You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
326 lines
7.6 KiB
Django/Jinja
326 lines
7.6 KiB
Django/Jinja
version: '2.3'
|
|
|
|
networks:
|
|
front-tier:
|
|
external: true
|
|
harbor:
|
|
external: false
|
|
harbor-chartmuseum:
|
|
external: false
|
|
|
|
services:
|
|
log:
|
|
image: goharbor/harbor-log:v2.2.2
|
|
container_name: harbor-log
|
|
restart: always
|
|
dns_search: .
|
|
cap_drop:
|
|
- ALL
|
|
cap_add:
|
|
- CHOWN
|
|
- DAC_OVERRIDE
|
|
- SETGID
|
|
- SETUID
|
|
volumes:
|
|
- /var/log/harbor/:/var/log/docker/:z
|
|
- type: bind
|
|
source: ./common/config/log/logrotate.conf
|
|
target: /etc/logrotate.d/logrotate.conf
|
|
- type: bind
|
|
source: ./common/config/log/rsyslog_docker.conf
|
|
target: /etc/rsyslog.d/rsyslog_docker.conf
|
|
ports:
|
|
- 127.0.0.1:1514:10514
|
|
networks:
|
|
- harbor
|
|
|
|
registry:
|
|
image: goharbor/registry-photon:v2.2.2
|
|
container_name: registry
|
|
restart: always
|
|
cap_drop:
|
|
- ALL
|
|
cap_add:
|
|
- CHOWN
|
|
- SETGID
|
|
- SETUID
|
|
volumes:
|
|
- /data/registry:/storage:z
|
|
- ./common/config/registry/:/etc/registry/:z
|
|
- type: bind
|
|
source: /data/secret/registry/root.crt
|
|
target: /etc/registry/root.crt
|
|
- type: bind
|
|
source: ./common/config/shared/trust-certificates
|
|
target: /harbor_cust_cert
|
|
networks:
|
|
- harbor
|
|
dns_search: .
|
|
depends_on:
|
|
- log
|
|
logging:
|
|
driver: "syslog"
|
|
options:
|
|
syslog-address: "tcp://127.0.0.1:1514"
|
|
tag: "registry"
|
|
|
|
registryctl:
|
|
image: goharbor/harbor-registryctl:v2.2.2
|
|
container_name: registryctl
|
|
env_file:
|
|
- ./common/config/registryctl/env
|
|
restart: always
|
|
cap_drop:
|
|
- ALL
|
|
cap_add:
|
|
- CHOWN
|
|
- SETGID
|
|
- SETUID
|
|
volumes:
|
|
- /data/registry:/storage:z
|
|
- ./common/config/registry/:/etc/registry/:z
|
|
- type: bind
|
|
source: ./common/config/registryctl/config.yml
|
|
target: /etc/registryctl/config.yml
|
|
- type: bind
|
|
source: ./common/config/shared/trust-certificates
|
|
target: /harbor_cust_cert
|
|
networks:
|
|
- harbor
|
|
dns_search: .
|
|
depends_on:
|
|
- log
|
|
logging:
|
|
driver: "syslog"
|
|
options:
|
|
syslog-address: "tcp://127.0.0.1:1514"
|
|
tag: "registryctl"
|
|
|
|
postgresql:
|
|
image: goharbor/harbor-db:v2.2.2
|
|
container_name: harbor-db
|
|
restart: always
|
|
cap_drop:
|
|
- ALL
|
|
cap_add:
|
|
- CHOWN
|
|
- DAC_OVERRIDE
|
|
- SETGID
|
|
- SETUID
|
|
volumes:
|
|
- /data/database:/var/lib/postgresql/data:z
|
|
networks:
|
|
harbor:
|
|
dns_search: .
|
|
env_file:
|
|
- ./common/config/db/env
|
|
depends_on:
|
|
- log
|
|
logging:
|
|
driver: "syslog"
|
|
options:
|
|
syslog-address: "tcp://127.0.0.1:1514"
|
|
tag: "postgresql"
|
|
|
|
core:
|
|
image: goharbor/harbor-core:v2.2.2
|
|
container_name: harbor-core
|
|
env_file:
|
|
- ./common/config/core/env
|
|
restart: always
|
|
cap_drop:
|
|
- ALL
|
|
cap_add:
|
|
- SETGID
|
|
- SETUID
|
|
volumes:
|
|
- /data/ca_download/:/etc/core/ca/:z
|
|
- /data/:/data/:z
|
|
- ./common/config/core/certificates/:/etc/core/certificates/:z
|
|
- type: bind
|
|
source: ./common/config/core/app.conf
|
|
target: /etc/core/app.conf
|
|
- type: bind
|
|
source: /data/secret/core/private_key.pem
|
|
target: /etc/core/private_key.pem
|
|
- type: bind
|
|
source: /data/secret/keys/secretkey
|
|
target: /etc/core/key
|
|
- type: bind
|
|
source: ./common/config/shared/trust-certificates
|
|
target: /harbor_cust_cert
|
|
networks:
|
|
harbor:
|
|
harbor-chartmuseum:
|
|
aliases:
|
|
- harbor-core
|
|
dns_search: .
|
|
depends_on:
|
|
- log
|
|
- registry
|
|
- redis
|
|
- postgresql
|
|
logging:
|
|
driver: "syslog"
|
|
options:
|
|
syslog-address: "tcp://127.0.0.1:1514"
|
|
tag: "core"
|
|
extra_hosts:
|
|
- dev-keycloak-01.smardigo.digital:10.1.0.2
|
|
- dev-mail-01.smardigo.digital:10.2.0.2
|
|
|
|
portal:
|
|
image: goharbor/harbor-portal:v2.2.2
|
|
container_name: harbor-portal
|
|
restart: always
|
|
cap_drop:
|
|
- ALL
|
|
cap_add:
|
|
- CHOWN
|
|
- SETGID
|
|
- SETUID
|
|
- NET_BIND_SERVICE
|
|
volumes:
|
|
- type: bind
|
|
source: ./common/config/portal/nginx.conf
|
|
target: /etc/nginx/nginx.conf
|
|
networks:
|
|
- harbor
|
|
dns_search: .
|
|
depends_on:
|
|
- log
|
|
logging:
|
|
driver: "syslog"
|
|
options:
|
|
syslog-address: "tcp://127.0.0.1:1514"
|
|
tag: "portal"
|
|
|
|
jobservice:
|
|
image: goharbor/harbor-jobservice:v2.2.2
|
|
container_name: harbor-jobservice
|
|
env_file:
|
|
- ./common/config/jobservice/env
|
|
restart: always
|
|
cap_drop:
|
|
- ALL
|
|
cap_add:
|
|
- CHOWN
|
|
- SETGID
|
|
- SETUID
|
|
volumes:
|
|
- /data/job_logs:/var/log/jobs:z
|
|
- type: bind
|
|
source: ./common/config/jobservice/config.yml
|
|
target: /etc/jobservice/config.yml
|
|
- type: bind
|
|
source: ./common/config/shared/trust-certificates
|
|
target: /harbor_cust_cert
|
|
networks:
|
|
- harbor
|
|
dns_search: .
|
|
depends_on:
|
|
- core
|
|
logging:
|
|
driver: "syslog"
|
|
options:
|
|
syslog-address: "tcp://127.0.0.1:1514"
|
|
tag: "jobservice"
|
|
|
|
redis:
|
|
image: goharbor/redis-photon:v2.2.2
|
|
container_name: redis
|
|
restart: always
|
|
cap_drop:
|
|
- ALL
|
|
cap_add:
|
|
- CHOWN
|
|
- SETGID
|
|
- SETUID
|
|
volumes:
|
|
- /data/redis:/var/lib/redis
|
|
networks:
|
|
harbor:
|
|
harbor-chartmuseum:
|
|
aliases:
|
|
- redis
|
|
dns_search: .
|
|
depends_on:
|
|
- log
|
|
logging:
|
|
driver: "syslog"
|
|
options:
|
|
syslog-address: "tcp://127.0.0.1:1514"
|
|
tag: "redis"
|
|
|
|
proxy:
|
|
image: goharbor/nginx-photon:v2.2.2
|
|
container_name: nginx
|
|
restart: always
|
|
cap_drop:
|
|
- ALL
|
|
cap_add:
|
|
- CHOWN
|
|
- SETGID
|
|
- SETUID
|
|
- NET_BIND_SERVICE
|
|
volumes:
|
|
- ./common/config/nginx:/etc/nginx:z
|
|
- type: bind
|
|
source: ./common/config/shared/trust-certificates
|
|
target: /harbor_cust_cert
|
|
networks:
|
|
- harbor
|
|
- front-tier
|
|
dns_search: .
|
|
# ports:
|
|
# - 80:8080
|
|
depends_on:
|
|
- registry
|
|
- core
|
|
- portal
|
|
- log
|
|
logging:
|
|
driver: "syslog"
|
|
options:
|
|
syslog-address: "tcp://127.0.0.1:1514"
|
|
tag: "proxy"
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.middlewares.dev-docker-registry-01-harbor.headers.customrequestheaders.X-Forwarded-Proto=https"
|
|
- "traefik.http.routers.dev-docker-registry-01-harbor.service=dev-docker-registry-01-harbor"
|
|
- "traefik.http.routers.dev-docker-registry-01-harbor.rule=Host(`dev-docker-registry-01.smardigo.digital`)"
|
|
- "traefik.http.routers.dev-docker-registry-01-harbor.entrypoints=websecure"
|
|
- "traefik.http.routers.dev-docker-registry-01-harbor.tls=true"
|
|
- "traefik.http.routers.dev-docker-registry-01-harbor.tls.certresolver=letsencrypt"
|
|
- "traefik.http.services.dev-docker-registry-01-harbor.loadbalancer.server.port=8080"
|
|
|
|
chartmuseum:
|
|
container_name: chartmuseum
|
|
image: goharbor/chartmuseum-photon:v2.2.2
|
|
restart: always
|
|
cap_drop:
|
|
- ALL
|
|
cap_add:
|
|
- CHOWN
|
|
- DAC_OVERRIDE
|
|
- SETGID
|
|
- SETUID
|
|
networks:
|
|
- harbor-chartmuseum
|
|
dns_search: .
|
|
depends_on:
|
|
- log
|
|
volumes:
|
|
- /data/chart_storage:/chart_storage:z
|
|
- ./common/config/chartserver:/etc/chartserver:z
|
|
- type: bind
|
|
source: ./common/config/shared/trust-certificates
|
|
target: /harbor_cust_cert
|
|
logging:
|
|
driver: "syslog"
|
|
options:
|
|
syslog-address: "tcp://127.0.0.1:1514"
|
|
tag: "chartmuseum"
|
|
env_file:
|
|
./common/config/chartserver/env
|