434633766376139346361373639
63313063353465316434303866643639313030326363383135303536623662326261353831326537
33616234333836376631326133356564616563623334373037333161333933323333386662303239
37316238656436396266663066393431646464333162343833303132383862616237383637303131
34386630643637316636373564636261626130643963643632343334373630356539303332333730
38643866356261383738633861373138653835373632666533366432383436383431653433636434
33623966633261383164633836336466336431666161346232333765663264333265666163303137
66623066363861656366663033336330613066356534663963396337623664383031663630353638
35626563653761386332383539626539633134396538313564303636343864306233653636656133
31336330383039353238346137633835643134656132353463666535393862383962626632336566
33616533356331386631343937303636383237613035376265316239623864356434386130353233
31393266363236356635613731303463626161663732326231386430393135623735386562323634
62303163313730336464313362336366396664666136376230386332656534383631636534656337
33333039356531336266303231613235396633323837613438303935356134626235623966316635
32353034326566353461386461663339313232653031383630376562346531633764396135646535
63613834616333373462386333656633623139643531313130623237383437356431613136376432
33643963313036663835396531663930643932303563386430633962346565653138366264363234
64333134336161333563333830313333343037656533303261393839343163303535313830653938
36306638653133633038323662333138663233366661646135643663396332386639316265346664
30333234313731303265356539373066326238623234326633376136326361633734316335313639
32643038363163366232656536386336643661636431643639373732623335303366363130383961
38306163626336613438366335303464306238663966313439656534383430623036316237356138
61633766306336386438373037366637313031333132653935326564346531663430656632393334
61383461366539613462646162656333663536343339323639613466353133313364326236313764
33383938613262343564663339366165633362323432663961666666393561346639656639306335
64633230623164323432323534386637336433643164326336396462383134633533306630366234
64643563623966333632656137373865306365663633386466643530383761323332613665663731
37393234333231326235656636376132326530363730353231386262383262366565383539383034
66346434353562303033346536393762343363643635346332623366396265393264343130333864
33616665376139356534633964623536636430346631313161313839313433326639376663326534
34363536393065353832323761643830303764356363363136346331383363383437306431663739
61333663313164346634633236373464303439663365336265653332306365626136666563326664
38313665653464313266373435303433636636666539396535316539363733366365663137356161
36383136333834613466323837666564663066646330303266633465386634396134

36
roles/awx/tasks/awx-config.yml
Unescape Escape View File

@ -275,33 +275,33 @@
tags:
- awx_config
- name: "Search <Container Registry> credentials <{{ shared_service_docker_registry_hostname }}>"
- name: "Search <Container Registry> credentials <{{ shared_service_harbor_hostname }}>"
include_tasks: awx-config-get-typ-id.yml
vars:
awx_rest_api_type: credentials
awx_search_key: name
awx_search_name: "{{ shared_service_docker_registry_hostname }}"
awx_search_name: "{{ shared_service_harbor_hostname }}"
tags:
- awx_config
- name: "Update awx_credential_docker_registry_id"
- name: "Update awx_credential_harbor_id"
set_fact:
awx_credential_docker_registry_id: "{{ awx_type_id }}"
awx_credential_harbor_id: "{{ awx_type_id }}"
when:
- awx_type_id != "None"
tags:
- awx_config
- name: "Add <Container Registry> credentials <{{ shared_service_docker_registry_hostname }}>"
- name: "Add <Container Registry> credentials <{{ shared_service_harbor_hostname }}>"
vars:
name: "{{ shared_service_docker_registry_hostname }}"
description: "{{ shared_service_docker_registry_hostname }}"
name: "{{ shared_service_harbor_hostname }}"
description: "{{ shared_service_harbor_hostname }}"
user_id: "{{ ansible_awx_user_id }}"
credential_type_id: "{{ awx_credential_type_container_registry_id }}"
credential_type_name: "Container Registry"
host: "{{ shared_service_docker_registry_hostname }}"
username: "{{ docker_registry_username }}"
password: "{{ docker_registry_token }}"
host: "{{ shared_service_harbor_hostname }}"
username: "{{ harbor_username }}"
password: "{{ harbor_token }}"
uri:
url: "{{ awx_base_url }}/api/v2/credentials/"
method: POST
@ -317,23 +317,23 @@
status_code: 201
register: response
changed_when: response.status == 201
when: awx_credential_docker_registry_id is not defined
when: awx_credential_harbor_id is not defined
tags:
- awx_config
- name: "Search <Container Registry> credentials <{{ shared_service_docker_registry_hostname }}>"
- name: "Search <Container Registry> credentials <{{ shared_service_harbor_hostname }}>"
include_tasks: awx-config-get-typ-id.yml
vars:
awx_rest_api_type: credentials
awx_search_key: name
awx_search_name: "{{ shared_service_docker_registry_hostname }}"
when: awx_credential_docker_registry_id is not defined
awx_search_name: "{{ shared_service_harbor_hostname }}"
when: awx_credential_harbor_id is not defined
tags:
- awx_config
- name: "Update awx_credential_docker_registry_id"
- name: "Update awx_credential_harbor_id"
set_fact:
awx_credential_docker_registry_id: "{{ awx_type_id }}"
awx_credential_harbor_id: "{{ awx_type_id }}"
when:
- awx_type_id != "None"
tags:
@ -367,8 +367,8 @@
vars:
name: "hetzner-ansible"
description: "hetzner-ansible"
image: "{{ shared_service_docker_registry_hostname }}/awx/awx-custom-ee"
credential: "{{ awx_credential_docker_registry_id }}"
image: "{{ shared_service_harbor_hostname }}/awx/awx-custom-ee"
credential: "{{ awx_credential_harbor_id }}"
pull: "always"
uri:
url: "{{ awx_base_url }}/api/v2/execution_environments/"

4
roles/common/configs/docker/config.json.j2
Unescape Escape View File

@ -1,7 +1,7 @@
{
"auths": {
"{{ shared_service_docker_registry_hostname }}": {
"auth": "{{ [docker_registry_username, docker_registry_token] | join(":") | string | b64encode }}"
"{{ shared_service_harbor_hostname }}": {
"auth": "{{ [harbor_username, harbor_token] | join(":") | string | b64encode }}"
}
}
}

2
roles/connect-wordpress/defaults/main.yml
Unescape Escape View File

@ -1,4 +1,4 @@
---
wordpress_image_name: "{{ shared_service_docker_registry_hostname }}/smardigo/wordpress"
wordpress_image_name: "{{ shared_service_harbor_hostname }}/smardigo/wordpress"
wordpress_image_version: '1.3.1'

3
roles/connect/defaults/main.yml
Unescape Escape View File

@ -1,7 +1,6 @@
---
connect_image_name: "{{ shared_service_docker_registry_hostname }}/smardigo/connect-whitelabel-app"
connect_image_version: 'latest'
connect_image_name: "{{ shared_service_harbor_hostname }}/smardigo/connect-whitelabel-app"
# TODO inject by management portal
connect_admin_username: "connect-admin"

41
roles/harbor/defaults/main.yml
Unescape Escape View File

@ -5,10 +5,7 @@ harbor_version: v2.4.1
harbor_hostname: '{{ stage_server_domain }}'
harbor_external_url: 'https://{{ stage_server_domain }}'
harbor_admin_username: '{{ harbor_admin_username_vault }}'
harbor_admin_password: '{{ harbor_admin_password_vault }}'
traefik_id: '{{ inventory_hostname }}-harbor'
harbor_id: '{{ inventory_hostname }}-harbor'
harbor_dockercompose_customized:
services:
@ -23,20 +20,20 @@ harbor_dockercompose_customized:
ports: [] # not exposing ports - already used by traefik
labels:
- "traefik.enable=true"
- "traefik.http.middlewares.{{ traefik_id }}.headers.customrequestheaders.X-Forwarded-Proto=https"
- "traefik.http.routers.{{ traefik_id }}.service={{ traefik_id }}"
- "traefik.http.routers.{{ traefik_id }}.rule=Host(`{{ harbor_hostname }}`)"
- "traefik.http.routers.{{ traefik_id }}.entrypoints=websecure"
- "traefik.http.routers.{{ traefik_id }}.tls=true"
- "traefik.http.routers.{{ traefik_id }}.tls.certresolver=letsencrypt"
- "traefik.http.services.{{ traefik_id }}.loadbalancer.server.port=8080"
- "traefik.http.middlewares.{{ traefik_id }}-monitor.headers.customrequestheaders.X-Forwarded-Proto=https"
- "traefik.http.routers.{{ traefik_id }}-monitor.service={{ traefik_id }}-monitor"
- "traefik.http.routers.{{ traefik_id }}-monitor.rule=Host(`{{ harbor_hostname }}`)"
- "traefik.http.routers.{{ traefik_id }}-monitor.entrypoints=monitoring-harbor"
- "traefik.http.routers.{{ traefik_id }}-monitor.tls=true"
- "traefik.http.routers.{{ traefik_id }}-monitor.tls.certresolver=letsencrypt"
- "traefik.http.services.{{ traefik_id }}-monitor.loadbalancer.server.port=9090"
- "traefik.http.middlewares.{{ harbor_id }}.headers.customrequestheaders.X-Forwarded-Proto=https"
- "traefik.http.routers.{{ harbor_id }}.service={{ harbor_id }}"
- "traefik.http.routers.{{ harbor_id }}.rule=Host(`{{ harbor_hostname }}`)"
- "traefik.http.routers.{{ harbor_id }}.entrypoints=websecure"
- "traefik.http.routers.{{ harbor_id }}.tls=true"
- "traefik.http.routers.{{ harbor_id }}.tls.certresolver=letsencrypt"
- "traefik.http.services.{{ harbor_id }}.loadbalancer.server.port=8080"
- "traefik.http.middlewares.{{ harbor_id }}-monitor.headers.customrequestheaders.X-Forwarded-Proto=https"
- "traefik.http.routers.{{ harbor_id }}-monitor.service={{ harbor_id }}-monitor"
- "traefik.http.routers.{{ harbor_id }}-monitor.rule=Host(`{{ harbor_hostname }}`)"
- "traefik.http.routers.{{ harbor_id }}-monitor.entrypoints=monitoring-harbor"
- "traefik.http.routers.{{ harbor_id }}-monitor.tls=true"
- "traefik.http.routers.{{ harbor_id }}-monitor.tls.certresolver=letsencrypt"
- "traefik.http.services.{{ harbor_id }}-monitor.loadbalancer.server.port=9090"
networks:
front-tier:
external: true
@ -44,14 +41,14 @@ harbor_dockercompose_customized:
harbor_base_configuration:
email_host: '{{ shared_service_mail_hostname }}'
email_port: 25
email_from: '{{ ansible_fqdn }}@{{ shared_service_mail_hostname }}'
email_from: '{{ harbor_id }}@{{ domain }}'
email_password: ''
email_username: ''
email_insecure: true
auth_mode: oidc_auth
oidc_name: docker
oidc_name: "{{ harbor_oidc_realm }}"
oidc_endpoint: 'https://{{ shared_service_keycloak_hostname }}/auth/realms/docker'
oidc_client_id: docker-registry
oidc_client_id: "{{ harbor_oidc_client_id }}"
oidc_groups_claim: groups
oidc_scope: openid
oidc_verify_cert: true
@ -87,7 +84,7 @@ harbor_robot_tokens:
name: ansible
level: system
description: 'smardigo docker pull credentials'
secret: '{{ docker_registry_token }}'
secret: '{{ harbor_token }}'
disable: false
duration: -1
editable: true

65
roles/harbor/tasks/configure.yml
Unescape Escape View File

@ -1,56 +1,19 @@
---
- name: "harbor BASE settings"
block:
- name: "BLOCK: Login with keycloak-admin"
include_role:
name: keycloak
tasks_from: _authenticate
- name: "GET available clients from <<{{ harbor_base_configuration.oidc_name }}>>-realm"
delegate_to: localhost
become: False
uri:
url: "{{ keycloak_server_url }}/auth/admin/realms/{{ harbor_base_configuration.oidc_name }}/clients"
method: GET
headers:
Content-Type: "application/json"
Authorization: "Bearer {{ access_token }}"
status_code: [200]
register: realm_clients
# available clients: get needed ID
- set_fact:
id_of_client: '{{ ( realm_clients.json | selectattr("clientId","equalto", harbor_base_configuration.oidc_client_id ) | first ).id }}'
- name: "BLOCK: GET client-secret for client <<{{ harbor_base_configuration.oidc_client_id }}>> in realm <<{{ harbor_base_configuration.oidc_name }}>>"
delegate_to: localhost
become: False
uri:
url: "{{ keycloak_server_url }}/auth/admin/realms/{{ harbor_base_configuration.oidc_name }}/clients/{{ id_of_client }}/client-secret"
method: GET
headers:
Content-Type: "application/json"
Authorization: "Bearer {{ access_token }}"
status_code: [200]
register: client_secret
- set_fact:
dict:
oidc_client_secret: '{{ client_secret.json.value }}'
- set_fact:
harbor_base_configuration_merged: '{{ harbor_base_configuration | combine( dict ,recursive=True ) }}'
- name: "BLOCK: Configure harbor BASE settings"
include_tasks: configure_base_config.yml
vars:
base_configuration: '{{ harbor_base_configuration_merged }}'
args:
apply:
tags:
- harbor-configure-base
# end of block for base settings
#- name: "harbor BASE settings"
# block:
# - set_fact:
# harbor_base_configuration_merged: '{{ harbor_base_configuration | combine( dict ,recursive=True ) }}'
# - name: "BLOCK: Configure harbor BASE settings"
# include_tasks: configure_base_config.yml
# vars:
# base_configuration: '{{ harbor_base_configuration_merged }}'
# args:
# apply:
# tags:
# - harbor-configure-base
## end of block for base settings
- name: "Create object of templated harbor projects"
set_fact:

2
roles/iam/defaults/main.yml
Unescape Escape View File

@ -1,4 +1,4 @@
---
iam_image_name: '{{ shared_service_docker_registry_hostname }}/smardigo/iam-app'
iam_image_name: '{{ shared_service_harbor_hostname }}/smardigo/iam-app'
iam_image_version: 'latest'

2
roles/keycloak/defaults/main.yml
Unescape Escape View File

@ -4,4 +4,4 @@
service_port_keycloak_external: "8110"
keycloak_version: "14.0.0.1"
keycloak_image: "{{ shared_service_docker_registry_hostname }}/smardigo/keycloak"
keycloak_image: "{{ shared_service_harbor_hostname }}/smardigo/keycloak"

21
roles/keycloak/tasks/main.yml
Unescape Escape View File

@ -54,12 +54,12 @@
current_owner: "{{ docker_owner }}"
current_group: "{{ docker_group }}"
- name: "Update {{ inventory_hostname }}"
shell: docker-compose pull
args:
chdir: '{{ service_base_path }}/{{ inventory_hostname }}'
tags:
- update_deployment
#- name: "Update {{ inventory_hostname }}"
# shell: docker-compose pull
# args:
# chdir: '{{ service_base_path }}/{{ inventory_hostname }}'
# tags:
# - update_deployment
- name: "Start {{ inventory_hostname }}"
shell: docker-compose up -d
@ -169,12 +169,3 @@
tags:
- create_groups
- update_realms
#- name: "Activate event listeners"
# shell: |
# docker exec {{ keycloak_id }} /bin/sh -c "/opt/jboss/keycloak/bin/kcadm.sh config credentials --server http://localhost:8080/auth --realm master --user $KEYCLOAK_USER --password $KEYCLOAK_PASSWORD"
# docker exec {{ keycloak_id }} /bin/sh -c "/opt/jboss/keycloak/bin/kcadm.sh update events/config -s 'eventsEnabled=true' -s 'adminEventsEnabled=true' -s 'eventsListeners+=metrics-listener'"
# docker exec {{ keycloak_id }} /bin/sh -c "usr/bin/rm -f /opt/jboss/.keycloak/kcadm.config"
# tags:
# - update_deployment
# - configure_container

2
roles/keycloak/templates/keycloak-realm-create-client.json.j2
Unescape Escape View File

@ -57,7 +57,7 @@
"protocolMapper": "oidc-group-membership-mapper",
"consentRequired": false,
"config": {
"full.path": "true",
"full.path": "false",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "groups",

2
roles/kubernetes/apps/defaults/main.yml
Unescape Escape View File

@ -106,7 +106,7 @@ k8s_argocd_helm__release_values:
hostAliases:
- ip: "{{ shared_service_docker_ip }}"
hostnames:
- "{{ shared_service_docker_registry_hostname }}"
- "{{ shared_service_harbor_hostname }}"
- ip: "{{ shared_service_keycloak_ip }}"
hostnames:
- "{{ shared_service_keycloak_hostname }}"

2
roles/kubernetes/namespace/defaults/main.yml
Unescape Escape View File

@ -1,4 +1,4 @@
---
k8s_namespace: "default"
k8s_docker_registry_key: "{{ stage }}-docker-registry-key"
k8s_docker_registry_key: "{{ stage }}-harbor-key"

4
roles/kubernetes/namespace/templates/docker-secret.json.j2
Unescape Escape View File

@ -1,7 +1,7 @@
{
"auths": {
"{{ shared_service_docker_registry_hostname }}": {
"auth": "{{ [docker_registry_username, docker_registry_token] | join(":") | string | b64encode }}"
"{{ shared_service_harbor_hostname }}": {
"auth": "{{ [harbor_username, harbor_token] | join(":") | string | b64encode }}"
}
}
}

4
roles/pdns/defaults/main.yml
Unescape Escape View File

@ -1,9 +1,9 @@
---
pdns_image_name: "{{ shared_service_docker_registry_hostname }}/smardigo/pdns-authoritative"
pdns_image_name: "{{ shared_service_harbor_hostname }}/smardigo/pdns-authoritative"
pdns_image_version: "1.0.0"
pdns_recursor_image_name: "{{ shared_service_docker_registry_hostname }}/smardigo/pdns-recursor"
pdns_recursor_image_name: "{{ shared_service_harbor_hostname }}/smardigo/pdns-recursor"
pdns_recursor_image_version: "1.0.0"
pdns_admin_image_name: "ngoduykhanh/powerdns-admin"

2
roles/webdav/defaults/main.yaml
Unescape Escape View File

@ -1,4 +1,4 @@
---
webdav_image_name: "{{ shared_service_docker_registry_hostname }}/smardigo/smardigo-webdav-app"
webdav_image_name: "{{ shared_service_harbor_hostname }}/smardigo/smardigo-webdav-app"
webdav_image_version: "8.4.1"

2
scripts/update-docker-image.sh
Unescape Escape View File

@ -7,7 +7,7 @@
# update-docker-image.sh qa smardigo sensw sensw-app latest
FROM="docker.dev-at.de/$2/$4:$5"
TO="$1-docker-registry-01.smardigo.digital/$3/$4:$5"
TO="$1-harbor-01.smardigo.digital/$3/$4:$5"
echo
echo updating $TO with image from $FROM

2
stage-dev
Unescape Escape View File

@ -16,7 +16,7 @@ dev-elastic-stack-elastic-03
dev-gitea-01
[harbor]
dev-docker-registry-01
dev-harbor-01
[iam]
dev-iam-01

2
stage-qa
Unescape Escape View File

@ -16,7 +16,7 @@ qa-elastic-stack-elastic-03
qa-gitea-01
[harbor]
qa-docker-registry-01
qa-harbor-01
[iam]
qa-iam-01

375
templates/harbor/harbor/docker-compose.yml.j2
Unescape Escape View File

@ -1,375 +0,0 @@
version: '2.3'
services:
log:
image: goharbor/harbor-log:v2.3.0
container_name: harbor-log
restart: always
dns_search: .
cap_drop:
- ALL
cap_add:
- CHOWN
- DAC_OVERRIDE
- SETGID
- SETUID
volumes:
- /var/log/harbor/:/var/log/docker/:z
- type: bind
source: ./common/config/log/logrotate.conf
target: /etc/logrotate.d/logrotate.conf
- type: bind
source: ./common/config/log/rsyslog_docker.conf
target: /etc/rsyslog.d/rsyslog_docker.conf
ports:
- 127.0.0.1:1514:10514
networks:
- harbor
registry:
image: goharbor/registry-photon:v2.3.0
container_name: registry
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
volumes:
- /data/registry:/storage:z
- ./common/config/registry/:/etc/registry/:z
- type: bind
source: /data/secret/registry/root.crt
target: /etc/registry/root.crt
- type: bind
source: ./common/config/shared/trust-certificates
target: /harbor_cust_cert
networks:
- harbor
dns_search: .
depends_on:
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://localhost:1514"
tag: "registry"
registryctl:
image: goharbor/harbor-registryctl:v2.3.0
container_name: registryctl
env_file:
- ./common/config/registryctl/env
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
volumes:
- /data/registry:/storage:z
- ./common/config/registry/:/etc/registry/:z
- type: bind
source: ./common/config/registryctl/config.yml
target: /etc/registryctl/config.yml
- type: bind
source: ./common/config/shared/trust-certificates
target: /harbor_cust_cert
networks:
- harbor
dns_search: .
depends_on:
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://localhost:1514"
tag: "registryctl"
postgresql:
image: goharbor/harbor-db:v2.3.0
container_name: harbor-db
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- DAC_OVERRIDE
- SETGID
- SETUID
volumes:
- /data/database:/var/lib/postgresql/data:z
networks:
harbor:
dns_search: .
env_file:
- ./common/config/db/env
depends_on:
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://localhost:1514"
tag: "postgresql"
shm_size: '1gb'
core:
image: goharbor/harbor-core:v2.3.0
container_name: harbor-core
env_file:
- ./common/config/core/env
restart: always
cap_drop:
- ALL
cap_add:
- SETGID
- SETUID
volumes:
- /data/ca_download/:/etc/core/ca/:z
- /data/:/data/:z
- ./common/config/core/certificates/:/etc/core/certificates/:z
- type: bind
source: ./common/config/core/app.conf
target: /etc/core/app.conf
- type: bind
source: /data/secret/core/private_key.pem
target: /etc/core/private_key.pem
- type: bind
source: /data/secret/keys/secretkey
target: /etc/core/key
- type: bind
source: ./common/config/shared/trust-certificates
target: /harbor_cust_cert
networks:
harbor:
harbor-chartmuseum:
aliases:
- harbor-core
dns_search: .
depends_on:
- log
- registry
- redis
- postgresql
logging:
driver: "syslog"
options:
syslog-address: "tcp://localhost:1514"
tag: "core"
extra_hosts:
- dev-keycloak-01.smardigo.digital:10.1.0.2
- dev-mail-01.smardigo.digital:10.2.0.2
portal:
image: goharbor/harbor-portal:v2.3.0
container_name: harbor-portal
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
- NET_BIND_SERVICE
volumes:
- type: bind
source: ./common/config/portal/nginx.conf
target: /etc/nginx/nginx.conf
networks:
- harbor
dns_search: .
depends_on:
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://localhost:1514"
tag: "portal"
jobservice:
image: goharbor/harbor-jobservice:v2.3.0
container_name: harbor-jobservice
env_file:
- ./common/config/jobservice/env
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
volumes:
- /data/job_logs:/var/log/jobs:z
- type: bind
source: ./common/config/jobservice/config.yml
target: /etc/jobservice/config.yml
- type: bind
source: ./common/config/shared/trust-certificates
target: /harbor_cust_cert
networks:
- harbor
dns_search: .
depends_on:
- core
logging:
driver: "syslog"
options:
syslog-address: "tcp://localhost:1514"
tag: "jobservice"
redis:
image: goharbor/redis-photon:v2.3.0
container_name: redis
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
volumes:
- /data/redis:/var/lib/redis
networks:
harbor:
harbor-chartmuseum:
aliases:
- redis
dns_search: .
depends_on:
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://localhost:1514"
tag: "redis"
proxy:
image: goharbor/nginx-photon:v2.3.0
container_name: nginx
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
- NET_BIND_SERVICE
volumes:
- ./common/config/nginx:/etc/nginx:z
- type: bind
source: ./common/config/shared/trust-certificates
target: /harbor_cust_cert
networks:
- harbor
- front-tier
dns_search: .
# ports:
# - 80:8080
# - 9090:9090
depends_on:
- registry
- core
- portal
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://localhost:1514"
tag: "proxy"
labels:
- "traefik.enable=true"
- "traefik.http.middlewares.dev-docker-registry-01-harbor.headers.customrequestheaders.X-Forwarded-Proto=https"
- "traefik.http.routers.dev-docker-registry-01-harbor.service=dev-docker-registry-01-harbor"
- "traefik.http.routers.dev-docker-registry-01-harbor.rule=Host(`dev-docker-registry-01.smardigo.digital`)"
- "traefik.http.routers.dev-docker-registry-01-harbor.entrypoints=websecure"
- "traefik.http.routers.dev-docker-registry-01-harbor.tls=true"
- "traefik.http.routers.dev-docker-registry-01-harbor.tls.certresolver=letsencrypt"
- "traefik.http.services.dev-docker-registry-01-harbor.loadbalancer.server.port=8080"
- "traefik.http.middlewares.dev-docker-registry-01-harbor-monitor.headers.customrequestheaders.X-Forwarded-Proto=https"
- "traefik.http.routers.dev-docker-registry-01-harbor-monitor.service=dev-docker-registry-01-harbor-monitor"
- "traefik.http.routers.dev-docker-registry-01-harbor-monitor.rule=Host(`dev-docker-registry-01.smardigo.digital`)"
- "traefik.http.routers.dev-docker-registry-01-harbor-monitor.entrypoints=monitoring-harbor"
- "traefik.http.routers.dev-docker-registry-01-harbor-monitor.tls=true"
- "traefik.http.routers.dev-docker-registry-01-harbor-monitor.tls.certresolver=letsencrypt"
- "traefik.http.services.dev-docker-registry-01-harbor-monitor.loadbalancer.server.port=9090"
trivy-adapter:
container_name: trivy-adapter
image: goharbor/trivy-adapter-photon:v2.3.0
restart: always
cap_drop:
- ALL
dns_search: .
depends_on:
- log
- redis
networks:
- harbor
volumes:
- type: bind
source: /data/trivy-adapter/trivy
target: /home/scanner/.cache/trivy
- type: bind
source: /data/trivy-adapter/reports
target: /home/scanner/.cache/reports
- type: bind
source: ./common/config/shared/trust-certificates
target: /harbor_cust_cert
logging:
driver: "syslog"
options:
syslog-address: "tcp://localhost:1514"
tag: "trivy-adapter"
env_file:
./common/config/trivy-adapter/env
chartmuseum:
container_name: chartmuseum
image: goharbor/chartmuseum-photon:v2.3.0
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- DAC_OVERRIDE
- SETGID
- SETUID
networks:
- harbor-chartmuseum
dns_search: .
depends_on:
- log
volumes:
- /data/chart_storage:/chart_storage:z
- ./common/config/chartserver:/etc/chartserver:z
- type: bind
source: ./common/config/shared/trust-certificates
target: /harbor_cust_cert
logging:
driver: "syslog"
options:
syslog-address: "tcp://localhost:1514"
tag: "chartmuseum"
env_file:
./common/config/chartserver/env
exporter:
image: goharbor/harbor-exporter:v2.3.0
container_name: harbor-exporter
env_file:
- ./common/config/exporter/env
restart: always
networks:
- harbor
dns_search: .
depends_on:
- core
- postgresql
volumes:
- type: bind
source: ./common/config/shared/trust-certificates
target: /harbor_cust_cert
logging:
driver: "syslog"
options:
syslog-address: "tcp://localhost:1514"
tag: "exporter"
networks:
harbor:
external: false
harbor-chartmuseum:
external: false
front-tier:
external: true
Write Preview
Loading…
Cancel
Save