sheppy/no-secrets-athq-ansible
1
0
Fork 0
mirror of https://github.com/FAUSheppy/no-secrets-athq-ansible synced 2025-12-10 08:58:36 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

add: harbor basics

Browse Source
This commit is contained in:
Johnathen Sheppard
2023-07-01 15:36:25 +00:00
parent 63e89b4526
commit c778ef4a58
11 changed files with 454 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

119
roles/docker-deployments/templates/harbor.yaml Normal file
View File

@@ -0,0 +1,119 @@
# Copyright VMware, Inc.
# SPDX-License-Identifier: APACHE-2.0
version: '2'
services:
registry:
image: docker.io/bitnami/harbor-registry:2
environment:
- REGISTRY_HTTP_SECRET={{ harbor_http_secret }}
volumes:
- registry_data:/storage
- /data/harbor/harbor-config/config/registry/:/etc/registry/:ro
registryctl:
image: docker.io/bitnami/harbor-registryctl:2
environment:
- CORE_SECRET={{ harbor_core_secret }}
- JOBSERVICE_SECRET={{ harbor_jobservice_secret }}
- REGISTRY_HTTP_SECRET={{ harbor_http_secret }}
volumes:
- registry_data:/storage
- /data/harbor/harbor-config/config/registry/:/etc/registry/:ro
- /data/harbor/harbor-config/config/registryctl/config.yml:/etc/registryctl/config.yml:ro
postgresql:
image: docker.io/bitnami/postgresql:13
container_name: harbor-db
environment:
- POSTGRESQL_PASSWORD={{ harbor_postgres_pass }}
- POSTGRESQL_DATABASE=registry
volumes:
- postgresql_data:/bitnami/postgresql
core:
image: docker.io/bitnami/harbor-core:2
container_name: harbor-core
depends_on:
- registry
environment:
- CORE_KEY=change-this-key
- _REDIS_URL_CORE=redis://redis:6379/0
- SYNC_REGISTRY=false
- CHART_CACHE_DRIVER=redis
- _REDIS_URL_REG=redis://redis:6379/1
- PORT=8080
- LOG_LEVEL=info
- EXT_ENDPOINT=http://registry.atlantishq.de
- DATABASE_TYPE=postgresql
- REGISTRY_CONTROLLER_URL=http://registryctl:8080
- POSTGRESQL_HOST=postgresql
- POSTGRESQL_PORT=5432
- POSTGRESQL_DATABASE=registry
- POSTGRESQL_USERNAME=postgres
- POSTGRESQL_PASSWORD={{ harbor_postgres_pass }}
- POSTGRESQL_SSLMODE=disable
- REGISTRY_URL=http://registry:5000
- TOKEN_SERVICE_URL=http://core:8080/service/token
- HARBOR_ADMIN_PASSWORD=bitnami
- CORE_SECRET={{ harbor_core_secret }}
- JOBSERVICE_SECRET={{ harbor_jobservice_secret }}
- ADMIRAL_URL=
- WITH_NOTARY=False
- CORE_URL=http://core:8080
- JOBSERVICE_URL=http://jobservice:8080
- REGISTRY_STORAGE_PROVIDER_NAME=filesystem
- REGISTRY_CREDENTIAL_USERNAME={{ harbor_registry_user }}
- REGISTRY_CREDENTIAL_PASSWORD={{ harbor_registry_password }}
- READ_ONLY=false
- RELOAD_KEY=
volumes:
- core_data:/data
- /data/harbor/harbor-config/config/core/app.conf:/etc/core/app.conf:ro
- /data/harbor/harbor-config/config/core/private_key.pem:/etc/core/private_key.pem:ro
portal:
image: docker.io/bitnami/harbor-portal:2
container_name: harbor-portal
depends_on:
- core
jobservice:
image: docker.io/bitnami/harbor-jobservice:2
container_name: harbor-jobservice
depends_on:
- redis
- core
environment:
- JOB_SERVICE_PROTOCOL=http
- CORE_SECRET={{ harbor_core_secret }}
- JOBSERVICE_SECRET={{ harbor_jobservice_secret }}
- CORE_URL=http://core:8080
- REGISTRY_CONTROLLER_URL=http://registryctl:8080
- REGISTRY_CREDENTIAL_USERNAME={{ harbor_registry_user }}
- REGISTRY_CREDENTIAL_PASSWORD={{ harbor_registry_password }}
volumes:
- jobservice_data:/var/log/jobs
- /data/harbor/harbor-config/config/jobservice/config.yml:/etc/jobservice/config.yml:ro
redis:
image: docker.io/bitnami/redis:7.0
environment:
# ALLOW_EMPTY_PASSWORD is recommended only for development.
- ALLOW_EMPTY_PASSWORD=yes
harbor-nginx:
image: docker.io/bitnami/nginx:1.25
container_name: nginx
volumes:
- /data/harbor/harbor-config/config/proxy/nginx.conf:/opt/bitnami/nginx/conf/nginx.conf:ro
ports:
- '9000:8080'
depends_on:
- postgresql
- registry
- core
- portal
volumes:
registry_data:
driver: local
core_data:
driver: local
jobservice_data:
driver: local
postgresql_data:
driver: local