harbor/docker-compose.yml aktualisiert

2026-01-02 20:43:07 +00:00
parent 858f1b6ed2
commit b6ef8045da
1 changed files with 48 additions and 77 deletions
--- a/harbor/docker-compose.yml
+++ b/harbor/docker-compose.yml
@@ -1,28 +1,51 @@
 services:
  # ---------------------------------------------------------
-  # 1. Init-Container: erzeugt harbor.yml automatisch
+  # 1. Init-Container: erzeugt harbor.yml + Self-Signed TLS
  # ---------------------------------------------------------
  harbor-config:
    image: alpine:${ALPINE_VERSION:-3.19}
    container_name: ${HARBOR_CONFIG_CONTAINER:-harbor-config}
-    command: >
-      sh -c "
-      echo 'hostname: ${HARBOR_HOSTNAME}' > /config/harbor.yml &&
-      echo 'http:' >> /config/harbor.yml &&
-      echo '  port: ${HARBOR_HTTP_PORT}' >> /config/harbor.yml &&
-      echo 'https:' >> /config/harbor.yml &&
-      echo '  port: ${HARBOR_HTTPS_PORT}' >> /config/harbor.yml &&
-      echo '  certificate: /etc/harbor/tls/harbor.crt' >> /config/harbor.yml &&
-      echo '  private_key: /etc/harbor/tls/harbor.key' >> /config/harbor.yml &&
-      echo 'harbor_admin_password: ${HARBOR_ADMIN_PASSWORD}' >> /config/harbor.yml &&
-      echo 'data_volume: ${HARBOR_DATA_PATH}' >> /config/harbor.yml &&
-      echo 'log:' >> /config/harbor.yml &&
-      echo '  level: ${HARBOR_LOG_LEVEL}' >> /config/harbor.yml
-      "
+    entrypoint: ["/bin/sh", "-c"]
+    command: |
+      set -e
+
+      # TLS-Verzeichnis erstellen
+      mkdir -p ${HARBOR_DATA_PATH:-/data/harbor}/tls
+
+      # Self-Signed Zertifikat erzeugen, falls nicht vorhanden
+      if [ ! -f "${HARBOR_DATA_PATH:-/data/harbor}/tls/harbor.crt" ]; then
+        echo "Generating self-signed certificate..."
+        openssl req -x509 -nodes -newkey rsa:2048 \
+          -keyout ${HARBOR_DATA_PATH:-/data/harbor}/tls/harbor.key \
+          -out ${HARBOR_DATA_PATH:-/data/harbor}/tls/harbor.crt \
+          -subj "/CN=${HARBOR_HOSTNAME:-harbor.local}"
+      fi
+
+      # Harbor-Konfiguration erzeugen
+      cat <<EOF > /config/harbor.yml
+      hostname: ${HARBOR_HOSTNAME:-harbor.local}
+
+      http:
+        port: ${HARBOR_HTTP_PORT:-8080}
+
+      https:
+        port: ${HARBOR_HTTPS_PORT:-8443}
+        certificate: /etc/harbor/tls/harbor.crt
+        private_key: /etc/harbor/tls/harbor.key
+
+      harbor_admin_password: ${HARBOR_ADMIN_PASSWORD:-Harbor12345}
+
+      data_volume: ${HARBOR_DATA_PATH:-/data/harbor}
+
+      log:
+        level: ${HARBOR_LOG_LEVEL:-info}
+      EOF
    volumes:
      - "${HARBOR_DATA_PATH:-/data/harbor}/config:/config"
-      - ${HARBOR_DATA_PATH}/tls:/etc/harbor/tls:ro
+      - "${HARBOR_DATA_PATH:-/data/harbor}/tls:/etc/harbor/tls:ro"
    restart: "no"
+    networks:
+      - harbor

  # ---------------------------------------------------------
  # 2. Harbor Services (v2.11.x)
@@ -32,7 +55,7 @@ services:
    container_name: ${HARBOR_LOG_CONTAINER:-harbor-log}
    restart: always
    volumes:
-      - ${HARBOR_DATA_PATH}/log:/var/log/docker
+      - "${HARBOR_DATA_PATH:-/data/harbor}/log:/var/log/docker"
    networks:
      - harbor
    depends_on:
@@ -43,7 +66,7 @@ services:
    container_name: ${HARBOR_REGISTRY_CONTAINER:-harbor-registry}
    restart: always
    volumes:
-      - ${HARBOR_DATA_PATH}/registry:/storage
+      - "${HARBOR_DATA_PATH:-/data/harbor}/registry:/storage"
    networks:
      - harbor
    depends_on:
@@ -54,70 +77,18 @@ services:
    container_name: ${HARBOR_CORE_CONTAINER:-harbor-core}
    restart: always
    environment:
-      - CORE_SECRET=${HARBOR_CORE_SECRET}
-      - JOBSERVICE_SECRET=${HARBOR_JOB_SECRET}
+      - CORE_SECRET=${HARBOR_CORE_SECRET:-coresecret}
+      - JOBSERVICE_SECRET=${HARBOR_JOB_SECRET:-jobsecret}
    volumes:
-      - ${HARBOR_DATA_PATH}/core:/data
-      - harbor-config:/etc/harbor
+      - "${HARBOR_DATA_PATH:-/data/harbor}/core:/data"
+      - "${HARBOR_DATA_PATH:-/data/harbor}/config:/etc/harbor"
    networks:
      - harbor
    depends_on:
      - registry
+      - database
+      - redis

  portal:
    image: goharbor/harbor-portal:${HARBOR_VERSION:-v2.11.0}
-    container_name: ${HARBOR_PORTAL_CONTAINER:-harbor-portal}
-    restart: always
-    networks:
-      - harbor
-    depends_on:
-      - core
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.harbor.entrypoints=websecure"
-      - "traefik.http.routers.harbor.rule=Host(`${HARBOR_HOSTNAME}`)"
-      - "traefik.http.routers.harbor.tls=true"
-      - "traefik.http.routers.harbor.tls.passthrough=true"
-      - "traefik.http.services.harbor.loadbalancer.server.port=${HARBOR_HTTPS_PORT}"
-
-  jobservice:
-    image: goharbor/harbor-jobservice:${HARBOR_VERSION:-v2.11.0}
-    container_name: ${HARBOR_JOB_CONTAINER:-harbor-jobservice}
-    restart: always
-    volumes:
-      - ${HARBOR_DATA_PATH}/jobservice:/var/log/jobs
-      - harbor-config:/etc/harbor
-    networks:
-      - harbor
-    depends_on:
-      - core
-
-  database:
-    image: goharbor/harbor-db:${HARBOR_VERSION:-v2.11.0}
-    container_name: ${HARBOR_DB_CONTAINER:-harbor-db}
-    restart: always
-    environment:
-      - POSTGRES_PASSWORD=${HARBOR_DB_PASSWORD}
-    volumes:
-      - ${HARBOR_DATA_PATH}/database:/var/lib/postgresql/data
-    networks:
-      - harbor
-    depends_on:
-      - harbor-config
-
-  redis:
-    image: goharbor/redis-photon:${HARBOR_VERSION:-v2.11.0}
-    container_name: ${HARBOR_REDIS_CONTAINER:-harbor-redis}
-    restart: always
-    networks:
-      - harbor
-    depends_on:
-      - harbor-config
-
-volumes:
-  harbor-config:
-  harbor-data:
-
-networks:
-  harbor:
-    driver: bridge
+    container_name: ${HARBOR_PORT