当前位置：网站首页>devops学习(八) 搭建镜像仓库---jenkins推送镜像

devops学习(八) 搭建镜像仓库---jenkins推送镜像

2022-07-29 23:05:00 【默子昂】

梳理一下，我们前面是通过jenkins把打好的jar包发送到目标服务器之后构建成镜像去运行的
因为我们就一台主机没什么感觉，但是当我们测试服务器多起来了，这样的方法就不靠谱了
现在我们要换一下方法，jenkins打好jar包后不要发送到目标服务器，而是在jenkins本机就把镜像构建好，上传镜像到harbor仓库后再去通知目标服务器去自动拉取镜像部署

一、部署harbor镜像仓库

//下载地址
https://github.com/goharbor/harbor/tags

//我下载的是
https://github.com/goharbor/harbor/releases/download/v2.3.3/harbor-offline-installer-v2.3.3.tgz


//我包扔服务器上了自取
http://101.43.4.210/harbor-offline-installer-v2.3.3.tgz

1、安装

//安装docker-compose工具
curl -L "https://get.daocloud.io/docker/compose/releases/download/v1.25.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose

//我的包在/root目录下,这里切换一下
cd /root


//解压缩,放到我们devops目录下
tar -zxvf harbor-offline-installer-v2.3.3.tgz

//移动到devops目录下
mv /root/harbor /apps/devops_setup/
cd /apps/devops_setup/harbor/

//拷贝模板文件
cp harbor.yml.tmpl harbor.yml

vi harbor.yml

  5 hostname: 101.43.4.210           //仓库地址
  6 
  8 http:

 10   port: 30007                    //对外暴露端口

 11 
 12 # https related config
 13 #https:                         //https我们这里不用全都注释掉
 14   # https port for harbor, default is 443
 15 #  port: 443
 16   # The path of cert and key files for nginx
 17 #  certificate: /your/certificate/path
 18 #  private_key: /your/private/key/path



 47 data_volume: /data           //仓库数据存储目录，根据自己需求修改
                                 //仓库大多情况下都是独立的一台或多台主从服务器

部署

sh install.sh

2、访问harbor页面

http://101.43.4.210:30007


//默认登陆
admin
Harbor12345

3、新增项目

//项目名称
repo

4、配置node节点镜像私有仓库地址

vi /etc/docker/daemon.json

"insecure-registries":["101.43.4.210:30007"] //新增

如果不清楚咋改，就直接把下面的贴进去改ip和端口也能用

{
"exec-opts":["native.cgroupdriver=systemd"],
"registry-mirrors": ["http://hub-mirror.c.163.com",
                     "https://registry.cn-hangzhou.aliyuncs.com",
                     "https://registry.docker-cn.com",
                     "https://mirror.ccs.tencentyun.com",
                     "https://05f073ad3c0010ea0f4bc00b7105ec20.mirror.swr.myhuaweicloud.com",
                     "http://f1361db2.m.daocloud.io",
                     "https://l2w9ha4o.mirror.aliyuncs.com"],
"insecure-registries":["101.43.4.210:30007"]
}

重载服务

systemctl daemon-reload
systemctl restart docker

5、重启harbor仓库

因为我这里node主机和harbor仓库是同一台主机，重启docker后harbor仓库就登不上了，需要重启下harbor

//切换到harbor目录
cd /apps/devops_setup/harbor/

//重启harbor
docker-compose down -v && docker-compose up -d

6、登陆仓库并上传业务镜像

//登陆仓库 
docker login  http://101.43.4.210:30007  -uadmin -pHarbor12345
 
//修改要上传的镜像名称

docker login  http://101.43.4.210:30007  -uadmin -pHarbor12345
docker tag mytest:v1.0.1 101.43.4.210:30007/repo/mytest:v1.0.1
docker push 101.43.4.210:30007/repo/mytest:v1.0.1

(っ °Д °;)っ突然发现用的初始镜像略大，不过都到这了，不改了( •̀ ω •́ )y

二、jenkins 主机构建镜像

我们打算在jenkins本机来完成构建docker镜像的任务，但jenkins本身是容器启动的没有docker命令
这里我们要了解一个知识点，docker服务在启动后会生成一个套接字文件/var/run/docker.sock 而docker的守护进程(daemon) 默认会去监听这个socket文件

curl --unix-socket /var/run/docker.sock http://localhost/version

{"Platform":{"Name":"Docker Engine - Community"},"Components":[{"Name":"Engine","Version":"20.10.12","Details":{"ApiVersion":"1.41","Arch":"amd64","BuildTime":"2021-12-13T11:44:05.000000000+00:00","Experimental":"false","GitCommit":"459d0df","GoVersion":"go1.16.12","KernelVersion":"5.4.175-1.el7.elrepo.x86_64","MinAPIVersion":"1.12","Os":"linux"}},{"Name":"containerd","Version":"1.4.12","Details":{"GitCommit":"7b11cfaabd73bb80907dd23182b9347b4245eb5d"}},{"Name":"runc","Version":"1.0.2","Details":{"GitCommit":"v1.0.2-0-g52b36a2"}},{"Name":"docker-init","Version":"0.19.0","Details":{"GitCommit":"de40ad0"}}],"Version":"20.10.12","ApiVersion":"1.41","MinAPIVersion":"1.12","GitCommit":"459d0df","GoVersion":"go1.16.12","Os":"linux","Arch":"amd64","KernelVersion":"5.4.175-1.el7.elrepo.x86_64","BuildTime":"2021-12-13T11:44:05.000000000+00:00"}

我们只要把这个/var/run/docker.sock 和docker命令挂载到pod中就可以去使用docker命令了
当然因为是直接关联的宿主机上的docker，我们构建完成的镜像会直接存放在宿主机上

1、准备工作

//指定属主属组
chown root:root /var/run/docker.sock

//其他人为读写权限
chmod o+rw /var/run/docker.sock

2、更新jenkins yaml文件

vi /apps/devops_setup/jenkins-dev.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: jenkins
  namespace: devops
spec:
  selector:
    matchLabels:
      app: jenkins-init
  template:
    metadata:
      labels:
        app: jenkins-init
    spec:
      dnsPolicy: Default
      containers:
      - name: jenkins
        image: jenkins/jenkins
        ports:
        - name: http
          containerPort: 8080
        volumeMounts:
        - name: jenkins-home
          mountPath: /var/jenkins_home
        - name: docker-sock                    
          mountPath: /var/run/docker.sock
        - name: docker   
          mountPath: /usr/bin/docker
        - name: docker-json   
          mountPath: /etc/docker/daemon.json
      volumes:
      - name: jenkins-home
        hostPath:
          path: /apps/devops_setup/data/jenkins/data
          type: Directory
      - name: docker-sock               #挂载socket文件
        hostPath:
          path: /var/run/docker.sock
      - name: docker                    #挂载docker命令文件
        hostPath:
          path: /usr/bin/docker
      - name: docker-json               #挂载docker配置文件，用于上传镜像
        hostPath:
          path: /etc/docker/daemon.json
---
apiVersion: v1
kind: Service
metadata:
  name: jenkins-svc
  namespace: devops
spec:
  ports:
  - port: 8080
    targetPort: http
    nodePort: 30004
  selector:
    app: jenkins-init
  type: NodePort

更新

kubectl apply -f /apps/devops_setup/jenkins-dev.yaml

3、验证jenkins中docker是否可用

上面我们将docker的socket文件、docker命令文件、daemon.json配置文件都挂载进去了，这样一来我们就可以直接在jenkins容器中执行docker命令了

//登陆容器
kubectl -n devops exec -it jenkins-779fc494c4-g6ttz  -- bash

//查看镜像
docker images

三、更新jenkins cd配置

我们jenkins已经可用使用docker命令了，那么构建操作要做出一些调整
我们原先构建完成之后是将jar包发过去打镜像，现在我们要改成直接打镜像

1、清除原先设置的构建后操作

2、新增构建操作

我们现在需要在构建的最后一步之后，也就是maven打包之后做镜像构建操作

cp ./target/*.jar docker/
docker build -t mytest:$tag docker/
docker login http://101.43.4.210:30007 -uadmin -pHarbor12345
docker tag mytest:$tag 101.43.4.210:30007/repo/mytest:$tag
docker push 101.43.4.210:30007/repo/mytest:$tag