version: '2.3' networks: front-tier: external: true harbor: external: false harbor-chartmuseum: external: false services: log: image: goharbor/harbor-log:v2.1.5 container_name: harbor-log restart: always dns_search: . cap_drop: - ALL cap_add: - CHOWN - DAC_OVERRIDE - SETGID - SETUID volumes: - /var/log/harbor/:/var/log/docker/:z - type: bind source: ./common/config/log/logrotate.conf target: /etc/logrotate.d/logrotate.conf - type: bind source: ./common/config/log/rsyslog_docker.conf target: /etc/rsyslog.d/rsyslog_docker.conf ports: - 127.0.0.1:1514:10514 networks: - harbor registry: image: goharbor/registry-photon:v2.1.5 container_name: registry restart: always cap_drop: - ALL cap_add: - CHOWN - SETGID - SETUID volumes: - /data/registry:/storage:z - ./common/config/registry/:/etc/registry/:z - type: bind source: /data/secret/registry/root.crt target: /etc/registry/root.crt - type: bind source: ./common/config/shared/trust-certificates target: /harbor_cust_cert networks: - harbor dns_search: . depends_on: - log logging: driver: "syslog" options: syslog-address: "tcp://127.0.0.1:1514" tag: "registry" registryctl: image: goharbor/harbor-registryctl:v2.1.5 container_name: registryctl env_file: - ./common/config/registryctl/env restart: always cap_drop: - ALL cap_add: - CHOWN - SETGID - SETUID volumes: - /data/registry:/storage:z - ./common/config/registry/:/etc/registry/:z - type: bind source: ./common/config/registryctl/config.yml target: /etc/registryctl/config.yml - type: bind source: ./common/config/shared/trust-certificates target: /harbor_cust_cert networks: - harbor dns_search: . depends_on: - log logging: driver: "syslog" options: syslog-address: "tcp://127.0.0.1:1514" tag: "registryctl" postgresql: image: goharbor/harbor-db:v2.1.5 container_name: harbor-db restart: always cap_drop: - ALL cap_add: - CHOWN - DAC_OVERRIDE - SETGID - SETUID volumes: - /data/database:/var/lib/postgresql/data:z networks: harbor: dns_search: . env_file: - ./common/config/db/env depends_on: - log logging: driver: "syslog" options: syslog-address: "tcp://127.0.0.1:1514" tag: "postgresql" core: image: goharbor/harbor-core:v2.1.5 container_name: harbor-core env_file: - ./common/config/core/env restart: always cap_drop: - ALL cap_add: - SETGID - SETUID volumes: - /data/ca_download/:/etc/core/ca/:z - /data/:/data/:z - ./common/config/core/certificates/:/etc/core/certificates/:z - type: bind source: ./common/config/core/app.conf target: /etc/core/app.conf - type: bind source: /data/secret/core/private_key.pem target: /etc/core/private_key.pem - type: bind source: /data/secret/keys/secretkey target: /etc/core/key - type: bind source: ./common/config/shared/trust-certificates target: /harbor_cust_cert networks: harbor: harbor-chartmuseum: aliases: - harbor-core dns_search: . depends_on: - log - registry - redis - postgresql logging: driver: "syslog" options: syslog-address: "tcp://127.0.0.1:1514" tag: "core" extra_hosts: - dev-keycloak-01.smardigo.digital:10.1.0.2 portal: image: goharbor/harbor-portal:v2.1.5 container_name: harbor-portal restart: always cap_drop: - ALL cap_add: - CHOWN - SETGID - SETUID - NET_BIND_SERVICE volumes: - type: bind source: ./common/config/portal/nginx.conf target: /etc/nginx/nginx.conf networks: - harbor dns_search: . depends_on: - log logging: driver: "syslog" options: syslog-address: "tcp://127.0.0.1:1514" tag: "portal" jobservice: image: goharbor/harbor-jobservice:v2.1.5 container_name: harbor-jobservice env_file: - ./common/config/jobservice/env restart: always cap_drop: - ALL cap_add: - CHOWN - SETGID - SETUID volumes: - /data/job_logs:/var/log/jobs:z - type: bind source: ./common/config/jobservice/config.yml target: /etc/jobservice/config.yml - type: bind source: ./common/config/shared/trust-certificates target: /harbor_cust_cert networks: - harbor dns_search: . depends_on: - core logging: driver: "syslog" options: syslog-address: "tcp://127.0.0.1:1514" tag: "jobservice" redis: image: goharbor/redis-photon:v2.1.5 container_name: redis restart: always cap_drop: - ALL cap_add: - CHOWN - SETGID - SETUID volumes: - /data/redis:/var/lib/redis networks: harbor: harbor-chartmuseum: aliases: - redis dns_search: . depends_on: - log logging: driver: "syslog" options: syslog-address: "tcp://127.0.0.1:1514" tag: "redis" proxy: image: goharbor/nginx-photon:v2.1.5 container_name: nginx restart: always cap_drop: - ALL cap_add: - CHOWN - SETGID - SETUID - NET_BIND_SERVICE volumes: - ./common/config/nginx:/etc/nginx:z - type: bind source: ./common/config/shared/trust-certificates target: /harbor_cust_cert networks: - harbor - front-tier dns_search: . depends_on: - registry - core - portal - log logging: driver: "syslog" options: syslog-address: "tcp://127.0.0.1:1514" tag: "proxy" labels: - "traefik.enable=true" - "traefik.http.middlewares.dev-docker-registry-01-harbor.headers.customrequestheaders.X-Forwarded-Proto=https" - "traefik.http.routers.dev-docker-registry-01-harbor.service=dev-docker-registry-01-harbor" - "traefik.http.routers.dev-docker-registry-01-harbor.rule=Host(`dev-docker-registry-01.smardigo.digital`)" - "traefik.http.routers.dev-docker-registry-01-harbor.entrypoints=websecure" - "traefik.http.routers.dev-docker-registry-01-harbor.tls=true" - "traefik.http.routers.dev-docker-registry-01-harbor.tls.certresolver=letsencrypt" - "traefik.http.services.dev-docker-registry-01-harbor.loadbalancer.server.port=8080" trivy-adapter: container_name: trivy-adapter image: goharbor/trivy-adapter-photon:v2.1.5 restart: always cap_drop: - ALL dns_search: . depends_on: - log - redis networks: - harbor volumes: - type: bind source: /data/trivy-adapter/trivy target: /home/scanner/.cache/trivy - type: bind source: /data/trivy-adapter/reports target: /home/scanner/.cache/reports - type: bind source: ./common/config/shared/trust-certificates target: /harbor_cust_cert logging: driver: "syslog" options: syslog-address: "tcp://127.0.0.1:1514" tag: "trivy-adapter" env_file: ./common/config/trivy-adapter/env chartmuseum: container_name: chartmuseum image: goharbor/chartmuseum-photon:v2.1.5 restart: always cap_drop: - ALL cap_add: - CHOWN - DAC_OVERRIDE - SETGID - SETUID networks: - harbor-chartmuseum dns_search: . depends_on: - log volumes: - /data/chart_storage:/chart_storage:z - ./common/config/chartserver:/etc/chartserver:z - type: bind source: ./common/config/shared/trust-certificates target: /harbor_cust_cert logging: driver: "syslog" options: syslog-address: "tcp://127.0.0.1:1514" tag: "chartmuseum" env_file: ./common/config/chartserver/env