diff --git a/group_vars/all.yaml b/group_vars/all.yaml index ea3762d..e6ce6bf 100644 --- a/group_vars/all.yaml +++ b/group_vars/all.yaml @@ -39,6 +39,14 @@ keycloak_admin_password: 20Dino00 keycloak_postgres_password: HISTORY_PURGED_SECRET keycloak_address: keycloak.atlantishq.de +harbor_http_secret: HISTORY_PURGED_SECRET +harbor_core_secret: HISTORY_PURGED_SECRET +harbor_jobservice_secret: HISTORY_PURGED_SECRET +harbor_postgres_pass: HISTORY_PURGED_SECRET +harbor_registry_user: harbor +harbor_registry_password: HISTORY_PURGED_SECRET +harbor_admin_password: 20Dino00 + keycloak_clients: python-flask-picture-factory: party_secret : "HISTORY_PURGED_SECRET" @@ -153,7 +161,7 @@ keycloak_clients: - "https://icinga.atlantishq.de/*" description: "Icinga Web" keycloak_id: "00000000-0000-0000-0000-000000000009" - groups: "monitoring" + groups: "monitoring,icinga" master_address: "https://icinga.atlantishq.de" skips: diff --git a/roles/docker-deployments/files/harbor-config/config/core/app.conf b/roles/docker-deployments/files/harbor-config/config/core/app.conf new file mode 100644 index 0000000..6110364 --- /dev/null +++ b/roles/docker-deployments/files/harbor-config/config/core/app.conf @@ -0,0 +1,6 @@ +appname = Harbor +runmode = dev +enablegzip = true + +[dev] +httpport = 8080 diff --git a/roles/docker-deployments/files/harbor-config/config/core/private_key.pem b/roles/docker-deployments/files/harbor-config/config/core/private_key.pem new file mode 100644 index 0000000..d3e1eb4 --- /dev/null +++ b/roles/docker-deployments/files/harbor-config/config/core/private_key.pem @@ -0,0 +1,51 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIJKAIBAAKCAgEAtpMvyv153iSmwm6TrFpUOzsIGBEDbGtOOEZMEm08D8IC2n1G +d6/XOZ5FxPAD6gIpE0EAcMojY5O0Hl4CDoyV3e/iKcBqFOgYtpogNtan7yT5J8gw +KsPbU/8nBkK75GOq56nfvq4t9GVAclIDtHbuvmlh6O2n+fxtR0M9LbuotbSBdXYU +hzXqiSsMclBvLyIk/z327VP5l0nUNOzPuKIwQjuxYKDkvq1oGy98oVlE6wl0ldh2 +HISTORY_PURGED_SECRET +9dzyhA5paDM06lj2gsg9hQWxCgbFh1x39c6pSI8hmVe6x2d4tAtSyOm3Qwz+zO2l +bPDvkY8Svh5nxUYObrNreoO8wHr8MC6TGUQLnUt/RfdVKe5fYPFl6VYqJP/L3LDn +Xj771nFq6PKiYbhBwJw3TM49gpKNS/Of70TP2m7nVlyuyMdE5T1j3xyXNkixXqqn +JuSMqX/3Bmm0On9KEbemwn7KRYF/bqc50+RcGUdKNcOkN6vuMVZei4GbxALnVqac +s+/UQAiQP4212UO7iZFwMaCNJ3r/b4GOlyalI1yEA4odoZov7k5zVOzHu8O6QmCj +3R5TVOudpGiUh+lumRRpNqxDgjngLljvaWU6ttyIbjnAwCjnJoppZM2lkRkCAwEA +AQKCAgAvsvCPlf2a3fR7Y6xNISRUfS22K+u7DaXX6fXB8qv4afWY45Xfex89vG35 +78L2Bi55C0h0LztjrpkmPeVHq88TtrJduhl88M5UFpxH93jUb9JwZErBQX4xyb2G +UzUHjEqAT89W3+a9rR5TP74cDd59/MZJtp1mIF7keVqochi3sDsKVxkx4hIuWALe +csk5hTApRyUWCBRzRCSe1yfF0wnMpA/JcP+SGXfTcmqbNNlelo/Q/kaga59+3UmT +C0Wy41s8fIvP+MnGT2QLxkkrqYyfwrWTweqoTtuKEIHjpdnwUcoYJKfQ6jKp8aH0 +STyP5UIyFOKNuFjyh6ZfoPbuT1nGW+YKlUnK4hQ9N/GE0oMoecTaHTbqM+psQvbj +6+CG/1ukA5ZTQyogNyuOApArFBQ+RRmVudPKA3JYygIhwctuB2oItsVEOEZMELCn +g2aVFAVXGfGRDXvpa8oxs3Pc6RJEp/3tON6+w7cMCx0lwN/Jk2Ie6RgTzUycT3k6 +MoTQJRoO6/ZHcx3hTut/CfnrWiltyAUZOsefLuLg+Pwf9GHhOycLRI6gHfgSwdIV +S77UbbELWdscVr1EoPIasUm1uYWBBcFRTturRW+GHJ8TZX+mcWSBcWwBhp15LjEl +tJf+9U6lWMOSB2LvT+vFmR0M9q56fo7UeKFIR7mo7/GpiVu5AQKCAQEA6Qs7G9mw +N/JZOSeQO6xIQakC+sKApPyXO58fa7WQzri+l2UrLNp0DEQfZCujqDgwys6OOzR/ +xg8ZKQWVoad08Ind3ZwoJgnLn6QLENOcE6PpWxA/JjnVGP4JrXCYR98cP0sf9jEI +xkR1qT50GbeqU3RDFliI4kGRvbZ8cekzuWppfQcjstSBPdvuxqAcUVmTnTw83nvD +FmBbhlLiEgI3iKtJ97UB7480ivnWnOuusduk7FO4jF3hkrOa+YRidinTCi8JBo0Y +jx4Ci3Y5x6nvwkXhKzXapd7YmPNisUc5xA7/a+W71cyC0IKUwRc/8pYWLL3R3CpR +YiV8gf6gwzOckQKCAQEAyI9CSNoAQH4zpS8B9PF8zILqEEuun8m1f5JB3hQnfWzm +7uz/zg6I0TkcCE0AJVSKPHQm1V9+TRbF9+DiOWHEYYzPmK8h63SIufaWxZPqai4E +PUj6eQWykBUVJ96n6/AW0JHRZ+WrJ5RXBqCLuY7NP6wDhORrCJjBwaGMohNpbKPS +HISTORY_PURGED_SECRET +uFT8n+XH5IwgjdXFSDim15rQ8jD2l2xLcwKboTpx5GeRl8oB1VGm0fUbBn1dvGPG +4WfHGyrp9VNZtP160WoHr+vRVPqvHNkoeAlCfEwQCQKCAQBN1dtzLN0HgqE8TrOE +ysEDdTCykj4nXNoiJr522hi4gsndhQPLolb6NdKKQW0S5Vmekyi8K4e1nhtYMS5N +5MFRCasZtmtOcR0af87WWucZRDjPmniNCunaxBZ1YFLsRl+H4E6Xir8UgY8O7PYY +FNkFsKIrl3x4nU/RHl8oKKyG9Dyxbq4Er6dPAuMYYiezIAkGjjUCVjHNindnQM2T +GDx2IEe/PSydV6ZD+LguhyU88FCAQmI0N7L8rZJIXmgIcWW0VAterceTHYHaFK2t +u1uB9pcDOKSDnA+Z3kiLT2/CxQOYhQ2clgbnH4YRi/Nm0awsW2X5dATklAKm5GXL +bLSRAoIBAQClaNnPQdTBXBR2IN3pSZ2XAkXPKMwdxvtk+phOc6raHA4eceLL7FrU +y9gd1HvRTfcwws8gXcDKDYU62gNaNhMELWEt2QsNqS/2x7Qzwbms1sTyUpUZaSSL +BohLOKyfv4ThgdIGcXoGi6Z2tcRnRqpq4BCK8uR/05TBgN5+8amaS0ZKYLfaCW4G +nlPk1fVgHWhtAChtnYZLuKg494fKmB7+NMfAbmmVlxjrq+gkPkxyqXvk9Vrg+V8y +HISTORY_PURGED_SECRET +9sNerUw1GNC8O66K+rGgBk4FKgXmg8kZAoIBABBcuisK250fXAfjAWXGqIMs2+Di +vqAdT041SNZEOJSGNFsLJbhd/3TtCLf29PN/YXtnvBmC37rqryTsqjSbx/YT2Jbr +Bk3jOr9JVbmcoSubXl8d/uzf7IGs91qaCgBwPZHgeH+kK13FCLexz+U9zYMZ78fF +/yO82CpoekT+rcl1jzYn43b6gIklHABQU1uCD6MMyMhJ9Op2WmbDk3X+py359jMc ++Cr2zfzdHAIVff2dOV3OL+ZHEWbwtnn3htKUdOmjoTJrciFx0xNZJS5Q7QYHMONj +yPqbajyhopiN01aBQpCSGF1F1uRpWeIjTrAZPbrwLl9YSYXz0AT05QeFEFk= +-----END RSA PRIVATE KEY----- diff --git a/roles/docker-deployments/files/harbor-config/config/jobservice/config.yml b/roles/docker-deployments/files/harbor-config/config/jobservice/config.yml new file mode 100644 index 0000000..a575ce7 --- /dev/null +++ b/roles/docker-deployments/files/harbor-config/config/jobservice/config.yml @@ -0,0 +1,41 @@ +--- +#Protocol used to serve +protocol: "http" + +#Config certification if use 'https' protocol +#https_config: +# cert: "server.crt" +# key: "server.key" + +#Server listening port +port: 8080 + +#Worker pool +worker_pool: + #Worker concurrency + workers: 10 + backend: "redis" + #Additional config if use 'redis' backend + redis_pool: + #redis://[arbitrary_username:password@]ipaddress:port/database_index + redis_url: redis://redis:6379/2 + namespace: "harbor_job_service_namespace" +#Loggers for the running job +job_loggers: + - name: "STD_OUTPUT" # logger backend name, only support "FILE" and "STD_OUTPUT" + level: "INFO" # INFO/DEBUG/WARNING/ERROR/FATAL + - name: "FILE" + level: "INFO" + settings: # Customized settings of logger + base_dir: "/var/log/jobs" + sweeper: + duration: 1 #days + settings: # Customized settings of sweeper + work_dir: "/var/log/jobs" + +#Loggers for the job service +loggers: + - name: "STD_OUTPUT" # Same with above + level: "INFO" +#Admin server endpoint +admin_server: "http://adminserver:8080/" diff --git a/roles/docker-deployments/files/harbor-config/config/proxy/nginx.conf b/roles/docker-deployments/files/harbor-config/config/proxy/nginx.conf new file mode 100644 index 0000000..833c54c --- /dev/null +++ b/roles/docker-deployments/files/harbor-config/config/proxy/nginx.conf @@ -0,0 +1,130 @@ +worker_processes auto; +error_log "/opt/bitnami/nginx/logs/error.log"; +pid "/opt/bitnami/nginx/tmp/nginx.pid"; + +events { + worker_connections 1024; + use epoll; + multi_accept on; +} + +http { + tcp_nodelay on; + + # this is necessary for us to be able to disable request buffering in all cases + proxy_http_version 1.1; + + upstream core { + server core:8080; + } + + upstream portal { + server portal:8080; + } + + log_format timed_combined '$remote_addr - ' + '"$request" $status $body_bytes_sent ' + '"$http_referer" "$http_user_agent" ' + '$request_time $upstream_response_time $pipe'; + + client_body_temp_path "/opt/bitnami/nginx/tmp/client_body" 1 2; + proxy_temp_path "/opt/bitnami/nginx/tmp/proxy" 1 2; + fastcgi_temp_path "/opt/bitnami/nginx/tmp/fastcgi" 1 2; + scgi_temp_path "/opt/bitnami/nginx/tmp/scgi" 1 2; + uwsgi_temp_path "/opt/bitnami/nginx/tmp/uwsgi" 1 2; + + server { + listen 8080; + server_tokens off; + # disable any limits to avoid HTTP 413 for large image uploads + client_max_body_size 0; + + # costumized location config file can place to /opt/bitnami/nginx/conf with prefix harbor.http. and suffix .conf + include /opt/bitnami/conf/nginx/conf.d/harbor.http.*.conf; + + location / { + proxy_pass http://portal/; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + # When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings. + proxy_set_header X-Forwarded-Proto $scheme; + + proxy_buffering off; + proxy_request_buffering off; + } + + location /c/ { + proxy_pass http://core/c/; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + # When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings. + proxy_set_header X-Forwarded-Proto $scheme; + + proxy_buffering off; + proxy_request_buffering off; + } + + location /api/ { + proxy_pass http://core/api/; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + # When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings. + proxy_set_header X-Forwarded-Proto $scheme; + + proxy_buffering off; + proxy_request_buffering off; + } + + location /chartrepo/ { + proxy_pass http://core/chartrepo/; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + # When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings. + proxy_set_header X-Forwarded-Proto $scheme; + + proxy_buffering off; + proxy_request_buffering off; + } + + location /v1/ { + return 404; + } + + location /v2/ { + proxy_pass http://core/v2/; + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + # When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings. + proxy_set_header X-Forwarded-Proto $scheme; + proxy_buffering off; + proxy_request_buffering off; + } + + location /service/ { + proxy_pass http://core/service/; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + # When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings. + proxy_set_header X-Forwarded-Proto $scheme; + + proxy_buffering off; + proxy_request_buffering off; + } + + location /service/notifications { + return 404; + } + } +} diff --git a/roles/docker-deployments/files/harbor-config/config/registry/config.yml b/roles/docker-deployments/files/harbor-config/config/registry/config.yml new file mode 100644 index 0000000..e4e99a7 --- /dev/null +++ b/roles/docker-deployments/files/harbor-config/config/registry/config.yml @@ -0,0 +1,36 @@ +version: 0.1 +log: + level: info + fields: + service: registry +storage: + cache: + layerinfo: redis + filesystem: + rootdirectory: /storage + maintenance: + uploadpurging: + enabled: false + delete: + enabled: true +redis: + addr: redis:6379 + password: + db: 1 +http: + addr: :5000 + secret: placeholder + debug: + addr: localhost:5001 +auth: + htpasswd: + realm: harbor-registry-basic-realm + path: /etc/registry/passwd +notifications: + endpoints: + - name: harbor + disabled: false + url: http://core:8080/service/notifications + timeout: 3000ms + threshold: 5 + backoff: 1s diff --git a/roles/docker-deployments/files/harbor-config/config/registry/passwd b/roles/docker-deployments/files/harbor-config/config/registry/passwd new file mode 100644 index 0000000..bec5ef9 --- /dev/null +++ b/roles/docker-deployments/files/harbor-config/config/registry/passwd @@ -0,0 +1 @@ +harbor_registry_user:$2y$10$9L4Tc0DJbFFMB6RdSCunrOpTHdwhid4ktBJmLD00bYgqkkGOvll3m \ No newline at end of file diff --git a/roles/docker-deployments/files/harbor-config/config/registry/root.crt b/roles/docker-deployments/files/harbor-config/config/registry/root.crt new file mode 100644 index 0000000..1c7f9e6 --- /dev/null +++ b/roles/docker-deployments/files/harbor-config/config/registry/root.crt @@ -0,0 +1,35 @@ +-----BEGIN CERTIFICATE----- +MIIGBzCCA++gAwIBAgIJAKB8CNqCxhr7MA0GCSqGSIb3DQEBCwUAMIGZMQswCQYD +VQQGEwJDTjEOMAwGA1UECAwFU3RhdGUxCzAJBgNVBAcMAkNOMRUwEwYDVQQKDAxv +cmdhbml6YXRpb24xHDAaBgNVBAsME29yZ2FuaXphdGlvbmFsIHVuaXQxFDASBgNV +BAMMC2V4YW1wbGUuY29tMSIwIAYJKoZIhvcNAQkBFhNleGFtcGxlQGV4YW1wbGUu +Y29tMB4XDTE2MDUxNjAyNDY1NVoXDTI2MDUxNDAyNDY1NVowgZkxCzAJBgNVBAYT +AkNOMQ4wDAYDVQQIDAVTdGF0ZTELMAkGA1UEBwwCQ04xFTATBgNVBAoMDG9yZ2Fu +aXphdGlvbjEcMBoGA1UECwwTb3JnYW5pemF0aW9uYWwgdW5pdDEUMBIGA1UEAwwL +ZXhhbXBsZS5jb20xIjAgBgkqhkiG9w0BCQEWE2V4YW1wbGVAZXhhbXBsZS5jb20w +ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC2ky/K/XneJKbCbpOsWlQ7 +OwgYEQNsa044RkwSbTwPwgLafUZ3r9c5nkXE8APqAikTQQBwyiNjk7QeXgIOjJXd +7+IpwGoU6Bi2miA21qfvJPknyDAqw9tT/ycGQrvkY6rnqd++ri30ZUByUgO0du6+ +aWHo7af5/G1HQz0tu6i1tIF1dhSHNeqJKwxyUG8vIiT/PfbtU/mXSdQ07M+4ojBC +O7FgoOS+rWgbL3yhWUTrCXSV2HZlhksYBhtWGoFVRPVSf89iqL02h9rZEjmfVY6R +QlCnzu9v49Q8WFU528f+gDNXr9v13PKEDmloMzTqWPaCyD2FBbEKBsWHXHf1zqlI +jyGZV7rHZ3i0C1LI6bdDDP7M7aVs8O+RjxK+HmfFRg5us2t6g7zAevwwLpMZRAud +HISTORY_PURGED_SECRETa +budWXK7Ix0TlPWPfHJc2SLFeqqcm5Iypf/cGabQ6f0oRt6bCfspFgX9upznT5FwZ +R0o1w6Q3q+4xVl6LgZvEAudWppyz79RACJA/jbXZQ7uJkXAxoI0nev9vgY6XJqUj +XIQDih2hmi/uTnNU7Me7w7pCYKPdHlNU652kaJSH6W6ZFGk2rEOCOeAuWO9pZTq2 +3IhuOcDAKOcmimlkzaWRGQIDAQABo1AwTjAdBgNVHQ4EFgQUPJF++WMsv1OJvf7F +oCew37JTnfQwHwYDVR0jBBgwFoAUPJF++WMsv1OJvf7FoCew37JTnfQwDAYDVR0T +BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAb5LvqukMxWd5Zajbh3orfYsXmhWn +UWiwG176+bd3b5xMlG9iLd4vQ11lTZoIhFOfprRQzbizQ8BzR2JBQckpLcy+5hyA +D3M9vLL37OwA0wT6kxFnd6LtlFaH5gG++huw2ts2PDXFz0jqw+0YE/R8ov2+YdaZ +aPSEMunmAuEY1TbYWzz4u6PxycxhQzDQ34ZmJZ34Elvw1NYMfPMGTKp34PsxIcgT +ao5jqb9RMU6JAumfXrOvXRjjl573vX2hgMZzEU6OF2/+uyg95chn6nO1GUQrT2+F +/1xIqfHfFCm8+jujSDgqfBtGI+2C7No+Dq8LEyEINZe6wSQ81+ryt5jy5SZmAsnj +V4OsSIwlpR5fLUwrFStVoUWHEKl1DflkYki/cAC1TL0Om+ldJ219kcOnaXDNaq66 +3I75BvRY7/88MYLl4Fgt7sn05Mn3uNPrCrci8d0R1tlXIcwMdCowIHeZdWHX43f7 +NsVk/7VSOxJ343csgaQc+3WxEFK0tBxGO6GP+Xj0XmdVGLhalVBsEhPjnmx+Yyrn +oMsTA1Yrs88C8ItQn7zuO/30eKNGTnby0gptHiS6sa/c3O083Mpi8y33GPVZDvBl +l9PfSZT8LG7SvpjsdgdNZlyFvTY4vsB+Vd5Howh7gXYPVXdCs4k7HMyo7zvzliZS +ekCw9NGLoNqQqnA= +-----END CERTIFICATE----- diff --git a/roles/docker-deployments/files/harbor-config/config/registryctl/config.yml b/roles/docker-deployments/files/harbor-config/config/registryctl/config.yml new file mode 100644 index 0000000..636f674 --- /dev/null +++ b/roles/docker-deployments/files/harbor-config/config/registryctl/config.yml @@ -0,0 +1,9 @@ +--- +protocol: "http" +port: 8080 +log_level: "INFO" +registry_config: "/etc/registry/config.yml" + +#https_config: +# cert: "server.crt" +# key: "server.key" diff --git a/roles/docker-deployments/tasks/main.yaml b/roles/docker-deployments/tasks/main.yaml index f196a77..f654dd4 100644 --- a/roles/docker-deployments/tasks/main.yaml +++ b/roles/docker-deployments/tasks/main.yaml @@ -40,6 +40,12 @@ - tmnf-replay-server - atlantis-hub - grafana + - harbor + +- name: Copy Harbor Registry config + copy: + src: "harbor-config/" + dest: "/data/harbor/harbor-config" - name: Copy AtlantisHub config copy: @@ -70,6 +76,7 @@ name: "/opt/{{ item }}" state: directory with_items: + - harbor - athq-landing - grafana - potaris @@ -84,6 +91,7 @@ src: "{{ item }}.yaml" dest: "/opt/{{ item }}/" with_items: + - harbor - athq-landing - grafana - potaris @@ -99,6 +107,15 @@ username: docker password: HISTORY_PURGED_SECRET +- name: Deploy high prio compose templates + community.docker.docker_compose: + project_src: "/opt/{{ item }}/" + pull: true + files: + - "{{ item }}.yaml" + with_items: + - harbor + - name: Deploy compose templates community.docker.docker_compose: project_src: "/opt/{{ item }}/" diff --git a/roles/docker-deployments/templates/harbor.yaml b/roles/docker-deployments/templates/harbor.yaml new file mode 100644 index 0000000..a0bce92 --- /dev/null +++ b/roles/docker-deployments/templates/harbor.yaml @@ -0,0 +1,119 @@ +# Copyright VMware, Inc. +# SPDX-License-Identifier: APACHE-2.0 + +version: '2' + +services: + registry: + image: docker.io/bitnami/harbor-registry:2 + environment: + - REGISTRY_HTTP_SECRET={{ harbor_http_secret }} + volumes: + - registry_data:/storage + - /data/harbor/harbor-config/config/registry/:/etc/registry/:ro + registryctl: + image: docker.io/bitnami/harbor-registryctl:2 + environment: + - CORE_SECRET={{ harbor_core_secret }} + - JOBSERVICE_SECRET={{ harbor_jobservice_secret }} + - REGISTRY_HTTP_SECRET={{ harbor_http_secret }} + volumes: + - registry_data:/storage + - /data/harbor/harbor-config/config/registry/:/etc/registry/:ro + - /data/harbor/harbor-config/config/registryctl/config.yml:/etc/registryctl/config.yml:ro + postgresql: + image: docker.io/bitnami/postgresql:13 + container_name: harbor-db + environment: + - POSTGRESQL_PASSWORD={{ harbor_postgres_pass }} + - POSTGRESQL_DATABASE=registry + volumes: + - postgresql_data:/bitnami/postgresql + core: + image: docker.io/bitnami/harbor-core:2 + container_name: harbor-core + depends_on: + - registry + environment: + - CORE_KEY=change-this-key + - _REDIS_URL_CORE=redis://redis:6379/0 + - SYNC_REGISTRY=false + - CHART_CACHE_DRIVER=redis + - _REDIS_URL_REG=redis://redis:6379/1 + - PORT=8080 + - LOG_LEVEL=info + - EXT_ENDPOINT=http://registry.atlantishq.de + - DATABASE_TYPE=postgresql + - REGISTRY_CONTROLLER_URL=http://registryctl:8080 + - POSTGRESQL_HOST=postgresql + - POSTGRESQL_PORT=5432 + - POSTGRESQL_DATABASE=registry + - POSTGRESQL_USERNAME=postgres + - POSTGRESQL_PASSWORD={{ harbor_postgres_pass }} + - POSTGRESQL_SSLMODE=disable + - REGISTRY_URL=http://registry:5000 + - TOKEN_SERVICE_URL=http://core:8080/service/token + - HARBOR_ADMIN_PASSWORD=bitnami + - CORE_SECRET={{ harbor_core_secret }} + - JOBSERVICE_SECRET={{ harbor_jobservice_secret }} + - ADMIRAL_URL= + - WITH_NOTARY=False + - CORE_URL=http://core:8080 + - JOBSERVICE_URL=http://jobservice:8080 + - REGISTRY_STORAGE_PROVIDER_NAME=filesystem + - REGISTRY_CREDENTIAL_USERNAME={{ harbor_registry_user }} + - REGISTRY_CREDENTIAL_PASSWORD={{ harbor_registry_password }} + - READ_ONLY=false + - RELOAD_KEY= + volumes: + - core_data:/data + - /data/harbor/harbor-config/config/core/app.conf:/etc/core/app.conf:ro + - /data/harbor/harbor-config/config/core/private_key.pem:/etc/core/private_key.pem:ro + portal: + image: docker.io/bitnami/harbor-portal:2 + container_name: harbor-portal + depends_on: + - core + jobservice: + image: docker.io/bitnami/harbor-jobservice:2 + container_name: harbor-jobservice + depends_on: + - redis + - core + environment: + - JOB_SERVICE_PROTOCOL=http + - CORE_SECRET={{ harbor_core_secret }} + - JOBSERVICE_SECRET={{ harbor_jobservice_secret }} + - CORE_URL=http://core:8080 + - REGISTRY_CONTROLLER_URL=http://registryctl:8080 + - REGISTRY_CREDENTIAL_USERNAME={{ harbor_registry_user }} + - REGISTRY_CREDENTIAL_PASSWORD={{ harbor_registry_password }} + volumes: + - jobservice_data:/var/log/jobs + - /data/harbor/harbor-config/config/jobservice/config.yml:/etc/jobservice/config.yml:ro + redis: + image: docker.io/bitnami/redis:7.0 + environment: + # ALLOW_EMPTY_PASSWORD is recommended only for development. + - ALLOW_EMPTY_PASSWORD=yes + harbor-nginx: + image: docker.io/bitnami/nginx:1.25 + container_name: nginx + volumes: + - /data/harbor/harbor-config/config/proxy/nginx.conf:/opt/bitnami/nginx/conf/nginx.conf:ro + ports: + - '9000:8080' + depends_on: + - postgresql + - registry + - core + - portal +volumes: + registry_data: + driver: local + core_data: + driver: local + jobservice_data: + driver: local + postgresql_data: + driver: local