梳理一下,我们前面是通过jenkins把打好的jar包发送到目标服务器之后构建成镜像去运行的
因为我们就一台主机没什么感觉,但是当我们测试服务器多起来了,这样的方法就不靠谱了
现在我们要换一下方法,jenkins打好jar包后不要发送到目标服务器,而是在jenkins本机就把镜像构建好,上传镜像到harbor仓库后再去通知目标服务器去自动拉取镜像部署
一、部署harbor镜像仓库
//下载地址
https://github.com/goharbor/harbor/tags
//我下载的是
https://github.com/goharbor/harbor/releases/download/v2.3.3/harbor-offline-installer-v2.3.3.tgz
//我包扔服务器上了自取
http://101.43.4.210/harbor-offline-installer-v2.3.3.tgz
1、 安装
//安装docker-compose工具
curl -L "https://get.daocloud.io/docker/compose/releases/download/v1.25.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
//我的包在/root目录下,这里切换一下
cd /root
//解压缩,放到我们devops目录下
tar -zxvf harbor-offline-installer-v2.3.3.tgz
//移动到devops目录下
mv /root/harbor /apps/devops_setup/
cd /apps/devops_setup/harbor/
//拷贝模板文件
cp harbor.yml.tmpl harbor.ymlvi harbor.yml
5 hostname: 101.43.4.210 //仓库地址
6
8 http:
10 port: 30007 //对外暴露端口
11
12 # https related config
13 #https: //https我们这里不用全都注释掉
14 # https port for harbor, default is 443
15 # port: 443
16 # The path of cert and key files for nginx
17 # certificate: /your/certificate/path
18 # private_key: /your/private/key/path
47 data_volume: /data //仓库数据存储目录,根据自己需求修改
//仓库大多情况下都是独立的一台或多台主从服务器
部署
sh install.sh
2、 访问harbor页面
http://101.43.4.210:30007
//默认登陆
admin
Harbor12345
3、新增项目
//项目名称
repo
4、配置node节点镜像私有仓库地址
vi /etc/docker/daemon.json
"insecure-registries":["101.43.4.210:30007"] //新增
如果不清楚咋改,就直接把下面的贴进去改ip和端口也能用
{
"exec-opts":["native.cgroupdriver=systemd"],
"registry-mirrors": ["http://hub-mirror.c.163.com",
"https://registry.cn-hangzhou.aliyuncs.com",
"https://registry.docker-cn.com",
"https://mirror.ccs.tencentyun.com",
"https://05f073ad3c0010ea0f4bc00b7105ec20.mirror.swr.myhuaweicloud.com",
"http://f1361db2.m.daocloud.io",
"https://l2w9ha4o.mirror.aliyuncs.com"],
"insecure-registries":["101.43.4.210:30007"]
}
重载服务
systemctl daemon-reload
systemctl restart docker
5、重启harbor仓库
因为我这里node主机和harbor仓库是同一台主机,重启docker后harbor仓库就登不上了,需要重启下harbor
//切换到harbor目录
cd /apps/devops_setup/harbor/
//重启harbor
docker-compose down -v && docker-compose up -d
6、登陆仓库并上传业务镜像
//登陆仓库
docker login http://101.43.4.210:30007 -uadmin -pHarbor12345
//修改要上传的镜像名称
docker login http://101.43.4.210:30007 -uadmin -pHarbor12345
docker tag mytest:v1.0.1 101.43.4.210:30007/repo/mytest:v1.0.1
docker push 101.43.4.210:30007/repo/mytest:v1.0.1
(っ °Д °;)っ突然发现用的初始镜像略大,不过都到这了,不改了( •̀ ω •́ )y
二、jenkins 主机构建镜像
我们打算在jenkins本机来完成构建docker镜像的任务,但jenkins本身是容器启动的没有docker命令
这里我们要了解一个知识点,docker服务在启动后会生成一个套接字文件/var/run/docker.sock 而docker的守护进程(daemon) 默认会去监听这个socket文件
curl --unix-socket /var/run/docker.sock http://localhost/version
返回
{"Platform":{"Name":"Docker Engine - Community"},"Components":[{"Name":"Engine","Version":"20.10.12","Details":{"ApiVersion":"1.41","Arch":"amd64","BuildTime":"2021-12-13T11:44:05.000000000+00:00","Experimental":"false","GitCommit":"459d0df","GoVersion":"go1.16.12","KernelVersion":"5.4.175-1.el7.elrepo.x86_64","MinAPIVersion":"1.12","Os":"linux"}},{"Name":"containerd","Version":"1.4.12","Details":{"GitCommit":"7b11cfaabd73bb80907dd23182b9347b4245eb5d"}},{"Name":"runc","Version":"1.0.2","Details":{"GitCommit":"v1.0.2-0-g52b36a2"}},{"Name":"docker-init","Version":"0.19.0","Details":{"GitCommit":"de40ad0"}}],"Version":"20.10.12","ApiVersion":"1.41","MinAPIVersion":"1.12","GitCommit":"459d0df","GoVersion":"go1.16.12","Os":"linux","Arch":"amd64","KernelVersion":"5.4.175-1.el7.elrepo.x86_64","BuildTime":"2021-12-13T11:44:05.000000000+00:00"}
我们只要把这个/var/run/docker.sock 和docker命令挂载到pod中就可以去使用docker命令了
当然因为是直接关联的宿主机上的docker,我们构建完成的镜像会直接存放在宿主机上
1、准备工作
//指定属主属组
chown root:root /var/run/docker.sock
//其他人为读写权限
chmod o+rw /var/run/docker.sock
2、更新jenkins yaml文件
vi /apps/devops_setup/jenkins-dev.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: jenkins
namespace: devops
spec:
selector:
matchLabels:
app: jenkins-init
template:
metadata:
labels:
app: jenkins-init
spec:
dnsPolicy: Default
containers:
- name: jenkins
image: jenkins/jenkins
ports:
- name: http
containerPort: 8080
volumeMounts:
- name: jenkins-home
mountPath: /var/jenkins_home
- name: docker-sock
mountPath: /var/run/docker.sock
- name: docker
mountPath: /usr/bin/docker
- name: docker-json
mountPath: /etc/docker/daemon.json
volumes:
- name: jenkins-home
hostPath:
path: /apps/devops_setup/data/jenkins/data
type: Directory
- name: docker-sock #挂载socket文件
hostPath:
path: /var/run/docker.sock
- name: docker #挂载docker命令文件
hostPath:
path: /usr/bin/docker
- name: docker-json #挂载docker配置文件,用于上传镜像
hostPath:
path: /etc/docker/daemon.json
---
apiVersion: v1
kind: Service
metadata:
name: jenkins-svc
namespace: devops
spec:
ports:
- port: 8080
targetPort: http
nodePort: 30004
selector:
app: jenkins-init
type: NodePort
更新
kubectl apply -f /apps/devops_setup/jenkins-dev.yaml
3、验证jenkins中docker是否可用
上面我们将docker的socket文件、docker命令文件、daemon.json配置文件都挂载进去了,这样一来我们就可以直接在jenkins容器中执行docker命令了
//登陆容器
kubectl -n devops exec -it jenkins-779fc494c4-g6ttz -- bash
//查看镜像
docker images
三、更新jenkins cd配置
我们jenkins已经可用使用docker命令了,那么构建操作要做出一些调整
我们原先构建完成之后是将jar包发过去打镜像,现在我们要改成直接打镜像
1、清除原先设置的构建后操作
2、新增构建操作
我们现在需要在构建的最后一步之后,也就是maven打包之后做镜像构建操作
cp ./target/*.jar docker/
docker build -t mytest:$tag docker/
docker login http://101.43.4.210:30007 -uadmin -pHarbor12345
docker tag mytest:$tag 101.43.4.210:30007/repo/mytest:$tag
docker push 101.43.4.210:30007/repo/mytest:$tag
如上,我们在maven打包之后会让jenkins主机跑上面的shell命令去把镜像推到仓库 ,注意修改自己的仓库地址
3、gitlab新增标签
假设我们现在版本更新了,重新构建了一个v3.0.0的版本,jenkins会自动帮我们上传镜像了
